| CPC H04L 43/062 (2013.01) [H04L 43/067 (2013.01)] | 16 Claims |
|
1. A method for finding a historic netflow having a particular IP address, the method comprising:
retrieving, by a historic netflow computer system, a plurality of netflow blobs each containing a plurality of netflows wherein each netflow contains data about data traffic between an internet protocol (IP) address of a source host and the IP address of a destination host during a certain period of time in the past, each of the plurality of netflow blobs containing the plurality of netflows over a different period of time in the past;
receiving, by the historic netflow computer system, a request to find a requested IP address during a searchable period of time, wherein the requested IP address is findable in at least two of the network blobs that have netflows over different periods of time in the past;
generating, by the historic netflow computer system, a blob index file for each of the at least two netflow blobs, each blob index file containing each of a plurality of IP addresses in the netflow blob for a different period of time in the past;
generating, by the historic netflow computer system, a bitset for one of the at least two netflow blobs having a longest time period, wherein the bitset contains a set of bits in a word wherein each IP address of the plurality of IP addresses in the netflow blob having the longest period of time is converted into a bit in the bitset, wherein each bit in the bitset corresponds to the actual IP address;
performing, by the historic netflow computer system, a search, using the bitset and the at least two blob index files, to find a historic netflow having the requested IP address in a netflow during the searchable period of time; and
displaying, on a display of a user computing device, the found historic netflow having the requested IP address.
|