Complex event processing system and method

US 9,170,910 B2
Filed: 03/31/2011
Issued: 10/27/2015
Est. Priority Date: 03/31/2010
Status: Active Grant

First Claim

Patent Images

1. A complex event processing system comprising a complex event processing engine and an event harvesting system, wherein the event harvesting system is operable to monitor a computer network, generate simple event reports in response to the result of monitoring the network and pass these to the complex event processing engine for processing, wherein the event harvesting system comprises:

a head end node; and

a plurality of capture nodes each of which is operatively connected to the head end node;

wherein;

the head end node includes computer hardware for performing central configuration control of the plurality of capture nodes;

each capture node is operable to receive configuration instructions from the head end node to determine what simple event reports are to be generated by the capture node and in response to what conditions detected on the monitored computer network;

the head end node includes an interface for receiving configuration instructions from a user of the system and for processing these configuration instructions and sending them to a specified capture node for causing the specified capture node to operate in accordance with the specified configuration instructions; and

one or more of the capture nodes is configurable into a plurality of different configurations including a non-invasive mode of operation configuration and an invasive or minimally invasive mode of operation configuration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A complex event processing system comprises a complex event processing engine (52) and an event harvesting system, wherein the event harvesting system is operable to monitor a computer network (10, 21, 22, 31, 32, 33), generate simple event reports in response to the result of monitoring the network and pass these to the complex event processing engine for processing. The event harvesting system comprises a central configuration control module (51, 53) and a plurality of capture node modules (41, 42) each of which is operatively connected to the central configuration control module. Each capture node module is operable to receive configuration instructions from the central configuration control module to determine what simple event reports are to be generated by the module and in response to what conditions detected on the monitored computer network. The central configuration control module includes an interface (51) in the form of a web server for receiving configuration instructions from a user of the system and for processing these configuration instructions and sending them to a specified capture node module for causing the module to operate in accordance with the specified configuration instructions.

8 Citations

13 Claims

1. A complex event processing system comprising a complex event processing engine and an event harvesting system, wherein the event harvesting system is operable to monitor a computer network, generate simple event reports in response to the result of monitoring the network and pass these to the complex event processing engine for processing, wherein the event harvesting system comprises:
- a head end node; and
  
  a plurality of capture nodes each of which is operatively connected to the head end node;
  
  wherein;
  
  the head end node includes computer hardware for performing central configuration control of the plurality of capture nodes;
  
  each capture node is operable to receive configuration instructions from the head end node to determine what simple event reports are to be generated by the capture node and in response to what conditions detected on the monitored computer network;
  
  the head end node includes an interface for receiving configuration instructions from a user of the system and for processing these configuration instructions and sending them to a specified capture node for causing the specified capture node to operate in accordance with the specified configuration instructions; and
  
  one or more of the capture nodes is configurable into a plurality of different configurations including a non-invasive mode of operation configuration and an invasive or minimally invasive mode of operation configuration.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system according to claim 1 wherein the complex event processing engine is operable to infer the occurrence of complex conditions based on the detection of combinations of occurrences of plural simple events, the occurrence of each simple event being detectable based on the data captured by a single capture node.
  - 3. The system according to claim 2 wherein the complex event processing engine is operable to detect the occurrence of complex conditions which are not detectable solely on the basis of the data captured by a single capture node, or which are only detectable based on data captured by a single capture node using statistical analysis over a time period.
  - 4. The system according to claim 1 wherein each capture node is a generic node capable of being configured into one of the following specific types of capture node:
    - a network sniffer operable to extract information from packets of data flowing on a network or a log picker operable to extract information from log files.
  - 5. The system according to claim 1 wherein the capture nodes and the head end node include a heartbeat mechanism whereby each active deployed capture node periodically communicates with the head end node even where no simple event occurrences have been detected by the capture node, to provide a level of assurance to the head end node that the capture node is still operating correctly.
  - 6. The system according to claim 1 wherein the head end node is configured to receive registration requests by external components whereby any external component which registers with the head end node for notification of the occurrence of a particular complex event as detected by the complex event processing engine, is notified by the head end node whenever such an occurrence is actually detected by the CEP engine.

7. A method of detecting the occurrence of complex events on a network, the method comprising:
- deploying a head end node and a plurality of capture nodes each of which is operatively connected to the head end node onto a legacy network to be monitored, the head end node including computer hardware for performing central configuration control of the plurality of capture nodes;
  
  transmitting configuration instructions from the head end node to each capture node to specify what simple event reports are to be generated by the capture node and in response to what conditions detected on the monitored computer network;
  
  transmitting to the head end node configuration instructions from a user of the system;
  
  processing these configuration instructions; and
  
  sending them to a specified capture node for causing the specified capture node to operate in accordance with the specified configuration instructions;
  
  wherein;
  
  the capture nodes monitor the computer network to generate simple event reports in response to the result of monitoring the network and pass these to a complex event processing engine associated with the head end node for processing to identify the occurrence of complex events based on the received simple event reports; and
  
  one or more of the capture nodes is configurable into a plurality of different configurations including a non-invasive mode of operation configuration and an invasive or minimally invasive mode of operation configuration.

8. A non-transitory machine readable storage medium carrying processor implementable instructions for causing a processor or processors to perform functionality for detecting the occurrence of complex events on a network, the functionality comprising:
- monitoring a legacy network using a head end node and a plurality of capture nodes each of which is operatively connected to the head end node, the head end node including computer hardware for performing central configuration control of the plurality of capture nodes;
  
  transmitting configuration instructions from the head end node to each capture node to specify what simple event reports are to be generated by the capture nodes and in response to what conditions detected on the monitored computer network;
  
  transmitting to the head end node configuration instructions from a user of the system;
  
  processing these configuration instructions; and
  
  sending them to a specified capture node for causing the node to operate in accordance with the specified configuration instructions;
  
  wherein;
  
  the capture nodes monitor the computer network to generate simple event reports in response to the result of monitoring the network and pass these to a complex event processing engine associated with the head end node for processing to identify the occurrence of complex events based on the received simple event reports; and
  
  one or more of the capture nodes is configurable into a plurality of different configurations including a non-invasive mode of operation configuration and an invasive or minimally invasive mode of operation configuration.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The transitory machine readable storage medium according to claim 8, the functionality further comprising inferring the occurrence of complex conditions based on the detection of combinations of occurrences of plural simple events, the occurrence of each simple event being detectable based on the data captured by a single capture node.
  - 10. The transitory machine readable storage medium according to claim 9, the functionality further comprising detecting the occurrence of complex conditions which are not detectable solely on the basis of the data captured by a single capture node, or which are only detectable based on data captured by a single capture node using statistical analysis over a time period.
  - 11. The transitory machine readable storage medium according to claim 8, wherein each capture node is a generic node capable of being configured into one of the following specific types of capture node:
    - a network sniffer operable to extract information from packets of data flowing on a network or a log picker operable to extract information from log files.
  - 12. The transitory machine readable storage medium according to claim 8, wherein the capture nodes and the head end node include a heartbeat mechanism whereby each active deployed capture node periodically communicates with the head end node even where no simple event occurrences have been detected by the capture node, to provide a level of assurance to the head end node that the capture node is still operating correctly.
  - 13. The transitory machine readable storage medium according to claim 8, wherein the head end node is configured to receive registration requests by external components whereby any external component which registers with the head end node for notification of the occurrence of a particular complex event as detected by the complex event processing engine, is notified by the head end node whenever such an occurrence is actually detected by the CEP engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Roxburgh, David
Primary Examiner(s)
Tran, Philip B

Application Number

US13/638,451
Publication Number

US 20130031251A1
Time in Patent Office

1,671 Days
Field of Search

709/224, 709/220
US Class Current

1/1
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3072   where the reporting involve...

H04L 43/06   Generation of reports

H04L 43/10   Active monitoring, e.g. hea...

Complex event processing system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Complex event processing system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links