System and process for reporting network events with a plurality of hierarchically-structured databases in a distributed computing environment
First Claim
1. A system for reporting network events using hierarchically-structured event databases in a distributed computing environment, comprising:
- a centralized broker executing on a designated system within the distributed computing environment;
at least one security application provided as a plug-in component on a client system interfaced remotely to the centralized broker;
a local event database maintained on the client system and comprising a set of entries in which network events generated by the at least one security application are transitorily stored;
a communications server service receiving network events forwarded from the local event database and exposing a set of communication interfaces implementing a plurality of event methods which each define an event management function which can be invoked by the centralized broker;
a database engine accessing network entries in a centralized event database responsive to calls on the event management functions by the centralized broker;
the centralized event database maintained on the designated system and comprising a set of entries in which network events received via the communications server service are stored;
a local security application interfaced with the centralized broker as a snap-in component comprising at least one of an antivirus scanner and a firewall, the local security application providing controls for viewing the network events;
at least one intermediate security application executing as a plug-in component on an intermediate client system remotely interfaced to the centralized broker and logically situated within the distributed computing environment between the client system and the designated system; and
a local intermediate event database maintained on the intermediate client system and comprising a set of entries in which network events forwarded from the local event database are transitorily staged.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and a process for reporting network events using hierarchically-structured event databases in a distributed computing environment are disclosed. A centralized broker is executed on a designated system within the distributed computing environment. At least one security application is provided as a plug-in component on a client system interfaced remotely to the centralized broker. A local event database is maintained on the client system. The local event database includes a set of entries in which network events generated by the at least one security application are transitorily stored. Network events forwarded from the local event database are received via a communications server service. The communications server service exposes a set of communication interfaces implementing a plurality of event methods. Each communication interface defines an event management function which can be invoked by the centralized broker. Network entries in a centralized event database are accessed responsive to calls on the event management functions by the centralized broker. The centralized event database is maintained on the designated system. The centralized event database includes a set of entries in which network events received via the communications server service are stored.
-
Citations
24 Claims
-
1. A system for reporting network events using hierarchically-structured event databases in a distributed computing environment, comprising:
-
a centralized broker executing on a designated system within the distributed computing environment;
at least one security application provided as a plug-in component on a client system interfaced remotely to the centralized broker;
a local event database maintained on the client system and comprising a set of entries in which network events generated by the at least one security application are transitorily stored;
a communications server service receiving network events forwarded from the local event database and exposing a set of communication interfaces implementing a plurality of event methods which each define an event management function which can be invoked by the centralized broker;
a database engine accessing network entries in a centralized event database responsive to calls on the event management functions by the centralized broker;
the centralized event database maintained on the designated system and comprising a set of entries in which network events received via the communications server service are stored;
a local security application interfaced with the centralized broker as a snap-in component comprising at least one of an antivirus scanner and a firewall, the local security application providing controls for viewing the network events;
at least one intermediate security application executing as a plug-in component on an intermediate client system remotely interfaced to the centralized broker and logically situated within the distributed computing environment between the client system and the designated system; and
a local intermediate event database maintained on the intermediate client system and comprising a set of entries in which network events forwarded from the local event database are transitorily staged. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
the security application describing at least one such network event generated by the security application as a log event communicating a dataset result.
-
-
3. A system according to claim 2, further comprising:
the security application grouping each log event describing a similar dataset result into a class.
-
4. A system according to claim 1, further comprising:
the security application describing at least one such network event generated by the security application as an alert event communicating a security notification.
-
5. A system according to claim 4, further comprising:
the security application assigning a priority to each alert event representing a pre-defined severity level.
-
6. A system according to claim 1, wherein the local security application comprises at least one of a database query application and a graphical report generation application.
-
7. A system according to claim 1, further comprising:
at least one alerting device communicatively interfaced to the centralized broker, the communications server service dispatching the at least one alerting device responsive to calls on the event management functions by the centralized broker.
-
8. A system according to claim 7, wherein the alerting device comprises at least one of a pager device and an electronic mail device.
-
9. A system according to claim 1, wherein the set of communication interfaces is COM-compliant.
-
10. A process for reporting network events using hierarchically-structured event databases in a distributed computing environment, comprising:
-
executing a centralized broker on a designated system within the distributed computing environment;
providing at least one security application as a plug-in component on a client system interfaced remotely to the centralized broker;
maintaining a local event database on the client system, the local event database comprising a set of entries in which network events generated by the at least one security application are transitorily stored;
receiving network events forwarded from the local event database via a communications server service which exposes a set of communication interfaces implementing a plurality of event methods which each define an event management function which can be invoked by the centralized broker;
accessing network entries in a centralized event database responsive to calls on the event management functions by the centralized broker;
maintaining the centralized event database on the designated system, the centralized event database comprising a set of entries in which network events received via the communications server service are stored;
interfacing a local security application with the centralized broker as a snap-in component comprising at least one of an antivirus scanner and a firewall, the local security application providing controls for viewing the network events;
executing at least one intermediate security application as a plug-in component on an intermediate client system remotely interfaced to the centralized broker and logically situated within the distributed computing environment between the client system and the designated system; and
maintaining a local intermediate vent database on the intermediate client system and comprising a set of entries in which network events forwarded from the local event database are transitorily staged. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
describing at least one such network event generated by the security application as a log event communicating a dataset result.
-
-
12. A process according to claim 10, further comprising:
grouping each log event describing a similar dataset result into a class.
-
13. A process according to claim 10, further comprising:
describing at least one such network event generated by the security application as an alert event communicating a security notification.
-
14. A process according to claim 13, further comprising:
assigning a priority to each alert event representing a pre-defined severity level.
-
15. A process according to claim 10, wherein the local security application comprises at least one of a database query application and a graphical report generation application.
-
16. A process according to claim 10, further comprising:
communicatively interfacing at least one alerting device to the centralized broker, the communications server service dispatching the at least one alerting device responsive to calls on the event management functions by the centralized broker.
-
17. A process according to claim 16, wherein the alerting device comprises at least one of a pager device and an electronic mail device.
-
18. A process according to claim 10, wherein the set of communication interfaces is COM-compliant.
-
19. A computer-readable storage medium holding code for reporting network events using hierarchically-structured event databases in a distributed computing environment, comprising:
-
executing a centralized broker on a designated system within the distributed computing environment;
providing at least one security application as a plug-in component on a client system interfaced remotely to the centralized broker, maintaining a local event database on the client system, the local event database comprising a set of entries in which network events generated by the at least one security application are transitorily stored;
receiving network events forwarded from the local event database via a communications server service which exposes a set of communication interfaces implementing a plurality of event methods which each define an event management function which can be invoked by the centralized broker;
accessing network entries in a centralized event database responsive to calls on the event management functions by the centralized broker;
maintaining the centralized event database on the designated system, the centralized event database comprising a set of entries in which network events received via the communications server service are stored; and
interfacing a local security application with the centralized broker as a snap-in component comprising at least one of an antivirus scanner and a firewall, the local security application providing controls for viewing the network events;
executing at least one intermediate security application as a plug-in component on an intermediate client system remotely interfaced to the centralized broker and logically situated within the distributed computing environment between the client system and the designated system; and
maintaining a local intermediate event database on the intermediate client system and comprising a set of entries in which network events forwarded from the local event database are transitorily staged. - View Dependent Claims (20, 21, 22, 23, 24)
describing at least one such network event generated by the security application as a log event communicating a dataset result.
-
-
21. A storage medium according to claim 20, further comprising:
grouping each log event describing a similar result into a class.
-
22. A storage medium according to claim 19, further comprising:
describing at least one such network event generated by the security application alert event communicating a security notification.
-
23. A storage medium according to claim 22, further comprising:
assigning a priority to each alert event representing a pre-defined severity level.
-
24. A storage medium according to claim 19, further comprising:
communicatively interfacing at least one alerting device to the centralized broker, the communications server service dispatching the at least one alerting device responsive to calls on the event management functions by the centralized broker.
Specification