Methods, systems and computer program products for triggered data collection and correlation of status and/or state in distributed data processing systems

US 8,260,907 B2
Filed: 04/03/2003
Issued: 09/04/2012
Est. Priority Date: 04/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method of collecting data processing system status information, comprising:

passively monitoring network communications with the data processing system and observing transactions from the passively monitored network communications, the transactions include application level request/response pairs associated with the data processing system, the passively monitoring and observing comprises;

filtering packets to discard packets for a first set of one or more application level protocols and keep packets for a second set of one or more application level protocols,assembling packets kept in the filtering into flows,parsing flows for transaction content,demarcating the transactions in the flows,accessing user identification information in a login transaction,accessing session identification information in the login transaction,associating the session identification with the user identification;

analyzing the transactions observed from the passively monitored network communications to determine if the transactions comply with a quality standard;

accessing a particular transaction, other than the login transaction, that includes the session identification and does not include the user identification information;

using the session identification from the particular transaction to identify the user identification for the particular transaction based on the associating of the session identification with the user identification;

creating quality event messages for transactions that do not comply with the quality standard;

correlating like quality event messages;

determining whether the correlated like quality event messages as an aggregate meet a predefined service quality condition;

generating a trigger if the correlated like quality event messages as an aggregate meet the predefined service quality condition;

determining to generate the trigger in response to a problem transaction not complying with the quality standard without correlating a quality event message for the problem transaction if a user identification for the problem transaction is predetermined to require immediate action;

collecting a set of data processing system status information only in response to the generation of the trigger; and

storing the set of collected data processing system status information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products for collecting data processing system status information monitoring network communications with the data processing system to observe transaction(s) associated with the data processing system. The transaction(s) is analyzed to determine if the transaction(s) complies with a quality standard and a trigger is generated based on the analysis of the transaction(s). System status information is collected responsive to the generation of the trigger. The collection of system status information may be provided by collecting system status information so that collection of the system status information automatically time correlates the collected system status information with the trigger.

Citations

20 Claims

1. A method of collecting data processing system status information, comprising:
- passively monitoring network communications with the data processing system and observing transactions from the passively monitored network communications, the transactions include application level request/response pairs associated with the data processing system, the passively monitoring and observing comprises;
  
  filtering packets to discard packets for a first set of one or more application level protocols and keep packets for a second set of one or more application level protocols,assembling packets kept in the filtering into flows,parsing flows for transaction content,demarcating the transactions in the flows,accessing user identification information in a login transaction,accessing session identification information in the login transaction,associating the session identification with the user identification;
  
  analyzing the transactions observed from the passively monitored network communications to determine if the transactions comply with a quality standard;
  
  accessing a particular transaction, other than the login transaction, that includes the session identification and does not include the user identification information;
  
  using the session identification from the particular transaction to identify the user identification for the particular transaction based on the associating of the session identification with the user identification;
  
  creating quality event messages for transactions that do not comply with the quality standard;
  
  correlating like quality event messages;
  
  determining whether the correlated like quality event messages as an aggregate meet a predefined service quality condition;
  
  generating a trigger if the correlated like quality event messages as an aggregate meet the predefined service quality condition;
  
  determining to generate the trigger in response to a problem transaction not complying with the quality standard without correlating a quality event message for the problem transaction if a user identification for the problem transaction is predetermined to require immediate action;
  
  collecting a set of data processing system status information only in response to the generation of the trigger; and
  
  storing the set of collected data processing system status information.
- View Dependent Claims (2, 3, 5, 6, 13, 14, 15, 17, 20)
- - 2. The method of claim 1, further comprising:
    - individually weighting quality event messages; and
      
      creating a combined weight for the correlated like quality event messages as an aggregate based on the individual weightings of the quality event messages, wherein the determining whether the like correlated quality event messages as an aggregate meet the predefined service quality condition comprises comparing the combined weight for the correlated like quality event messages as an aggregate to a predetermined threshold value.
  - 3. The method of claim 1, wherein:
    - the transaction is a retrieval of a web page; and
      
      the quality standard is a time limit on performing the transaction.
  - 5. The method of claim 1, wherein the passively monitoring network communications further comprises:
    - receiving the network communications at an intermediate entity with respect to the network communications, the intermediate entity is on a network that is transmitting the network communications, the intermediate entity is physically separate from a source and destination of the network communications.
  - 6. The method of claim 5, wherein:
    - the passively monitoring network communications includes receiving network communications from a mirrored port on a data center switch.
  - 13. The method of claim 1, wherein:
    - the data processing system is a distributed data processing system; and
      
      the collecting the set of data processing system status information comprises;
      
      in response to the trigger, initiating a collection process with one or more hardware components and one or more software components of the distributed data processing system to collect data from and about the one or more hardware components and one or more software components of the distributed data processing system after the trigger.
  - 14. The method of claim 1, wherein:
    - the generated trigger indicates one or more source network addresses, one or more destination network addresses, event information and transaction information; and
      
      the collecting the set of data processing system status information includes using the one or more source network addresses, one or more destination network addresses, event information and transaction information to identify and obtain relevant data processing system status information.
  - 15. The method of claim 14, wherein the collecting the set of data processing system status information includes:
    - parsing the generated trigger to identify the relevant processing system status information.
  - 17. The method of claim 1, wherein the collecting data processing system status information includes:
    - inspecting a server'"'"'s process table to discover active software components.
  - 20. The method of claim 1, further comprising:
    - creating user weights, transaction type weights and event type weights for quality event messages;
      
      combining the user weights, transaction type weights and event type weights for quality event messages to create combined weights for the quality event messages; and
      
      creating a combined weight for the correlated like quality event messages as an aggregate by combining the combined weights for the quality event messages, wherein the determining whether the like correlated quality event messages as an aggregate meet the predefined service quality condition comprises comparing the combined weight for the correlated like quality event messages as an aggregate to a predetermined threshold value.

4. An apparatus for collecting data processing system status information, comprising:
- a communication interface in communication with a network;
  
  a storage device; and
  
  a processor in communication with the communication interface and the storage device, the processor passively monitors network communications on the network, the network communications include packets being transmitted for a distributed data processing system, the processor assembles the packets into flows and analyzes the flows to search for transactions, the processor automatically identifies transactions in the flows, the processor analyzes the transactions to determine if the transactions comply with a quality standard, the processor creates quality event messages for transactions that do not comply with the quality standard, the processor correlates like quality event messages and determines whether the correlated like quality event messages meet a predefined service quality information meets a condition, the processor generates a trigger if the correlated like quality event messages meet the predefined service quality e condition, the processor causes system status information to be collected in response to the generation of the trigger, the collecting of status information includes initiating a collection process with one or more software components of the distributed data processing system to collect data from and about the one or more software components in response to the generation of the trigger, the processor determines to generate the trigger in response to a problem transaction not complying with the quality standard without correlating a quality event message for the problem transaction if a user identification for the problem transaction is predetermined to require immediate action;
  
  when analyzing the transactions the processor accesses user identification information in a login transaction, accesses session identification information in the login transaction and associates the session identification with the user identification;
  
  the processor accesses a particular transaction other than the login transaction that includes the session identification and does not include the user identification information, the processor uses the session identification from the particular transaction to identify the user identification for the particular transaction based on the association of the session identification with the user identification, the timing of a trigger for collecting data associated with the particular transaction is based on the user identification that was identified for the particular transaction based on the associating of the session identification with the user identification.
- View Dependent Claims (7, 8, 9, 18)
- - 7. The apparatus of claim 4, wherein:
    - the processor individually weights event data for the transactions that do not comply with the quality standard;
      
      the correlating includes the processor combing the individual weights; and
      
      the condition is a threshold for the combined individual weights.
  - 8. The apparatus of claim 4, wherein:
    - the processor monitors network communications at an intermediate position with respect to sources and destinations of the network communications using a mirrored port on a data center switch.
  - 9. The apparatus of claim 4, wherein:
    - the processor monitors network communications at an intermediate position with respect to, and physically separate from, sources and destinations of the network communications.
  - 18. The apparatus of claim 4, whereinthe generated trigger indicates one or more source network addresses, one or more destination network addresses, event information, user identity information, and transaction information;
    - andthe collecting of status information includes using the one or more source network addresses, one or more destination network addresses, event information and transaction information to identify and obtain relevant data processing system status information.

10. A processor readable storage device having processor readable code embodied on the processor readable storage device, the processor readable code for programming a processor to perform a method comprising:
- passively monitoring communications on a network and observing a transaction from the passively monitored communications, the transaction includes an application level request/response pair associated with a data processing system, the passively monitoring and observing comprises;
  
  assembling packets into flows,parsing flows for transaction content,demarcating the transaction in the flows,accessing user identification information in a login transaction,accessing session identification information in the login transaction,associating the session identification with the user identification;
  
  analyzing the transaction observed from the monitored communications on the network to determine if the transaction complies with a quality standard;
  
  accessing a particular transaction, other than the login transaction, that includes the session identification and does not include the user identification information;
  
  using the session identification from the particular transaction to identify the user identification for the particular transaction based on the associating of the session identification with the user identification;
  
  creating new quality event messages for transactions that do not comply with the quality standard;
  
  correlating like quality event messages;
  
  determining whether the correlated like quality event messages as an aggregate meet a predefined service quality condition;
  
  generating a trigger if the correlated like quality event messages as an aggregate meet the predefined service quality condition;
  
  determining to generate the trigger in response to a problem transaction not complying with the quality standard without correlating a quality event message for the problem transaction if a user identification for the problem transaction is predetermined to require immediate action;
  
  collecting a set of data processing system status information only in response to the generation of the trigger; and
  
  storing the set of collected data processing system status information.
- View Dependent Claims (11, 12, 19)
- - 11. The processor readable storage device of claim 10, wherein:
    - the method further comprises individually weighting quality event messages; and
      
      creating a combined weight for the correlated like quality event messages as an aggregate based on the individual weightings of the quality event messages, wherein the determining whether the like correlated quality event messages as an aggregate meet the predefined service quality condition comprises comparing the combined weight for the correlated like quality event messages as an aggregate to a predetermined threshold value.
  - 12. The processor readable storage device of claim 10, wherein the monitoring network communications includes:
    - gathering the network communications between a source and a destination using an entity that is physically separate from the source and the destination.
  - 19. The processor readable storage device of claim 10, wherein:
    - the generated trigger identifies a transaction;
      
      a service definition for a service is associated with the identified transaction;
      
      the service definition identifies entities to collect data processing system status information from;
      
      the collecting system status information includes collect data processing system status information from the entities identified in the service definition; and
      
      the method further comprises automatically creating the service definition by performing an ICMP ping sweep of a range of IP addresses to determine if layer 3 devices exist, executing port connection tests for layer 4 ports on some or all of the layer 3 devices or requesting a TCP connection table from layer 3 devices, and retrieving and processing a bridge table from some or all of the layer 3 devices.

16. A method of collecting data processing system status information, comprising:
- passively monitoring network communications with the data processing system and observing transactions from the passively monitored network communications, the transactions include application level request/response pairs associated with the data processing system;
  
  analyzing the transactions observed from the passively monitored network communications to determine if the transactions comply with a quality standard;
  
  creating quality event information for transactions that do not comply with the quality standard;
  
  correlating the quality event information;
  
  determining whether the correlated quality event information meets a condition;
  
  generating a trigger if the correlated quality event information meets the condition the generated trigger identifies a transaction, a service definition is associated with the identified transaction, the service definition identifies entities to collect data processing system status information from;
  
  collecting a set of data processing system status information in response to the generation of the trigger, the collecting the set of data processing system status information includes collecting data processing system status information from the entities identified in the service definition;
  
  storing the set of collected data processing system status information; and
  
  automatically creating the service definition by performing an ICMP ping sweep of a range of IP addresses to determine if layer 3 devices exist, executing port connection tests for layer 4 ports on some or all of the layer 3 devices or requesting a TCP connection table from layer 3 devices, and retrieving and processing a bridge table from some or all of the layer 3 devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
O'Sullivan, Patrick Charles
Primary Examiner(s)
Shaw, Peling
Assistant Examiner(s)
Cloud, Joiya M

Application Number

US10/405,463
Publication Number

US 20030191989A1
Time in Patent Office

3,442 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

H04L 2012/5628   Testing

H04L 41/0213   Standardised network manage...

H04L 41/046   comprising network manageme...

H04L 41/0631   using root cause analysis; ...

H04L 41/0681   Configuration of triggering...

H04L 41/0879   Manual configuration throug...

H04L 41/5009   Determining service level p...

H04L 43/0817   by checking functioning

H04L 43/16   Threshold monitoring

H04L 43/50   Testing arrangements

Methods, systems and computer program products for triggered data collection and correlation of status and/or state in distributed data processing systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems and computer program products for triggered data collection and correlation of status and/or state in distributed data processing systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links