Log collection, structuring and processing
First Claim
1. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
- identifying a set of circumstances with respect to at least one type of storage device associated with said data system, wherein said set of circumstances includes data being moved to or from the at least one type of storage device;
creating, using a processing platform of said data system, at least one log processing rule to identify logs of said one or more monitored platforms matching said set of circumstances, wherein said at least one log processing rule specifies at least one action to be performed based on the set of circumstances matching the at least one log processing rule;
receiving, at said processing platform, logs from one or more monitored platforms;
processing, by said processing platform, the received logs using said at least one log processing rule to identify received logs that match said set of circumstances, wherein the identified, received logs include information identifying data being moved to or from the at least one type of storage device; and
based on the processing of the received logs using said at least one log processing rule, taking the at least one action specified in the at least one log processing rule, wherein said taking the at least one action comprises;
limiting data from being written to said at least one storage device; and
generating at least one alert indicative of the occurrence of said set of circumstances.
6 Assignments
0 Petitions
Accused Products
Abstract
Tools for use in obtaining useful information from processed log messages generated by a variety of network platforms (e.g., Windows servers, Linux servers, UNIX servers, databases, workstations, etc.). The log messages may be processed by one or more processing platforms or “log managers” using any appropriate rule base to identify “events” (i.e., log messages of somewhat heightened importance), and one or more “event managers” may analyze the events to determine whether alarms should be generated therefrom. The tools may be accessed via any appropriate user interface of a console that is in communication with the various log managers, event managers, etc., to perform numerous tasks in relation to logs, events and alarms.
124 Citations
31 Claims
-
1. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
-
identifying a set of circumstances with respect to at least one type of storage device associated with said data system, wherein said set of circumstances includes data being moved to or from the at least one type of storage device; creating, using a processing platform of said data system, at least one log processing rule to identify logs of said one or more monitored platforms matching said set of circumstances, wherein said at least one log processing rule specifies at least one action to be performed based on the set of circumstances matching the at least one log processing rule; receiving, at said processing platform, logs from one or more monitored platforms; processing, by said processing platform, the received logs using said at least one log processing rule to identify received logs that match said set of circumstances, wherein the identified, received logs include information identifying data being moved to or from the at least one type of storage device; and based on the processing of the received logs using said at least one log processing rule, taking the at least one action specified in the at least one log processing rule, wherein said taking the at least one action comprises; limiting data from being written to said at least one storage device; and generating at least one alert indicative of the occurrence of said set of circumstances. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
-
establishing, on a processing platform, at least one log processing rule for selectively processing logs associated with one or more monitored platforms based on a content of one or more data fields of said logs, wherein each of said at least one log processing rule specifies an action to perform based on content of one or more data fields of logs matching said at least one log processing rule; receiving, at said processing platform, logs associated with said one or more monitored platforms; processing, at said processing platform, the received logs using said at least one log processing rule; identifying, using said processing platform, a processed log; and first operating said processing platform to create at least one new log processing rule, wherein; responsive to the processed log being identified using said processing platform, the processing platform generates a template rule including one or more conditions and actions automatically populated based on the one or more data fields of said identified processed log; and responsive to generating the template rule, the method includes customizing the template rule to create the at least one new log processing rule, wherein the at least one new log processing rule includes at least one action to be performed based on a subsequently received log matching the one or more conditions. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
-
integrating information from at least one directory service of the data system with a database of the data system, wherein the directory service includes information specifying users and user groups, and wherein the user groups each include a plurality of users; identifying a set of circumstances with respect to at least one monitored platform of the one or more platforms of said data system, wherein said set of circumstances includes at least one action taken with respect to the at least one monitored platform by at least one of the plurality of users included in a specified user group of the user groups; creating, using a processing platform of said data system, at least one log processing rule to identify logs of said one or more monitored platforms matching said set of circumstances, wherein said at least one log processing rule specifies at least one action to be performed based on the set of circumstances matching the at least one log processing rule; receiving, at said processing platform, logs from one or more monitored platforms; processing, by said processing platform, the received logs using the at least one log processing rule to identify received logs that match said set of circumstances, wherein the identified, received logs include information identifying at least one user of the plurality of users and an action taken by said at least one user of the plurality of users with respect to the at least one monitored platform; and based on the processing of the received logs using the at least one log processing rule, taking the at least one action specified in the at least one log processing rule, wherein the taking the at least one action comprises generating at least one alert indicative of the occurrence of said set of circumstances. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A system for use in monitoring one or more platforms of a data system, the system comprising:
-
a processor; and a non-transitory computer readable medium interconnected to the processor and including one or more non-transitory computer program products that are configured to; create at least one log processing rule to identify logs of said one or more monitored platforms matching a set of circumstances, wherein said set of circumstances includes data being moved to or from at least one type of storage device associated with said data system, and wherein said at least one log processing rule specifies at least one action to be performed based on the set of circumstances matching the at least one log processing rule; receive logs from one or more monitored platforms; process the received logs using said at least one log processing rule to identify received logs that match said set of circumstances, wherein the identified, received logs including information identifying data being moved to or from the at least one type of storage device; and based on the processing of the received logs using said at least one log processing rule, take the at least one action specified in the at least one log processing rule, wherein the at least one action comprises; limiting data from being written to said at least one storage device; and generating at least one alert indicative of the occurrence of said set of circumstances. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A processing platform for use in monitoring one or more platforms of a data system, comprising:
-
a storage module including at least one log processing rule for selectively processing logs associated with one or more monitored platforms based on a content of one or more data fields of said logs, wherein each of said at least one log processing rule specifies an action to perform based on content of one or more data fields of logs matching said at least one log processing rule; and a processor that is operatively interconnected to the storage module, wherein the processor is operable to; process said logs associated with one or more monitored platforms using said at least one log processing rule; identify at least one of said logs associated with one of said one or more monitored platforms for further processing; and create at least one new log processing rule, wherein; responsive to the at least one of said logs being identified using said processor, the processor generates a template rule including one or more conditions and actions automatically populated based on the one or more data fields of said at least one identified processed log; and responsive to the processor generating the template rule, the processor facilitates customization of the template rule to create the at least one new log processing rule, wherein the at least one new log processing rule includes at least one action to be performed based on a subsequently received log matching the one or more conditions. - View Dependent Claims (28, 29, 30, 31)
-
Specification