Method and computer system for correlating network event messages

US 7,284,048 B2
Filed: 07/08/2005
Issued: 10/16/2007
Est. Priority Date: 05/23/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for correlating network event messages on a computer network comprising a message parsing service, an event correlation service, and a knowledge database coupled together via a plurality of interfaces, said method comprising:

receiving a raw event at said message parsing service;

parsing said raw event by said message parsing service;

transmitting said parsed event to said event correlation service;

utilizing data stored in said knowledge database to derive an event from said parsed event; and

transmitting said derived event to one of a plurality of operator workstations, regardless of a significance of said derived event,wherein at least one of transmitting said parsed event and transmitting said derived event comprises transmitting a respective event via an event channel that accepts incoming events from a plurality of suppliers and that forwards the events to respective consumers that are registered to receive the events.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are disclosed for efficiently correlating network events within a data processing system and then transmitting messages to various network entities in response to an occurrence of a particular network event. According to the present invention, a network mediation service receives raw message streams from one or more external networks and passes the streams in real-time to the event notification service. The event notification service then passes the message to the message parsing service for processing. After the message has been parsed by the message parsing service, it is passed back to the event notification service which passes the message along an event channel to the network management service. The message is also passed to the event correlation service for event correlation. A knowledge-based database of message classes that define how to interpret the message text are used by the event correlation service to match correlation rule conditions to the observed events. After event correlation service processes the parsed event, it is passed to the network management service for resolution.

57 Citations

View as Search Results

17 Claims

1. A method for correlating network event messages on a computer network comprising a message parsing service, an event correlation service, and a knowledge database coupled together via a plurality of interfaces, said method comprising:
- receiving a raw event at said message parsing service;
  
  parsing said raw event by said message parsing service;
  
  transmitting said parsed event to said event correlation service;
  
  utilizing data stored in said knowledge database to derive an event from said parsed event; and
  
  transmitting said derived event to one of a plurality of operator workstations, regardless of a significance of said derived event,wherein at least one of transmitting said parsed event and transmitting said derived event comprises transmitting a respective event via an event channel that accepts incoming events from a plurality of suppliers and that forwards the events to respective consumers that are registered to receive the events.
- View Dependent Claims (2, 13)
- - 2. The method of claim 1, wherein transmitting said derived event to one of a plurality of operator workstations includes:
    - transmitting said derived event from said event correlation service to a network management service; and
      
      transmitting said derived event from said network management service to one of a plurality of operator workstations.
  - 13. A computer system for correlating network events among a number of client services, the system comprising:
    - a processor;
      
      a memory coupled to the processor and storing program instructions, the program instructions configured to cause the processor to perform the method of claim 1.

3. A method for correlating network event messages on a computer network comprising a network mediation service, a message parsing service, an event notification service, an event correlation service, and a knowledge database coupled together via a plurality of interfaces, said method comprising:
- receiving a raw event at said network mediation service from an external computer network;
  
  transmitting said raw event to said message parsing service;
  
  parsing said raw event by said message parsing service;
  
  transmitting said parsed event to said event correlation service;
  
  utilizing data stored in said knowledge database to derive an event from said parsed event; and
  
  transmitting said derived event to one of a plurality of operator workstations, regardless of a significance of said derived event,wherein at least one of transmitting said raw event, transmitting said parsed event and transmitting said derived event comprises transmitting a respective event via an event channel that accepts incoming events from a plurality of suppliers and that forwards the events to respective consumers that are registered to receive the events.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 4. The method of claim 3, wherein transmitting said raw event to said message parsing service includes:
    - transmitting said raw event from said network mediation service to said event notification service; and
      
      transmitting said raw event from said event notification service to said message parsing service.
  - 5. The method of claim 4, wherein transmitting said raw event from said event notification service to said message parsing service includes:
    - receiving said raw event at a raw event channel;
      
      processing said raw event by said raw event channel; and
      
      transmitting said raw event from said raw event channel to said message parsing service.
  - 6. The method of claim 5, wherein transmitting said raw event from said raw event channel to said message parsing service includes:
    - transmitting said raw event from said raw event channel to at least one event filter; and
      
      transmitting said raw event from said at least one event filter to said message parsing service.
  - 7. The method of claim 3, wherein transmitting said parsed event to said event correlation service includes:
    - transmitting said parsed event from said message parsing service to said event notification service; and
      
      transmitting said parsed event from said event notification service to said event correlation service.
  - 8. The method of claim 7, wherein transmitting said parsed event from said event notification service to said event correlation service includes:
    - receiving said parsed event at a parsed event channel;
      
      processing said parsed event by said parsed event channel; and
      
      transmitting said processed event from said parsed event channel to said event correlation service.
  - 9. The method of claim 8, wherein transmitting said processed event from said parsed event channel to said event correlation service includes:
    - transmitting said processed event from said parsed event channel to at least one event filter; and
      
      transmitting said processed event from said at least one event filter to said event correlation service.
  - 10. The method of claim 3, wherein transmitting said derived event to one of a plurality of operator workstations includes:
    - transmitting said derived event from said event correlation service to said event notification service; and
      
      transmitting said derived event from said event notification service to said network management service; and
      
      transmitting said derived event from said network management service to one of a plurality of operator workstations.
  - 11. The method of claim 10, wherein transmitting said derived event from said network management service to one of a plurality of operator workstations includes:
    - receiving said derived event at a derived event channel;
      
      processing said derived event by said derived event channel; and
      
      transmitting said processed event from said derived event channel to said network management service.
  - 12. The method of claim 11, wherein transmitting said processed event from said derived event channel to said network management service includes:
    - transmitting said processed event from said derived event channel to at least one event filter; and
      
      transmitting said processed event from said at least one event filter to said network management service.

14. A method for correlating network event messages on a computer network comprising a network mediation service, a message parsing service, an event notification service, and a network management service coupled together via a plurality of interfaces, said method comprising:
- receiving a raw event at said network mediation service from an external computer network;
  
  transmitting said raw event to said message parsing service;
  
  parsing said raw event by said message parsing service; and
  
  transmitting said parsed event to said network management service, regardless of a significance of said parsed event,wherein at least one of transmitting said raw event and transmitting said parsed event comprises transmitting a respective event via an event channel that accepts incoming events from a plurality of suppliers and that forwards the events to respective consumers that are registered to receive the events.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein transmitting said parsed event to said network management service includes:
    - transmitting said parsed event from said message parsing service to said event notification service; and
      
      transmitting said parsed event from said event notification service to said network management service.
  - 16. The method of claim 15, wherein transmitting said parsed event from said event notification service to said network management service includes:
    - receiving said parsed event at a parsed event channel;
      
      processing said parsed event by said parsed event channel; and
      
      transmitting said processed event from said parsed event channel to said network management service.
  - 17. The method of claim 16, wherein transmitting said processed event from said parsed event channel to said network management service includes:
    - transmitting said processed event from said parsed event channel to at least one event filter; and
      
      transmitting said processed event from said at least one event filter to said network management service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Laboratories Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Laboratories Incorporated (Verizon Communications Inc.)
Inventors
Jakobson, Gabriel, Brenner, Leonhard, Weissman, Mark, Lafond, Carol
Primary Examiner(s)
VU, VIET DUY

Application Number

US11/177,797
Publication Number

US 20060015603A1
Time in Patent Office

830 Days
Field of Search

709/203, 709/224, 709/249, 719/318
US Class Current

709/224
CPC Class Codes

G06F 9/542 Event management; Broadcast...

Method and computer system for correlating network event messages

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and computer system for correlating network event messages

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links