Methods, systems and computer program products for triggered data collection and correlation of status and/or state in distributed data processing systems
First Claim
1. A method of collecting data processing system status information, comprising:
- passively monitoring network communications with the data processing system and observing transactions from the passively monitored network communications, the transactions include application level request/response pairs associated with the data processing system, the passively monitoring and observing comprises;
filtering packets to discard packets for a first set of one or more application level protocols and keep packets for a second set of one or more application level protocols,assembling packets kept in the filtering into flows,parsing flows for transaction content,demarcating the transactions in the flows,accessing user identification information in a login transaction,accessing session identification information in the login transaction,associating the session identification with the user identification;
analyzing the transactions observed from the passively monitored network communications to determine if the transactions comply with a quality standard;
accessing a particular transaction, other than the login transaction, that includes the session identification and does not include the user identification information;
using the session identification from the particular transaction to identify the user identification for the particular transaction based on the associating of the session identification with the user identification;
creating quality event messages for transactions that do not comply with the quality standard;
correlating like quality event messages;
determining whether the correlated like quality event messages as an aggregate meet a predefined service quality condition;
generating a trigger if the correlated like quality event messages as an aggregate meet the predefined service quality condition;
determining to generate the trigger in response to a problem transaction not complying with the quality standard without correlating a quality event message for the problem transaction if a user identification for the problem transaction is predetermined to require immediate action;
collecting a set of data processing system status information only in response to the generation of the trigger; and
storing the set of collected data processing system status information.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products for collecting data processing system status information monitoring network communications with the data processing system to observe transaction(s) associated with the data processing system. The transaction(s) is analyzed to determine if the transaction(s) complies with a quality standard and a trigger is generated based on the analysis of the transaction(s). System status information is collected responsive to the generation of the trigger. The collection of system status information may be provided by collecting system status information so that collection of the system status information automatically time correlates the collected system status information with the trigger.
-
Citations
20 Claims
-
1. A method of collecting data processing system status information, comprising:
-
passively monitoring network communications with the data processing system and observing transactions from the passively monitored network communications, the transactions include application level request/response pairs associated with the data processing system, the passively monitoring and observing comprises; filtering packets to discard packets for a first set of one or more application level protocols and keep packets for a second set of one or more application level protocols, assembling packets kept in the filtering into flows, parsing flows for transaction content, demarcating the transactions in the flows, accessing user identification information in a login transaction, accessing session identification information in the login transaction, associating the session identification with the user identification; analyzing the transactions observed from the passively monitored network communications to determine if the transactions comply with a quality standard; accessing a particular transaction, other than the login transaction, that includes the session identification and does not include the user identification information; using the session identification from the particular transaction to identify the user identification for the particular transaction based on the associating of the session identification with the user identification; creating quality event messages for transactions that do not comply with the quality standard; correlating like quality event messages; determining whether the correlated like quality event messages as an aggregate meet a predefined service quality condition; generating a trigger if the correlated like quality event messages as an aggregate meet the predefined service quality condition; determining to generate the trigger in response to a problem transaction not complying with the quality standard without correlating a quality event message for the problem transaction if a user identification for the problem transaction is predetermined to require immediate action; collecting a set of data processing system status information only in response to the generation of the trigger; and storing the set of collected data processing system status information. - View Dependent Claims (2, 3, 5, 6, 13, 14, 15, 17, 20)
-
-
4. An apparatus for collecting data processing system status information, comprising:
-
a communication interface in communication with a network; a storage device; and a processor in communication with the communication interface and the storage device, the processor passively monitors network communications on the network, the network communications include packets being transmitted for a distributed data processing system, the processor assembles the packets into flows and analyzes the flows to search for transactions, the processor automatically identifies transactions in the flows, the processor analyzes the transactions to determine if the transactions comply with a quality standard, the processor creates quality event messages for transactions that do not comply with the quality standard, the processor correlates like quality event messages and determines whether the correlated like quality event messages meet a predefined service quality information meets a condition, the processor generates a trigger if the correlated like quality event messages meet the predefined service quality e condition, the processor causes system status information to be collected in response to the generation of the trigger, the collecting of status information includes initiating a collection process with one or more software components of the distributed data processing system to collect data from and about the one or more software components in response to the generation of the trigger, the processor determines to generate the trigger in response to a problem transaction not complying with the quality standard without correlating a quality event message for the problem transaction if a user identification for the problem transaction is predetermined to require immediate action; when analyzing the transactions the processor accesses user identification information in a login transaction, accesses session identification information in the login transaction and associates the session identification with the user identification; the processor accesses a particular transaction other than the login transaction that includes the session identification and does not include the user identification information, the processor uses the session identification from the particular transaction to identify the user identification for the particular transaction based on the association of the session identification with the user identification, the timing of a trigger for collecting data associated with the particular transaction is based on the user identification that was identified for the particular transaction based on the associating of the session identification with the user identification. - View Dependent Claims (7, 8, 9, 18)
-
-
10. A processor readable storage device having processor readable code embodied on the processor readable storage device, the processor readable code for programming a processor to perform a method comprising:
-
passively monitoring communications on a network and observing a transaction from the passively monitored communications, the transaction includes an application level request/response pair associated with a data processing system, the passively monitoring and observing comprises; assembling packets into flows, parsing flows for transaction content, demarcating the transaction in the flows, accessing user identification information in a login transaction, accessing session identification information in the login transaction, associating the session identification with the user identification; analyzing the transaction observed from the monitored communications on the network to determine if the transaction complies with a quality standard; accessing a particular transaction, other than the login transaction, that includes the session identification and does not include the user identification information; using the session identification from the particular transaction to identify the user identification for the particular transaction based on the associating of the session identification with the user identification; creating new quality event messages for transactions that do not comply with the quality standard; correlating like quality event messages; determining whether the correlated like quality event messages as an aggregate meet a predefined service quality condition; generating a trigger if the correlated like quality event messages as an aggregate meet the predefined service quality condition;
determining to generate the trigger in response to a problem transaction not complying with the quality standard without correlating a quality event message for the problem transaction if a user identification for the problem transaction is predetermined to require immediate action;collecting a set of data processing system status information only in response to the generation of the trigger; and storing the set of collected data processing system status information. - View Dependent Claims (11, 12, 19)
-
-
16. A method of collecting data processing system status information, comprising:
-
passively monitoring network communications with the data processing system and observing transactions from the passively monitored network communications, the transactions include application level request/response pairs associated with the data processing system; analyzing the transactions observed from the passively monitored network communications to determine if the transactions comply with a quality standard; creating quality event information for transactions that do not comply with the quality standard; correlating the quality event information; determining whether the correlated quality event information meets a condition; generating a trigger if the correlated quality event information meets the condition the generated trigger identifies a transaction, a service definition is associated with the identified transaction, the service definition identifies entities to collect data processing system status information from; collecting a set of data processing system status information in response to the generation of the trigger, the collecting the set of data processing system status information includes collecting data processing system status information from the entities identified in the service definition; storing the set of collected data processing system status information; and automatically creating the service definition by performing an ICMP ping sweep of a range of IP addresses to determine if layer 3 devices exist, executing port connection tests for layer 4 ports on some or all of the layer 3 devices or requesting a TCP connection table from layer 3 devices, and retrieving and processing a bridge table from some or all of the layer 3 devices.
-
Specification