Method and system for creating enriched log data
First Claim
1. A system for creating enriched log data comprising:
- at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for creating enriched log data, the process for creating enriched log data including;
obtaining access to first log data of a first log data source, the first log data source being a first virtual machine instance;
obtaining access to distinct log data of a plurality of distinct log data sources, each of the plurality of log data sources being of different virtual machine instances distinct from virtual machine instances of each other log data source of the plurality of log data sources;
defining at least two virtual machine instance trigger events, the defined at least two virtual machine instance trigger events including a first trigger event being a security requirement setting event and a second trigger event being the creation or changing of access control lists;
defining, responsive to the at least two virtual machine instance trigger events being defined, trigger event log entry data associated with the defined at least two virtual machine instance trigger events;
monitoring, responsive to the at least two virtual machine instance trigger event being defined, log data of each log data source of the plurality of log data sources;
detecting, as a result of the monitoring, trigger event log entry data in log data of a second log data source of the plurality of log data sources;
inserting, into the first log data of the first log data source, the trigger event log data of the second log data representing the trigger event of a second virtual machine instance occurring;
detecting, as a result of the monitoring, trigger event log entry data in log data of a third log data source of the plurality of log data sources; and
inserting, into the first log data of the first log data source, the trigger event log data of the third log data representing the trigger event of the third virtual machine instance occurring.
1 Assignment
0 Petitions
Accused Products
Abstract
Access to first log data from a first log data source and second log data from a second log data source is obtained. Trigger event log data is defined and the second log data from the second log data source is monitored to detect the defined trigger event log data in the second log data. If the defined trigger event log data is detected in the second log data from the second log data source, the detected trigger event log data in the second log data from the second log data source is correlated with the first log data from the first log data source, and/or at least part of the second log data from the second log data source is inserted into the first log data from the first log data source.
304 Citations
16 Claims
-
1. A system for creating enriched log data comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for creating enriched log data, the process for creating enriched log data including; obtaining access to first log data of a first log data source, the first log data source being a first virtual machine instance; obtaining access to distinct log data of a plurality of distinct log data sources, each of the plurality of log data sources being of different virtual machine instances distinct from virtual machine instances of each other log data source of the plurality of log data sources; defining at least two virtual machine instance trigger events, the defined at least two virtual machine instance trigger events including a first trigger event being a security requirement setting event and a second trigger event being the creation or changing of access control lists; defining, responsive to the at least two virtual machine instance trigger events being defined, trigger event log entry data associated with the defined at least two virtual machine instance trigger events; monitoring, responsive to the at least two virtual machine instance trigger event being defined, log data of each log data source of the plurality of log data sources; detecting, as a result of the monitoring, trigger event log entry data in log data of a second log data source of the plurality of log data sources; inserting, into the first log data of the first log data source, the trigger event log data of the second log data representing the trigger event of a second virtual machine instance occurring; detecting, as a result of the monitoring, trigger event log entry data in log data of a third log data source of the plurality of log data sources; and inserting, into the first log data of the first log data source, the trigger event log data of the third log data representing the trigger event of the third virtual machine instance occurring. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for creating enriched log data comprising:
-
a first log data source, the first log data source generating first log data; a plurality of log data sources, the plurality of log data sources generating log data independent of and external to log data of any other log data source; and a computing system, the computing system including at least one processor and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for creating enriched log data, the process for creating enriched log data including; obtaining access to the first log data from the first log data source; obtaining access to the log data of the plurality of log data sources; defining at least two virtual machine instance trigger events, the defined at least two virtual machine instance trigger events including a first trigger event being a security requirement setting event and a second trigger event being the creation or changing of access control lists; defining, responsive to the at least two virtual machine instance trigger events being defined, trigger event log entry data associated with the defined at least two virtual machine instance trigger events; monitoring, responsive to the at least two virtual machine instance trigger event being defined, log data of each log data source of the plurality of log data sources; detecting, as a result of the monitoring, trigger event log entry data in log data of a second log data source of the plurality of log data sources; inserting, into the first log data of the first log data source, the trigger event log data of the second log data representing the trigger event of a second virtual machine instance occurring; detecting, as a result of the monitoring, trigger event log entry data in log data of a third log data source of the plurality of log data sources; and inserting, into the first log data of the first log data source, the trigger event log data of the third log data representing the trigger event of the third virtual machine instance occurring. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for creating enriched log data comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for creating enriched log data, the process for creating enriched log data including; obtaining access to first log data of a first log data source, the first log data source being a first virtual machine instance; obtaining access to distinct log data of a plurality of distinct log data sources, each of the plurality of log data sources being of different virtual machine instances distinct from virtual machine instances of each other log data source of the plurality of log data sources; defining at least two virtual machine instance trigger events, the defined at least two virtual machine instance trigger events including a first trigger event being a removal or addition of security requirements and a second trigger event being the creation or changing of access control lists; defining, responsive to the at least two virtual machine instance trigger events being defined, trigger event log entry data associated with the defined at least two virtual machine instance trigger events; monitoring, responsive to the at least two virtual machine instance trigger event being defined, log data of each log data source of the plurality of log data sources; detecting, as a result of the monitoring, trigger event log entry data in log data of a second log data source of the plurality of log data sources; inserting, into the first log data of the first log data source, the trigger event log data of the second log data representing the trigger event of a second virtual machine instance occurring; detecting, as a result of the monitoring, trigger event log entry data in log data of a third log data source of the plurality of log data sources; and inserting, into the first log data of the first log data source, the trigger event log data of the third log data representing the trigger event of the third virtual machine instance occurring.
-
-
16. A system for creating enriched log data comprising:
-
a first log data source, the first log data source generating first log data; a second log data source, the second log data source generating second log data, the second log data source being distinct from the first log data source such that the second log data is external log data with respect to the first log data; and a computing system, the computing system including at least one processor and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for creating enriched log data, the process for creating enriched log data including; obtaining access to first log data of a first log data source, the first log data source being a first virtual machine instance; obtaining access to distinct log data of a plurality of distinct log data sources, each of the plurality of log data sources being of different virtual machine instances distinct from virtual machine instances of each other log data source of the plurality of log data sources; defining at least two virtual machine instance trigger events, the defined at least two virtual machine instance trigger events including a first trigger event being a removal or addition of security requirements and a second trigger event being the creation or changing of access control lists; defining, responsive to the at least two virtual machine instance trigger events being defined, trigger event log entry data associated with the defined at least two virtual machine instance trigger events; monitoring, responsive to the at least two virtual machine instance trigger event being defined, log data of each log data source of the plurality of log data sources; detecting, as a result of the monitoring, trigger event log entry data in log data of a second log data source of the plurality of log data sources; inserting, into the first log data of the first log data source, the trigger event log data of the second log data representing the trigger event of a second virtual machine instance occurring; detecting, as a result of the monitoring, trigger event log entry data in log data of a third log data source of the plurality of log data sources; and inserting, into the first log data of the first log data source, the trigger event log data of the third log data representing the trigger event of the third virtual machine instance occurring.
-
Specification