Interpreting categorized change information in order to build and maintain change catalogs
First Claim
1. A method comprising:
- providing at least one change catalog;
receiving, by a monitor server, change data associated with a plurality of changes to a target host, the target host providing the change data in response to detecting the plurality of changes, wherein the change data includes a rule that generated the change, an identifier of the target host from which the change data was collected, a specific element name associated with the change, and element data associated with the change;
analyzing, by the monitor server, the change data in order to group the plurality of changes detected on the target host into clusters of changes based on the change data associated with the plurality of changes detected on the target host; and
correlating, by the monitor server, the clusters of changes with the at least one change catalog in order to classify a portion of the clusters of changes relating to at least one potential reason for the plurality of changes in order to categorize at least some of the clusters of related changes, wherein at least one of the clusters of changes is not correlated with information within the at least one change catalog, the at least one uncorrelated cluster being without a potential reason as to the cause of the change data;
after the analyzing and the correlating, determining, by the monitor server, for at least one of the uncorrelated clusters of related changes without a reason as to the cause of the change, at least one other potential reason for a portion of the plurality of changes captured on the target host in the at least one of the uncorrelated clusters; and
updating the at least one change catalog with the at least one other potential reason.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and articles for receiving, by a monitor server, change data associated with a change captured on a target host, are described herein. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Further, in some embodiments, the monitor server may then group the change data into clusters and may correlate the clusters with a change catalog in order to provide a possible reason or cause for the cluster of changes. Once the change data have been classified as clusters, a report may be generated providing classification or categorization and cluster information for the various changes. In various embodiments, the generating may comprise generating a report to the target host and/or to an administrative user. In various embodiments, a reason may be determined for causing a cluster of changes and the change catalog may updated with the reason.
-
Citations
21 Claims
-
1. A method comprising:
-
providing at least one change catalog; receiving, by a monitor server, change data associated with a plurality of changes to a target host, the target host providing the change data in response to detecting the plurality of changes, wherein the change data includes a rule that generated the change, an identifier of the target host from which the change data was collected, a specific element name associated with the change, and element data associated with the change; analyzing, by the monitor server, the change data in order to group the plurality of changes detected on the target host into clusters of changes based on the change data associated with the plurality of changes detected on the target host; and correlating, by the monitor server, the clusters of changes with the at least one change catalog in order to classify a portion of the clusters of changes relating to at least one potential reason for the plurality of changes in order to categorize at least some of the clusters of related changes, wherein at least one of the clusters of changes is not correlated with information within the at least one change catalog, the at least one uncorrelated cluster being without a potential reason as to the cause of the change data; after the analyzing and the correlating, determining, by the monitor server, for at least one of the uncorrelated clusters of related changes without a reason as to the cause of the change, at least one other potential reason for a portion of the plurality of changes captured on the target host in the at least one of the uncorrelated clusters; and updating the at least one change catalog with the at least one other potential reason. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A monitor server comprising:
-
a processor; a change database for storing change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes by applying collection policies of rules to changes that are captured or detected on the target host, wherein the change data includes an identification of the target host for which the changes were captured or detected, an identification of the rule or collection policy responsible, a name of the data element for which the changes were detected, and the element data of the element for which the changes were detected, and wherein the change catalog is configured to store expected changes, expected rule violations, expected parameter changes, and expected setting changes; and logic communicatively coupled to the change database and configured to be operated by the processor to; receive the change data associated with the plurality of changes on the target host; store the change data in the change database; analyze the change data in order to group the plurality of changes detected on the target host into clusters of changes, wherein the analyzing comprises looking up one or more compliance policies that match collection policies or rules specified in the change data; correlate the clusters of changes with at least one of the expected changes, rule violations, parameter changes, or settings stored in the change catalog in order to classify at least a portion of the clusters of changes as relating to at least one potential reason for the plurality of changes, wherein at least one of the clusters of changes is not correlated with a potential reason as to the cause of the change data; after analyzing the change data and correlating the cluster of changes, determine, for at least one of the clusters of changes not correlated with a potential reason as to the cause of the change data, at least one other possible reason for a portion of the plurality of changes captured on the target host in the at least one of the uncorrelated clusters; and update the at least one change catalog with the at least one other possible reason. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An article of manufacture comprising:
-
a computer-readable storage device; and a plurality of programming instructions or statements stored on the storage device and configured to program a monitor server to; receive change data associated with a plurality of changes to a target host and captured on the target host, the target host providing the change data in response to detecting the plurality of changes, wherein the change data includes a rule that generated the change; analyze the change data in order to group the plurality of changes detected on the target host into clusters of changes based on the change data by evaluating an expression of at least one compliance policy against element data specified in the change data; based upon inference techniques, correlate the clusters of changes with at least one change catalog in order to classify at least a portion of the clusters of changes as relating to at least one potential reason for the plurality of changes, wherein at least one of the clusters of changes is not correlated with information within the at least one change catalog, the at least one uncorrelated cluster being without a potential reason as to the cause of the change data, and wherein the change catalog includes at least one or more of the following;
expected changes, expected rule violations, expected parameter changes, or expected setting changes;determine, for the at least one uncorrelated cluster of changes without a reason as to the cause of the change data, at least one other potential reason for a portion of the plurality of changes that are in the at least one uncorrelated cluster and that were captured on the target host; and update the at least one change catalog with the at least one other potential reason.
-
Specification