System and method for dynamically sensing an asynchronous network event within a modular framework for network event processing
First Claim
Patent Images
1. A system for dynamically sensing an asynchronous network event within a modular framework for network event processing, comprising:
- one or more network event sensors each sensing an occurrence of asynchronous network events and implementing a common interface via which the sensor can be connected to the modular framework, each sensor comprising;
at least one passively monitored port over which can be received a message from a network agent indicating the occurrence of a network event, the message including event data pertinent to the network event;
a listener thread receiving the message over the at least one port;
a holding structure staging the received message and within which can be placed a plurality of received messages;
a handler thread iteratively removing each received message from the holding structure; and
a generator process retrieving an action set mapping corresponding to each received message, generating an action set from the action set mapping and enqueueing the generated action set onto an event queue; and
an action set processor processing each generated action set by invoking a process method on the generated action set next identified for processing within the event queue and repeating the process method for any further generated action sets in the event queue.
11 Assignments
0 Petitions
Accused Products
Abstract
A system and a method for dynamically sensing an asynchronous network event within a modular framework for network event processing are described. An occurrence of asynchronous network events is sensed on one or more network event sensors. Each such sensor implements a common interface via which the sensor can be connected to the modular framework. At least one port over which can be received a message from a network agent indicating the occurrence of a network event is passively monitored. The message includes event data pertinent to the network event. The message is received over the at least one port via a listener thread and staged into a holding structure within which can be placed a plurality of received messages. Each received message is iteratively removed from the holding structure via a handler thread. An action set mapping corresponding to each received message is retrieved and an action set is generated from the action set mapping via a generator process. The generated action set is enqueued onto an event queue. Each generated action set is processed by invoking a process method on the generated action set next identified for processing within the event queue. The process method is repeated for any further generated action sets in the event queue.
-
Citations
24 Claims
-
1. A system for dynamically sensing an asynchronous network event within a modular framework for network event processing, comprising:
-
one or more network event sensors each sensing an occurrence of asynchronous network events and implementing a common interface via which the sensor can be connected to the modular framework, each sensor comprising;
at least one passively monitored port over which can be received a message from a network agent indicating the occurrence of a network event, the message including event data pertinent to the network event;
a listener thread receiving the message over the at least one port;
a holding structure staging the received message and within which can be placed a plurality of received messages;
a handler thread iteratively removing each received message from the holding structure; and
a generator process retrieving an action set mapping corresponding to each received message, generating an action set from the action set mapping and enqueueing the generated action set onto an event queue; and
an action set processor processing each generated action set by invoking a process method on the generated action set next identified for processing within the event queue and repeating the process method for any further generated action sets in the event queue. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
a thread pool comprised of the plurality of listener threads; and
the handler thread iteratively removing each received message from the holding structure for each listener thread in the thread pool.
-
-
3. A system according to claim 1, wherein at least one such network event sensor is an authenticated sensor, further comprising:
-
a secure connection formed between the at least one network agent and the authenticated sensor; and
the listener thread receiving the message over the secure connection upon authentication of the at least one network agent and the authenticated sensor.
-
-
4. A system according to claim 3, wherein the authenticated sensor is a certogram sensor and the secure connection is effected via a Transport Layer Security connection.
-
5. A system according to claim 1, wherein at least one such network event sensor is an SNMP-capable sensor, further comprising:
the listener thread receiving an SNMP trap from the at least one network agent.
-
6. A system according to claim 1, wherein at least one such network event sensor is a polling sensor, further comprising:
the listener thread periodically sending a polling message from the polling sensor and sensing the occurrence of a network event via a reply message received by the polling sensor responsive to the polling message.
-
7. A system according to claim 1, further comprising:
the action set processor pre-assigning a priority to each generated action set and enumerating the generated action sets within the event queue in order of pre-assigned priority.
-
8. A system according to claim 1, wherein the holding structure is a First-In-First-Out (FIFO) list.
-
9. A system according to claim 1, wherein the common interface is COM-compliant.
-
10. A method for dynamically sensing an asynchronous network event within a modular framework for network event processing, comprising:
-
sensing an occurrence of asynchronous network events on one or more network event sensors, each such sensor implementing a common interface via which the sensor can be connected to the modular framework, comprising;
passively monitoring at least one port over which can be received a message from a network agent indicating the occurrence of a network event, the message including event data pertinent to the network event;
receiving the message over the at least one port via a listener thread and staging the received message into a holding structure within which can be placed a plurality of received messages;
iteratively removing each received message from the holding structure via a handler thread;
retrieving an action set mapping corresponding to each received message and generating an action set from the action set mapping via a generator process; and
enqueueing the generated action set onto an event queue; and
processing each generated action set, comprising;
invoking a process method on the generated action set next identified for processing within the event queue; and
repeating the process method for any further generated action sets in the event queue. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
forming a thread pool comprised of the plurality of listener threads; and
iteratively removing each received message from the holding structure for each listener thread in the thread pool.
-
-
12. A method according to claim 10, wherein at least one such network event sensor is an authenticated sensor, further comprising:
-
forming a secure connection between the at least one network agent and the authenticated sensor; and
receiving the message over the secure connection upon authentication of the at least one network agent and the authenticated sensor.
-
-
13. A method according to claim 12, wherein the authenticated sensor is a certogram sensor and the secure connection is effected via a Transport Layer Security connection.
-
14. A method according to claim 10, wherein at least one such network event sensor is an SNMP-capable sensor, further comprising:
receiving an SNMP trap from the at least one network agent.
-
15. A method according to claim 10, wherein at least one such network event sensor is a polling sensor, further comprising:
-
periodically sending a polling message from the polling sensor; and
sensing the occurrence of a network event via a reply message received by the polling sensor responsive to the polling message.
-
-
16. A method according to claim 10, further comprising:
-
pre-assigning a priority to each generated action set; and
enumerating the generated action sets within the event queue in order of pre-assigned priority.
-
-
17. A method according to claim 10, wherein the holding structure is a First-In-First-Out (FIFO) list.
-
18. A method according to claim 10, wherein the common interface is COM-compliant.
-
19. A computer-readable storage medium holding code for dynamically sensing an asynchronous network event within a modular framework for network event processing, comprising:
-
sensing an occurrence of asynchronous network events on one or more network event sensors, each such sensor implementing a common interface via which the sensor can be connected to the modular framework, comprising;
passively monitoring at least one port over which can be received a message from a network agent indicating the occurrence of a network event, the message including event data pertinent to the network event;
receiving the message over the at least one port via a listener thread and staging the received message into a holding structure within which can be placed a plurality of received messages;
iteratively removing each received message from the holding structure via a handler thread;
retrieving an action set mapping corresponding to each received message and generating an action set from the action set mapping via a generator process; and
enqueueing the generated action set onto an event queue; and
processing each generated action set, comprising;
invoking a process method on the generated action set next identified for processing within the event queue; and
repeating the process method for any further generated action sets in the event queue. - View Dependent Claims (20, 21, 22, 23, 24)
forming a thread pool comprised of the plurality of listener threads; and
iteratively removing each received message from the holding structure for each listener thread in the thread pool.
-
-
21. A storage medium according to claim 19, wherein at least one such network event sensor is an authenticated sensor, further comprising:
-
forming a secure connection between the at least one network agent and the authenticated sensor; and
receiving the message over the secure connection upon authentication of the at least one network agent and the authenticated sensor.
-
-
22. A storage medium according to claim 19, wherein at least one such network event sensor is an SNMP-capable sensor, further comprising:
receiving an SNMP trap from the at least one network agent.
-
23. A storage medium according to claim 19, wherein at least one such network event sensor is a polling sensor, further comprising:
-
periodically sending a polling message from the polling sensor; and
sensing the occurrence of a network event via a reply message received by the polling sensor responsive to the polling message.
-
-
24. A storage medium according to claim 19, further comprising:
-
pre-assigning a priority to each generated action set; and
enumerating the generated action sets within the event queue in order of pre-assigned priority.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeNetworks Associates, Inc. (McAfee, LLC)
-
InventorsTryon, James Robert Jr., OʼBrien, Eric David
-
Primary Examiner(s)Meky, Moustafa M.
-
Application NumberUS09/494,234Time in Patent Office1,044 DaysField of Search709/200, 709/201, 709/205, 709/206, 709/217, 709/218, 709/219, 709/220, 709/223, 709/224US Class Current709/224CPC Class CodesH04L 41/0213 Standardised network manage...H04L 41/046 comprising network manageme...H04L 41/06 Management of faults, event...H04L 41/0604 using filtering, e.g. reduc...H04L 43/0811 by checking connectivityH04L 63/0428 wherein the data content is...H04L 63/08 for authentication of entit...H04L 63/1408 by monitoring network traff...H04L 63/166 at the transport layer
