WO2022184268A1

WO2022184268A1 - Computer system and method with event management

Info

Publication number: WO2022184268A1
Application number: PCT/EP2021/055598
Authority: WO
Inventors: Shahar SALZMAN; Assaf Natanzon; Shmoolik Yosub
Original assignee: Huawei Technologies Co., Ltd.
Priority date: 2021-03-05
Filing date: 2021-03-05
Publication date: 2022-09-09
Also published as: CN116917879A

Abstract

86969185PCT01 34 ABSTRACT A server is configured to communicate with one or more components of a system, where the one or more of the components are storage servers configured to store system information. The server includes a database configured to store event data, where the event data includes an event 5 identifier and an event timestamp. The event data belongs to one of storage server event data related to events occurring on information stored in one or more of the storage servers, system event data related to events occurring on one of the system components, and external event data related to events occurring outside of the system. The present disclosure provides an improved and error-free coordination of various Information Technology (IT) events with a searchable 10 database of all the events, which results in improved system performance, maintenance, and data security. FIG. 1A

Description

COMPUTER SYSTEM AND METHOD WITH EVENT MANAGEMENT

TECHNICAL FIELD

The present disclosure relates generally to the field of data security, and computer implemented information technology (IT) events processing and management; and more specifically, to systems and methods for managing events, such as backup events and other IT events, such as firmware upgrades on switches, firewall configurations, etc.

BACKGROUND

Generally, there are many events, such as backup, restore, firewall upgrade, software and firmware maintenance etc. which are regularly executed to maintain efficient working of computers associated with a network of computers. Typically, a system administrator coordinates such events based on respective time and needs of the event. Further, some of these events, such as update of service packs, require a manual procedure to ensure that the backup takes place before/after a given event, which may be error-prone and time-consuming process and results in adverse data security and availability implications.

Currently, event logs are used by the system administrator to coordinate events. Such event logs from operating systems, storage servers, switches, etc. contain timestamps which enable the system administrator to understand when different events were executed. Further, there are multiple software tools which enable consolidation of logs from different sources, and also enable basic search through the logs. However, such log based event are based on synchronized time between all components (for example using Network Time Protocol (NTP)) and in relation to external events (for example using external IT for synchronization), which is not always present and is also error prone since every component needs to be synchronized. Further, such log-based events rely on a readability of the logs, many of which are written by programmers attempting to explain system state to other programmers or technicians. Further, it is complicated to synchronize events which are not log based events, such as external Really Simple Syndication (RSS) feeds, company announcements, scheduling with technicians, and the like. Presently, some conventional systems add contextual information to backups, but these are mostly linked to the backup, and do not allow the system administrator to easily find and act on events from the event log, which may have adverse data security and availability implications.

Therefore, in light of the foregoing discussion, there exists a need to overcome the aforementioned drawbacks associated with the problem of error-prone and inadequate coordination of events related to information technology and their limited accessibility.

SUMMARY

The present disclosure seeks to provide a server, a system and a method for managing events. The present disclosure seeks to provide a solution to the existing problem of error-prone and inadequate coordination of various Information Technology (IT) events and their limited accessibility due to need of log-based synchronization of all events, which have adverse data security and availability implications. An aim of the present disclosure is to provide a solution that overcomes at least partially the problems encountered in prior art, and provides a solution for improved and error-free coordination of various IT events with a searchable database of all the events, resulting in improved data security, availability, and holistic IT events management.

The object of the present disclosure is achieved by the solutions provided in the enclosed independent claims. Advantageous implementations of the present disclosure are further defined in the dependent claims.

In one aspect, the present disclosure provides a server configured to communicate with one or more components of a system, one or more of the said components being storage servers configured to store system information, the server comprising a database configured to store event data, said event data comprising an event identifier and an event timestamp, said event data belonging to one of storage server event data related to events occurring on information stored in one or more of the storage servers, system event data related to events occurring on one of the system components, and external event data related to events occurring outside of the system.

The server of the present disclosure provides an improved coordination and linking of events (such as Information Technology (IT) events). The present disclosure provides a searchable event timeline, which is able to link backups, and other IT events which enables to easily find and act on events and IT components related to the events. Further, the searchable event timeline enables the system administrator to perform for example informed restores and informed audits relying on the timeline. Moreover, the present disclosure enables to not only automates manual procedures which were conventionally required for events, such as updating of service packs, but also improves data security due to real-time or near real-time processing of events and corresponding updates. As a result, the present disclosure is less prone to errors in comparison to conventional techniques. The present disclosure enables in synchronizing all events in three layers such as events inside the server, events within a company (i.e. system components) and events on domestic or global level (i.e. outside the system). As a result of which, all the events can be coordinated with improved accuracy and less complexity. The present disclosure provides a backup focused implementation which in comparison to conventional technologies is not based on pulling of logs, but is event based. The backups can be found, retro-actively created and filtered via the database. Moreover, the placement of the database within server allows a data centric approach allowing generation of events via modification of data instead of conventional log consolidation from different endpoints.

In an implementation form, the server is configured to store system information and be one of the storage servers of the system.

By virtue of the system information stored by the server, the server provides an improved coordination of events via a searchable event timeline.

In a further implementation form, the one or more of components of the system comprising one or more system event agents configured to push system event data into the database, and one or more of components of the system comprising one or more external event agents configured to push external event data into the database, the server further comprising an event sanitizer configured to receive system event data and external event data respectively from the system event agents and from the external event agents, and to push received system event data and received external event data into the database.

By virtue of the one or more system event agents, the one or more external event agents and the event sanitizer, the event data can be appropriately stored in the database to enable enhanced access of event data and coordination of the events.

In a further implementation form, the event sanitizer is configured to prepare received system event data and received external event data for storing in the database if the format of said received system event data and received external event data is not appropriate for storing in the database, and to push prepared system event data and prepared external event data into the database.

The event data is stored in the database in a defined format to enable enhanced and quick searching of event data from the database.

In a further implementation form, the event sanitizer is configured to filter duplicate received system event data and duplicate received external event data in order to push only one occurrence of a received system event and a received external event into the database.

By virtue of filtering the duplicate events the event sanitizer enables in saving the storage space of the server, which in turn reduces the storage cost.

In a further implementation form, the event sanitizer is configured to prevent malicious received system event data or malicious received external event data from being pushed into the database.

The event sanitizer executes antivirus scans to prevent malicious event data to enter the database as a result of which improved user experience and data security is provided for coordinating the events.

In a further implementation form, the event sanitizer is stored inside one of the storage servers.

The event sanitizer is stored inside one of the storage servers to provide only the event data which is filtered for storage in the database so that the data is neither duplicate nor includes malicious events.

In another aspect, the present disclosure provides a method of managing events occurring in or related to a system, said system comprising one or more storage servers configured to store system information, and one or more system components in communication with one or more of the said storage servers, the method comprising configuring a database to store event data comprising an event identifier and an event timestamp, said event data belonging to one of storage server event data related to events occurring on information stored in one or more of the storage servers, system event data related to events occurring on one of the system components, and external event data related to events occurring outside of the system, pushing storage server event data in the database through one or more storage event agents, pushing system event data in the database through one or more system event agents, pushing external event data in the database through one or more external event agents. The method of the present disclosure improves coordination of events (such as Information Technology (IT) events), where a searchable event timeline is generated, which is able to link backup events with and other IT events for enhanced and error-free search of events and IT components related to the events. Further, the searchable event timeline enables to perform informed restores and informed audits relying on the timeline. Moreover, the present method enables to not only automates manual procedures which were conventionally required for events such as updating of service packs, but also improves system performance, security, and overall maintenance of IT systems. As a result, the present disclosure is less prone to errors in comparison to conventional techniques. The present disclosure enables in synchronizing all events in three layers such as events inside the server, events within a company (i.e. system components) and events on domestic or global level (i.e. outside the system). As a result of which, all the events can be coordinated easily. The present disclosure provides a backup focused implementation which in comparison to conventional technologies is not based on pulling logs, but is event based. The backups can be found, retro-actively created and filtered via the database.

In an implementation form, the method comprises configuring the database comprises storing said database in one of the storage servers.

By virtue of the storing the database in the storage servers an improved coordination of events is provided via a searchable event timeline.

In a further implementation form, the method comprises querying the database by an auto backup agent, and launching, by said auto-backup agent, a backup operation depending on the result of the query.

The auto-backup agent is configured to trigger a backup based on certain events, or severity of event.

In a further implementation form, the method comprises storing the auto-backup agent in one of said storage servers.

By virtue of storing the auto-backup agent in the storage servers, a user experience of is improved.

In a further implementation form, the method comprises querying the database by a backup tagging agent, and generating, by said backup tagging agent, backup tags depending on the result of the query. The backup tagging agent generates backup tags to enable enhanced and quick searching of events in the database.

In a further implementation form, the method comprises storing the backup tagging agent in one of said storage servers.

By virtue of storing the backup tagging agent in the storage servers, a user experience is improved.

In another aspect, the present disclosure provides a system comprising one or more storage servers configured to store system information, and one or more system components in communication with one or more of the said storage servers, the system further comprising a database configured to store event data, said event data comprising an event identifier and an event timestamp, said event data belonging to one of storage server event data related to events occurring on information stored in one or more of the storage servers, system event data related to events occurring on one of the system components, and external event data related to events occurring outside of the system, one or more storage event agents configured to push storage server events data into the database, one or more system event agents configured to push system event data into the database, and one or more external event agents configured to push external event data into the database.

The system of the present disclosure achieves all effects and advantages of the server and method.

It is to be appreciated that all the aforementioned implementation forms can be combined. It has to be noted that all devices, elements, circuitry, units and means described in the present application could be implemented in the software or hardware elements or any kind of combination thereof. All steps which are performed by the various entities described in the present application as well as the functionalities described to be performed by the various entities are intended to mean that the respective entity is adapted to or configured to perform the respective steps and functionalities. Even if, in the following description of specific embodiments, a specific functionality or step to be performed by external entities is not reflected in the description of a specific detailed element of that entity which performs that specific step or functionality, it should be clear for a skilled person that these methods and functionalities can be implemented in respective software or hardware elements, or any kind of combination thereof. It will be appreciated that features of the present disclosure are susceptible to being combined in various combinations without departing from the scope of the present disclosure as defined by the appended claims.

Additional aspects, advantages, features and objects of the present disclosure would be made apparent from the drawings and the detailed description of the illustrative implementations construed in conjunction with the appended claims that follow.

BRIEF DESCRIPTION OF THE DRAWINGS

The summary above, as well as the following detailed description of illustrative embodiments, is better understood when read in conjunction with the appended drawings. For the purpose of illustrating the present disclosure, exemplary constructions of the disclosure are shown in the drawings. However, the present disclosure is not limited to specific methods and instrumentalities disclosed herein. Moreover, those in the art will understand that the drawings are not to scale. Wherever possible, like elements have been indicated by identical numbers.

Embodiments of the present disclosure will now be described, by way of example only, with reference to the following diagrams wherein:

FIG.1A is a block diagram of a server configured to communicate with one or more components of a system to manage events, in accordance with an embodiment of the present disclosure;

FIG. IB is a block diagram of a system configured to manage events, in accordance with an embodiment of the present disclosure;

FIG. 2 is a block diagram that illustrates various exemplary components of a server, in accordance with an embodiment of the present disclosure;

FIG. 3 is a flowchart of a method of managing events, in accordance with an embodiment of the present disclosure;

FIG. 4 is an exemplary illustration of a timeline of events for managing events, in accordance with an embodiment of the present disclosure;

FIG. 5 is an illustration of an exemplary scenario for implementation of a system and method for managing events, in accordance with an embodiment of the present disclosure; and FIG. 6 is an illustration of an exemplary scenario for implementation of a system and method for managing events, in accordance with another embodiment of the present disclosure. In the accompanying drawings, an underlined number is employed to represent an item over which the underlined number is positioned or an item to which the underlined number is adjacent. A non-underlined number relates to an item identified by a line linking the non- underlined number to the item. When a number is non-underlined and accompanied by an associated arrow, the non-underlined number is used to identify a general item at which the arrow is pointing.

DETAILED DESCRIPTION OF EMBODIMENTS

The following detailed description illustrates embodiments of the present disclosure and ways in which they can be implemented. Although some modes of carrying out the present disclosure have been disclosed, those skilled in the art would recognize that other embodiments for carrying out or practicing the present disclosure are also possible.

FIG.1 A is a block diagram of a server configured to communicate with one or more components of a system for managing events, in accordance with an embodiment of the present disclosure. With reference to FIG.1A, there is shown a system 100A. The system 100A comprises storage servers 102 which includes servers 102A-102N. The server 102A comprises a database 104 to store event data 106. The event data 106 includes storage server event data 106 A, system event data 106B, and external event data 106C.

The present disclosure provides a server 102A configured to communicate with one or more components of the system 100A, one or more of the components being storage servers 102 configured to store system information, the server 102A comprising a database 104 configured to store event data 106, the event data 106 comprising an event identifier and an event timestamp, the event data 106 belonging to one of storage server events 106 A related to events occurring on information stored in one or more of the storage servers 102, system event data 106B related to events occurring on one of the system components, and external event data 106C related to events occurring outside of the system 100A.

The system 100A based on the storage servers 102 and the database 104 is configured to create a searchable timeline of the event data 106. By virtue of the searchable timeline a link is established between backups, and other IT (Information Technology) events such as firmware upgrades on switches, firewall configurations and the like which allows performing of informed restores without manual procedures, and perform informed audits when needed. The system 100A provides an auto-generated searchable event database which allows a system administrator to easily find events, and the IT components related to these events.

Each of the servers 102A-102N includes suitable logic, circuitry, interfaces, or code that is configured to store, access, transmit or manage the system information such as digital files, data and services. Each of the servers, such as the server 102A is a special purpose server used for storing and accessing the system information over a shared network via communication with other storage servers, such as the server 102B. In an example, the server 102A may include components such as memory, a processor, a network adapter and the like, to store, process or share the system information with other storage servers, such as the server 102B. In an example, the server 102 A may be a backup server configured to store backup data from other storage servers or production servers.

The database 104 is configured to store event data 106 in an organised form to enable ease in search of a given event data. The database 104 provides a context-based search. The database 104, and the data model describing the data in this database, allows to perform search queries an event content, and on the additional event attributes such as time and tags (see tagging agent further in the description). The database 104 is configured to store all event data in three layers such as events inside the server, events within a company (i.e. system components) and events on domestic or global level (i.e. outside the system). As a result of which, all the events can be coordinated easily.

The system information refers to information received from for example one or more user devices, virtual machines, that are associated with the servers 102A-102N. In an example, the system information may be received from three layers such as inside a given storage server, within the Information Technology (IT) lab/company perimeter and outside the IT lab, i.e. domestically or even globally.

The system components herein refer to all the components of each of the servers 102A-102N which enable a respective server to store system information. The system components may further enable each of the servers such as the server 102A to communicate with other servers such as server 102B.

The event data 106 comprises an event identifier and an event timestamp. The event data 106 belongs to one of storage server events 106A related to events occurring on information stored in one or more of the storage servers 102, system event data 106B related to events occurring on one of the system components and external event data 106C related to events occurring outside of the system 100A. In an example, the event data 106 includes data associated with IT events, such as backup, restore, firewall upgrade, maintenance and other events like update of software service packs (e.g. service packs for updating operating systems, antivirus, or other installed software). The event identifier herein refers to a value, such as numeric, alphabetic or alpha numeric value, which enable a unique determination of a given event. In an example, event identifier may be based on different parameters such as a time of creation of event, an importance value (i.e., how crucial the event is for working of the system 100A) of the event, serial number based on order of creation of the event and the like. The event timestamp refers to a data and time of creation or updating of the event. In an example, the event data 106 belonging to one of storage server event data 106A may include information about service pack installation, application of new service-level agreement (SLA) on virtual machines, service- level agreement not met for virtual machines. The system event data 106B related to events occurring on one of the system components may also be referred to as Information Technology (IT) events in a given entity, such as a company or a lab. In an example, system events data 106B related to events occurring on one of the system components includes information about firmware upgrade on switches, partial power outage, irregular packet drops in company switches. The external event data 106C related to events occurring outside of the system 100A may also be referred to as global or domestic event data. In an example, external event data 106C related to events occurring outside of the system 100A includes information about cyclone hitting the Indian coast, a power outages in a given area.

Unlike the conventional systems, where it is complicated to synchronize events which are not log based events, such as external Really Simple Syndication (RSS) feeds, company announcements, scheduling with technicians, and the like, the server 102A of the present disclosure automatically and accurately generates the database 104 in three layered approach that includes the storage server event data 106A as layer 1, which captures the events internal to the server 102A (e.g., a backup server), the system event data 106B as layer 2, which captures the events within a perimeter of an entity, such as a company or a lab, and its associated IT systems, and lastly, also dynamically captures the external event data 106C as layer 3, which captures the events outside the entity (domestic or global events). All such events in the three layers are dynamically linked and synchronized effectively such that a searchable event timeline is generated, which is able to link backups, and other IT events such as firmware upgrades on switches, firewall configurations etc., and allows a system administrator to perform informed restores, gravitate from manual procedures, and perform informed audits to the system relying on this searchable timeline. Thus, the server 102A by virtue of the database 104 that links the events from three different layers improves system performance, system security, and overall maintenance of IT systems. For example, even the backup events are linked and synchronized with other IT events acquired from external RSS feeds, company announcements, scheduling with technicians, update of service packs, firmware upgrades on switches, firewall configurations etc. As a result, the present disclosure is less prone to errors in comparison to conventional log-based techniques of event management, where a backup focused implementation in the server 102A ensures that the data backups can be found, retro-actively created, and filtered via the database 104 for improved searchability of events, and event management accuracy.

In an example, if the system 100A is affected by an event such as storm in the France, a best backup can be found when the service-level agreement (SLA) was still met with the updated service pack i.e. before the storm occurred in the Europe, as a result all events can be coordinated in an enhanced way which was not possible in conventional systems. This backup can be used both to perform a post-mortem investigation as to why the SLA had not been met, building a test and development environment to find solutions to the issue, and also restoring problematic virtual machines that had been affected by a power outage due to the storm.

According to an embodiment, the server 102A is further configured to store system information and be one of the storage servers 102 of the system 100A. As shown, the server 102A is one of the storage servers 102, and is configured to receive the system information from one or more user devices, virtual machines, that are associated with other storage servers, such as the servers 102B-102N. In an example, the system information may be received from three layers, such as from within a given storage server, from within the Information Technology (IT) entity perimeter and outside the IT entity, i.e., domestically or even globally. By virtue of the system information stored by the server 102 A, the server 102 A provides an improved coordination of events via a searchable event timeline.

According to an embodiment, the one or more of components of the system 100A comprises one or more system event agents configured to push system event data into the database 104, and one or more of components of the system 100A comprising one or more external event agents configured to push external event data into the database 104, the server 102A further comprises an event sanitizer configured to receive system event data 106B and external event data 106C respectively from the system event agents and from the external event agents, and to push received system event data and received external event data into the database 104. The system event agent refers to a software component that is configured to receive system event data and further push the system event data into the database 104. The system event data refers to event data associated with system event data 106B. The external event agent 112 refers to a software component that is configured to receive external event data and further push the external event data into the database 104. The external event data 106C refers to event data associated with external events. In an example, the system event data and the external event data are pushed with the event identifier and the event timestamp into the database 104 to enable easy in their searching in the database 104. The event sanitizer refers to a computer program code (i.e. a software component) installed in the server 102A and is configured to receive system event data 106B and external event data 106C and push into the database 104. Beneficially, the event sanitizer may filter duplicate events, and protect the system 100A from malicious events, e.g. distributed denial of service (DDOS) attack. By virtue of the one or more system event agents, the one or more external event agents and the event sanitizer, the event data 106 can be appropriately stored in the database 104 to enable enhanced access of event data 106 and coordination of the event.

According to an embodiment, in the server 102A, the event sanitizer is configured to prepare received system event data and received external event data for storing in the database 104 if the format of said received system event data and received external event data is not appropriate for storing in the database 104, and to push prepared system event data and prepared external event data into the database 104. The event data 106 may be stored in the database 104 in a defined format based on a type of context-based search that is to be used for executing a search query to enable easy in searching of event data 106 from the database 104. In an example, the event sanitizer is configured to rearrange or reformat the event data 106 based on the format used for storing data in the database 104.

According to an embodiment, in the server 102A, the event sanitizer is configured to filter duplicate received system event data and duplicate received external event data in order to push only one occurrence of a received system event and a received external event into the database 104. In an example, the event sanitizer is configured to execute deduplication of the event data 106 by calculating and comparing a hash value of a given event data with hash values of event data 106 that are previously stored. In such an example, the event sanitizer is configured to maintain a log of the hash values of event data 106 that are stored in the database 104. By virtue of filtering the duplicate events the event sanitizer enables in saving a storage space of the server 102A, which in turn reduces the storage cost.

According to an embodiment, in the server 102A, the event sanitizer is configured to prevent malicious received system event data or malicious received external event data from being pushed into the database 104. In an example, the event sanitizer is configured to execute antivirus scans to identify received system event data and received external event data which are malicious for storing in the database 104. In such an example, the event sanitizer is configured to remove the virus from the event data 106 and then push the prepared system event data and the prepared external event data into the database 104. The event sanitizer executes antivirus scans to prevent malicious events to enter the database 104 as a result of which improved user experience and data security is provided for coordinating the events.

According to an embodiment, in the server 102A, the event sanitizer is stored inside one of the storage servers 102. In an example, the event sanitizer is stored inside the storage server 102. The event sanitizer 114 may be coupled to the system event agent and the external event agent to receive the event data 106 and further coupled to the database 104 to push the event data 106. The event sanitizer is stored inside one of the storage servers 102 to provide only the event data 106 which is filtered for storage in the database 104 so that the data is neither duplicate nor includes malicious events.

According to an embodiment, the server 102A further comprising an auto-backup agent configured to query the database 104 and to launch a backup operation depending on the result of a query. The auto-backup agent refers to a software component that is configured to trigger a backup based on certain events, or severity of event.

According to an embodiment, the server 102A further comprising a backup tagging agent configured to query the database 104 and to generate backup tags depending on the result of a query. The backup tagging agent refers to a software component that is configured to tag the backup according to events in the database 104, and service-level agreements (SLA) may be managed. As a result of which events can be easily managed.

According to an embodiment, the server 102A further comprising an interface module configured to allow external access to the database 104. The interface module refers to a software component that is configured to enable searching and filtering of event data 106 in the database 104. In an example, the interface module enables accessibility to the database 104 externally via an Application Programming Interface (API). Beneficially, the interface module allows third party access of the database 104 to use events to tag and further manage event.

According to an embodiment, the interface module comprises a search engine configured to retrieve events from the database 104 on the basis of a query. In an example, the search engine is configured to execute a search based on keywords received in form of the query via the API for searching events in the database 104. The search engine based on the query is configured to compare the keywords with the event data 106 present in the database 104 and further retrieve the events from the database 104. In addition to a search, timestamps can be used to perform actions such as restore, create snapshot using CDP (continuous data protection), change firewall or hypervisor configuration.

According to an embodiment, the server 102A further comprising a tagging agent configured to query the database 104 through the interface module and to generate tags for system components depending on the result of a query. The tagging agent refers to a software component that is configured to generate tags for switching configurations.

The server 102A of the present disclosure provides an improved coordination and linking of events (such as Information Technology (IT) events). The present disclosure provides a searchable event timeline, which is able to link backups, and other IT events which enables to easily find and act on events and IT components related to the events. Further, the searchable event timeline enables the system administrator to perform for example informed restores and informed audits relying on the timeline. Moreover, the present disclosure enables to not only automates manual procedures which were conventionally required for events, such as updating of service packs, but also improves data security due to real-time or near real-time processing of events and corresponding updates. As a result, the present disclosure is less prone to errors in comparison to conventional techniques. The present disclosure enables in synchronizing all events in three layers such as events inside the server 102A, events within a company (i.e. system components) and events on domestic or global level (i.e. outside the system 100A). As a result of which, all the events can be coordinated with improved accuracy and less complexity. The present disclosure provides a backup focused implementation which in comparison to conventional technologies is not based on pulling of logs, but is event based. The backups can be found, retro-actively created and filtered via the database 104. Moreover, the placement of the database 104 within server 102A allows a data centric approach allowing generation of events via modification of data instead of conventional log consolidation from different endpoints. FIG. IB is a block diagram of a system configured to manage events, in accordance with an embodiment of the present disclosure. FIG. IB is described in conjunction with FIG. 1 A. With reference to FIG. IB, there is shown a system 100B. The system 100B comprises the storage servers 102 which includes servers 102A-102N. The server 102A comprises the database 104 to store the event data 106. The event data 106 includes storage server event data 106A, system event data 106B, external event data 106C. The system 100B comprises one or more storage event agents 108A and 108B, one or more system event agents 110A and HOB and one or more external event agents 112A and 112B. The system 100 further comprises an event sanitizer 114, an auto-backup agent 116 and a backup tagging agent 118. There is further shown an interface module 120, a search engine 122, a tagging agent 124, event alarm manager 126, and a maintenance scheduler 128.

In this implementation, the storage event agent 108A, the system event agent 110A, and the external event agent 112A is shown to be provided in the server 102A. However, it is to be understood that such agents may not be provided in the server 102A and may be present in other servers, such as the server 102B or other production server from which backup is to be executed. For example, optionally, another storage event agent 108B, the system event agent 110B, and the external event agent 112B, may be provided in the server 102B in the system 100B. In such a case, the storage event agent 108B, the system event agent 110B, and the external event agent 112B may push corresponding event data to the database 104.

The present disclosure provides a system 100B comprising one or more storage servers 102 configured to store system information, and one or more system components in communication with one or more of the said storage servers 102, the system 100B further comprising a database 104 configured to store event data 106, said event data 106 comprising an event identifier and an event timestamp, said event belonging to one of storage server event data 106 A related to events occurring on information stored in one or more of the storage servers 102, system event data 106B related to events occurring on one of the system components, and external event data 106C related to events occurring outside of the system 100B, one or more storage event agents 108 A and 108B configured to push storage server event data into the database 104, one or more system event agents 110A and 110B configured to push system event data into the database 104, and one or more external event agents 112A and 112B configured to push external event data into the database 104.

The event data 106 comprises the event identifier and the event timestamp, said event belonging to one of storage server event data 106A related to events occurring on information stored in one or more of the storage servers 102, system event data 106B related to events occurring on one of the system components, and external event data 106C related to events occurring outside of the system 100B. The storage event agent 108A is implemented on the server 102A, the storage event agent 108B is implemented on the server 102B and so on. The storage event agent 108 A refers to a software component that is configured to receive storage event data and further push the storage server event data into the database 104. The storage server event data refers to event data associated with storage server event data 106A. The system event agent 110A is implemented on the server 102A, the system event agent HOB is implemented on the server 102B and so on. The system event agent 110A and HOB is configured to receive system event data and further push the system event data into the database 104. The external event agent 112A is implemented on the server 102A, the external event agent 112B is implemented on the server 102B and so on. The external event agent 112A and 112B is configured to receive external event data and further push the external event data into the database 104.

According to an embodiment, in the system 100B, the database 104 is stored inside one of the storage servers 102. In an example, the database 104 is stored inside the server 102A. In an example, the database 104 may be searched for the events data and coordinate different events via the database 104. By virtue of the storing the database 104 in the storage servers 102 an improved coordination of events is provided via a searchable event timeline.

According to an embodiment, the system 100B further comprising an event sanitizer 114 configured to receive system event data 106B and external event data 106C respectively from the system event agents 110A and HOB and from the external event agents 112A and 112B, and to push received system event data and received external event data into the database 104. The event sanitizer 114 refers to a software component that is configured to receive system event data 106B and external event data 106C and push into the database 104. Beneficially, the event sanitizer 114 may filter duplicate events, and protect the system 100A from malicious events, e.g. DDOS (distributed denial of service) attack. By virtue of the event sanitizer 114, the event data 106 can be appropriately stored in the database 104 to enable enhanced access of event data 106 and coordination of the event. According to an embodiment, in the system 100B, the event sanitizer 114 is configured to prepare received system event data and received external event data for storing in the database 104 if the format of said received system event data and received external event data is not appropriate for storing in the database 104, and to push prepared system event data and prepared external event data into the database 104. The event data 106 may be stored in the database 104 in a defined format to enable easy in searching of event data 106 from the database 104. In an example, the event sanitizer 114 is configured to rearrange or reformat the event data 106 based on the format used for storing data in the database 104.

According to an embodiment, in the system 100B, the event sanitizer 114 is configured to filter duplicate received system event data and duplicate received external event data in order to push only one occurrence of a received system event and a received external event into the database 104. In an example, the event sanitizer 114 is configured to execute deduplication of the event data 106 by calculating and comparing a hash value of a given event data with hash values of event data 106 that are previously stored. In such an example, the event sanitizer 114 is configured to maintain a log of the hash values of event data 106 that are stored in the database 104. By virtue of filtering the duplicate events the event sanitizer 114 enables in saving a storage space of the server 102A, which in turn reduces the storage cost.

According to an embodiment, in the system 100B, the event sanitizer 114 is configured to prevent malicious received system event data or malicious received external event data from being pushed into the database 104. In an example, the event sanitizer 114 is configured to execute antivirus scans to identify received system event data and received external event data which are malicious for storing in the database 104. In such an example, the event sanitizer 114 is configured to remove the virus from the event data 106 and then push the prepared system event data and the prepared external event data into the database 104. The event sanitizer 114 executes antivirus scans to prevent malicious events to enter the database 104 as a result of which improved user experience and data security is provided for coordinating the events.

According to an embodiment, in the system 100B, the event sanitizer 114 is stored inside one of the storage servers 102. In this case, the event sanitizer 114 is implemented on the server 102A. The event sanitizer 114 is stored inside one of the storage servers 102 to provide only the event data 106 which is filtered for storage in the database 104 so that the data is neither duplicate nor includes malicious events. According to an embodiment, the system 100B further comprises an auto-backup agent 116 configured to query the database 104 and to launch a backup operation depending on the result of a query. The auto-backup agent 116 is configured to trigger a backup based on certain events, or severity of event.

According to an embodiment, in the system 100B, the auto-backup agent 116 is stored in one of said storage servers 102. In an example, the auto-backup agent 116 is stored inside the server 102A. The auto-backup agent 116 may be coupled to the database 104. By virtue of storing the auto-backup agent 116 in the storage servers 102, a user experience is improved.

According to an embodiment, the system 100B further comprises a backup tagging agent 118 configured to query the database 104 and to generate backup tags depending on the result of a query. The backup tagging agent 118 is configured to tag the backup according to events in the database 104, and further manage service-level agreements (SLA). As a result of which events can be easily managed. The backup tagging agent 118 generates backup tags to enable enhanced searching of events in the database 104.

According to an embodiment, in the system 100B, the backup tagging agent 118 is stored in one of said storage servers 102. In an example, the backup tagging agent 118 is stored inside the server 102A. The backup tagging agent 118 may be coupled to the database 104. By virtue of storing the backup tagging agent 118 in the storage servers 102, a user experience is improved.

According to an embodiment, the system 100B further comprising an interface module 120 configured to allow external access to the database 104. The interface module 120 is configured to enable searching and filtering of event data 106 in the database 104. In an example, the interface module 120 enables accessibility to the database 104 externally via an Application Programming Interface (API).

According to an embodiment, the interface module 120 is stored into one of the storage servers 102. In an example, the interface module 120 is stored inside the server 102A. The interface module 120 may be coupled to the database 104 and a user device to enable access by a user.

According to an embodiment, in the system 100B, the interface module 120 comprises a search engine 122 configured to retrieve events from the database 104 on the basis of a query. In an example, the search engine 122 is configured to execute a search based on keywords received in form of the query via the API for searching events in the database 104. According to an embodiment, the system 100B, further comprising a tagging agent 124 configured to query the database 104 through the interface module 120 and to generate tags for system components depending on the result of a query. The tagging agent 124 is configured to generate tags for switching configurations.

According to an embodiment, the system 100B further comprising an event alarm manager 126 configured to query the database 104 through the interface module 120 and to generate event alarms depending on the result of a query. The event alarm manager 126 refers to a software component that is configured to generate the event alarms and send to a given user such as a system administrator. The event alarms may be generated based on the time stamp associated with event data 106. In an example, the event alarms are generated only for a defined number of events based on for example an importance score assigned by the system administrator. In an example, the event alarm is generated for updating service packs.

According to an embodiment, the system 100B further comprising a maintenance scheduler 128 configured to query the database 104 through the interface module 120 and to schedule system maintenance operation depending on the result of a query. The maintenance scheduler 128 refers a software component that is configured to enable ease in scheduling maintenance.

The system 100B of the present disclosure provides an improved coordination and linking of events (such as Information Technology (IT) events). The present system 100B provides a searchable event timeline, which is able to link backups, and other IT events which enables to easily find and act on events and IT components related to the events. Further, the searchable event timeline enables the system administrator to perform for example informed restores and informed audits relying on the timeline. Moreover, the present disclosure enables to not only automates manual procedures which were conventionally required for events, such as updating of service packs, but also improves data security due to real-time or near real-time processing of events and corresponding updates. As a result, the present disclosure is less prone to errors in comparison to conventional techniques. The present disclosure enables in synchronizing all events in three layers such as events inside the server 102A, events within a company (i.e. system components) and events on domestic or global level (i.e. outside the system 100B). As a result of which, all the events can be coordinated with improved accuracy and less complexity. The present disclosure provides a backup focused implementation which in comparison to conventional technologies is not based on pulling of logs, but is event based. The backups can be found, retro-actively created and filtered via the database 104. Moreover, the placement of the database 104 within server 102A allows a data centric approach allowing generation of events via modification of data instead of conventional log consolidation from different endpoints.

FIG. 2 is a block diagram that illustrates various exemplary components of a server, in accordance with an embodiment of the present disclosure. FIG. 2 is described in conjunction with elements from FIGs. 1 A and IB. With reference to FIG. 2 there is shown the server 102A. The server 102A includes a processor 202, a transceiver 204 and a memory 206. The memory 206 further includes the database 104, the storage event agent 108A, the system event agent 110A, the external event agent 112A, the event sanitizer 114, the auto-backup agent 116 and backup tagging agent 118.

The processor 202 includes suitable logic, circuitry, and/or interfaces that is configured to received event data (such as the event data 106 of FIG.1 A) and further push the event data into the database 104. In an implementation, the processor 202 is configured to execute instructions stored in the memory 206. In an example, the processor 202 may be a general-purpose processor. Other examples of the processor 202 may include, but is not limited to a microprocessor, a microcontroller, a complex instruction set computing (CISC) processor, an application-specific integrated circuit (ASIC) processor, a reduced instruction set (RISC) processor, a very long instruction word (VLIW) processor, a central processing unit (CPU), a state machine, a data processing unit, and other processors or control circuitry. Moreover, the processor 202 may refer to one or more individual processors, processing devices, a processing unit that is part of a machine, such as the server 102A.

The transceiver 204 includes suitable logic, circuitry, and/or interfaces that may be configured to communicate with one or more external devices, such as the server 102B. Examples of the transceiver 204 may include, but is not limited to, an antenna, a telematics unit, a radio frequency (RF) transceiver, one or more amplifiers, one or more oscillators, a digital signal processor, a coder-decoder (CODEC) chipset, and/or a subscriber identity module (SIM) card.

The memory 206 refers to a primary storage of the server 102A. The memory 206 include suitable logic, circuitry, and/or interfaces that may be configured to store machine code and/or instructions with at least one code section executable by the processor 202. Examples of implementation of the memory 206 may include, but are not limited to, Electrically Erasable Programmable Read-Only Memory (EEPROM), Random Access Memory (RAM), Read Only Memory (ROM), Hard Disk Drive (HDD), Flash memory, Solid-State Drive (SSD), and/or CPU cache memory. The memory 206 may store an operating system and/or other program products (including one or more operation algorithms) to operate the server 102A.

The memory 206 comprises the database 104 that is configured to store the event data 106. The memory 206 further comprises the storage event agent 108A, the system event agent 110A, the external event agent 112A, the event sanitizer 114, the auto-backup agent 116 and backup tagging agent 118.

FIG. 3 is a flowchart of a method of managing events, in accordance with an embodiment of the present disclosure. With reference to FIG.3 there is shown a method 300. The method 300 is executed at a system (e.g. the system 100B) described, for example, in Fig. IB. The method 300 includes steps 302 to 308.

The present disclosure provides a method 300 of managing events occurring in or related to a system 100B, said system 100B comprising one or more storage servers 102 configured to store system information, and one or more system components in communication with one or more of the said storage servers 102, the method 300 comprising configuring a database 104 to store event data 106 comprising an event identifier and an event timestamp, said event data 106 belonging to one of storage server event data 106A related to events occurring on information stored in one or more of the storage servers 102, system event data 106B related to events occurring on one of the system components, and external event data 106C related to events occurring outside of the system 100B, pushing storage server event data in the database 104 through one or more storage event agents 108 A, pushing system event data in the database 104 through one or more system event agents 110A, pushing external event data in the database 104 through one or more external event agents 112 A.

At step 302, the method 300 comprises configuring a database 104 to store event data 106 comprising an event identifier and an event timestamp, said event belonging to one of storage server event data 106 A related to events occurring on information stored in one or more of the storage servers 102, system event data 106B related to events occurring on one of the system components, and external event data 106C related to events occurring outside of the system 100B. In an example, the database 104 is configured to store the event data 106 that includes data associated with events such as IT events like backup, restore, firewall upgrade, maintenance and other events like update of service packs. In an example, the event data 106 belonging to one of storage server event data 106A may include information about service pack installation, application of new service-level agreement (SLA) on virtual machines, service- level agreement not met for virtual machines. The system event data 106B related to events occurring on one of the system components may also be referred to as data related to Information Technology (IT) lab events in a company. In an example, event data related to events occurring on one of the system components includes information about firmware upgrade on switches, partial power outage, irregular packet drops in company switches. The external event data 106C related to events occurring outside of the system 100B may also be referred to as global or domestic event data. In an example, external event data 106C related to events occurring outside of the system 100B includes information about a cyclone hitting the Indian coast, a power outages in a given area.

At step 304, the method 300 comprises pushing storage server event data in the database 104 through one or more storage event agents 108A and 108B. The storage server event data is pushed through the storage event agent 108 A and 108B by receiving the storage server event data and further pushing the storage server event data into the database 104.

At step 306, the method 300 comprises pushing system event data in the database 104 through one or more system event agents 110A and HOB. The system event data is pushed through the system event agent 110A and HOB by receiving the system event data and further pushing the system event data into the database 104.

At step 308, the method 300 comprises pushing external event data in the database 104 through one or more external event agents 112A and 112B. The external event data is pushed through one or more external event agents 112A and 112B by receiving the external event data and further pushing the external event data into the database 104.

According to an embodiment, in the method 300 comprises configuring the database 104 comprises storing said database 104 in one of the storage servers 102. In an example, the method comprises configuring the database 104 to is stored inside the server 102A. In an example, the method 300 may enable a given user to search the database 104 for the events data 106 and coordinate different events via the database 104. By virtue of the storing the database 104 in the storage servers 102 an improved coordination of events is provided via a searchable event timeline. According to an embodiment, the method 300 further comprises receiving, by an event sanitizer 114, system event data 106B and external event data 106C respectively from the system event agents 110A and HOB and from the external event agents 112A and 112B, and pushing, through said event sanitizer 114, received system event data and received external event data into the database 104. The method 300 comprises receiving the system event data 106B and external event data 106C and pushing into the database 104 by the event sanitizer 114. Beneficially, the event sanitizer 114 may filter duplicate events, and protect the system 100B from malicious events, e.g. DDOS (distributed denial of service) attack. By virtue of the event sanitizer 114, the event data 106 can be appropriately stored in the database 104 to enable enhanced access of event data 106 and coordination of the event.

According to an embodiment, the method 300 further comprises preparing, by the event sanitizer 114, received system event data and received external event data for storing in the database 104 if the format of said received system event data and received external event data is not appropriate for storing in the database 104, and pushing, by the event sanitizer 114, prepared system event data and prepared external event data into the database 104. The method 300 comprises the event sanitizer 114 storing the event data 106 in the database 104 in a defined format to enable easy in searching of event data 106 from the database 104. In an example, the event sanitizer 114 rearranges or reformats the event data 106 based on the format used for storing data in the database 104.

According to an embodiment, the method 300 further comprises filtering, by the event sanitizer 114, duplicate received system event data and duplicate received external event data, and pushing, by the event sanitizer 114, only one occurrence of a received system event and a received external event into the database 104. In an example, the method 300 comprises executing, by the event sanitizer 114, deduplication of the event data 106 by calculating and comparing a hash value of a given event data with hash values of event data 106 that are previously stored. In such an example, the event sanitizer 114 maintains a log of the hash values of event data 106 that are stored in the database 104. By virtue of filtering the duplicate events the event sanitizer 114 enables in saving a storage space of the server 102A, which in turn reduces the storage cost.

According to an embodiment, the method 300 further comprises preventing, by the event sanitizer 114, malicious received system event data or malicious received external event data from being pushed into the database 104. In an example, the method 300 comprises executing, by the event sanitizer 114, antivirus scans to identify received system event data and received external event data which are malicious for storing in the database 104. In such an example, the event sanitizer 114 removes the virus from the event data 106 and then pushes the prepared system event data and the prepared external event data into the database 104. The event sanitizer 114 executes antivirus scans to prevent malicious events to enter the database 104 as a result of which improved user experience and data security is provided for coordinating the events.

According to an embodiment, the method 300 further comprises storing the event sanitizer 114 in one of the storage servers 102. In an example, the method 300 comprises storing the event sanitizer 114 in the server 102A. The event sanitizer 114 is stored inside one of the storage servers 102 to provide only the event data 106 which is filtered for storage in the database 104 so that the data is neither duplicate nor includes malicious events.

According to an embodiment, the method 300 further comprises querying the database 104 by an auto-backup agent 116, and launching, by said auto-backup agent 116, a backup operation depending on the result of the query. The method 300 comprises triggering, by the auto-backup agent 116, a backup based on certain events, or severity of event. The auto-backup agent 116 is configured to trigger a backup based on certain events, or severity of event.

According to an embodiment, the method 300 further comprises storing the auto-backup agent 116 in one of said storage servers 102. In an example, the method 300 comprises storing the auto-backup agent 116 inside the server 102A. The auto-backup agent 116 may be coupled to the database 104. By virtue of storing the auto-backup agent 116 in the storage servers 102, a user experience is improved.

According to an embodiment, the method 300 further comprises querying the database 104 by a backup tagging agent 118, and generating, by said backup tagging agent 118, backup tags depending on the result of the query. The method 300 comprises generating, by the backup tagging agent 118, tags for the backup according to events in the database 104, and further manage service-level agreements (SLA). As a result of which events can be easily managed. The backup tagging agent 118 generates backup tags to enable enhanced and quick searching of events in the database 104.

According to an embodiment, the method 300 further comprises storing the backup tagging agent 118 in one of said storage servers 102. The method 300 comprises storing the backup tagging agent 118 inside the server 102A. The backup tagging agent 118 may be coupled to the database 104. By virtue of storing the backup tagging agent 118 in the storage servers 102, a user experience is improved. According to an embodiment, the method 300 further comprises externally accessing the database 104 through an interface module 120. The method 300 comprises enabling, by the interface module 120, to search and filter event data 106 in the database 104. In an example, the interface module 120 enables accessibility to the database 104 externally via an Application Programming Interface (API).

According to an embodiment, the method 300 further comprises storing the interface module 120 in one of the storage servers 102. In an example, the method 300 comprises storing the interface module 120 in the server 102A. The interface module 120 may be coupled to the database 104 and a user device to enable access by a user.

According to an embodiment, the method 300 further comprises retrieving events from the database 104 on the basis of a query, through a search engine 122 the interface module 120. In an example, the method 300 comprises executing, by the search engine 122, a search based on keywords received in form of the query via the API for searching events in the database 104.

According to an embodiment, the method 300 further comprises querying, by a tagging agent 124, the database 104 through the interface module 120, and generating, by the tagging agent 124, tags for system components depending on the result of the query. The method 300 comprises generating tags, by the tagging agent, for switching configurations.

According to an embodiment, the method 300 further comprises querying, by an event alarm manager 126, the database 104 through the interface module 120, and generating, by the event alarm manager 126, event alarms depending on the result of a query. The method 300 comprises generating, by the event alarm manager 126, the event alarms and send to a given user such as a system administrator. The event alarms may be generated based on the time stamp associated with event data 106.

According to an embodiment, the method 300 further comprises querying, by a maintenance scheduler, the database 104 through the interface module 120, and scheduling, by the maintenance scheduler, system maintenance operation depending on the result of the query. The method 300 comprises enabling ease in scheduling maintenance by the maintenance scheduler.

The method 300 of the present disclosure improves coordination of events (such as Information Technology (IT) events), where a searchable event timeline is generated, which is able to link backup events with and other IT events for enhanced and error-free search of events and IT components related to the events. Further, the searchable event timeline enables to perform informed restores and informed audits relying on the timeline. Moreover, the present method 300 enables to not only automates manual procedures which were conventionally required for events such as updating of service packs, but also improves system performance, security, and overall maintenance of IT systems. As a result, the present disclosure is less prone to errors in comparison to conventional techniques. The present disclosure enables in synchronizing all events in three layers such as events inside the server 102A, events within a company (i.e. system components) and events on domestic or global level (i.e. outside the system 100B). As a result of which, all the events can be coordinated easily. The present disclosure provides a backup focused implementation which in comparison to conventional technologies is not based on pulling logs, but is event based. The backups can be found, retro-actively created and filtered via the database.

FIG. 4 is an exemplary illustration of a timeline of events for managing events, in accordance with an embodiment of the present disclosure. With reference to FIG.4, there is shown a timeline 400. There are further shown backup events 402 belonging to events occurring on information stored in one or more of the storage servers (such as storage server 102 of FIG. 1 A), lab events 404 belonging to events occurring on one of the system components, domestic events 406 belonging to events occurring outside of the system (such as the system 100B of FIG. IB).

The backup events 402 includes a first backup event 408A of service pack installation, a second backup event 408B of an application of new service-level agreement (SLA) on virtual machines, a third backup event 408C of service-level agreement (SLA) not met for virtual machines. The lab events 404 includes a first lab event 410A of firmware upgrade on switches, a second lab event 410B of partial power outage, a third lab event 410C of irregular packet drops in company switches. The domestic events 406 also referred to as global events includes a first domestic event 412A of cyclone hitting the Indian coast (event received from weather website), a second domestic event 412B of power outage in an area (event received from a new reporting website).

In an example, if Information Technology (IT) of a system 100B is affected for example by domestic events 406, for example first domestic event 412A of cyclone hitting the Indian coast, a system administrator is able to search the timeline 400, to find a best backup when the service- level agreement (SLA) was still met with the updated service pack. This backup can be used both to perform a post-mortem investigation as to why the SLA had not been met, building a test and development environment to find solutions to the issue, and also restoring problematic virtual machines that had been affected by the power outage. In an example, if the system (such as the system 100B of FIG. IB) has CDP (continuous data protection), the timeline 400 can be used to retroactively create a backup which corresponds to the exact time that the events occurred and prior to a network load that may have caused issues with the application.

FIG. 5 is an illustration of an exemplary scenario for implementation of a system and method for managing events, in accordance with an embodiment of the present disclosure. FIG. 5 is described in conjunction with FIG. IB. With reference to FIG.5, there is shown the server 102A, the database 104, the event sanitizer 114. The server 102A comprises a registry monitor 502, an offline antivirus 504, a file system difference scanner 506. There is further shown a weather event agent 508, a stock exchange event agent 510, a switch event agent 512 and a hypervisor event agent 514.

The server 102A here is a backup server. The registry monitor 502 is configured to store information associated with the all the software and hardware that are associated with the server 102A. The offline antivirus 504 enables in identifying any virus in the event data (such as event data 106) that is received for storing in the database 104. The file system difference scanner 506 enables in identifying duplicate event data that may be provided for storing in the database 104. In an example, the file system difference scanner 506 may compare a new event data with existing event data stored in the database 104 to identify the difference between the new and existing event data. The weather event agent 508 is configured to provide event data 106 related to weather updates and change. The stock exchange event agent 510 is configured to provide event data 106 related to events occurring in a stock exchange of a given country. In an example, the weather event agent 508 and the stock exchange event agent 510 are agent related to domestic events such as domestic events 406. The switch event agent 512 is configured to provide event data 106 related to various switches. The hypervisor event agent 514 is configured to provide event data 106 related to hypervisor associated with virtual machines. In an example, the switch event agent 512 and the hypervisor event agent 514 are agent related to lab events such as lab events 404.

FIG. 6 is an illustration of an exemplary scenario for implementation of a system and method for managing events, in accordance with another embodiment of the present disclosure. FIG. 6 is described in conjunction with FIG. IB. With reference to FIG.6, there is shown the server 102A, the database 104, the backup tagging agent 118. The server 102A comprises a database API (Application Programming Interface) 602. There is further shown an external user interface 604, an event alarm manager 606, a tagging agent 608 and a maintenance scheduler 610. The database API 602 is configured to enable accessibility of the database 104 to a given user. The external user interface 604 is configured to enable searching and filtering of event data (such as event data 106) in the database 104 via the database API 602. The external user interface 604 allows third party access of the database 104 to use events to tag and further manage events. The external user interface 604 may also be referred to an interface module. The event alarm manager 606 is configured to query the database 104 through the external user interface 604 and to generate event alarms depending on the result of a query. The tagging agent 608 is configured to query the database 104 through the external user interface 604 and to generate tags for system components depending on the result of a query. The maintenance scheduler 610 is configured to query the database 104 through the external user interface 604 and to schedule system maintenance operation depending on the result of a query.

Modifications to embodiments of the present disclosure described in the foregoing are possible without departing from the scope of the present disclosure as defined by the accompanying claims. Expressions such as "including", "comprising", "incorporating", "have", "is" used to describe and claim the present disclosure are intended to be construed in a non-exclusive manner, namely allowing for items, components or elements not explicitly described also to be present. Reference to the singular is also to be construed to relate to the plural. The word "exemplary" is used herein to mean "serving as an example, instance or illustration". Any embodiment described as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments and/or to exclude the incorporation of features from other embodiments. The word "optionally" is used herein to mean "is provided in some embodiments and not provided in other embodiments". It is appreciated that certain features of the present disclosure, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the present disclosure, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable combination or as suitable in any other described embodiment of the disclosure.

Claims

1. A server (102A-102N) configured to communicate with one or more components of a system (100 A), one or more of the said components being storage servers (102) configured to store system information, the server (102A-102N) comprising a database (104) configured to store event data (106), said event data (106) comprising an event identifier and an event timestamp, said event data (106) belonging to one of storage server event data (106 A) related to events occurring on information stored in one or more of the storage servers (102), system event data (106B) related to events occurring on one of the system components, and external event data (106C) related to events occurring outside of the system (100A).

2. A server (102A-102N) according to claim 1, further being configured to store system information and be one of the storage servers (102) of the system (100A).

3. A server (102A-102N) according to any of claims 1 and 2, wherein the one or more of components of the system (100 A) comprising one or more system event agents (110 A, 110B) configured to push system event data into the database (104), and one or more of components of the system (100 A) comprising one or more external event agents (112A, 112B) configured to push external event data into the database (104), the server (102A-102N) further comprising an event sanitizer (114) configured to receive system event data (106B) and external event data (106C) respectively from the system event agents (110A, 110B) and from the external event agents (112 A, 112B), and to push received system event data and received external event data into the database (104).

4. A server (102A-102N) according to claim 3, wherein the event sanitizer (114) is configured to prepare received system event data and received external event data for storing in the database (104) if the format of said received system event data and received external event data is not appropriate for storing in the database (104), and to push prepared system event data and prepared external event data into the database (104).

5. A server (102A-102N) according to any of claims 3 and 4, wherein the event sanitizer (114) is configured to filter duplicate received system event data and duplicate received external event data in order to push only one occurrence of a received system event and a received external event into the database (104).

6. A server (102A-102N) according to any of claims 3 to 5, wherein the event sanitizer (114) is configured to prevent malicious received system event data or malicious received external event data from being pushed into the database (104).

7. A server (102A-102N) according to any of claims 3 to 6, wherein the event sanitizer (114) is stored inside one of the storage servers (102).

8. A method of managing events occurring in or related to a system (100B), said system (100B) comprising one or more storage servers (102) configured to store system information, and one or more system components in communication with one or more of the said storage servers (102), the method comprising configuring a database (104) to store event data (106) comprising an event identifier and an event timestamp, said event data (106) belonging to one of storage server event data (106 A) related to events occurring on information stored in one or more of the storage servers (102), system event data (106B) related to events occurring on one of the system components, and external event data (106C) related to events occurring outside of the system (100B), pushing storage server event data in the database (104) through one or more storage event agents (108 A, 108B), pushing system event data in the database (104) through one or more system event agents (110A, l lOB), pushing external event data in the database (104) through one or more external event agents (112A, 112B).

9. A method according to claim 8, wherein configuring the database (104) comprises storing said database (104) in one of the storage servers (102).

10. A method according to any of claims 8 and 9, further comprising receiving, by an event sanitizer (114), system event data (106B) and external event data (106C) respectively from the system event agents (110A, 110B) and from the external event agents (112A, 112B), and pushing, through said event sanitizer (114), received system event data and received external event data into the database (104).

11. A method according to claim 10, further comprising preparing, by the event sanitizer (114), received system event data and received external event data for storing in the database (104) if the format of said received system event data and received external event data is not appropriate for storing in the database (104), and pushing, by the event sanitizer (114), prepared system event data and prepared external event data into the database (104).

12. A method according to any of claims 10 and 11, further comprising filtering, by the event sanitizer (114), duplicate received system event data and duplicate received external event data, and pushing, by the event sanitizer (114), only one occurrence of a received system event and a received external event into the database (104).

13. A method according to any of claims 10 to 12, further comprising preventing, by the event sanitizer (114), malicious received system event data or malicious received external event data from being pushed into the database (104).

14. A method according to any of claims 10 to 13, further comprising storing the event sanitizer (114) in one of the storage servers (102).

15. A method according to any of claims 8 to 14, further comprising querying the database (104) by an auto-backup agent (116), and launching, by said auto-backup agent (116), a backup operation depending on the result of the query.

16. A method according to claim 15, further comprising storing the auto-backup agent (116) in one of said storage servers (102).

17. A method according to any of claims 8 to 16, further comprising querying the database (104) by a backup tagging agent (118), and generating, by said backup tagging agent (118), backup tags depending on the result of the query.

18. A method according to claim 17, further comprising storing the backup tagging agent (118) in one of said storage servers (102).

19. A system (100B) comprising one or more storage servers (102) configured to store system information, and one or more system components in communication with one or more of the said storage servers (102), the system (100B) further comprising a database (104) configured to store event data (106), said event data (106) comprising an event identifier and an event timestamp, said event data (106) belonging to one of storage server event data (106 A) related to events occurring on information stored in one or more of the storage servers (102), system event data (106B) related to events occurring on one of the system components, and external event data (106C) related to events occurring outside of the system (100B), one or more storage event agents (108 A, 108B) configured to push storage server event data into the database (104), one or more system event agents (110A, 110B) configured to push system event data into the database (104), and one or more external event agents (112 A, 112B) configured to push external event data into the database (104).

20. A system (100B) according to claim 19, wherein the database (104) is stored inside one of the storage servers (102).

21. A system (100B) according to any of claims 19 and 20, further comprising an event sanitizer (114) configured to receive system event data (106B) and external event data (106C) respectively from the system event agents (110A, 110B) and from the external event agents (112 A, 112B), and to push received system event data and received external event data into the database (104).

22. A system (100B) according to claim 21, wherein the event sanitizer (114) is configured to prepare received system event data and received external event data for storing in the database (104) if the format of said received system event data and received external event data is not appropriate for storing in the database (104), and to push prepared system event data and prepared external event data into the database (104).

23. A system (100B) according to any of claims 21 and 22, wherein the event sanitizer (114) is configured to filter duplicate received system event data and duplicate received external event data in order to push only one occurrence of a received system event and a received external event into the database (104).

24. A system (100B) according to any of claims 21 to 23, wherein the event sanitizer (114) is configured to prevent malicious received system event data or malicious received external event data from being pushed into the database (104).

25. A system (100B) according to any of claims 21 to 24, wherein the event sanitizer (114) is stored inside one of the storage servers (102).

26. A system (100B) according to any of claims 19 to 25, further comprising an auto-backup agent (116) configured to query the database (104) and to launch a backup operation depending on the result of a query.

27. A system (100B) according to claim 26, wherein the auto-backup agent (116) is stored in one of said storage servers (102).

28. A system (100B) according to any of claims 21 to 27, further comprising a backup tagging agent (118) configured to query the database (104) and to generate backup tags depending on the result of a query.

29. A system (100B) according to claim 28, wherein the backup tagging agent (118) is stored in one of said storage servers (102).