Network event capture and retention system
First Claim
1. In a computer system comprising a plurality of nodes interconnected for communication via a network, a method including acts of:
- (A) capturing, in a data structure, a notification provided by a node on the network, the notification comprising at least a portion of a transmission by the node, the transmission describing a network event;
(B) identifying a data element within the notification;
(C) updating an index, based on the data element, with an indication of a location within the data structure where the data element is recorded.
24 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided to monitor and analyze activity occurring on a networked computer system. In some embodiments, a method is provided for capturing, in a data structure, at least a portion of a notification describing a network event provided by a node on a computer network, identifying a data element (e.g., an IP address of the node) within the notification, and updating an index and/or summary based on the data element. The data structure may be stored in a file system maintained on a site, and sites may exchange information related to the notification data stored on each. In some embodiments, a query which is issued to a site may be processed using data transferred from other sites, and/or may be split into one or more additional queries which may be transmitted for processing to other sites.
121 Citations
108 Claims
-
1. In a computer system comprising a plurality of nodes interconnected for communication via a network, a method including acts of:
-
(A) capturing, in a data structure, a notification provided by a node on the network, the notification comprising at least a portion of a transmission by the node, the transmission describing a network event;
(B) identifying a data element within the notification;
(C) updating an index, based on the data element, with an indication of a location within the data structure where the data element is recorded. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. At least one computer-readable medium encoded with instructions which, when executed by a computer, perform a method in a computer system comprising a plurality of nodes interconnected for communication via a network, a method including acts of:
-
(A) capturing, in a data structure, a notification provided by a node on the network, the notification comprising at least a portion of a transmission by the node, the transmission describing a network event;
(B) identifying a data element within the notification;
(C) updating an index, based on the data element, with an indication of a location within the data structure where the data element is recorded. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system for monitoring activity occurring in a computer system comprising a plurality of nodes interconnected for communication via a network, the system comprising:
-
a capture controller, said capture controller capturing, in a data structure, a notification provided by a node on the network, the notification comprising at least a portion of a transmission by the node, the transmission describing a network event;
an identification controller, said identification controller identifying a data element within the notification;
an update controller, said update controller updating an index, based on the data element, with an indication of a location within the data structure where the data element is recorded. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method for monitoring activity on a networked computer system, the networked computer system comprising a plurality of nodes, each of the plurality of nodes configured to transmit a notification for each event processed by the node, the networked computer system further comprising a plurality of sites, each of the plurality of sites being configured to capture the notifications transmitted by at least one node, the method comprising:
-
(A) each of the plurality of sites creating an indication of the notifications captured by the site;
(B) each of the plurality of sites transferring the indication to at least one other of the plurality of sites. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. At least one computer-readable medium encoded with instructions which, when executed by a computer, perform a method for monitoring activity on a networked computer system, the networked computer system comprising a plurality of nodes, each of the plurality of nodes configured to transmit a notification for each event processed by the node, the networked computer system further comprising a plurality of sites, each of the plurality of sites being configured to capture the notifications transmitted by at least one node, the method comprising:
-
(A) each of the plurality of sites creating an indication of the notifications captured by the site;
(B) each of the plurality of sites transferring the indication to at least one other of the plurality of sites. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67)
-
-
68. A system for monitoring activity on a networked computer system, the networked computer system comprising a plurality of nodes, each of the plurality of nodes configured to transmit a notification for each event processed by the node, the networked computer system further comprising a plurality of sites, each of the plurality of sites being configured to capture the notifications transmitted by at least one node, comprising:
-
a creation controller on each of the plurality of sites, said creation controller creating an indication of the notifications captured by the site;
a transfer controller on each of the plurality of sites, said transfer controller transferring the indication to at least one other of the plurality of sites. - View Dependent Claims (69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
-
-
82. A system for monitoring activity occurring in a computer system comprising a plurality of nodes interconnected for communication via a network, the system comprising:
-
means for capturing, in a data structure, a notification provided by a node on the network, the notification comprising at least a portion of a transmission by the node, the transmission describing a network event;
means for identifying a data element within the notification;
means for updating an index, based on the data element, with an indication of a location within the data structure where the data element is recorded. - View Dependent Claims (83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94)
-
-
95. A system for monitoring activity on a networked computer system, the networked computer system comprising a plurality of nodes, each of the plurality of nodes configured to transmit a notification for each event processed by the node, the networked computer system further comprising a plurality of sites, each of the plurality of sites being configured to capture the notifications transmitted by at least one node, comprising:
-
means for creating, on each of the plurality of sites, an indication of the notifications captured by the site;
means for transferring, on each of the plurality of sites, the indication to at least one other of the plurality of sites. - View Dependent Claims (96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108)
-
Specification