Transformation of network data at remote capture agents
DCFirst Claim
Patent Images
1. A computer-implemented method performed by a remote capture agent coupled to a network, comprising:
- obtaining configuration information from a configuration server over a network, wherein the configuration information is usable by the remote capture agent to generate timestamped event data from network packets and to transform the timestamped event data into transformed event data;
monitoring network traffic comprising a plurality of network packets;
generating, based on the configuration information, timestamped event data from at least one network packet of the plurality of network packets, wherein generating the timestamped event data includes segmenting the at least one network packet into a plurality of events and associating each event of the plurality of events with a respective timestamp; and
transforming, based on the same configuration information, the timestamped event data into transformed event data, wherein transforming the timestamped event data includes performing an operation involving data contained in at least one event of the plurality of events.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.
-
Citations
26 Claims
-
1. A computer-implemented method performed by a remote capture agent coupled to a network, comprising:
-
obtaining configuration information from a configuration server over a network, wherein the configuration information is usable by the remote capture agent to generate timestamped event data from network packets and to transform the timestamped event data into transformed event data; monitoring network traffic comprising a plurality of network packets; generating, based on the configuration information, timestamped event data from at least one network packet of the plurality of network packets, wherein generating the timestamped event data includes segmenting the at least one network packet into a plurality of events and associating each event of the plurality of events with a respective timestamp; and transforming, based on the same configuration information, the timestamped event data into transformed event data, wherein transforming the timestamped event data includes performing an operation involving data contained in at least one event of the plurality of events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A remote capture agent, comprising:
-
a processor; a memory storing instructions which, when executed by the processor, cause the remote capture agent to; obtain configuration information from a configuration server over a network, wherein the configuration information is usable by the remote capture agent to generate timestamped event data from network packets and to transform the timestamped event data into transformed event data; monitor network traffic comprising a plurality of network packets; generate, based on the configuration information, timestamped event data based on data contained in at least one network packet of the plurality of network packets; and transform, based on the same configuration information, the timestamped event data into transformed event data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause a remote capture agent coupled to a network to perform a method comprising:
-
obtaining configuration information from a configuration server over a network, wherein the configuration information is usable by the remote capture agent to generate timestamped event data from network packets and to transform the timestamped event data into transformed event data; monitoring network traffic comprising a plurality of network packets; generating, based on the configuration information, timestamped event data from at least one network packet of the plurality of network packets, wherein generating the timestamped event data includes segmenting the at least one network packet into a plurality of events and associating each event of the plurality of events with a respective timestamp; and transforming, based on the same configuration information, the timestamped event data into transformed event data, wherein transforming the timestamped event data includes performing an operation involving data contained in at least one event of the plurality of events. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification