System and method for parsing, summarizing and reporting log data
First Claim
Patent Images
1. A method performed by a data processing system, comprising:
- receiving raw log data from one or more log producing devices;
generating database statements from data fields extracted from the raw log data;
creating a first database table for storing the database statements, including designating a lifetime of the first database table such that when the lifetime of the first database table expires, a replacement first database table is created;
at an interval that corresponds to the lifetime, summarizing the database statements stored in the first database table into a data chunk that includes summary database statements, including;
identifying database statements stored in the first database table that share at least one common data field; and
combining the identified database statements into the summary database statements; and
storing, on a storage device, the summarized database statements as log files of the one or more log producing devices.
16 Assignments
0 Petitions
Accused Products
Abstract
A system and method is disclosed which enables network administrators and the like to quickly analyze the data produced by log-producing devices such as network firewalls and routers. Unlike systems of the prior art, the system disclosed herein automatically parses and summarizes log data before inserting it into one or more databases. This greatly reduces the volume of data stored in the database and permits database queries to be run and reports generated while many types of attempted breaches of network security are still in progress. Database maintenance may also be accomplished automatically by the system to delete or archive old log data.
-
Citations
18 Claims
-
1. A method performed by a data processing system, comprising:
-
receiving raw log data from one or more log producing devices; generating database statements from data fields extracted from the raw log data; creating a first database table for storing the database statements, including designating a lifetime of the first database table such that when the lifetime of the first database table expires, a replacement first database table is created; at an interval that corresponds to the lifetime, summarizing the database statements stored in the first database table into a data chunk that includes summary database statements, including; identifying database statements stored in the first database table that share at least one common data field; and combining the identified database statements into the summary database statements; and storing, on a storage device, the summarized database statements as log files of the one or more log producing devices. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Computer instructions stored on a non-transitory medium, the computer instructions configured to cause a data processing system to perform operations comprising:
-
receiving raw log data from one or more log producing devices; generating database statements from data fields extracted from the raw log data; creating a first database table for storing the database statements, including designating a lifetime of the first database table such that when the lifetime of the first database table expires, a replacement first database table is created; at an interval that corresponds to the lifetime, summarizing the database statements stored in the first database table into a data chunk that includes summary database statements, including; identifying database statements stored in the first database table that share at least one common data field; and combining the identified database statements into the summary database statements; and storing, on a storage device, the summarized database statements as log files of the one or more log producing devices. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system, comprising:
one or more security servers connected to one or more log producing devices through a local area network, the one or more security servers configured to perform operations comprising; receiving raw log data from the one or more log producing devices; generating database statements from data fields extracted from the raw log data; creating a first database table for storing the database statements, including designating a lifetime of the first database table such that when the lifetime of the first database table expires, a replacement first database table is created; at an interval that corresponds to the lifetime, summarizing the database statements stored in the first database table into a data chunk that includes summary database statements, including; identifying database statements stored in the first database table that share at least one common data field; and combining the identified database statements into the summary database statements; and storing, on a storage device, the summarized database statements as log files of the one or more log producing devices. - View Dependent Claims (14, 15, 16, 17, 18)
Specification