Session-based processing method and system

US 8,589,428 B2
Filed: 08/13/2010
Issued: 11/19/2013
Est. Priority Date: 03/09/2004
Status: Active Grant

First Claim

Patent Images

1. A method for grouping log file entries by session, comprising:

storing a log file of entries in a memory, each of said entries identifying a client request to a server;

retrieving a subset of entries from the memory for storage in a ring buffer that is smaller than the memory;

processing each entry in the memory to identify entries that belong to a complete client session by using the ring buffer to implement a sliding window to process all entries in the log file into complete client sessions by sequentially adding and removing entries to the ring buffer until all of the entries in the log file have been processed; and

outputting all entries in the subset of log file entries that do not belong to the complete client session as raw log data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A log file processing system sorts records from large log files and groups them by session without making a complete copy of the log files by capturing a subset of the log files in a sliding memory window and identifying all records in the window that form a complete user session. Records belonging to a complete session are output for analyzing, and the remaining records are output as raw log data for additional processing. Using a ring buffer to implement the sliding memory window, data structures are used to group records by session, to identify completed sessions, and to index into the ring buffer to retrieve records for completed sessions that are to be directly analyzed. Any records remaining in the ring buffer at the end of slide window processing may be output as raw log file data and are processed as incomplete or malformed session records. An embodiment of the log file processing system provides a significant improvement on the speed of data extraction from log files into analyzable session data.

28 Citations

View as Search Results

17 Claims

1. A method for grouping log file entries by session, comprising:
- storing a log file of entries in a memory, each of said entries identifying a client request to a server;
  
  retrieving a subset of entries from the memory for storage in a ring buffer that is smaller than the memory;
  
  processing each entry in the memory to identify entries that belong to a complete client session by using the ring buffer to implement a sliding window to process all entries in the log file into complete client sessions by sequentially adding and removing entries to the ring buffer until all of the entries in the log file have been processed; and
  
  outputting all entries in the subset of log file entries that do not belong to the complete client session as raw log data.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the complete client session is identified by identifying all entries in the subset that are associated with a particular client session and that include both a beginning entry and an end entry.
  - 3. The method of claim 2, wherein the end entry is identified as any entry that corresponds to a logout request.
  - 4. The method of claim 2, wherein the end entry for a client session is identified as any entry associated with that client session that has no other entries for that client session that occur within a session expiration window.
  - 5. The method of claim 2, wherein the end entry for a client session is identified as any entry having a first timestamp value, where the difference between first timestamp value and a second timestamp value associated with a subsequent entry in the subset of log files exceeds a timeout value.
  - 6. The method of claim 1, further comprising outputting as raw log data all entries in the subset of log file entries that belong to an incomplete client session which has a beginning entry but no end entry.

7. An article of manufacture comprising a non-transitory computer readable medium having stored thereon executable instructions and data which, when executed by at least one processing device, cause the at least one processing device to:
- read a plurality of records from a file system into a ring buffer, where said plurality or records comprises a subset of all records in the file system;
  
  scan each record in the ring buffer to identify a user session for said record and to identify any start or end records in the ring buffer;
  
  allocate, for each identified user session, an index to identify all records in the ring buffer that are associated with the identified user session and to identify all start or end records, where the index comprises;
  
  a session record for each identified user session for keying into the ring buffer to identify log records associated with said identified user session,a hash table for keying into the session record based upon session key information,a linked listing of last seen log records for each session, anda linked list of first seen log records for each session; and
  
  process the index to group all records in the ring buffer belonging to a complete user session, to output the grouped records for further analysis.
- View Dependent Claims (8)
- - 8. The article of manufacture of claim 7, wherein the ring buffer implements a sliding window to process all of the log records in the file system into complete user sessions by sequentially adding and removing log records to the ring buffer until all of the log records in the file system have been processed.

9. A system for session-based processing of log files using a data processing system and network session data collected from one or more users, the system comprising:
- a log file collection system for storing a plurality of server request entries in memory, wherein a server request entry comprises a session identifier;
  
  a processing engine to process a subset of the plurality of server request entries to group the server request entries by session using the session identifier in each server request entry by reading the plurality of server request entries into a ring buffer that is smaller than the memory to implement a sliding window to process the plurality of server request entries into complete sessions by sequentially adding and removing server request entries to the ring buffer until all of the plurality of server request entries in the log file collection system have been processed; and
  
  a parser for analysis of the web server request entries that have been grouped by session to generate a user session history.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the processing engine uses a plurality of data structures to group the web server request entries by session, said plurality of data structures comprising:
    - a per-session record for keying into the ring buffer to identify server request entries associated with each identified session,a hash table for keying into the per-session records,a linked list of last processed web server request entries for each session, anda linked list of first processed web server request entries for each session.
  - 11. The system of claim 9, wherein the processing engine uses the sliding memory window to process the subset of the plurality of web server request entries into the ring buffer.
  - 12. The system of claim 9, where the processing engine generates an output file containing web server request entries corresponding to one or more complete user sessions.
  - 13. The system of claim 9, where the processing engine generates an output file containing web server request entries corresponding to one or more incomplete user sessions.
  - 14. The system of claim 9, where the processing engine generates an output file containing web server request entries corresponding to one or more user sessions that do not include an end session entry.

15. A system for parsing web site logs one session at a time, comprising:
- means for storing network session data from at least one server log file;
  
  means for processing a subset of the network session data to group said network session data by session using a ring buffer to implement a sliding window which loads a programmably adjustable portion of the network session data from at least one server log file to process network session data into one or more complete sessions by sequentially adding and removing server request entries from the network session data to the ring buffer until all of the network session data from the at least one server log file has been processed;
  
  means for generating a first output file containing network session data grouped by session; and
  
  means for parsing said first output file.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, wherein the ring buffer is set up in local memory.
  - 17. The system of claim 15, wherein the ring buffer implements the sliding window for reading contents of the at least one server log file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Versata Development Group, Inc. (ESW Capital, LLC)
Original Assignee
Versata Development Group, Inc. (ESW Capital, LLC)
Inventors
Smith, Shawn A. P., Karipides, Daniel P.
Primary Examiner(s)
Hwa, Shyue Jiunn

Application Number

US12/856,297
Publication Number

US 20100306315A1
Time in Patent Office

1,194 Days
Field of Search

None
US Class Current

707/760
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3438   monitoring of user actions ...

G06F 11/3476   Data logging G06F11/14, G06...

G06F 16/11   File system administration,...

G06F 16/13   File access structures, e.g...

G06F 2201/875   Monitoring of systems inclu...

G06Q 30/02   Marketing; Price estimation...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/535   Tracking the activity of th...

Session-based processing method and system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Session-based processing method and system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links