1. Field of the Invention
The present invention relates to computer software. More specifically, the present invention relates to software based event monitoring systems.
While the present invention is described herein with reference to illustrative embodiments for particular applications, it should be understood that the invention is not limited thereto. Those having ordinary skill in the art and access to the teachings provided herein will recognize additional modifications, applications, and embodiments within the scope thereof and additional fields in which the present invention would be of significant utility.
2. Description of the Related Art
With the distributed nature of computing, there is a current need for an ability to make decisions based on the occurrence of events detected from multiple sources. The correlation of events from multiple distributed sources lies at the heart of decision support systems of today. Events form a simple, yet convenient common formalism to unify reasoning about the state of the different applications in the computing world, which is increasingly heterogeneous and distributed.
Conventional event correlation systems simply provide an alarm based on the occurrence of prescribed events. A need has been recognized in the art for a more sophisticated, software based, event correlation capability.
Inasmuch as current event correlation systems generally do not provide such a more sophisticated correlation capability, particularly with respect to time based events with or without intelligent filters, a need exists in the art for a more powerful event correlation capability. There is a particular need for a more powerful software based event correlation system.
The present invention is a powerful event monitoring and correlation system and technique. Most generally, the inventive system includes a monitor for detecting the occurrence of a predetermined event from a monitored system and provides data in response thereto. The data is then processed as a data relation in a database.
In the illustrative embodiment, a plurality of predetermined events are recorded in a database using an event pattern language. The event pattern language expresses events in terms of first order logic (FoL) over a universe of events. In the preferred embodiment, the event pattern language is a Formal Language for Expressing Assumptions (FLEA). FLEA is an event pattern specification language that allows for events to be defined and compiled in first order logic. In addition, FLEA includes a number of commonly occurring patterns which allow additional event patterns (i.e., event rules and relations) to be specified by the client dynamically.
The specified patterns of events and event relations are then compiled into the database using an event compiler. The compiled code then automatically triggers responses when specific patterns of events are stored in the database. In the preferred embodiment, the event compiler is a Software Monitoring System (SoMoS) compiler.
The invention is a common event monitoring, fusion and reasoning framework that integrates horizontally into many different application domain areas. For example, the invention may be utilized to monitor criminal activity over the Internet or World Wide Web and automatically trigger appropriate alarms and other responses in real time.
The present invention does for events what relational databases do for stored data in different domains. In accordance with the present teachings, data is recorded as relations allowing one to dynamically formulate queries in a standard language regardless of what the relation means in domain terms. Similarly, in accordance with the present teachings, events are recorded as relations in a database permitting a recognition of many kinds of events patterns by querying the event database. The invention generates a database that is believed to be superior to databases in the marketplace in areas such as supporting triggered computations and constraint enforcement. With the inventive event compiler compiling new event patterns into new xe2x80x9cdefinedxe2x80x9d relations in the inventive database, one can automatically trigger responses when specific patterns of events are recorded in the database. This greatly simplifies the programming of reactive applications, eliminating the need for polling and other awkward control regimes.