Change event correlation
First Claim
1. An automated method for facilitating management of a data processing environment comprising:
- facilitating detecting of a change to an element of a data processing device of the data processing environment;
facilitating correlating the change to one or more events associated with the element by retrieving the one or more events from a first repository of events of the data processing environment;
reporting the detected change for the element, supplemented with one or more of the correlated events of the element;
periodically combing one or more event logs of the data processing device of the data processing environment for events logged for elements of the data processing devices;
depositing the combed events into a second repository;
determining one or more users associated with the one or more correlated events, and the reporting further comprises supplementing the one or more correlated events of the element with the determined one or more user associated with the one or more correlated events; and
designating a first subset of the plurality of events correlated with the change detected as having a higher probability of having caused the change detected than a second subset of the plurality of events.
6 Assignments
0 Petitions
Accused Products
Abstract
An automated method for facilitating management of a data processing environment is disclosed. In various embodiments, the method may include facilitating detecting of a change to an element of a data processing device of the data processing environment. In various embodiments, the method may further included facilitating correlating the change to one or more events associated with the element, and reporting the detected change for the element, supplemented with one or more of the correlated events of the element. Other embodiments of the present invention may include, but are not limited to, apparatus adapted to facilitate practice of the above-described method.
-
Citations
28 Claims
-
1. An automated method for facilitating management of a data processing environment comprising:
-
facilitating detecting of a change to an element of a data processing device of the data processing environment; facilitating correlating the change to one or more events associated with the element by retrieving the one or more events from a first repository of events of the data processing environment; reporting the detected change for the element, supplemented with one or more of the correlated events of the element; periodically combing one or more event logs of the data processing device of the data processing environment for events logged for elements of the data processing devices; depositing the combed events into a second repository; determining one or more users associated with the one or more correlated events, and the reporting further comprises supplementing the one or more correlated events of the element with the determined one or more user associated with the one or more correlated events; and designating a first subset of the plurality of events correlated with the change detected as having a higher probability of having caused the change detected than a second subset of the plurality of events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus comprising:
-
a detection module adapted to facilitate detection of a change to an element of a data processing device of a data processing environment; a correlation module adapted to facilitate correlation of the change to one or more events associated with the element, and retrieve the one or more events associated with the element from a first repository of events of the data processing environment; a combing module adapted to periodically comb one or more event logs of the data processing device of the data processing environment for events logged for elements of the data processing devices, and deposit the combed events into a second repository; a reporting module operatively coupled to the detection and correlation modules, and adapted to report the detected change for the element, supplemented with the one or more correlated events of the element; and wherein the reporting module is further adapted to facilitate supplementing the correlated events of the element with a determined one or more users associated with the one or more correlated events; and wherein the apparatus further comprises a designation module adapted to facilitate designation of a first subset of the plurality of events correlated with the change detected as having a higher probability of having caused the change detected than a second subset of the plurality of events. - View Dependent Claims (21, 22, 25, 26, 27, 28)
-
-
23. The apparatus of 22, wherein the one or more responses include a change detection scan.
-
24. The apparatus of 22, wherein the one or more responses include an automatic alert response.
Specification