Apparatus for event log management

US 7,155,514 B1
Filed: 03/14/2003
Issued: 12/26/2006
Est. Priority Date: 09/12/2002
Status: Active Grant

First Claim

Patent Images

1. An agent-free system for event log management residing on at least one computer, the computer being integral to a computer network wherein at least one computer of the computer network is generating event logs, at least one database in communication with the computer network, the agent-free system having a plurality of data structures formulated into at least one instruction module to direct the event log management of the event logs across a domain of the computer network, comprising:

a) an Event Alarm Module operationally retrieving at least one event log record from a selected computer within the computer network;

b) said Event Alarm Module selectively notifying a selected recipient of said retrieved event log record;

c) said Event Alarm Module storing said retrieved event log record on the database;

d) an Event Archiver Module operationally retrieving at least one event log record from a selected computer within the computer network;

e) said Event Archiver Module selectively storing said retrieved event log record on the database;

f) an Event Analyst Module opening at least one window containing event log records selected from a group consisting of Event Alarm Module'"'"'s stored event log records and Event Archiver Module'"'"'s stored event log records; and

g) said Event Alarm Module operationally retrieving at least one event log record is defined as said Event Alarm Module loading an Event Log Reader Control onto its memory space, said Event Log Reader Control searches the network according to a predefined criteria for at least one event log record, once obtained said Event Log Reader Control returns the event log to said Event Alarm Module, subsequently said Event Alarm Module unloads said Event Log Reader Control from its memory space.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An agent-free modular Event Log Management System for commanding and controlling system event logs. The Event Log Management System'"'"'s modules function independently or in concert with other system modules. The system comprises four separate and distinct agent-free modules that command and control event archiving, event alarm and event analysis of data residing on server computers and/or databases within a given computer network and system configuration management. Any given module may, if desired, operationally function independent of the other three modules or the four modules may be combined and in concert form the agent-free modular Event Log Management System. When deployed as a system the modules reside on at least one data storage medium of the computer network wherein at least one computer of the network is generating event logs.

Citations

34 Claims

1. An agent-free system for event log management residing on at least one computer, the computer being integral to a computer network wherein at least one computer of the computer network is generating event logs, at least one database in communication with the computer network, the agent-free system having a plurality of data structures formulated into at least one instruction module to direct the event log management of the event logs across a domain of the computer network, comprising:
- a) an Event Alarm Module operationally retrieving at least one event log record from a selected computer within the computer network;
  
  b) said Event Alarm Module selectively notifying a selected recipient of said retrieved event log record;
  
  c) said Event Alarm Module storing said retrieved event log record on the database;
  
  d) an Event Archiver Module operationally retrieving at least one event log record from a selected computer within the computer network;
  
  e) said Event Archiver Module selectively storing said retrieved event log record on the database;
  
  f) an Event Analyst Module opening at least one window containing event log records selected from a group consisting of Event Alarm Module'"'"'s stored event log records and Event Archiver Module'"'"'s stored event log records; and
  
  g) said Event Alarm Module operationally retrieving at least one event log record is defined as said Event Alarm Module loading an Event Log Reader Control onto its memory space, said Event Log Reader Control searches the network according to a predefined criteria for at least one event log record, once obtained said Event Log Reader Control returns the event log to said Event Alarm Module, subsequently said Event Alarm Module unloads said Event Log Reader Control from its memory space.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 30, 31, 32, 33, 34)
- - 2. An agent-free system as recited in claim 1 further comprising:
    - h) said Event Analyst Module operationally retrieving at least one event log record;
      
      i) said Event Analyst Module selectively parsing said retrieved event log record;
      
      j) said Event Analyst Module opening a second window containing said selectively parsed event log records; and
      
      k) said Event Analyst Module storing on the database said selectively parsed event log records.
  - 3. An agent-free system as recited in claim 1 further comprising:
    - l) said Event Analyst Module operationally retrieving at least one event log record;
      
      m) said Event Analyst Module selectively parsing said retrieved event log record;
      
      n) said Event Analyst Module opening a second window containing said selectively parsed event log records; and
      
      o) said Event Analyst Module clearing said selectively parsed event log records from the originating computer.
  - 4. An agent-free system as recited in claim 1 wherein said selected computer is the same computer hosting said Event Alarm Module.
  - 5. An agent-free system as recited in claim 1 wherein said selected computer is a computer other than the computer hosting said Event Alarm Module.
  - 6. An agent-free system as recited in claim 1 wherein said selectively notifying is selected from a group consisting of network popup message, email, Syslog message, pager, SNMP trap, custom executable action, and a listening console.
  - 7. An agent-free system as recited in claim 1 wherein said selected recipient is selected from a group-consisting of a System Administrator, a computer, an Access database and an ODBC database.
  - 8. An agent-free system as recited in claim 1 wherein said Event Archiver Module operationally retrieving at least one event log record is defined as said Event Archiver Module saving an event log file to disk, loading an Event Log Reader Control onto its memory space, retrieving at least one event log record, once obtained said Event Log Reader Control returns the event log file and/or event log records to said Event Archiver Module, optionally removing the original saved event log from disk, subsequently said Event Archiver Module unloads said Event Log Reader Control from its memory space.
  - 9. An agent-free system as recited in claim 1 wherein said Event Archiver Module selectively storing said retrieved event log record is defined as storing format being selected from a group consisting of EVT file, compressed EVT File, comma-delimited text file, compressed text file, Access database table and ODBC database table.
  - 10. An agent-free system as recited in claim 2 wherein said Event Analyst Module operationally retrieving at least one event log record is defined as said Event Analyst Module selectively loading an Event Log Reader Control onto its memory space, said Event Log Reader Control searches the network according to a predefined criteria for at least one event log record, once obtained said Event Log Reader Control returns the event log to said Event Analyst Module, subsequently said Event Analyst Module unloads said Event Log Reader Control from its memory space.
  - 11. An agent-free system as recited in claim 3 wherein said Event Analyst Module operationally retrieving at least one event log record is defined as said Event Analyst Module selectively loading an Event Log Reader Control onto its memory space, said Event Log Reader Control searches the network according to a predefined criteria for at least one event log record, once obtained said Event Log Reader Control returns the event log to said Event Analyst Module, subsequently said Event Analyst Module unloads said Event Log Reader Control from its memory space.
  - 12. An agent-free system as recited in claim 2 wherein said stored event log records are selected from a group consisting of event log records for viewing, event log records for filtering, event log records for exporting and event log records for reporting.
  - 30. An agent-free system as recited in claim 1 further comprising:
    - i) a Site Manager Module selectively locating said Event Alarm Module, said Event Archiver Module and said Event Analyst Module on the computer network; and
      
      j) said Site Manager Module pushing selected dataset configuration to selected located computers having said Event Alarm Module, said Event Archiver Module or said Event Analyst Module disposed thereon.
  - 31. An agent-free system as recited in claim 30 wherein said Site Manager Module selectively locating said Event Alarm Module, said Event Archiver Module and said Event Analyst Module on the computer network comprises:
    - a) said Site Manager Module having a network scanning program to locate which computers of the network have said Event Archiver Module operationally disposed thereon;
      
      b) said network scanning program locating which computers of the network have said Event Alarm Module operationally disposed thereon;
      
      c) said network scanning program locating which computers of the network have said Event Analyst Module operationally disposed thereon; and
      
      d) said Site Manager Module having a schema program for constructing a viewable map of the locations of said Event Alarm Module, said Event Archiver Module and said Event Analyst Module on the computer network.
  - 32. An agent-free system as recited in claim 30 wherein said dataset configuration is selected from a group consisting of updating the Event Archiver global properties, updating the Event Archiver Module Configuration database and loading an Event Archiver Service.
  - 33. An agent-free system as recited in claim 30 wherein said dataset configuration is selected from a group consisting of updating Event Alarm global properties, updating Event Alarm Module Configuration database and loading an Event Alarm Service.
  - 34. An agent-free system as recited in claim 30 wherein said dataset configuration is selected from a group consisting of updating Event Analyst global properties, updating the Event Analyst Module Configuration database and loading an Event Analyst Service.

13. An agent-free system for event log management residing on at least one computer, the computer being integral to a computer network, wherein at least one computer of the computer network is generating event logs, at least one database in communication with the computer network, the agent-free system having a plurality of data structures formulated into at least one instruction module to direct the event log management of the event logs across a domain of the computer network, comprising:
- a) an Event Alarm Module in communication with the computer network;
  
  b) said Event Alarm Module loading an Event Log Reader Control into its memory space;
  
  c) said Event Log Reader Control retrieving selected event log records from at least one computer of the network;
  
  d) said Event Alarm Module evaluating said retrieved event log records according to a selected alarm criteria;
  
  e) said Event Alarm Module selectively generating an event alarm based on said evaluation;
  
  f) an Event Alarm Module selectively notifying the computer network of said event alarm;
  
  g) said Event Alarm Module unloading said Event Log Reader Control from its memory space; and
  
  h) said Event Alarm Module operationally retrieving at least one event log record is defined as said Event Alarm Module loading an Event Log Reader Control onto its memory space, said Event Log Reader Control searches the network according to a predefined criteria for at least one event log record, once obtained said Event Log Reader Control returns the event log to said Event Alarm Module, subsequently said Event Alarm Module unloads said Event Log Reader Control from its memory space.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. An agent-free system as recited in claim 13 wherein said selectively generated event alarm is determined by a predefined alarm configuration.
  - 15. An agent-free system as recited in claim 13 further comprising:
    - an Event Alarm Module selectively notifying the network of said event alarm.
  - 16. An agent-free system as recited in claim 13 further comprising:
    - said Event Alarm Module selectively polling the computer network domain for selected event logs.
  - 17. An agent-free system as recited in claim 13 further comprising:
    - a) an Event Alarm Service in communication with said Event Alarm Module;
      
      b) an Event Alarm Control Panel in communication with said Event Alarm Service;
      
      c) said Event Alarm Control Panel receiving requests for operational direction governing event log management; and
      
      d) said Event Alarm Service translating said requests into commands for controlling said Event Alarm Module.
  - 18. An agent-free system as recited in claim 13 wherein said Event Log Reader Control comprises:
    - a) a plurality of data structures formulated into Event Log Reader Logic, said Event Log Reader Logic receiving a request to read a selected event log;
      
      b) said Event Log Reader Logic determining the location of said selected event log;
      
      c) said Event Log Reader Logic opening a handle to an event log file containing said selected event log;
      
      d) said Event Log Reader Logic receiving the location from said Event Alarm Module of said selected event log within said event log file;
      
      e) said Event Log Reader Logic assembling an event log record of said selected event log;
      
      f) said Event Log Reader Logic transmitting said event log record to said Event Alarm Module; and
      
      g) said Event Log Reader Logic receiving a command from said Event Alarm Module to close event logs, registry, and message file handles and unloads said Event Log Reader Control from the memory of said selected computer of the computer network.
  - 19. An agent-free system as recited in claim 18 wherein said Event Log Reader Logic assembles said event log record via an Internal Log Parsing Cache.
  - 20. An agent-free system as recited in claim 18 wherein said Event Log Reader Logic assembles said event log record via an External Log Parsing Cache.
  - 21. An agent-free system as recited in claim 18 wherein said event log record content is selected from a group consisting of account name, category name, parameter name, GUID name and description framework.

22. An agent-free system for event log management residing on at least one computer, the computer being integral to a computer network, wherein at least one computer of the computer network is generating event logs, at least one database in communication with the computer network, the agent-free system having a plurality of data structures formulated into at least one instruction module to direct the event log management of the event logs across a domain of the computer network, comprising:
- a) an Event Archiver Module in communication with the computer network;
  
  b) said Event Archiver Module loading an Event Log Reader Control into its memory space;
  
  c) said Event Log Reader Control retrieving selected event log records from at least one said computer;
  
  d) said Event Archiver Module selectively storing said retrieved event log records;
  
  e) said Event Archiver Module selectively clearing said stored event log records from the originating said computer; and
  
  f) said Event Archiver Module unloading said Event Log Reader Control from said selected computer; and
  
  g) said Event Alarm Module operationally retrieving at least one event log record is defined as said Event Alarm Module loading an Event Log Reader Control onto its memory space, said Event Log Reader Control searches the network according to a predefined criteria for at least one event log record, once obtained said Event Log Reader Control returns the event log to said Event Alarm Module, subsequently said Event Alarm Module unloads said Event Log Reader Control from its memory space.
- View Dependent Claims (23, 24, 25)
- - 23. An agent-free system as recited in claim 22 further comprising:
    - h) an Audit Policy push-deployed to selected computers across the domain of the computer network;
      
      i) said Audit Policy creating a uniform event log size for selected computers across the domain of the computer network; and
      
      j) said Audit Policy creating uniform retention of event logs for computers across the domain of the computer network.
  - 24. An agent-free system as recited in claim 22 wherein said selectively clearing said stored event log records being driven by time based scheduling.
  - 25. An agent-free system as recited in claim 22 wherein said selectively storing said retrieved event log records being retrievable in a format selected from a group consisting of .EVT, ODBC, comma-delimited, Access, .EVT and comma delimited, EVT and Access, .EVT and ODBC.

26. An agent-free system for event log management residing on at least one computer, the computer being integral to a computer network, wherein at least one computer of the computer network is generating event logs, at least one database in communication with the computer network, the agent-free system having a plurality of data structures formulated into at least one instruction module to direct the event log management of the event logs across a domain of the computer network, comprising:
- a) an Event Analyst Module in communication with the computer network;
  
  b) said Event Analyst Module loading an Event Log Reader Control into its memory space;
  
  c) said Event Log Reader Control retrieving selected event log records from at least one computer of the computer network;
  
  d) said Event Analyst Module selectively filtering said retrieved event log records;
  
  e) said Event Analyst Module selectively generating at least one window containing said filtered event log records;
  
  f) an Event Analyst Module formulating at least one report derived from said window containing said filtered event log records; and
  
  g) said Event Analyst Module unloading said Event Log Reader Control from its memory space; and
  
  h) said Event Alarm Module operationally retrieving at least one event log record is defined as said Event Alarm Module loading an Event Log Reader Control onto its memory space, said Event Log Reader Control searches the network according to a predefined criteria for at least one event log record, once obtained said Event Log Reader Control returns the event log to said Event Alarm Module, subsequently said Event Alarm Module unloads said Event Log Reader Control from its memory space.
- View Dependent Claims (27, 28, 29)
- - 27. An agent-free system as recited in claim 26 further comprising a predefined filter operationally disposed to said Event Analyst Module for retrieving selected event log records.
  - 28. An agent-free system as recited in claim 26 wherein said window containing said filtered event log records being displayable in a format selected from a group consisting of .EVT, comma-delimited, Access and ODBC.
  - 29. An agent-free system as recited in claim 26 further comprising:
    - i) an Events Database in communication with said Event Analyst Module;
      
      k) said Events Database having stored therein selectively filtered event log records;
      
      k) said selectively filtered event log records representing selected event activity;
      
      l) said selected event activity derived from recurring events;
      
      m) said recurring events being stored according to the source of the event; and
      
      n) said recurring events being stored according to an EventID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Progress Software Corporation
Original Assignee
Dorian Software Creations, Inc. (Whatsup Gold Co.)
Inventors
Milford, Robert Andrew
Primary Examiner(s)
DINH, KHANH Q

Application Number

US10/389,062
Time in Patent Office

1,383 Days
Field of Search

709/217, 709/224, 709/227, 709/245, 709/225, 370/236, 370/241, 379/32, 379/33, 345/736
US Class Current

709/225
CPC Class Codes

H04L 41/06 Management of faults, event...

H04L 43/0817 by checking functioning

Apparatus for event log management

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus for event log management

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links