1. The Field of the Invention
The present invention relates to systems and methods for reporting the occurrence of events in a computer system to event subscriber software. More specifically, the present invention relates to systems and methods for detecting, filtering, and reporting the occurrence of events in a computer system or in the environment of a computer system, wherein the systems and methods provide a standardized interface between management information providers and management information subscribers.
2. The Prior State of the Art
As computers and computer network systems have become more sophisticated, processes for detecting the occurrence of events in hardware and software components have become increasingly important and complex. Knowledge of events occurring in computer systems allows management software to reliably identify the components and configuration of a computer system, to respond to hardware failure, or to otherwise monitor and improve the efficient operation of the system. The range of events that may be detected by computer systems and reported to management or other subscriber applications is essentially unlimited. Examples of computer detectable events, to name just a few, include disk drive activity and errors, installation or deinstallation of hardware components, network server activities and failures, and home, business, or network security breaches.
Events are often detected by drivers associated with hardware components, operating system software, and instrumentation specifically designed to monitor hardware or software. As the number of hardware components, the complexity of software, and the size of computer networks have grown over the years, it has become increasingly difficult to create management applications that can become aware of the occurrence of events in an efficient manner.
FIG. 1 is a schematic diagram illustrating a conventional approach for informing an event subscriber application of the occurrence of events. A computer system 10 has a plurality of device drivers 12 operating in kernel mode and an event subscriber 14 operating in user mode. The event subscriber can be, for example, a management program for monitoring events occurring in computer system 10 and responding thereto to improve system efficiency. Computer system 10 also has a Simple Network Management Protocol (SNMP) provider 16, which is a computer-executable program, written to a standard protocol, for detecting events occurring in a network, such as network 18 of FIG. 1.
Event subscriber 14 can be any computer-executable program written to respond to selected events detected by drivers 12, SNMP provider 16, or both. Event subscriber 14 could be local (as shown in FIG. 1) or instead could be on a remote machine with respect to computer system 10. Other systems have used other types of event subscribers/consumers instead of event subscribers. In order to learn of the events detected by drivers 12, the executable code of event subscriber 14 must have been written to be compatible with the interfaces 20 exposed by drivers 12. Likewise, in order to learn of events occurring in network 18, the executable code of event subscriber 14 must be written to be compatible with the interface 22 exposed by SNMP provider 16.
The requirement that event subscribers in conventional systems must be compatible with and issue the proper requests to interfaces associated with event providers, drivers, or other instrumentation for detecting events has introduced an undesirable amount of complexity to the process of monitoring events. In many cases, the event subscriber 14 must be written to many different types of interfaces, particularly when the number of device drivers or event providers becomes large.
In conventional systems, such as that illustrated by FIG. 1, any filtering of events reported by the event providers or drivers has been conducted at each event subscriber 14. Thus, any events detected by drivers 12 or by SNMP provider 16 in this example would be reported to event subscriber 14, whether it is local, as shown, or located at a remote machine. If event subscriber 14 were interested in only a subset of all the events detected by the system, the events not of interest would be discarded at event subscriber 14 after they had been transmitted thereto. As a result, the transmission of notifications of events from multiple drivers and event providers has generated large amounts of data traffic, much of which is not of interest to the event subscribers. This problem has been particularly evident in systems having remote event subscribers, in which notifications of events are transmitted over a network infrastructure. Thus, as the number of detected events and the number of drivers 12 and event providers such as SNMP provider 16 grows large, the data traffic generated in computer system 10 and in associated networks can be significant.
Another significant disadvantage and limitation of conventional systems is that each event subscriber must be able independently to determine or identify the specific driver or combination of drivers that are able to provide notification of the events of interest to that subscriber. In other words, systems in the prior art do not provide a central repository for management information, wherein subscribers needing specific information can register their requests, providers of information can register the types or classes of events for which they will provide notification, and the provider that best meets the need of a particular subscriber's need can be efficiently identified.
In view of the foregoing, there is a need in the art for systems to facilitate the reporting of the occurrence of events from event providers, drivers, and other instrumentation. It would be an advancement in the art to provide systems for reporting events that do not require the writers of event subscriber applications to have a complete knowledge of the various interfaces associated with drivers and event providers. It would also be advantageous to provide systems that could allow only the events of interest to event subscribers to be reported thereto, while events not of interest are not reported, thereby decreasing the network traffic that has been needed in prior art systems. Such systems would be particularly valuable if they could notify subscribers of the occurrence of events regardless of the capabilities of the source of the events (i.e., event providers, instrumentation, etc.).
Another significant disadvantage and limitation of conventional systems is that each event subscriber must be able independently to determine or identify the specific driver or combination of drivers that are able to provide notification of the events of interest to that subscriber. Complex computer systems and networks common today have literally thousands of different components that may each expose a rich variety of information useful to other system components or clients. Given the complexity of many systems, it may be difficult to determine whether information about a particular event is available and, if available, the identity of the component that can provide the information needed. In other words, systems in the prior art do not provide a central repository for management information that matches subscriber requests with the providers that can best provide the requested information. Accordingly, it would be an advancement in the art to provide systems and methods for detecting, filtering and reporting events occurring within a computer system or within the environment of a computer system, wherein subscribers needing specific information can register their requests, providers of information can register the types or classes of events for which they will provide notifications, and the provider that best meets the need of a particular subscriber's request can be efficiently identified.