| 摘要 |
An intra-session network correlation system receives a stream of network events and groups the events into different network sessions according to event parameters and corresponding network address translation (NAT) information. An event in the stream is first matched against any existing session, and then categorized using the information about a NAT device that translates a message to which the event is related. Finally, at a predefined time, a categorized event is processed to identify other categorized events in accordance with a NAT message or an expiry timer associated with the categorized event; the categorized event and identified other categorized events are grouped into the same network session. |
