EP1048144A2 - Kommunikationsagent zwischen einem systemsverwalter und einem system von verteilten betriebsmitteln und verfahren zur behandelung von attributabfragen - Google Patents

Kommunikationsagent zwischen einem systemsverwalter und einem system von verteilten betriebsmitteln und verfahren zur behandelung von attributabfragen

Info

Publication number
EP1048144A2
EP1048144A2 EP99957215A EP99957215A EP1048144A2 EP 1048144 A2 EP1048144 A2 EP 1048144A2 EP 99957215 A EP99957215 A EP 99957215A EP 99957215 A EP99957215 A EP 99957215A EP 1048144 A2 EP1048144 A2 EP 1048144A2
Authority
EP
European Patent Office
Prior art keywords
request
agent
attribute
resource
specific
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99957215A
Other languages
English (en)
French (fr)
Inventor
François HAUTIERE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Evidian SA
Original Assignee
Bull SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bull SAS filed Critical Bull SAS
Publication of EP1048144A2 publication Critical patent/EP1048144A2/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks

Definitions

  • the present invention relates to a communication agent between a system administrator and a distributed resource system and to a method for processing a request on a multi-instantiable attribute of a resource.
  • a communication agent allows a system administrator to control, monitor and evaluate, remotely, computer resources.
  • a distributed computer system consists of computer resources which can be as well, mainframes, workstations, bridges, routers, printers, operating systems, applications , etc., In short, is considered as resource, any entity of the computer system.
  • To administer or manage a distributed system is to administer all of its resources. To do this, we use an administration platform (or manager) which must have as complete, detailed and detailed a vision as possible of the resources it must manage. This administration platform can be very distant from the resources to be administered.
  • This vision of a resource is made possible thanks to a model of the resource in question.
  • the modeling of a resource is based in particular on an approach and a structuring of information into objects comprising attributes.
  • the model of a resource is managed by an agent capable of instantiating these objects using information coming from the resource or from the administration platform.
  • MIB Management Information Base
  • the administrator When the administrator respectively wishes to know, modify or check information from the MIB, he sends a request according to the SNMP protocol to the agent, who executes the request and provides in return to the administrator an execution report, that is to say, respectively gives the requested value, acknowledges receipt of the modification and alerts the administrator if the control condition is not fulfilled.
  • resource information There are two types of resource information represented by attributes and contained in the MIB. Either they can take only one value (or instance), they are then called “mono-instantiable attributes”. Either they can take a multiplicity of value, they are then called “multi-instantiable attributes”.
  • the administrator queries the agent for a multi-instantiable attribute the administrator must send a request for each desired instance of the attribute. This need generates a multiplication of the number of requests on the network existing between the administrator and the agent, thus causing saturation of said network and a significant cost.
  • the administrator communicates with the agent via a wide area network (WAN). So if the resource is very distant from the administrator, these queries can take a long time.
  • WAN wide area network
  • the present invention therefore aims to overcome the drawbacks of the prior art by proposing a communication agent which makes it possible to reduce the number of requests on the network and speed up their processing.
  • This object is achieved by the fact that the communication agent in a network between an administrator and a resource, said network comprising a modeling of the resource to be managed containing the information necessary for the management by the administrator of the resource, is characterized in that the communication agent uses, to decentralize the processing of administrator requests to the agent level, a request table included in the model of the resource to be managed.
  • this table comprising determined attributes making it possible, on the basis of a specific request sent by the administrator on a determined attribute of the table, to supervise all or part of the instances of an attribute of the model of the resource.
  • the query table is indexed, and includes an attribute for identifying the specific query and attributes for configuring the events which respond to the specific query.
  • the index of the attribute chosen as the index of the query table corresponds to the number of the queries.
  • the identification attribute is a formula which informs on the one hand, the attribute of the model of the resource to which the specific request relates and on the other hand, the questioned instance or instances of this attribute.
  • the reception of a specific request by the communication agent causes the agent to create a specific processing process (thread) according to the instances of the request table corresponding to the determined attribute included in the specific request, this specific processing process carrying out the processing of the specific request while leaving the agent free to be requested, during this time, by another request from the administrator.
  • the communication protocol between the administrator and the agent is the Simple Network Management Protocol (SNMP), and the specific request is a request to modify an object (SET). , the object corresponding to the determined instances of the identification attribute and of each configuration attribute of the query table.
  • SNMP Simple Network Management Protocol
  • SET object
  • the specific requests are written in a scenario file which is read by the agent when it is started, the content of this scenario file being transformed, by the agent, into at least one specific request.
  • a scenario file containing the elements necessary for establishing at least one request is read by the agent during its startup, this reading causing the update of the table of the requests and the launching of each specific request corresponding to the content of the scenario file.
  • each specific request is compatible with the communication protocol between the agent and the administrator, and does not require the agent to be stopped during the interrogation of a multi-instantiable attribute.
  • a second object of the invention is to propose a method allowing the decentralized processing of requests on multi-instantiable attributes. This object is achieved by the fact that the method for processing a request from an administrator, on a multi-instantiable attribute by a communication agent comprises:
  • a second step of detection of the specific request by the communication agent and of checking the availability of the resource in order to have the agent create a specific processing process (thread) from the determined attribute or attributes of the specific request from the administrator, if the resource is available or to have the agent put the request on hold until the resource becomes available.
  • the method comprises a third step of counting the number of indexes of the model of the resource by the process of specific processing and of creation or updating of a local database.
  • the method comprises a fourth step of information on the local database by the specific processing process by interrogating the resource through the agent.
  • the method comprises a fifth step where the specific processing process performs the processing corresponding to the instances of the attributes of the specific request, depending instances collected on the resource and builds a response for the administrator based on the processing result.
  • the method comprises a sixth step where the specific processing process is put on hold for a period determined by the specific request of the administrator, then executes the third step.
  • FIG. 1A represents a diagram of the relationships which exist between an administrator, an agent and a computer system resource.
  • FIG. 1B shows an example information base (MIB) for an agent managing the users of a system.
  • MIB information base
  • FIG. 2 shows a diagram of the mode of interrogation of an agent of the prior art by an administrator.
  • FIG. 3 shows a diagram of the mode of interrogation of a multi-instantiable attribute of an agent, according to the invention, by an administrator.
  • FIG. 4 shows a diagram of the operating mode of a specific processing (thread). To better understand the object and the interest of the invention which will be described, a certain number of definitions are necessary.
  • FIG. 1A represents a diagram of the relationships which exist between an administrator (20), an agent (10) and a resource (30) of a system to be administered.
  • a computer system administrator (20) is a service running on computer hardware (2) of a system and who must be able to supervise all of the different resources (30) of the system, even though the resources are located remotely. For this, the administrator does not directly call on the resource to be administered, but uses a model (21) of this resource which is represented in the form of an object tree (MIB).
  • MIB object tree
  • a managed object has properties, namely attributes, actions it can perform, notifications, and behavior it has in response to external requests.
  • the operation of an agent is as follows.
  • an agent In a very schematic view, we can divide an agent into standard communication layers, into layers providing facilities for encoding and decoding syntaxes, and for manipulating objects.
  • the objects (or quanta of information) are available through what is called “an information base” (MIB: Management Information Base) which is in a way a virtual database modeling the resource to be administered.
  • MIB Management Information Base
  • an agent manages an MIB.
  • the multi-instantiable objects are stored in a table, with their attributes.
  • the columns of this table are also indexed.
  • the index is an attribute that identifies the different instances of this object.
  • the other attributes of the column of the table corresponding to the index provide different characteristics of the attribute (or object) indexed.
  • the column of the table used by this agent includes the attribute "Name" as an index. Instances of this attribute correspond to the names of system users. The other rows in the column correspond to the characteristics of the users. Thus, the column can include a “password” attribute, a “number of accesses” attribute, and other attributes characterizing the users. Each of these attributes takes a different value (or instance) for each user name (instance).
  • An agent also and above all contains: code to manage the administration model of the resource to be administered, called "protocol kernel"; expertise on the resource in the form of automata (depending on the richness of the model managed by the agent).
  • each resource to be administered is associated with specific code and expertise.
  • SNMP Simple Network Management Protocol
  • the operations available through the SNMP communication protocol and allowing on the one hand, the agent to manipulate the objects of the MIB which he manages, and on the other hand, the administrator to supervise a resource, are the following: - reading of an object (get) reading of the next object (get-next) writing of an object (set) alert operations (trap)
  • - reading of an object get
  • get-next writing of an object
  • set alert operations
  • an agent To instantiate the objects of the MIB that it manages, an agent must fetch the information directly from the physical resource by means of methods (API: Application Programming Interface), which are procedures associated with a particular object, triggered each time whenever you want to perform an operation on the object in question. It is by these methods that the instances of the MIB take on a semantic value: according to the way in which we will look in the physical resource for the value of an instance, this instance will have such or such meaning, such or such function.
  • the attribute takes a single value (instance), the attribute is then mono-instantiable, or the attribute takes several values, the attribute is then multi-instantiable.
  • FIG. 2 represents a diagram of the mode of interrogation of an agent, managing the users of a system, of the prior art by an administrator.
  • the agent (10) stores, for example in a memory area (110) called "cache", the set of indexes of all the tables of the resource model, for example, the table user (fig. 1 B).
  • the agent (10) performs a periodic update of this cache (110) by fetching the values of the different indexes in the resource, using methods (API).
  • API methods
  • the request (40) which he transmits to the agent (10) must include the attribute sought, followed by the identification of the instance.
  • the request (40) consisting, for example of finding the number of accesses (“NbreDeLogin”) of a determined user, calling for example “ userO "will be written as follows:” get (NbreDeLogin.userO) ". If the administrator (20) now wants to know all the users who have logged in more than 10 times on the system, he will have to know the value of the "NbreDeLogin” attribute of all the users of the system.
  • the administrator must first send a request (Get-Next) to find out all the instances of the "Name" attribute.
  • the agent's response then provides all the names of the users, which makes it possible to identify the N indexes of this attribute: user0, userl, user2, ..., userN.
  • the administrator must send, for each user name provided by the agent, a consultation request (Get) on the attribute “access number”, get (NbreDeLogin.userO) get (NbreDeLogin. Userl ), ..., get (NbreDeLogin.userN).
  • N is the number of users of the resource
  • the administrator must send N request to consult the number of accesses.
  • the administrator communicates with the agent over a wide area network (WAN).
  • WAN wide area network
  • communications on this type of network are costly in terms of time.
  • the multiplication of requests overloads the network, reducing its performance.
  • FIG. 3 represents a diagram of the mode of interrogation by an administrator, of a multi-instantiable attribute of an agent managing the users of a system, according to the invention.
  • the present invention therefore consists in decentralizing, at the level of the agent (10), the processing (12, 13, 14) of a request (31) relating to a multi-instantiable attribute.
  • the agent (10) communicates with the resource (30) administered by the administrator (20) by a local network (LAN: Local Area Network) which is more reliable and faster than WAN.
  • LAN Local Area Network
  • the agent (10) is able to recognize a request (31) specific for supervising a multi-instantiable attribute, while respecting the administrator's communication protocol (20).
  • the agent (10) understands, in its model (fig. 1 B) of the resource, a request table (fig. 1 C) which formalizes each specific request (31) for supervising multi-instantiable attributes , sent by the administrator (20).
  • This table includes the formalism of the specific requests (31) for processing the multi-instantiable attributes sent by the administrator.
  • the query table is indexed. The attribute chosen as index corresponds to the request number assigned by the user.
  • the query table includes an attribute identifying the request and at least one attribute for configuring the events that respond to the request.
  • the identification attribute is a formula that identifies the request sent by the administrator.
  • This formula makes it possible not only to identify the attribute of the resource to which the request relates, but also to identify the particular instance or instances which must be queried.
  • This formula is in the form of two character strings separated by ":".
  • the first character string identifies the attribute of the model of the resource concerned by the request.
  • the second character string consists of the list of instances to be queried, each instance of the list is separated by the space character. If the request (31) concerns all the instances of the attribute identified by the first character string, the list of instances is replaced by the character "*".
  • the attribute or attributes for configuring the events which will respond to the specific request (31) are in fact intended to identify the operation to be performed on the interrogated instances. These operations are, as a general rule, control operations which trigger the sending of an alarm, either to the system or to the administrator (20).
  • the configuration attribute (s) will therefore consist in configuring the alarm. This configuration consists in particular in determining what will be the alarm triggering condition, to whom (system or manager) will be sent the alarm, what is the frequency of the control, what level of alert is sent, and how many times the condition must occur to trigger the alarm.
  • the formalism used to configure the alarm is, for example, the following:
  • the attribute "period” corresponds to the frequency of the control.
  • the “threshold” attribute, (comparisonValue) corresponds to the value that will be compared to the attribute determined in the specific request.
  • the attribute “eventlog” corresponds to the direction of the alarm.
  • the “severity” attribute corresponds to the severity level of the alarm.
  • the “repeat” attribute corresponds to the number of times the condition, defined by the comparison of the threshold with each instance of the determined attribute, must be fulfilled to trigger the sending of the alarm.
  • the query table always includes the same attributes whatever the specific requests (31), since these attributes represent the formalism of the specific request. Only the instances of these attributes vary from request to request.
  • this request table it is possible to construct a single specific request (31) for the interrogation of a multi-instantiable attribute, instead of a request per instance of the multi-instantiable attribute. Since this request complies with the agent's communication protocol, the agent can detect it. Thanks to the existence of the request table and appropriate means, it can also recognize the particular formalism of the specific request sent by the administrator and execute the processing of said request.
  • the agent according to the invention, is capable of detecting the formula ": * " in the specific request which corresponds to a request for interrogation of all the instances of a determined attribute.
  • a specific request (31) may, for example, consist of count, every 5 minutes, the users who have logged on more than 10 times on the system, and send an alarm of determined level, to the administrator if more than two users are logged on more than ten times.
  • ISM Monitor a human-machine interface application
  • the administrator user configures the attributes of the request, the formalism of which is as follows:
  • the specific request (31) therefore consists in writing (Set) the various attributes in an “alarm” request table, for all the users.
  • the specific request (31) conforms to the agent's communication protocol, the latter detects that it is a specific request thanks to the particular formalism of said request and, to the fact that the request command is a write (SET) of the instances of the request table (14.1).
  • the agent (10) then creates, from the instances of the attributes provided in the specific request (31.1), a process (12.1) for specific processing (thread) of the request which creates a local database (14.1), stored in a memory area or in a file, in which it stores update information.
  • the specific processing process (12) not only allows the agent to execute the operations necessary for processing the request, but also does not prevent the agent from being questioned on another request (31. k ) of the administrator.
  • the processing (12, 13, 14) of the specific request requires the use of the usual cache (110) stored by the agent which groups all the indexes of the model of the resource.
  • the specific processing process (12.1) positions (126, fig. 4 ), as soon as the usual cache (110) is available, a semaphore (13) (flag) associated with the index of the attribute concerned by the specific request (31 .1) indicating to the agent (10) that the usual cover (1 10) is no longer available. So if, during processing execution (12, 13, 14) of the first specific request (31 .1), the agent (10) receives another request (31.2), it will consult if the semaphore ( 13) indicating that the cache is not available is present, and if so puts the second request (31.2) on hold until the semaphore (13) is removed.
  • the first operation of the specific processing process (12.1) consists of counting (120, fig. 4) and identifying in the cache (1 10), the indexes corresponding to the attribute specified in the specific request, then creating (121, fig 4) a local database (14 1) containing the indexes which have just been counted and identified as well as the values of the various attributes of the specific request (31 1), for example the values of the attributes Penod, compa ⁇ sonType ComparaisonValue, Evenlog, Seve ⁇ ty and repeat Then, the specific processing process (12 1) informs (121, fig 4) this database (14 1) by searching the resource, by known means, such as an API, the instances specified in the specific request (31 1) Once this database (14 1) has been filled in, the specific processing process (12 1) created by the agent (12) performs the processing (122, fig.
  • the specific request (31 1) described in the example concerns the monitoring of the number of access of all users
  • the agent launches the specific processing process (12 1) (thread) creates a database (14 1) local understanding t a first column made up of all the user names userO, userl,, userN, since the index of the user table is the attribute "Name"
  • the database includes a second column corresponding to the number of accesses (NbrDeLogin) of each user created by the process (12.1) and entered by the latter.
  • the specific processing process (12.1) performs the processing of the request, consisting in comparing the value of the number of accesses with the threshold which is equal to 10. Each time that the condition corresponding to the specific request is fulfilled , that is to say in the example, each time the number of accesses is greater than 10, the specific processing process adds 1 to a counter memorized in a memory zone or a file, for example, in the local database (14.1).
  • the processing process (12.1) consults the counter, and if the value of the counter is greater than or equal to 2 (corresponding to the value of the attribute "repeat"), the process (12.1) of treatment sends to the administrator, in accordance with the configuration of the alarm, a notification (trap) indicating the names of the users whose number of accesses is greater than 10. Then, the process (12.1) of treatment stands by for a period of 5 minutes before renewing the control operation.
  • This scenario file contains all the elements necessary to the establishment of at least one request, that is to say, for each specific request, an instance for an identification attribute and at least one instance for an event configuration attribute.
  • this file is a text file where a line comprises the name of an attribute from the request table followed by the value of the instance of this attribute for a specific determined request. It is possible to store several specific requests in this form by separating each request in the text file with a blank line.
  • An example scenario file is provided in Annex 1. As we have just explained, this file is read by the agent when it is started. When the agent reads the file, which when it detects the particular formalism of this file, informs the request table and thus transforms the content of the scenario file into a specific request on the detection of the formula ": *".
  • the requests written in the configuration file are immediately processed by the launch of the specific processing processes (thread) corresponding, without the user being forced to enter all these specific requests by the administrator.
  • the agent according to the invention and the method of processing a request on a multi-instantiable attribute makes it possible to move the work of processing the request to the level of the local network (LAN). Indeed, a single request (the specific request) is sent over the long distance network (WAN), then, the agent reacts by performing on the local network the processing of the request relating to a multi-instantiable attribute. Thus, the long distance network is less overloaded.
  • LAN local network
  • WAN long distance network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Multi Processors (AREA)
EP99957215A 1998-06-25 1999-06-25 Kommunikationsagent zwischen einem systemsverwalter und einem system von verteilten betriebsmitteln und verfahren zur behandelung von attributabfragen Withdrawn EP1048144A2 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR9808057A FR2780587B1 (fr) 1998-06-25 1998-06-25 Agent de communication entre un administrateur de systeme et un systeme de ressources distribuees et procede de traitement d'une requete sur un attribut multi-instanciable
FR9808057 1998-06-25
PCT/FR1999/001536 WO1999067908A2 (fr) 1998-06-25 1999-06-25 Agent de communication entre un administrateur de systeme et un systeme de ressources distribuees et procede de traitement d'une requete sur un attribut multi-instanciable

Publications (1)

Publication Number Publication Date
EP1048144A2 true EP1048144A2 (de) 2000-11-02

Family

ID=9527848

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99957215A Withdrawn EP1048144A2 (de) 1998-06-25 1999-06-25 Kommunikationsagent zwischen einem systemsverwalter und einem system von verteilten betriebsmitteln und verfahren zur behandelung von attributabfragen

Country Status (3)

Country Link
EP (1) EP1048144A2 (de)
FR (1) FR2780587B1 (de)
WO (1) WO1999067908A2 (de)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0621705B1 (de) * 1993-03-22 1998-09-16 International Business Machines Corporation Verfahren zur Verminderung des "SNMP"-Instrumentationsnachrichtenflusses

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9967908A2 *

Also Published As

Publication number Publication date
WO1999067908A2 (fr) 1999-12-29
WO1999067908A3 (fr) 2000-03-16
FR2780587B1 (fr) 2004-06-04
FR2780587A1 (fr) 1999-12-31

Similar Documents

Publication Publication Date Title
EP1695485B1 (de) Verfahren zur automatischen klassifizierung von einem einbruchmeldesensor erzeugten alarmmeldungen in einem sicherheitsinformationssystem
CA2209304A1 (fr) Procede de surveillance d'une pluralite de types d'objets d'une pluralite de noeuds a partir d'un noeud d'administration dans un systeme informatique
FR2751448A1 (fr) Procede de surveillance en temps reel d'un systeme informatique pour son administration et l'aide a sa maintenance en phase d'exploitation
WO2018002484A1 (fr) Procédé et dispositif de surveillance de la sécurité d'un système d'information
EP0951155A1 (de) Verfahren und Vorrichtung zur Verwaltung von Netzwerken und Anlagen
EP3053320B1 (de) Verfahren zur erkennung von anomalien in einem netzwerkverkehr
US20240289464A1 (en) Techniques for the unification of raw cyber data collected from different sources for vulnerability management
EP0742514A1 (de) Verfahren zur Kontrolle der Ausführung eines Makros
WO2011117528A1 (fr) Procede, programme d'ordinateur et dispositif de validation d'execution de taches dans des systemes informatiques evolutifs
FR2780589A1 (fr) Agent de communication entre un administrateur de systeme informatique et un systeme de ressources distribuees et outils de creation d'un tel agent
EP3365829B1 (de) Verfahren zur unterstützung der erkennung einer infektion eines endgeräts durch schadprogramme
WO1999067908A2 (fr) Agent de communication entre un administrateur de systeme et un systeme de ressources distribuees et procede de traitement d'une requete sur un attribut multi-instanciable
EP1054332B1 (de) System und Verfahren zur Verwaltung von Attributen in einer objekt-orientierten Umgebung
WO2003061198A1 (fr) Systeme de gestion de reseaux de transport base sur l'analyse des tendances des donnees acquise sur le reseau
US12197567B1 (en) Configuring detectors to detect anomalous behavior using statistical modeling procedures
EP1065828A1 (de) Verfahren zum fernabfragen von SNMP-Agenten
FR2786581A1 (fr) Dispositif et procede d'optimisation de surveillance de seuils
EP3729273B1 (de) System und verfahren zum formulieren und ausführen von funktionstests für cluster-de-server
EP0992910B1 (de) Aktualisieren eines zentralisierten Ereignisjournals
FR2803405A1 (fr) Procede d'administration d'un systeme informatique ouvert
CN113656378A (zh) 一种服务器管理方法、装置、介质
FR2902954A1 (fr) Systeme et procede de stockage d'un inventaire des systemes et/ou services presents sur un reseau de communication
EP3495982A1 (de) Verfahren zur erkennung eines hackerangriffs auf eine datenbank, entsprechendes computerprogrammprodukt und erkennungssystem
WO2019122241A1 (fr) Procédé de construction automatique de scénarios d'attaques informatiques, produit programme d'ordinateur et système de construction associés
CN118502880A (zh) 一种镜像仓库清理方法以及计算设备

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): DE FR GB

17P Request for examination filed

Effective date: 20000918

17Q First examination report despatched

Effective date: 20060720

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: EVIDIAN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20061201