Network event capture and retention system

US 20070011310A1
Filed: 05/30/2006
Published: 01/11/2007
Est. Priority Date: 12/03/2003
Status: Active Grant

First Claim

Patent Images

1. A data processing system comprising:

a first local area network;

a first log-producing device connected to the first local area network;

a raw log server connected to the first local area network and in data communication with the first log-producing device over the first local area network;

a first log data analyzer connected to the first local area network and in data communication with the raw log server over the first local area network;

a second local area network in data communication with the first local area network;

a second log-producing device connected to the second local area network; and

, a second log data analyzer connected to the second local area network and in data communication with the second log-producing device over the second local area network and in data communication with the raw log server via the first and second local area networks.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are provided to monitor and analyze activity occurring on a networked computer system. In some embodiments, a method is provided for capturing, in a data structure, at least a portion of a notification describing a network event provided by a node on a computer network, identifying a data element (e.g., an IP address of the node) within the notification, and updating an index and/or summary based on the data element. The data structure may be stored in a file system maintained on a site, and sites may exchange information related to the notification data stored on each. In some embodiments, a query which is issued to a site may be processed using data transferred from other sites, and/or may be split into one or more additional queries which may be transmitted for processing to other sites.

43 Citations

View as Search Results

14 Claims

1. A data processing system comprising:
- a first local area network;
  
  a first log-producing device connected to the first local area network;
  
  a raw log server connected to the first local area network and in data communication with the first log-producing device over the first local area network;
  
  a first log data analyzer connected to the first local area network and in data communication with the raw log server over the first local area network;
  
  a second local area network in data communication with the first local area network;
  
  a second log-producing device connected to the second local area network; and
  
  , a second log data analyzer connected to the second local area network and in data communication with the second log-producing device over the second local area network and in data communication with the raw log server via the first and second local area networks.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A data processing system as recited in claim 1 wherein the first log-producing device is a firewall.
  - 3. A data processing system as recited in claim 1 wherein the first log-producing device is a device selected from the group consisting of routers, firewalls, file servers, VPN servers, e-mail servers and gateways.
  - 4. A data processing system as recited in claim 1 further comprising a management station connected to the first local area network and in data communication with the raw log server and the first and second log data analyzers.
  - 5. A data processing system as recited in claim 1 wherein the second log data analyzer is at a location remote from the raw log server.
  - 6. A data processing system as recited in claim 1 further comprising scalable data storage connected to the raw log server for storing raw log data.
  - 7. A data processing system as recited in claim 6 wherein the scalable data storage is selected from the group consisting of Network Attached Storage, Storage Area Networks and WORM Storage.

8. A method for processing log data comprising:
- generating raw log data in a first log-producing device connected to a first local area network;
  
  storing raw log data in a raw log server connected to the first local area network and in data communication with the first log-producing device over the first local area network;
  
  sending the raw log data generated by the first log-producing device to a first log data analyzer connected to the first local area network and in data communication with the raw log server over the first local area network;
  
  generating log data in a second log-producing device connected to a second local area network; and
  
  , sending the log data generated by the second log-producing device from a second log data analyzer connected to the second local area network and in data communication with the second log-producing device over the second local area network and in data communication with the raw log server via the first and second local area networks to the raw log server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A data processing method as recited in claim 8 wherein the first log-producing device is a firewall.
  - 10. A data processing method as recited in claim 8 wherein the first log-producing device is a router.
  - 11. A data processing method as recited in claim 8 further comprising sending a database query from a management station connected to the first local area network to the raw log server.
  - 12. A data processing method as recited in claim 8 further comprising sending a database query from a management station connected to the first local area network to the first log data analyzer.
  - 13. A data processing method as recited in claim 8 further comprising sending a database query from a management station connected to the first local area network and in data communication with the second local area network to the second log data analyzer.
  - 14. A data processing method as recited in claim 8 wherein the second log data analyzer is at a location remote from the raw log server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
Network Intelligence Corporation (Dell Technologies Inc.)
Inventors
Volk, Scott, Johnson, Mark, Stevens, Matthew, Brady, Bernard

Granted Patent

US 8,676,960 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/06   Management of faults, event...

H04L 41/22   comprising specially adapte...

Network event capture and retention system

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Network event capture and retention system

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links