Network incident identification based on characterizing relationships between interfaces and events as graphical component relationships

Assignee

• Cisco Technology, Inc. · US

Inventors

• Parthibhan Paramaguru · Bengaluru, IN
• Prashant Anand · Bengaluru, IN
• Vasudevan Visvanathan · Bengaluru, IN
• Sundar Ramakrishnan · Oak Creek, US
• Dharmarajan Subramanian · Bengaluru, IN
• Rohit Gupta · Redmond, US
• Abhishek Chaudhary · Nagpur, IN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L41/0686
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques for use in network incident identification are described. In response to an occurrence of an unknown network incident, a plurality of log messages (e.g. syslog messages) are received from a plurality of network components in one or more networks. In one illustrative example, a plurality of relationships between interfaces and events are derived from the received log messages and characterized as a plurality of graphical component relationships. One or more groups of connected components are determined from the graphical component relationships and network component connection data which indicate interface relationships of the network components. Here, groups of connected components may be logically joined based on the network component connection data indicating one or more interface relationships. A network incident may then be identified based on at least one of the determined groups of connected components being associated with at least one identified set of events that has the closest or substantial match with at least one predetermined set of events associated with the network incident.