Managing captured network traffic data
First Claim
1. A system comprising:
- a plurality of capture components that are each configured to continuously record network traffic, wherein new network traffic overwrites old network traffic after a threshold is reached,a database that includes a plurality of profiles, each profile including a set of capture components of the plurality of capture components associated with a particular capture condition, anda management component that is configured to;
receive information from which a capture condition can be identified,retrieve, from the database, the set of capture components associated with the profile corresponding to the identified capture condition, andeffect an archiving of at least a portion of the network traffic that has already been recorded by the set of capture components before the capture condition was identified.
21 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing captured network traffic data is provided. The invention comprises a plurality of capture agents, each being configured to capture the network traffic associated with one or more applications. Each application is associated with one or more capture agents according to an application profile that is stored and maintained in a capture server. When analysis of an application'"'"'s network traffic is required, the capture server contacts the corresponding capture agents according to the application profile. The capture server then effects the identification and archiving of the network traffic that corresponds to a user-defined capture condition. A database at the capture server maintains a record that associates the corresponding network traffic with the user-defined capture condition such that the corresponding network traffic can later be retrieved and analyzed using an analysis engine.
-
Citations
51 Claims
-
1. A system comprising:
-
a plurality of capture components that are each configured to continuously record network traffic, wherein new network traffic overwrites old network traffic after a threshold is reached, a database that includes a plurality of profiles, each profile including a set of capture components of the plurality of capture components associated with a particular capture condition, and a management component that is configured to; receive information from which a capture condition can be identified, retrieve, from the database, the set of capture components associated with the profile corresponding to the identified capture condition, and effect an archiving of at least a portion of the network traffic that has already been recorded by the set of capture components before the capture condition was identified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
configuring a plurality of capture components, such that each capture component is configured to continuously record network traffic, wherein new network traffic overwrites old network traffic after a threshold is reached, configuring a database to include a plurality of profiles, each profile including a set of capture components of the plurality of capture components associated with a particular capture condition, receiving information, identifying a capture condition based on the received information, retrieving the set of capture components associated with the profile corresponding to the identified capture condition, and archiving at least a portion of the network traffic that has already been recorded by the set of capture components before the capture condition was identified. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer program product stored on a non-transient computer readable medium, which, when executed by a processor, causes the processor to:
-
instruct each of a plurality of capture components to continuously record network traffic, wherein new network traffic overwrites old network traffic after a threshold is reached, receive information, identify a capture condition based on the received information, retrieve, based on the identified capture condition, a set of capture components from a database that includes a plurality of sets of capture components, each set of capture components being associated with a particular capture condition, and archive at least a portion of the network traffic that has already been recorded by the set of capture components before the capture condition was identified. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
Specification