Business to business network management event detection and response system and method

US 8,332,502 B1
Filed: 02/03/2003
Issued: 12/11/2012
Est. Priority Date: 08/15/2001
Status: Active Grant

First Claim

Patent Images

1. In an enterprise system including a network, a method of processing events within the enterprise system, said method comprising the steps of:

conducting pattern recognition analysis on incoming event data records, the pattern recognition analysis supplementing said incoming event data records if the incoming event data records hold data that match predetermined logic parameters;

aggregating said event data records from multiple disparate sources within the enterprise system to an aggregation manager, said event data records containing event data that identifies events indicative of one of an operation failure or an operation error in the enterprise system;

processing said event data records to produce modified event data records that include additional informational data regarding said event data, the additional informational data comprising client specific information useful in obtaining resolution of the event or events that resulted in the generation of the event data records, the processing including accessing a database to obtain said informational data and merging said informational data with event data contained in said event data records to produce said modified event data records;

analyzing said modified event data records to determine whether a response is required, the step of analyzing including screening the modified event data records, wherein the number of events in which a response is required is minimized; and

automatically responding without any manual intervention to at least one of said modified event data records to provide an appropriate response when it is determined that a response is required, including forwarding at least a portion of the event data and the informational data contained in said one modified event data record to a response capability, and enabling the response capability to send a notification to a vendor that services said portion of the network, said notification identifying a detected event;

wherein the automatically responding includes automatically initiating testing of at least a part of said portion of the network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network management system includes an automatic reconnaissance (resolution) component which, in one embodiment, includes four main operational components, namely a real-time parse/analysis component, a data merge component, a data analysis component, and a response capability component. These four components interact to provide real-time event recognition and response. The network management system efficiently receives, parses, and comprehends a large amount of event and statistical data that could be indicative of a network systems operation failure with resultant response actions initiated through such an infrastructure improving mean time to recovery.

Citations

40 Claims

1. In an enterprise system including a network, a method of processing events within the enterprise system, said method comprising the steps of:
- conducting pattern recognition analysis on incoming event data records, the pattern recognition analysis supplementing said incoming event data records if the incoming event data records hold data that match predetermined logic parameters;
  
  aggregating said event data records from multiple disparate sources within the enterprise system to an aggregation manager, said event data records containing event data that identifies events indicative of one of an operation failure or an operation error in the enterprise system;
  
  processing said event data records to produce modified event data records that include additional informational data regarding said event data, the additional informational data comprising client specific information useful in obtaining resolution of the event or events that resulted in the generation of the event data records, the processing including accessing a database to obtain said informational data and merging said informational data with event data contained in said event data records to produce said modified event data records;
  
  analyzing said modified event data records to determine whether a response is required, the step of analyzing including screening the modified event data records, wherein the number of events in which a response is required is minimized; and
  
  automatically responding without any manual intervention to at least one of said modified event data records to provide an appropriate response when it is determined that a response is required, including forwarding at least a portion of the event data and the informational data contained in said one modified event data record to a response capability, and enabling the response capability to send a notification to a vendor that services said portion of the network, said notification identifying a detected event;
  
  wherein the automatically responding includes automatically initiating testing of at least a part of said portion of the network.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising the step of storing said modified event data records in a data store.
  - 3. The method of claim 2, further comprising the step of sending said event data records to an aggregation manager for storage in said data store either prior or subsequent to responding to said event data records with an appropriate action.
  - 4. The method of claim 1, wherein the step of enabling the response capability includes the steps of accessing a vendor gateway and sending said notification to the vendor via the vendor gateway.
  - 5. The method of claim 1, wherein the step of automatically responding to said one modified event data record includes communicating with contact personnel of the enterprise system via external communications.

6. A method of responding to the detection of events occurring within a network of an enterprise system, said method comprising the steps of:
- conducting pattern recognition analysis on incoming event data records, the pattern recognition analysis supplementing said incoming event data records if the incoming event data records hold data that match predetermined logic parameters;
  
  aggregating said event data records from multiple disparate sources within the enterprise system to detect events indicative of one of an operation failure or an operation error in the network;
  
  normalizing said event data records to produce normalized event data records that include client data specific to events and useful in obtaining resolution of the event or events that resulted in the generation of the event data, the normalizing including merging client data specific to events with event data contained in event data records to provide a normalized event data records for assisting in analyzing event data records and providing an appropriate response;
  
  storing said normalized event data records in a data store;
  
  analyzing said normalized event data records to determine whether an event is an alarmable event that requires a response, the step of analyzing including screening the normalized event data records, wherein the number of events in which a response is required is minimized; and
  
  providing an appropriate response to each alarmable event wherein the step of providing an appropriate response includes the steps of;
  
  forwarding at least a portion of the event data and the informational data contained in a modified event data record to a response capability,enabling the response capability sending a notification to a vendor that services a portion of the network, said notification identifying a detected event and automatically without any manual intervention initiating of said portion of the network in which an alarmable event is detected, andautomatically initiating testing of at least a part of said portion of the network.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 6, wherein the step of providing an appropriate response includes the step of automatically communicating with contact personnel of the enterprise system via external communications.
  - 8. The method of claim 6, wherein the step of enabling the response capability includes the steps of accessing a vendor gateway and sending said notification to the vendor via the vendor gateway.
  - 9. The method of claim 8, wherein the step of providing an appropriate response includes automatically creating a work ticket for the vendor and sending said work ticket to the vendor via the vendor gateway.
  - 10. The method of claim 6, including the step of monitoring the status of alarmable events.
  - 11. The method of claim 10, wherein the step of monitoring the status of alarmable events includes the steps of displaying event information on a display and accessing the data store to obtain event information to be displayed.
  - 12. The method of claim 11, wherein the step of accessing the data store is accomplished through a platform dependent interface or a platform independent interface.
  - 13. The method of claim 6, including identifying events by processing said event data records with at least one event collection agent and routing said event data records to said aggregation manager.
  - 14. The method of claim 13, wherein the event collection agent routes said event data records to at least one pattern recognition processor that compares said event data record against logic based parameters for further identification of said event and then subsequently routes said event data records to said aggregation manager.

15. A method in a network management system for monitoring a network, the method comprising the steps of:
- conducting, using a processor, pattern recognition analysis on incoming event data records, the pattern recognition analysis supplementing said incoming data event records if the incoming event data records hold data that match predetermined logic parameters;
  
  aggregating the event data records from multiple disparate sources within the enterprise system to an aggregation manager;
  
  analyzing the event data records to identify events indicative of one of an operation failure or an operation error in the network;
  
  extracting from the event data records event data required to obtain resolution of events;
  
  accessing a database to obtain client data useful in obtaining resolution of the event or events that resulted in the generation of the event data records;
  
  processing said event data records to produce modified event data records that include additional informational data regarding said event data, the processing including merging said client data with the extracted event data to provide normalized event data records;
  
  analyzing the normalized event data records to determine whether an event is an alarmable event that requires a response, the step of analyzing including screening the normalized event data records to minimize the number of events in which a response is required;
  
  automatically without any manual intervention responding to alarmable events to obtain resolution of the alarmable events, including automatically contacting a vendor that services a portion of the network, including forwarding at least a portion of the event data to a response capability, and enabling the response capability to send a notification to a vendor that services a portion of the network, said notification identifying a detected event;
  
  wherein the automatically responding includes automatically initiating testing of at least a part of the portion of the network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 16. The method according to claim 15, wherein the step of merging client data with the event data includes using the event data extracted to access a database to obtain client data related to the event data.
  - 17. The method according to claim 15, wherein the step of analyzing the normalized event data records includes the step of comparing normalized event data contained in a plurality of normalized event data records to determine alarmable events.
  - 18. The method according to claim 15, including storing the normalized event data records in a cached data store.
  - 19. The method according to claim 18, including the step of monitoring the status of alarmable events.
  - 20. The method according to claim 19, wherein the step of monitoring the status of alarmable events includes the steps of displaying event information on a display and accessing the cached data store to obtain event information for display.
  - 21. The method according to claim 15, wherein the step of automatically responding includes responding to the normalized event data to automatically create a work ticket for the vendor.
  - 22. The method according to claim 15, wherein the step of automatically responding includes the step of accessing a vendor gateway and providing information relating to an alarmable event to the vendor via the vendor gateway.
  - 23. The method according to claim 22, and including the step of receiving a vendor work ticket number via the vendor gateway.
  - 24. The method according to claim 15, wherein the step of automatically responding includes the step of communicating automatically with contact personnel associated with the network via external communications.
  - 25. The method according to claim 24, wherein the step of communicating automatically with contact personnel includes at least one of placing a telephone call, sending a facsimile message, sending an E-mail message, and sending a message to a pager.
  - 26. The method according to claim 24, wherein the step of communicating automatically with contact personnel includes sending a message to a pager and including the step of using at least a portion of the normalized event data to automatically populate pager fields.
  - 27. The method according to claim 15, and wherein the step of automatically responding includes the step of creating a work ticket for the network management system.

28. A system for managing operations of a network, comprising:
- a cached data store implemented as a hardware memory;
  
  a database storing client data;
  
  an event pattern recognition processor configured to conduct pattern recognition analysis on incoming event data records, the event pattern recognition processor configured to supplement said incoming event data records, if the incoming event data records hold data that match predetermined logic parameters;
  
  an aggregation manager including a parse and analysis component, a data merge component, and a data analysis component, wherein the aggregation manager is configured to, automatically without any manual intervention, initiate testing of at least part of the portion of the network,the parse and analysis component configured to parsing the event data contained in said event data records to remove extraneous data and provide extracted event data for use in resolving the event;
  
  said data merge component configured to use said extracted event data to access the database to obtain client data related to the event data and to merge client data obtained from the database with the event data;
  
  said data analysis component configured to analyze the normalized event data to determine whether an event is an alarmable event, the step of analyzing the normalized event data including screening the normalized event data, wherein the number of events in which a response is required is minimized; and
  
  a response component configured to respond to normalized event data for alarmable events, without any manual intervention, to initiate the obtaining of resolution of the alarmable events, wherein the response component is configured to automatically contact a vendor that services a portion of the network to obtain resolution of alarmable events, including forwarding at least a portion of the merged event data to a response capability, and enabling the response capability to send a notification to a vendor that services said portion of the network, said notification identifying a detected event, and the response component is further configured to automatically initiate testing of at least a part of said portion of the network.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 29. The network management system according to claim 28, wherein the data merge component stores the normalized data in the cached data store.
  - 30. The network management system according to claim 28, wherein the aggregation manager formats the normalized event data into a format that is readable by the vendor.
  - 31. The network management system according to claim 28, wherein the response capability includes a vendor link allowing automatic and direct contacting of the vendor via the vendor link.
  - 32. The network management system according to claim 31, wherein the response capability includes a ticketing system for creating a work ticket for vendor and for transmitting the work ticket to the vendor.
  - 33. The network management system according of claim 31, and receiving a vendor work ticket number via the vendor link.
  - 34. The network management system according to claim 28, wherein said parse and analysis component and said response component operate in real time, allowing resolution of an event to be initiated in real time.
  - 35. The network management system according to claim 28, wherein the response capability includes an external communication component for automatically communicating via communication devices with personnel associated with the network.
  - 36. The network management system according to claim 35, wherein the communication devices include a telephone, a cell phone, a fax, an E-mail, a pager.
  - 37. The network management system according to claim 28, wherein the response component includes an internal ticketing system for creating work tickets for the network managing system.
  - 38. The network management system according to claim 28, wherein the response component includes a network operations center for displaying event information.
  - 39. The network management system according to claim 38, wherein the network management includes a monitor for displaying event information and wherein event data to be displayed on the monitor is obtained from the database through at least one of said parse and analysis component and said data merge component.
  - 40. The network management system according to claim 28, and including permanent data storage, and wherein said data merge component periodically updates normalized event data stored in said permanent data storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fidelity Information Services, LLC (Fidelity National Information Services Incorporated)
Original Assignee
Metavante Corporation (Fidelity National Information Services Incorporated)
Inventors
Neuhaus, Scott E., Swessel, Scott D., Senkevitch, Alexander A.
Primary Examiner(s)
Nooristany, Sulaiman

Application Number

US10/357,433
Time in Patent Office

3,599 Days
Field of Search

705/1, 709223-226
US Class Current

709/224
CPC Class Codes

H04L 41/0613 based on the type or catego...

H04L 41/0686 Additional information in t...

Business to business network management event detection and response system and method

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Business to business network management event detection and response system and method

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links