The present invention relates generally to causal analysis in computers and, more particularly, cause analysis involving configuration changes for finding a solution to an application failure by analyzing configuration changes without using a knowledge database.
One of the most stressful jobs for administrators of the desktop computing environment is the cause analysis in the case where trouble occurs (trouble shooting). The causal analysis is also critical for the helpdesk person who needs to provide the solution to the caller. End users tend to install many kinds of software or change OS settings that might cause the problems. Furthermore, because a number of automatic upgrade programs routinely run in the end user computer, the configuration of the computer can be changed without the end user's awareness. Thus, the end user does not know when the configuration became faulty and may not remember when the problem began. Administrators or helpdesk persons for such kind of desktop computing environment need to know the background of the trouble deeply with their expertise in order to provide a solution to the end user.
Current solutions involve, for example, technology to view the event log in the computer remotely, technology to collect and store the configuration items and their change history, technology to detect the application invocation and store their invocation history, technology to store the knowledge in the past solution, and technology to deduce the root cause by combining the above mentioned information.
JP P2007-29339A for “System, Method and Program for Fault Monitoring” is an example of deducing the root cause by the event log, configuration change, and knowledge database. Paragraph 0134 discloses collecting the time series data of error log, event information, and configuration change from target monitoring computers. Paragraph 0137 and FIGS. 16, 17, and 18 disclose comparing error situation on target computer with that in the past data.
Examples of collecting the event log remotely include U.S. Pat. No. 6,289,379 for “Method for Monitoring Abnormal Behavior in a Computer System,” and U.S. Pat. No. 5,857,190 for “Event Logging System and Method for Logging Events in a Network System.” U.S. Pat. No. 6,012,152 for “Event Software Fault Management System” is an example of fault analysis using knowledge base. U.S. Pat. No. 6,598,179 for “Table-Based Error Log Analysis” is an example of fault analysis using error log. U.S. Pat. App. Pub. No. 2007/0214193 A1 for “Change Monitoring Program for Computer Resource on Network” is an example of getting configuration changes remotely.
The administrator or help desk person needs a kind of knowledge to provide a solution by reviewing the event log, configuration change history, application invocation history, or the like. The knowledge can be obtained from a knowledge database which presents “Cause” and “Solution” written by someone. Because someone needs to maintain the knowledge database up to date, it requires a maintenance cost.