System and method for providing an internet-based correlation service
First Claim
Patent Images
1. A data processing apparatus for correlating events among a number of client services comprising:
- at least one computer comprising;
a memory having program instructions; and
a processor configured to use said program instructions to provide;
a network management service;
an event notification service;
a network mediation service adapted to;
receive raw event data from heterogeneous network entities including at least the Internet; and
transmit said raw event data to said event notification service;
a message parsing service adapted to;
receive a raw event data from said event notification service;
parse said raw event data; and
transmit said parsed event data to said event notification service; and
an event correlation service coupled to a knowledge database comprising correlation knowledge, said event correlation service adapted to;
receive said parsed event from said event notification service;
utilize data stored in said knowledge database to derive an event from said parsed event data; and
transmit said derived event to a consumer via said event notification service, wherein said consumer may be comprises at least one operator workstation and at least one of the heterogeneous entities;
wherein said network mediation, message parsing, event notification and network management services are coupled together via a plurality of interfaces.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system are disclosed for efficiently correlating events within a data processing system and then transmitting messages to various network entities in response to an occurrence of a particular network event. According to the present invention, a network mediation service receives raw message streams from one or more external data sources and passes the streams in real-time to the event notification service. The event notification service then passes the message to the message parsing service for processing. After the message has been parsed by the message parsing service, it is passed back to the event notification service which passes the message along an event channel to the network management service. The message is also passed to the event correlation service for event correlation. A knowledge-based database of message classes that define how to interpret the message text are used by the event correlation service to match correlation rule conditions to the observed events. After event correlation service processes the parsed event, it is passed to the network management service for resolution.
-
Citations
17 Claims
-
1. A data processing apparatus for correlating events among a number of client services comprising:
-
at least one computer comprising;
a memory having program instructions; and
a processor configured to use said program instructions to provide;
a network management service;
an event notification service;
a network mediation service adapted to;
receive raw event data from heterogeneous network entities including at least the Internet; and
transmit said raw event data to said event notification service;
a message parsing service adapted to;
receive a raw event data from said event notification service;
parse said raw event data; and
transmit said parsed event data to said event notification service; and
an event correlation service coupled to a knowledge database comprising correlation knowledge, said event correlation service adapted to;
receive said parsed event from said event notification service;
utilize data stored in said knowledge database to derive an event from said parsed event data; and
transmit said derived event to a consumer via said event notification service, wherein said consumer may be comprises at least one operator workstation and at least one of the heterogeneous entities;
wherein said network mediation, message parsing, event notification and network management services are coupled together via a plurality of interfaces. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
receive raw event data at said network mediation service from said external data monitor; and
transmit said raw event data to said message parsing service.
-
-
4. The data processing apparatus of claim 1, wherein said message parsing service is adapted to receive raw event data from said network mediation service and produce a parsed event.
-
5. The data processing apparatus of claim 2, wherein said external data monitor detects changes in a human body.
-
6. The data processing apparatus of claim 5, wherein said message parsing service is adapted to route said parsed event data to said network management service via said event notification service.
-
7. The data processing apparatus of claim 2, wherein said external data monitor detects changes in the physical security of a building.
-
8. The data processing apparatus of claim 7, wherein said message parsing service is adapted to route said parsed event data to said event correlation service via said event notification service.
-
9. The data processing apparatus of claim 1, wherein said network management service is adapted to interface with the plurality of operator workstations and the heterogeneous network entities.
-
10. The data processing apparatus of claim 9, wherein said network management service is further adapted to:
-
receive data requests from said plurality of operator workstations; and
transmit said data requests to said event correlation service via said event notification service.
-
-
11. The data processing apparatus of claim 5, wherein said event notification service is further comprised of:
-
a raw event channel;
a parsed event channel; and
a derived event channel.
-
-
12. The data processing apparatus of claim 11, wherein said event notification service is further comprised of at least one filter.
-
13. The data processing apparatus of claim 12, wherein said at least one filter is coupled to at least one of said plurality of event channels.
-
14. The data processing apparatus of claim 11, wherein said raw event channel is adapted to:
-
receive the raw event data from said network mediation service; and
transmit said raw event data to said message parsing service.
-
-
15. The data processing apparatus of claim 11, wherein said parsed event channel is adapted to:
receive the raw event data from said message parsing service; and
transmit said raw event data to said network management service.
-
16. The data processing apparatus of claim 11, wherein said parsed event channel is adapted to:
-
receive the parsed event data from said message parsing service; and
transmit said parsed event data to said event correlation service.
-
-
17. The data processing apparatus of claim 11, wherein said derived event channel is adapted to:
-
receive a derived event from said event correlation service; and
transmit said derived event to network management service.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeVerizon Laboratories Incorporated (Verizon Communications Inc.)
-
Original AssigneeVerizon Laboratories Incorporated (Verizon Communications Inc.)
-
InventorsJakobson, Gabriel, Pathak, Girish
-
Primary Examiner(s)Alam, Hosain
-
Assistant Examiner(s)WANG, LIANG CHE A
-
Application NumberUS09/577,035Time in Patent Office1,519 DaysField of Search709/224, 709/316, 709/318, 709/223, 600/300, 600/301, 908/816, 367/39US Class Current709/224CPC Class CodesH04L 41/0233 Object-oriented techniques,...H04L 41/0631 using root cause analysis; ...H04L 41/12 Discovery or management of ...
