System and method for storing raw log data
First Claim
1. A data processing system comprising:
- a first local area network;
a first log-producing device connected to the first local area network;
a raw log server connected to the first local area network and in data communication with the first log-producing device over the first local area network;
a first log data analyzer connected to the first local area network and in data communication with the raw log server over the first local area network;
a second local area network in data communication with the first local area network;
a second log-producing device connected to the second local area network; and
,a second log data analyzer connected to the second local area network and in data communication with the second log-producing device over the second local area network and in data communication with the raw log server via the first and second local area networks.
15 Assignments
0 Petitions
Accused Products
Abstract
A system and method is disclosed for collecting, storing and reporting raw log data from log-producing devices such as firewalls and routers. The log-producing devices may be both local and remote—i.e., linked to a raw log server via a LAN and/or a WAN. A log data analyzer at a remote location gathers log data from devices at that remote location into time-defined sets and then sends those sets over a WAN (which may be the Internet) to a raw log server using a first protocol. Local log-producing devices may send their log data to the log data analyzer via a LAN using a second protocol. The log data analyzer forwards the raw log data local devices to an appropriate log data analyzer for parsing, summarizing and storage in one or more databases. The raw log server combines local and remote sets of raw log data for a given time period and stores them in a storage area of raw log data. A central management station is used to query the various databases in the system and to merge database reports into a single report for display.
-
Citations
14 Claims
-
1. A data processing system comprising:
-
a first local area network; a first log-producing device connected to the first local area network; a raw log server connected to the first local area network and in data communication with the first log-producing device over the first local area network; a first log data analyzer connected to the first local area network and in data communication with the raw log server over the first local area network; a second local area network in data communication with the first local area network; a second log-producing device connected to the second local area network; and
,a second log data analyzer connected to the second local area network and in data communication with the second log-producing device over the second local area network and in data communication with the raw log server via the first and second local area networks. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for processing log data comprising:
- generating raw log data in a first log-producing device connected to a first local area network;
storing raw log data in a raw log server connected to the first local area network and in data communication with the first log-producing device over the first local area network; sending the raw log data generated by the first log-producing device to a first log data analyzer connected to the first local area network and in data communication with the raw log server over the first local area network; generating log data in a second log-producing device connected to a second local area network; and
,sending the log data generated by the second log-producing device from a second log data analyzer connected to the second local area network and in data communication with the second log-producing device over the second local area network and in data communication with the raw log server via the first and second local area networks to the raw log server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
- generating raw log data in a first log-producing device connected to a first local area network;
Specification