Processing network events

US 8,930,526 B2
Filed: 05/19/2010
Issued: 01/06/2015
Est. Priority Date: 10/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method for processing network events, comprising:

receiving an input network event from a monitoring device on a processing thread, wherein the input network event comprises event data;

generating a plurality of data output events from the input network event, wherein the generating further comprises;

parsing the event data using a rules file, wherein the rules file includes a plurality of generate event commands;

for each generate event command in the rules file, placing the event data on one of a plurality of queues, wherein each of the plurality of queues is associated with a different one of a plurality of server databases;

generating a plurality of communications threads, wherein each communications thread is used for transmitting one or more of the plurality of data output events to a corresponding one of the plurality of server databases, and wherein each of the communications threads is associated with a different one of the plurality of queues; and

transmitting the event data, by each of the communications threads, to its corresponding server database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Processing network events generates multiple events from a single network device event. The system includes a network monitoring device for acquiring event data and a processing system for receiving an input event from a network monitoring device on a processing thread, wherein the processing system includes a communications thread generating component for generating multiple communications threads each for transmitting event data to a server database. The communication threads open connections to required server databases and these connections are maintained in an open state while the network monitoring device is running.

49 Citations

View as Search Results

32 Claims

1. A method for processing network events, comprising:
- receiving an input network event from a monitoring device on a processing thread, wherein the input network event comprises event data;
  
  generating a plurality of data output events from the input network event, wherein the generating further comprises;
  
  parsing the event data using a rules file, wherein the rules file includes a plurality of generate event commands;
  
  for each generate event command in the rules file, placing the event data on one of a plurality of queues, wherein each of the plurality of queues is associated with a different one of a plurality of server databases;
  
  generating a plurality of communications threads, wherein each communications thread is used for transmitting one or more of the plurality of data output events to a corresponding one of the plurality of server databases, and wherein each of the communications threads is associated with a different one of the plurality of queues; and
  
  transmitting the event data, by each of the communications threads, to its corresponding server database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as claimed in claim 1, wherein a first communications thread marshals and transmits the event data to a first server database.
  - 3. The method as claimed in claim 1, wherein the communication threads open a plurality of connections to the plurality of server databases and further comprising maintaining the connections in an open state while the monitoring device is running.
  - 4. The method as claimed in claim 1, further comprising:
    - processing the rules file to find one or more instances of one or more registered targets; and
      
      determining one or more server database connections.
  - 5. The method as claimed in claim 1, wherein the server databases include one or more tables for event data, and wherein each communications thread corresponds to one of the plurality of server databases.
  - 6. The method as claimed in claim 1, wherein inter-thread communication is asynchronous via one or more message queues.
  - 7. The method as claimed in claim 1, further comprising:
    - transferring the event data via an inter-thread data structure.
  - 8. The method as claimed in claim 1, further comprising:
    - sending one or more flush commands from the processing thread to clear the communications threads.
  - 9. The method as claimed in claim 1, wherein the transferring further comprises:
    - transferring the event data via a pointer to a selected communications thread.
  - 10. The method as claimed in claim 1, wherein the event data is converted into a structured query language (SQL) and appended to a text memory allocation for transmission.

11. A computer software product for processing network events, the product comprising a computer-readable storage device, in which a computer program comprising computer-executable instructions are stored, which instructions, when executed by a computer, perform the following steps:
- receiving an input network event from a monitoring device on a processing thread, wherein the input network event comprises event data;
  
  generating a plurality of data output events from the input network event, wherein the generating further comprises;
  
  parsing the event data using a rules file, wherein the rules file includes a plurality of generate event commands;
  
  for each generate event command in the rules file, placing the event data on one of a plurality of queues, wherein each of the plurality of queues is associated with a different one of a plurality of server databases;
  
  generating a plurality of communications threads, wherein each communications thread is used for transmitting one or more of the plurality of data output events to a corresponding one of the plurality of server databases, and wherein each of the communications threads is associated with a different one of the plurality of queues; and
  
  transmitting the event data, by each of the communications threads, to its corresponding server database.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer software product as claimed in claim 11, wherein a first communications thread marshals and transmits the event data to a first server database.
  - 13. The computer software product as claimed in claim 11, wherein the communication threads open a plurality of connections to the plurality of server databases and further comprising maintaining the connections in an open state while the monitoring device is running.
  - 14. The computer software product as claimed in claim 11, further comprising:
    - processing the rules file to find one or more instances of one or more registered targets; and
      
      determining one or more server database connections.
  - 15. The computer software product as claimed in claim 11, wherein the server databases include one or more tables for event data, and wherein each communications thread corresponds to one of the plurality of server databases.
  - 16. The computer software product as claimed in claim 11, wherein inter-thread communication is asynchronous via one or more message queues.
  - 17. The computer software product as claimed in claim 11, further comprising:
    - transferring the event data via an inter-thread data structure.
  - 18. The computer software product as claimed in claim 11, further comprising:
    - sending one or more flush commands from the processing thread to clear the communications threads.
  - 19. The computer software product as claimed in claim 11, wherein the transferring further comprises:
    - transferring the event data via a pointer to a selected communications thread.
  - 20. The computer software product as claimed in claim 11, wherein the event data is converted into a structured query language (SQL) and appended to a text memory allocation for transmission.

21. A system for processing network events, comprising:
- a network monitoring device for acquiring network event data;
  
  a processing system for receiving an input network event from the monitoring device on a processing thread, wherein the input network event comprises event data, and generating a plurality of data output events from the input network event, wherein the generating further comprises;
  
  parsing the event data using a rules file, wherein the rules file includes a plurality of generate event commands;
  
  for each generate event command in the rules file, placing the event data on one of a plurality of queues, wherein each of the plurality of queues is associated with a different one of a plurality of server databases;
  
  generating, by a communications thread generating component included in the processing system, a plurality of communications threads, wherein each communications thread is used for transmitting one or more of the plurality of data output events to a corresponding one of the plurality of server databases, and wherein each of the communications threads is associated with a different one of the plurality of queues; and
  
  transmitting the event data, by each of the communications threads, to its corresponding server database.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 22. The system as claimed in claim 21, wherein the processing system includes a receiver for the input network event.
  - 23. The system as claimed in claim 21, wherein a first communications thread marshals and transmits the event data to a first server database.
  - 24. The system as claimed in claim 21, wherein the communication threads open a plurality of connections to the plurality of server databases and wherein the plurality of connections are maintained in an open state while the monitoring device is running.
  - 25. The system as claimed in claim 21, further comprising:
    - processing the rules file to find one or more instances of one or more registered targets; and
      
      a component for determining one or more server database connections.
  - 26. The system as claimed in claim 21, wherein the server databases include one or more tables for event data, and wherein each communications thread corresponds to one of the plurality of server databases.
  - 27. The system as claimed in claim 21, wherein inter-thread communication is asynchronous via one or more message queues.
  - 28. The system as claimed in claim 21, further comprising:
    - an inter-thread data structure for transferring the event data.
  - 29. The system as claimed in claim 21, further comprising:
    - a component for flushing the communications threads.
  - 30. The system as claimed in claim 21, further comprising a parsing component for parsing the event data to generate the plurality of data output events.
  - 31. The system as claimed in claim 21, wherein the communications threads include a converter for converting the event data into structured query language (SQL) and appending it to a text memory allocation for transmission.
  - 32. The system as claimed in claim 21, wherein the processing system runs on a plurality of processors enabling the processing thread and the communications threads to be executed simultaneously.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Franklin, David Richard
Primary Examiner(s)
Tiv, Backhean

Application Number

US12/782,794
Publication Number

US 20110106941A1
Time in Patent Office

1,693 Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 9/4843   by program, e.g. task dispa...

G06F 9/541   via adapters, e.g. between ...

G06F 9/544   Buffers; Shared memory; Pipes

Processing network events

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Processing network events

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links