1. The Field of the Invention
The present invention relates to systems and methods for reporting the occurrence of events in a computer system to event subscriber software. More specifically, the present invention relates to systems and methods for associating an event filter with an event detection component of a computer system, where the event filter specifies which events detected at the event detection component should be forwarded to event subscriber software, and which should be discarded.
2. The Prior State of the Art
As computers and computer network systems have become more sophisticated, processes for detecting the occurrence of events in hardware and software components have become increasingly important and complex. Knowledge of events occurring in computer systems allows applications, such as management-type application software, to reliably identify the components and configuration of a computer system, to respond to hardware failure, or to otherwise monitor and improve the efficient operation of the system. The range of events that may be detected by computer systems and reported to management or other subscriber applications is essentially unlimited. Examples of computer detectable events, to name just a few, include disk drive activity and errors, installation or deinstallation of hardware components, network server activities and failures, and home, business, or network security breaches.
Events arc often detected by software drivers that are associated with the hardware components, operating system software, and instrumentation that are specifically designed to monitor hardware or software. Typically, the driver will forward the event to any requesting application (sometimes generically referred to herein as "subscriber programs" or "event subscribers"). However, as the number of hardware components, the complexity of software, and the size of computer networks increases, it becomes increasingly difficult to create and implement subscriber programs that monitor the occurrence of events in a timely and efficient manner.
FIG. 1 is a schematic diagram illustrating a conventional approach for informing an event subscriber application of the occurrence of events. A computer system 10 has a plurality of device drivers 12 operating in kernel mode and an event subscriber 14 operating in user mode. The event subscriber can be, for example, a management program or any similar computer-executable program that is written to monitor and/or respond to selected events detected by drivers 12 so as to monitor and respond to events that occur in computer system. Computer system 10 also has a Simple Network Management Protocol (SNMP) event provider 16, which is a computer-executable program, written to a standard protocol, for detecting events occurring in a network, such as network 18 of FIG. 1. Other event providers, which are program components that usually interface with device drivers and function to forward event reports to a subscriber program when events are generated by a corresponding device driver, could also be present.
An event subscriber 14 could be local (as shown in FIG. 1) or instead could be on a remote machine with respect to computer system 10. To learn of the events detected by drivers 12, the executable code of event subscriber 14 must have been written to be compatible with the interfaces 20 exposed by drivers 12. Likewise, in order to learn of events occurring in network 18, the executable code of event subscriber 14 must be written to be compatible with the interface 22 exposed by SNMP provider 16.
The requirement that event subscribers in conventional systems must be compatible with and issue the proper requests to interfaces associated with event providers drivers or other instrumentation for detecting events adds complexity to the process of monitoring events. For instance, in a system having multiple device drivers or event providers, the event subscriber 14 typically must be written to the different interfaces presented. This adds complexity to the development and maintenance of event subscriber software. Also, as new hardware/software driver components are added to a computer system, they may utilize interfaces that are incompatible with the existing subscriber software. Again, this requires that the existing subscriber software be revised to be made compatible with new driver interfaces, or requires that new compatible software be purchased and installed. This is time consuming and expensive.
In conventional systems, such as that illustrated by FIG. 1, any and all events that are detected by drivers 12 or by SNMP provider are all automatically reported to event subscriber 14, whether it is local, as shown, or located at a remote machine. Typically however, the event subscriber may only have an interest in a limited subset of the total events reported. Those events that are not of interest are simply discarded and ignored (i.e., "filtered") at the event subscriber. This forwarding of all event notifications from drivers and event providers generates large amounts of data traffic, much of which results from events that are not of interest to the event subscriber(s). This increases processing overhead within a system, and is particularly evident in systems having remote event subscribers, in which notifications of events are transmitted over a network infrastructure. Moreover, the problem is exasperated as the number of drivers 12 and event providers--and resulting detected events--increases.
In view of the foregoing, there is a need in the art for improved systems and methods that facilitate the reporting of events from event providers drivers, and other instrumentation. It would be an advancement in the art to provide a reporting system and method that uses a standard prescribed programming interface so that writers of event subscriber software need not be concerned with different programming interfaces used by different drivers and event providers, and vice-versa. It would also be advantageous to provide a system in which only events of interest are reported to event subscribers. Prefcrably, the filtering of events would be performed at the event provider itself, such that any events that are not requested by a subscriber would be discarded at the event provider. This approach further would decrease the overall data transmission traffic within the computer system and/or communications network, thereby freeing up system/network resources for other operations