High availability of collectors of traffic reported by network sensors
First Claim
1. A method comprising:
- receiving, by a system and via a first collector device, a first data report generated by a capturing agent deployed on a host system in a network, the first data report comprising traffic data captured at the host system by the capturing agent;
receiving, by the system and via a second collector device, a second data report generated by the capturing agent deployed on the host system, the second data report comprising traffic data captured at the host system by the capturing agent;
determining, by the system, that the first data report and the second data report are both associated with the capturing agent based on a comparison of whether the first data report and the second data report are from the capturing agent or whether the first data report and the second data report encompass a same period of time;
in response to determining that the first and second data reports are both associated with the capturing agent, identifying, by the system, duplicate data contained in the first data report and the second data report; and
deduplicating, by the system, the first and second data reports to yield a deduplicated data report.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for collector high availability. In some embodiments, a system receives, from a first collector device, a first data report generated by a capturing agent deployed on a host system in a network. The system can also receive, from a second collector device, a second data report generated by the capturing agent deployed on the host system. The first and second data reports can include traffic data captured at the host system by the capturing agent during a period of time. The system can determine that the first data report and the second data report are both associated with the capturing agent, and identify duplicate data contained in the first data report and the second data report. The system can then deduplicate the first and second data reports to yield a deduplicated data report.
580 Citations
20 Claims
-
1. A method comprising:
-
receiving, by a system and via a first collector device, a first data report generated by a capturing agent deployed on a host system in a network, the first data report comprising traffic data captured at the host system by the capturing agent; receiving, by the system and via a second collector device, a second data report generated by the capturing agent deployed on the host system, the second data report comprising traffic data captured at the host system by the capturing agent; determining, by the system, that the first data report and the second data report are both associated with the capturing agent based on a comparison of whether the first data report and the second data report are from the capturing agent or whether the first data report and the second data report encompass a same period of time; in response to determining that the first and second data reports are both associated with the capturing agent, identifying, by the system, duplicate data contained in the first data report and the second data report; and deduplicating, by the system, the first and second data reports to yield a deduplicated data report. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
one or more processors; and one or more computer-readable storage devices having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving, from a first collector device, a first data report generated by a capturing agent deployed on a host system in a network, the first data report comprising traffic data captured at the host system by the capturing agent during a period of time; receiving, from a second collector device, a second data report generated by the capturing agent deployed on the host system, the second data report comprising traffic data captured at the host system by the capturing agent during the period of time; determining that the first data report and the second data report are both associated with the capturing agent based on a comparison of whether the first data report and the second data report are from the capturing agent or whether the first data report and the second data report encompass a same period of time; in response to determining that the first and second data reports are both associated with the capturing agent, identifying duplicate data contained in the first data report and the second data report; and deduplicating the first and second data reports to yield a deduplicated data report. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
receiving, by a system from a first collector device, a first data report generated by a capturing agent deployed on a host system in a network, the first data report comprising traffic data captured at the host system by the capturing agent during a period of time; receiving, by the system from a second collector device, a second data report generated by the capturing agent deployed on the host system, the second data report comprising traffic data captured at the host system by the capturing agent during the period of time; determining, by the system, that the first data report and the second data report are both associated with the capturing agent based on a comparison of whether the first data report and the second data report are from the capturing agent or whether the first data report and the second data report encompass a same period of time; in response to determining that the first and second data reports are both associated with the capturing agent, identifying, by the system, duplicate data contained in the first data report and the second data report; and deduplicating, by the system, the first and second data reports to yield a deduplicated data report. - View Dependent Claims (17, 18, 19, 20)
-
Specification