Algum conteúdo deste aplicativo está indisponível no momento.
Se esta situação persistir, por favor entre em contato conoscoFale conosco & Contato
1. (US20180004824) Method and system for implementing an operating system hook in a log analytics system
Nota: O texto foi obtido por processos automáticos de reconhecimento ótico de caracteres.
Para fins jurídicos, favor utilizar a versão PDF.

Claims

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, cause performance of operations comprising:
identifying a target subset of OS calls from a plurality of OS calls;
intercepting a plurality of invocations of one or more OS calls in the target subset of OS calls;
identifying a plurality of log file changes corresponding respectively to the plurality of invocations;
identifying a plurality of events corresponding to the plurality log file changes;
filtering the plurality of events, based on one or more event filtering criteria, to obtain a subset of events corresponding to a subset from the plurality of log file changes; and
writing the subset of events to an event list.
2. The medium of claim 1, the operations further comprising:
refraining from intercepting invocations of one or more other OS calls, from the plurality of OS calls, that are not in the target subset from the plurality of OS calls.
3. The medium of claim 1, wherein intercepting the plurality of invocations of the one or more OS calls is performed by a module loaded in the OS.
4. The medium of claim 3, wherein filtering the plurality of events corresponding to the plurality of log file changes is performed by the module loaded in the OS.
5. The medium of claim 3, wherein writing the subset of events to the event list is performed by the module loaded in the OS.
6. The medium of claim 1, the operations further comprising:
for each particular invocation in the plurality of invocations, forwarding the particular invocation to the OS for execution after intercepting the particular invocation.
7. The medium of claim 1, wherein intercepting the plurality of invocations comprises replacing one or more memory addresses associated with the one or more OS calls.
8. The medium of claim 1, the operations further comprising:
monitoring, by a log analytics agent, the event list for changes.
9. The medium of claim 1, wherein the one or more event filtering criteria comprise one or more file location criteria.
10. The medium of claim 1, the operations further comprising:
determining whether a particular invocation in the plurality of invocations was successful, wherein writing an event to the event list, for the particular invocation, is performed only if the particular invocation was successful.
11. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, cause performance of operations comprising:
identifying a target subset of OS calls from a plurality of OS calls;
intercepting a plurality of invocations of one or more OS calls in the target subset of OS calls;
identifying a plurality of log file changes corresponding respectively to the plurality of invocations;
writing, to an event list, a plurality of events corresponding to the plurality of log file changes; and
filtering the event list, based on one or more event filtering criteria, to obtain a filtered event list comprising events corresponding to a subset of the plurality of log file changes.
12. The medium of claim 11, the operations further comprising:
refraining from intercepting invocations of one or more other OS calls, from the plurality of OS calls, that are not in the target subset of the plurality of OS calls.
13. The medium of claim 11, wherein intercepting the plurality of invocations of the one or more OS calls is performed by a module loaded in the OS.
14. The medium of claim 13, wherein filtering the event list is performed by the module loaded in the OS.
15. The medium of claim 13, wherein writing the plurality of events to the event list is performed by the module loaded in the OS.
16. The medium of claim 11, the operations further comprising:
for each particular invocation in the plurality of invocations, forwarding the particular invocation to the OS for execution after intercepting the particular invocation.
17. The medium of claim 11, wherein intercepting the plurality of invocations comprises replacing one or more memory addresses associated with the one or more OS calls.
18. The medium of claim 11, the operations further comprising:
monitoring, by a log analytics agent, the filtered event list for changes.
19. The medium of claim 11, wherein the one or more event filtering criteria comprise one or more file location criteria.
20. The medium of claim 11, the operations further comprising:
determining whether a particular invocation in the plurality of invocations was successful, wherein writing an event to the event list, for the particular invocation, is performed only if the particular invocation was successful.