Method and apparatus for identifying problems in computer networks
First Claim
1. In a computer system having a processor, memory and a network interface, an apparatus for monitoring a plurality of device or process objects operatively coupled to the computer system over a computer network, the apparatus comprising:
- (a) a performance poller for sending performance queries to the plurality of monitored objects and for receiving responses therefrom;
(b) a status poller for sending fault queries to the plurality of monitored objects and for receiving responses thereto;
(c) a fault trapper for receiving fault traps generated by the monitored objects;
(d) a decision engine responsive to decision requests from any of the fault trapper, status poller and performance poller indicating that one of the plurality of monitored objects has abnormal status, the decision engine further configured to send a verification query to said one of the plurality of monitored objects identified in the decision request and for receiving a response to the verification query from said one of the plurality of monitored objects confirming or denying abnormal status thereof;
(e) a memory for storing;
(i) data relating to the monitored objects,(ii) data relating to status of the monitored objects,(iii) data identifying any parent/child dependency relations among the monitored objects; and
(f) a case management module for receiving case management requests from the decision engine.
5 Assignments
0 Petitions
Accused Products
Abstract
A network appliance for monitoring, diagnosing and documenting problems among a plurality of devices and processes (objects) coupled to a computer network utilizes periodic polling and collection of object-generated trap data to monitor the status of objects on the computer network. The status of a multitude of objects is maintained in memory utilizing virtual state machines which contain a small amount of persistent data but which are modeled after one of a plurality of finite state machines. The memory further maintains dependency data related to each object which identifies parent/child relationships with other objects at the same or different layers of the OSI network protocol model. A decision engine verifies through on-demand polling that a device is down. A root cause analysis module utilizes status and dependency data to locate the highest object in the parent/child relationship tree that is affected to determine the root cause of a problem. Once a problem has been verified, a “case” is opened and notification alerts may be sent out to one or more devices. A user interface allows all objects within the network to be displayed with their respective status and their respective parent/child dependency objects in various formats.
137 Citations
40 Claims
-
1. In a computer system having a processor, memory and a network interface, an apparatus for monitoring a plurality of device or process objects operatively coupled to the computer system over a computer network, the apparatus comprising:
-
(a) a performance poller for sending performance queries to the plurality of monitored objects and for receiving responses therefrom; (b) a status poller for sending fault queries to the plurality of monitored objects and for receiving responses thereto; (c) a fault trapper for receiving fault traps generated by the monitored objects; (d) a decision engine responsive to decision requests from any of the fault trapper, status poller and performance poller indicating that one of the plurality of monitored objects has abnormal status, the decision engine further configured to send a verification query to said one of the plurality of monitored objects identified in the decision request and for receiving a response to the verification query from said one of the plurality of monitored objects confirming or denying abnormal status thereof; (e) a memory for storing; (i) data relating to the monitored objects, (ii) data relating to status of the monitored objects, (iii) data identifying any parent/child dependency relations among the monitored objects; and (f) a case management module for receiving case management requests from the decision engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In an apparatus operatively coupled over a computer network to a plurality of device or process objects, selected of the plurality of objects having parent/child dependency relations, a method comprising:
-
(a) maintaining in a memory data relating to the monitored objects and data identifying any parent/child dependency relations among the monitored objects; (b) monitoring the status of the plurality of monitored objects; (c) storing data relating to the status of the monitored objects in memory; (d) if the data indicating the status of a monitored object is not normal, verifying that the status of the monitored object is not normal; and (e) identifying a cause for the status of the monitored object to be not normal (e1) for each of selected monitored objects within a parent/child dependency relation, comparing data previously stored in memory identifying a prior status of a monitored object with data indicating a current status of a monitored object; (e2) identifying any monitored object within the parent/child dependency relation having a status change; (e3) comparing the data in memory identifying the parent/child dependency relations with the monitored objects having a status change; and (e4) identifying a highest parent object in the parent/child dependency relation that has a status other than normal. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. In an apparatus operatively coupled over a computer network to a plurality of device or process objects, selected of the plurality of objects having parent/child dependency relations, a method comprising:
-
(a) a memory for maintaining in a memory data relating to the monitored objects and data identifying any parent/child dependency relations among the monitored objects; (b) means for monitoring the status of the plurality of monitored objects; (c) means for storing data relating to the status of the monitored objects in memory; (d) means for verifying that the status of the monitored object is not normal, if the data indicating the status of a monitored object is not normal; and (e) means for identifying a cause for the status of the monitored object to be not normal comprising; (e1) means for comparing data previously stored in memory identifying a prior status of a monitored object with data indicating a current status of a monitored object, for each of selected monitored objects within a parent/child dependency relation; (e2) means for identifying any monitored object within the parent/child dependency relation having a status change; (e3) means for comparing the data in memory identifying the parent/child dependency relations with the monitored objects having a status change; and (e4) means for identifying a highest parent object in the parent/child dependency relation that has a status other than normal. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. In a computer system having a processor, memory and a network interface, and an apparatus for monitoring a plurality of device or process objects operatively coupled to the computer system over a computer network, the apparatus comprising:
-
(a) sending queries to the plurality of monitored objects with a polling module; (b) receiving responses from the plurality of monitored objects; (c) receiving traps generated by the monitored objects with a trap receiver module; (d) receiving decision requests from any of the trap receiver and polling module with a decision engine, (e) sending a verification query to one of the plurality of monitored objects identified in the decision request; (f) receiving a response to the verification query with a decision engine; (g) storing data relating to status of the monitored object; (h) receiving requests to open a case related to a monitored object; and (i) presenting data relating to the case. - View Dependent Claims (27, 28, 29)
-
-
30. In an apparatus operatively coupled over a computer network to a plurality of device or process objects, a method comprising:
-
(a) monitoring the status of the plurality of monitored objects over the computer network; (b) receiving data indicating that the status of one of the plurality of monitored objects, and, if the data indicating that the status of the monitored object is not normal, verifying that the status of the monitored object is not normal by (b1) sending a verification query to said one monitored object, and (b2) receiving a response to the verification query from said one monitored object confirming or denying abnormal status thereof; and (c) storing data in a memory relating to the status of the monitored object; and (d) presenting data relating to the monitored objects.
-
-
31. In a computer system having a processor, memory and a network interface, an apparatus for monitoring a plurality of device or process objects operatively coupled to the computer system over a computer network, the apparatus comprising:
-
(a) means for monitoring the status of the plurality of monitored objects;
it'"'"'s(b) means for receiving data indicating the status of a monitored object; (c) means for storing data relating to the status of the monitored objects in memory; (d) means for verifying that the status of the monitored object is not normal, if the data indicating the status of a monitored object is not normal, said means further comprising means for sending a verification query to an identified one of the plurality of monitored objects and for receiving a response to the verification query from said identified one of the plurality of monitored objects confirming or denying abnormal status thereof; and (e) means for initializing a case relating to a monitored object having a verified status other than normal. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A computer program product for use with a computer system having a memory and operatively connectable to a network and capable of communicating with one or more other processes operatively connectable to the network, the computer program product comprising a computer readable medium having computer program code embodied thereon comprising:
-
(a) program code for monitoring the status of the plurality of monitored objects; (b) program code for receiving data indicating the status of a monitored object; (c) program code for storing data relating to the status of the monitored objects in memory; (d) program code for verifying that the status of the monitored object is not normal, if the data indicating the status of a monitored object is not normal said program code further comprising program code for sending a verification query to an identified one of the plurality of monitored objects and for receiving a response to the verification query from said identified one of the plurality of monitored objects confirming or denying abnormal status thereof; and (e) program code for initializing a case relating to a monitored object having a verified status other than normal.
-
Specification