×

Method and system for implementing an operating system hook in a log analytics system

  • US 9,767,171 B2
  • Filed: 04/01/2016
  • Issued: 09/19/2017
  • Est. Priority Date: 04/03/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method implemented with a processor, comprising:

  • to monitor for changes to one or more log files, configuring an operating system (OS) module to generate an event within an event log when any of a target set of operating-system-level system calls is made;

    loading the OS module into an operating system of a host computing system;

    operating the OS module within the operating system of the host computing system to detect an invocation of the any of the target set of operating-system-level system calls and to execute the invocation of the any of the target set of operating-system-level system calls, wherein the OS module does not detect invocation of untargeted operating-system-level system calls, and wherein the one or more log files are changed by one or more processes associated with one or more particular calls in the target set of operating-system-level system calls; and

    identifying one or more events corresponding to the one or more log files changed by invocation of the any of the target set of operating-system-level system calls, wherein the one or more events correspond to a filtered subset of all log files that are changed by invocation of the any of the target set of operating-system-level system calls, and the one or more events are reviewable by a log collector to collect the one or more log files for a log analytics system.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×