Methods and systems to detect anomalies in computer system behavior based on log-file sampling
US10116675B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 8, 2015 |
| Grant date | Oct 30, 2018 |
| Priority date | — |
| Expiry date | Dec 8, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L43/16
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems that detect computer system anomalies based on log file sampling are described. Computers systems generate log files that record various types of operating system and software run events in event messages. For each computer system, a sample of event messages are collected in a first time interval and a sample of event messages are collected in a recent second time interval. Methods calculate a difference between the event messages collected in the first and second time intervals. When the difference is greater than a threshold, an alert is generated. The process of repeatedly collecting a sample of event messages in a recent time interval, calculating a difference between the event messages collected in the recent and previous time intervals, comparing the difference to the threshold, and generating an alert when the threshold is violated may be executed for each computer system of a cluster of computer systems.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.