System for logging and enabling ordered retrieval of management events
First Claim
1. A method for logging events in a managed environment, said method comprising:
- a) monitoring, by a central broker, the managed environment for one or more events;
b) receiving an event of the one or more events by the central broker;
c) logging the event as the event is received by the central broker to an event store, wherein the event store has a plurality of non-textual files organized into a plurality of sets with each set of the plurality of sets containing corresponding event log and event index files, by appending a complete representation of the event in a language-independent non-textual form to an event log file of the event store and writing to an event index file the location of the event in the event log file; and
d) repeating b) and c) for each event of the one or more events.
4 Assignments
0 Petitions
Accused Products
Abstract
A methodology and supporting structure for logging and ordering management events in a network management system in a managed environment is presented. The network system has a central broker, which monitors the managed environment and receives events in the managed environment, and an event store, which has non-textual files organized into sets with each set containing corresponding event log and event index files. Events are logged as received by the central broker into the non-textual files organized into the sets. A complete representation of one or more events is stored in a language-independent form in an event log file of the event store so that the event information may be read and formatted for presentation in a local language. An event index file of the event log contains the location of the one or more events. The flow from multiple streams of related events may also be tracked.
201 Citations
26 Claims
-
1. A method for logging events in a managed environment, said method comprising:
-
a) monitoring, by a central broker, the managed environment for one or more events; b) receiving an event of the one or more events by the central broker; c) logging the event as the event is received by the central broker to an event store, wherein the event store has a plurality of non-textual files organized into a plurality of sets with each set of the plurality of sets containing corresponding event log and event index files, by appending a complete representation of the event in a language-independent non-textual form to an event log file of the event store and writing to an event index file the location of the event in the event log file; and d) repeating b) and c) for each event of the one or more events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for logging events in a managed environment, said method comprising:
-
a) monitoring, by a central broker, the managed environment for one or more events; b) receiving an event of the one or more events by the central broker; c) logging the event as the event is received by the central broker to an event store by appending a complete representation of the event in a language-independent form to an event log file and writing to an event index file the location of the event in the event log file, wherein the event store has a plurality of non-textual files organized into a plurality of sets and, wherein appending a complete representation of the event to the event log file, further comprises; determining whether the event log file is open; if the event log file is not open, comprising; determining a youngest event log file and saving a set number of the youngest event log file; and opening the youngest event log file and the event index file having the set number; determining whether the event log file has reached a maximum size; if the event log file has reached the maximum size, comprising; adjusting a set number counter and an iteration counter; and for each open event log file, closing the event log file, reopening the event log file with a new set number, truncating the file, and writing a new file header of the event log file; and appending the event to the event log file; and d) repeating b) and c) for each event of the one or more events. - View Dependent Claims (13, 14)
-
-
15. A method for reconstruction of the flow of all events through a managed environment, comprising:
-
a) establishing a target time representative of the beginning of the logging of the one or more events; b) identifying an initial event log file of the one or more event log files that contains the oldest events with respect to the target time; c) opening the initial event log file and reading the iteration number of a header of the initial event log file; d) reading in sequential order each event entry of the initial event log file; e) verifying that the iteration number in each event entry of the initial event log file matches the iteration number of the header of the initial event log file and saving a set number, a location, and a timestamp of each event entry of the initial event log file that is read; f) identifying a subsequent event log file of the one or more event log files that contains the oldest event with respect to the timestamp; g) opening a subsequent event log file of the one or more event log files and reading the iteration number of the header of the subsequent event log file; h) reading in sequential order each event entry of the subsequent event log file; and i) verifying that the iteration number in each event entry of the subsequent event log file matches the iteration number of the header of the subsequent event log file and saving the set number, the location, and the timestamp of each event entry of the subsequent event log file that is read; j) repeating f)-i) for each event log file of the one or more event log files.
-
-
16. A method for reconstruction of the flow of the one or more events from a single stream in the central broker by reading one or more stream log files comprises:
-
a) establishing a target time representative of the beginning of a stream; b) identifying an initial stream log file of one or more stream log files that contains the oldest stream event with respect to the target time; c) opening the initial stream log file and reading an iteration number of a header of the initial stream log file; d) reading in sequential order each stream event record of the initial stream log file; e) verifying that the iteration number in each stream event record of the initial stream log file matches the iteration number read in the header of the initial stream log file and saving a set number, a location, and a timestamp of each stream event record of the initial stream log file that is read; f) finding a stream event in an event log file using the location and the set number; g) identifying a subsequent stream log file of the one or more stream log files that contains the oldest stream event with respect to the timestamp; h) opening the subsequent stream log file of the one or more stream log files and reading the iteration number of the header of the subsequent stream log file; i) reading in sequential order each stream event record of the subsequent stream log file; j) verifying that the iteration number in each stream event record of the subsequent stream log file matches the iteration number read in the header of the subsequent stream log file and saving the set number, the location, and the timestamp of each stream event record of the subsequent stream log file that is read; k) finding the stream event in the event log file using the location and the set number; and l) repeating g)-j) for each stream log file of the one or more stream log files. - View Dependent Claims (17)
-
-
18. A method for finding all correlated events which have been correlated with one or more primary events by reading the one or more correlation log files, said method comprising:
-
a) scanning the correlation log file to find the correlated event correlated with the primary event; b) saving the location and a set number of the correlated event; c) finding the correlated event in an event log file using the location and the set number; and d) repeating a)-c) for each correlated event of the one or more correlated events correlated with the primary event.
-
-
19. A network system capable of logging and enabling the ordered retrieval of events in a managed environment, comprising:
-
a) a central broker which monitors the managed environment for one or more events and receives the one or more events; and b) an event store, having a plurality of non-textual files organized into a plurality of sets with each set of the plurality of sets containing corresponding event log and event index files, to which each event of the one or more events is logged as received by the central broker in the order received, wherein an event log file of the event store contains a complete representation of the one or more events received from the central broker in a language-independent form that enables formatting of the one or more events into a local language and further contains an event index file containing the location of the one or more events in the event log file. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification