Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
1998-09-21
2002-04-02
Beausoleil, Robert (Department: 2181)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C707S793000, C709S241000
Reexamination Certificate
active
06367034
ABSTRACT:
BACKGROUND OF THE INVENTION
1. The Field of the Invention
The present invention relates to systems and methods for reporting the occurrence of events in a computer system to event subscriber software. More specifically, the present invention relates to filtering events detected by event detection components of a computer system in order to identify a subset of the events that has been requested by the event subscriber software.
2. The Prior State of the Art
As computers and computer network systems have become more sophisticated, processes for detecting the occurrence of events in hardware and software components have become increasingly important and complex. Knowledge of events occurring in computer systems allows management software to reliably identify the components and configuration of a computer system, to respond to hardware failure, or to otherwise monitor and improve the efficient operation of the system. The range of events that may be detected by computer systems and reported to management or other subscriber applications is essentially unlimited. Examples of computer detectable events, to name just a few, include disk drive activity and errors, installation or deinstallation of hardware components, network server activities and failures, and home, business, or network security breaches.
Events are often detected by drivers associated with hardware components, operating system software, and instrumentation specifically designed to monitor hardware or software. As the number of hardware components, the complexity of software, and the size of computer networks have grown over the years, it has become increasingly difficult to create management applications that can become aware of the occurrence of events in an efficient manner.
FIG. 1
is a schematic diagram illustrating a conventional approach for informing an event subscriber application of the occurrence of events. A computer system
10
has a plurality of device drivers
12
operating in kernel mode and an event subscriber
14
operating in user mode. The event subscriber can be, for example, a management program for monitoring events occurring in computer system
10
and responding thereto to improve system efficiency. Computer system
10
also has a Simple Network Management Protocol (SNMP) provider
16
, which is a computer-executable program, written to a standard protocol, for detecting events occurring in a network, such as network
18
of FIG.
1
.
Event subscriber
14
can be any computer-executable program written to respond to selected events detected by drivers
12
, SNMP provider
16
, or both. Event subscriber
14
could be local (as shown in
FIG. 1
) or instead could be on a remote machine with respect to computer system
10
. Other systems have used other types of event subscribers/consumers instead of event subscribers. In order to learn of the events detected by drivers
12
, the executable code of event subscriber
14
must have been written to be compatible with the interfaces
20
exposed by drivers
12
. Likewise, in order to learn of events occurring in network
18
, the executable code of event subscriber
14
must be written to be compatible with the interface
22
exposed by SNMP provider
16
.
The requirement that event subscribers in conventional systems must be compatible with and issue the proper requests to interfaces associated with event providers, drivers, or other instrumentation for detecting events has introduced an undesirable amount of complexity to the process of monitoring events. In many cases, the event subscriber
14
must be written to many different types of interfaces, particularly when the number of device drivers or event providers becomes large.
In conventional systems, such as that illustrated by
FIG. 1
, any filtering of events reported by the event providers or drivers has been conducted at each event subscriber
14
. Thus, any events detected by drivers
12
or by SNMP provider
16
in this example would be reported to event subscriber
14
, whether it is local, as shown, or located at a remote machine. If event subscriber
14
were interested in only a subset of all the events detected by the system, the events not of interest would be discarded at event subscriber
14
after they had been transmitted thereto. As a result, the transmission of notifications of events from multiple drivers and event providers has generated large amounts of data traffic, much of which is not of interest to the event subscribers. This problem has been particularly evident in systems having remote event subscribers, in which notifications of events are transmitted over a network infrastructure. Thus, as the number of detected events and the number of drivers
12
and event providers such as SNMP provider
16
grows large, the data traffic generated in computer system
10
and in associated networks can be significant.
In view of the foregoing, there is a need in the art for systems to facilitate the reporting of the occurrence of events from event providers, drivers, and other instrumentation. It would be an advancement in the art to provide system for reporting events that do not require the writers of event subscriber applications to have a complete knowledge of the various interfaces associated with drivers and event providers. It would also be advantageous to provide systems that could allow only the events of interest to event subscribers to be reported thereto, while events not of interest are not reported, thereby decreasing the network traffic that has been needed in prior art systems. Such systems would be particularly valuable if they could notify subscribers of the occurrence of events regardless of the capabilities of the source of the events (i.e., event providers, instrumentation, etc.).
SUMMARY AND OBJECTS OF THE INVENTION
The present invention relates to systems and methods for filtering events detected by event providers in computer systems in order to report to subscriber programs only those events that are of interest. Substantially any events capable of being detected by computers or instrumentation associated with computers can be filtered and reported according to the invention. Examples include, but are not limited to, disk drive activity and errors, installation or deinstallation of hardware components, network server activities and failures, and home, business, or network security breaches.
Filtering is performed by an event-filtering component that provides a standardized interface to event providers and to subscriber programs. In one implementation, filtering is conducted by associating event-filtering definitions written in query language with the subscriber programs. The terms of the query-based definitions establish thresholds and filtering conditions that permit only the events of interest to particular subscriber programs to be reported thereto. Moreover, the query-based definitions can be implemented in an event-filtering component relatively close to the source of the events, thereby reducing the data traffic that has been needed in prior art systems to notify subscriber programs of the occurrence of events. For example, the query-based definitions can permit filtering to occur at a local machine before transmitting notifications of events to subscriber programs located at remote machines. Subscriber programs also do not need to be written to provide filtering, since the rich event-filtering capabilities of the invention are built into the infrastructure of the systems of the invention.
In order to establish a context in which the query-based event-filtering definitions can be understood and processed, the computer system can also include a schema repository storing an object-oriented event classification of event classes. The event classes defined in the event classification comprehend a set of possible events, in the sense that any event detected and reported by the event providers belongs to one of the event classes. The event classification can be defined hierarchically, such that event classes are related one to another in parent/child rel
Hudis Irena
McCollum Raymond
Novik Lev
Beausoleil Robert
Chung-Trans X.
Microsoft Corporation
Workman & Nydegger & Seeley
LandOfFree
Using query language for event filtering and aggregation does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Using query language for event filtering and aggregation, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Using query language for event filtering and aggregation will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2885853