Complex event processing system and method
First Claim
1. A complex event processing system comprising a complex event processing engine and an event harvesting system, wherein the event harvesting system is operable to monitor a computer network, generate simple event reports in response to the result of monitoring the network and pass these to the complex event processing engine for processing, wherein the event harvesting system comprises:
- a head end node; and
a plurality of capture nodes each of which is operatively connected to the head end node;
wherein;
the head end node includes computer hardware for performing central configuration control of the plurality of capture nodes;
each capture node is operable to receive configuration instructions from the head end node to determine what simple event reports are to be generated by the capture node and in response to what conditions detected on the monitored computer network;
the head end node includes an interface for receiving configuration instructions from a user of the system and for processing these configuration instructions and sending them to a specified capture node for causing the specified capture node to operate in accordance with the specified configuration instructions; and
one or more of the capture nodes is configurable into a plurality of different configurations including a non-invasive mode of operation configuration and an invasive or minimally invasive mode of operation configuration.
1 Assignment
0 Petitions
Accused Products
Abstract
A complex event processing system comprises a complex event processing engine (52) and an event harvesting system, wherein the event harvesting system is operable to monitor a computer network (10, 21, 22, 31, 32, 33), generate simple event reports in response to the result of monitoring the network and pass these to the complex event processing engine for processing. The event harvesting system comprises a central configuration control module (51, 53) and a plurality of capture node modules (41, 42) each of which is operatively connected to the central configuration control module. Each capture node module is operable to receive configuration instructions from the central configuration control module to determine what simple event reports are to be generated by the module and in response to what conditions detected on the monitored computer network. The central configuration control module includes an interface (51) in the form of a web server for receiving configuration instructions from a user of the system and for processing these configuration instructions and sending them to a specified capture node module for causing the module to operate in accordance with the specified configuration instructions.
-
Citations
13 Claims
-
1. A complex event processing system comprising a complex event processing engine and an event harvesting system, wherein the event harvesting system is operable to monitor a computer network, generate simple event reports in response to the result of monitoring the network and pass these to the complex event processing engine for processing, wherein the event harvesting system comprises:
-
a head end node; and a plurality of capture nodes each of which is operatively connected to the head end node;
wherein;the head end node includes computer hardware for performing central configuration control of the plurality of capture nodes; each capture node is operable to receive configuration instructions from the head end node to determine what simple event reports are to be generated by the capture node and in response to what conditions detected on the monitored computer network; the head end node includes an interface for receiving configuration instructions from a user of the system and for processing these configuration instructions and sending them to a specified capture node for causing the specified capture node to operate in accordance with the specified configuration instructions; and one or more of the capture nodes is configurable into a plurality of different configurations including a non-invasive mode of operation configuration and an invasive or minimally invasive mode of operation configuration. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of detecting the occurrence of complex events on a network, the method comprising:
-
deploying a head end node and a plurality of capture nodes each of which is operatively connected to the head end node onto a legacy network to be monitored, the head end node including computer hardware for performing central configuration control of the plurality of capture nodes; transmitting configuration instructions from the head end node to each capture node to specify what simple event reports are to be generated by the capture node and in response to what conditions detected on the monitored computer network; transmitting to the head end node configuration instructions from a user of the system; processing these configuration instructions; and sending them to a specified capture node for causing the specified capture node to operate in accordance with the specified configuration instructions;
wherein;the capture nodes monitor the computer network to generate simple event reports in response to the result of monitoring the network and pass these to a complex event processing engine associated with the head end node for processing to identify the occurrence of complex events based on the received simple event reports; and one or more of the capture nodes is configurable into a plurality of different configurations including a non-invasive mode of operation configuration and an invasive or minimally invasive mode of operation configuration.
-
-
8. A non-transitory machine readable storage medium carrying processor implementable instructions for causing a processor or processors to perform functionality for detecting the occurrence of complex events on a network, the functionality comprising:
-
monitoring a legacy network using a head end node and a plurality of capture nodes each of which is operatively connected to the head end node, the head end node including computer hardware for performing central configuration control of the plurality of capture nodes; transmitting configuration instructions from the head end node to each capture node to specify what simple event reports are to be generated by the capture nodes and in response to what conditions detected on the monitored computer network; transmitting to the head end node configuration instructions from a user of the system; processing these configuration instructions; and sending them to a specified capture node for causing the node to operate in accordance with the specified configuration instructions;
wherein;the capture nodes monitor the computer network to generate simple event reports in response to the result of monitoring the network and pass these to a complex event processing engine associated with the head end node for processing to identify the occurrence of complex events based on the received simple event reports; and one or more of the capture nodes is configurable into a plurality of different configurations including a non-invasive mode of operation configuration and an invasive or minimally invasive mode of operation configuration. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification