Integrated monitoring system
First Claim
Patent Images
1. A method for monitoring events generated on at least one computer system, said method comprising the steps of:
- (a) monitoring a set of event data generated on said at least one system;
(b) recording said set of event data in a database;
(c) interrogating said database to thereby select alert event data from said set of event data according to a predefined set of rules;
(d) reading said alert event data; and
(e) issuing an appropriate action due to said generated event, said action issued according to said predefined set of rules and including;
(i) raising an alert if a weighting assigned to said event exceeds a predetermined threshold; and
(ii) applying a heuristic, if said weighting is below said predetermined threshold, to determine if said event is statistically significant in a historical context of previously generated events to determine said action response.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for monitoring events generated on at least one computer system, said method comprising the steps of:
- (a) monitoring a set of event data generated on said at least one system;
- (b) recording said set of event data in a database;
- (c) interrogating said database to thereby select alert event data from said set of event data according to a predefined set of rules; and
- (d) reading said alert event data and issuing an appropriate action due to said generated event, said action issued according to said predefined set of rules.
-
Citations
42 Claims
-
1. A method for monitoring events generated on at least one computer system, said method comprising the steps of:
-
(a) monitoring a set of event data generated on said at least one system; (b) recording said set of event data in a database; (c) interrogating said database to thereby select alert event data from said set of event data according to a predefined set of rules; (d) reading said alert event data; and (e) issuing an appropriate action due to said generated event, said action issued according to said predefined set of rules and including; (i) raising an alert if a weighting assigned to said event exceeds a predetermined threshold; and (ii) applying a heuristic, if said weighting is below said predetermined threshold, to determine if said event is statistically significant in a historical context of previously generated events to determine said action response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer memory storing thereon an application program for controlling the execution of a processor to monitor events generated on at least one computer system, the computer program controlling the processor to:
-
monitor a set of event data generated on at least one computer system; record said set of event data in a database; interrogate said database to thereby select alert event data from said set of event data according to a predefined set of rules; read said alert event data and issue an appropriate action due to said generated event on said computer system, said action issued according to said predefined set of rules; raise an alert if a weighting assigned to said event exceeds a predetermined threshold; and apply a heuristic, if said weighting is below said predetermined threshold, to determine if said event is statistically significant in a historical context of previously generated event to determine said action response. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A monitoring system for monitoring events generated on at least one computer system, said monitoring system comprising:
-
one or more agent programs for monitoring a set of event data generated on said at least one computer system; a database for recording said set of event data in a database, said database adapted to be interrogated to thereby select alert event data from said set of event data according to a predefined set of rules; and action generation means for reading said alert event data and issuing an appropriate action to said generated event on said computer system, said action being issued according to said predefined set of rules and wherein the action is determined based upon said pre-defined set of rules and if a weighting assigned to said event exceeds a predetermined threshold. raising an alert and, if said weighting is below said predetermined threshold applying a heuristic, to determine if said event is statistically significant in a historical context of previously generated event to determine said action response. - View Dependent Claims (40, 41)
-
-
42. A method for monitoring events generated on at least one computer system, said method comprising the steps of:
-
(a) monitoring a set of event data generated on said at least one system; (b) recording said set of event data in a database; (c) interrogating said database to thereby select alert event data from said set of event data according to a predefined set of rules; (d) reading said alert event data and issuing an appropriate action due to said generated event, said action issued according to said predefined set of rules; and (e) determining an action response based upon; (i) said predefined set of rules associated with said event; and (ii) a comparison of said event with other monitored events recorded in said database to determine if the event is a historically statistically significant event relative to the other events recorded in said database.
-
Specification