System, method and computer program product for event correlation in a distributed computing environment
First Claim
1. A method of event correlation implemented in a distributed computer network, comprising the steps of:
- deploying a software component to a given node in the distributed computer network, the software component having associated therewith at least first and second correlation rules having a given relationship, each of the respective first and second correlation rules recognizing a given pattern of one or more events indicative of a given condition;
applying an event stream at the given node to the first and second correlation rules; and
initiating a given action if the given relationship is met.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of event correlation implemented within a distributed environment having a management server and a set of managed machines. The preferred event correlation method begins by establishing a discrete set of correlation rules. One preferred implementation of a correlation rule is a software-based state machine. Each correlation rule is adapted to recognize a given pattern of one or more events indicative of a given condition. A set of correlation rules comprise a set of efficiently-coupled state machines, each of which is optimized for a particular, low-level logical function. Then, as events are received and/or generated at the machine, the events are examined by the state machines comprising the correlator to search for the defined event patterns. If a given event pattern is recognized, a given condition sought to be monitored has occurred, and the event correlator may then be used to take a given action.
-
Citations
35 Claims
-
1. A method of event correlation implemented in a distributed computer network, comprising the steps of:
-
deploying a software component to a given node in the distributed computer network, the software component having associated therewith at least first and second correlation rules having a given relationship, each of the respective first and second correlation rules recognizing a given pattern of one or more events indicative of a given condition;
applying an event stream at the given node to the first and second correlation rules; and
initiating a given action if the given relationship is met. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of event correlation implemented in a distributed computer network having a plurality of objects to be monitored for given conditions, comprising the steps of:
-
at each of a set of given nodes in the network, establishing a discrete set of correlation rules, each correlation rule recognizing a given pattern of one or more events indicative of a given condition;
responsive to receipt at the given node of a stream of events, using the set of correlation rules to determine an occurrence of a given condition identified by a correlation rule in the set; and
taking a given action upon occurrence of the given condition. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method of event correlation in a distributed computer network having a management server servicing a set of machines, comprising the steps of:
-
deploying a management infrastructure throughout the computer network, the management infrastructure including a monitor at selected machines;
at a given machine, establishing a set of correlation rules, each correlation rule recognizing a given pattern of one or more events indicative of a given condition to be monitored;
at the given machine, using the set of correlation rules to determine an occurrence of a given condition identified by a correlation rule in the set; and
taking a given action upon the occurrence of the given condition. - View Dependent Claims (16)
-
-
17. An event correlator for use in a distributed enterprise having a management server servicing a set of managed machines, comprising:
-
means for defining a discrete set of correlation rules, each correlation rule recognizing a given pattern of one or more events indicative of a given condition to be monitored; and
means responsive to receipt of a stream of events for using the set of correlation rules to determine an occurrence of a given condition identified by a correlation rule in the set. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. Event correlation system for use in a distributed computer network having a management server servicing a set of managed computers, comprising:
-
a software agent for implementing a resource monitoring task;
a runtime environment installed at a given managed computer, wherein the runtime environment includes a runtime engine for executing the software agent to effect the resource monitoring task; and
a monitor comprising;
means for defining a discrete set of correlation rules, each correlation rule recognizing a given pattern of one or more events indicative of a given condition to be monitored; and
means responsive to receipt of a stream of events for using the set of correlation rules to determine an occurrence of a given condition identified by a correlation rule in the set. - View Dependent Claims (25, 26)
-
-
27. A computer program product for use in a computer connected within a distributed computing environment having a management server servicing a set of managed computers, comprising:
-
means for defining a discrete set of correlation rules, each correlation rule recognizing a given pattern of one or more events indicative of a given condition to be monitored; and
means responsive to receipt of a stream of events for using the set of correlation rules to determine an occurrence of a given condition identified by a correlation rule in the set. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. A computer connected within a distributed computing environment having a management server servicing a set of managed computers, comprising:
-
a processor;
an operating system;
a monitor having an event correlator, the event correlator comprising;
means for defining a discrete set of correlation rules, each correlation rule recognizing a given pattern of one or more events indicative of a given condition to be monitored; and
means responsive to receipt of a stream of events for using the set of correlation rules to determine an occurrence of a given condition identified by a is correlation rule in the set. - View Dependent Claims (35)
-
Specification