Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
This communication is in response to the application filed on 03/28/2020 in which Claims 11-30 are presented for examination.
Drawings
The applicant’s drawings submitted on 03/28/2020 are acceptable for examination purposes. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 11-13, 16-26 and 29-30 are rejected under 35 U.S.C. 103 as being Jain U.S. US 10382358 B1 in view of Shanumgam (US 7032022 B1).
As to claim 11, Jain discloses a method for generating log generation rules for a network comprising a plurality of host computers on which a plurality of data compute nodes (DCNs) executes, the method comprising (Jain Fig. 1 -2): defining a dynamic group associated with a plurality of DCNs (Jain Col. 4 line 25-40) [FIG. 2 is a block diagram that illustrates an example system 200 for a multi-tiered data processing service comprising computing nodes having defined computing capacity tiers and the computing nodes are connected by a network. More specifically, the system 200 may include network addressable devices 220 that may be in network communication with one or more network edge devices 218 and a computing service environment 202.] Note: paragraph [0006] of the specification of the current application describes  “dynamic group” as any type of network entity (e.g., virtual machines, namespaces, applications, one or more virtual network interface controllers (VNICs), host machines, or any other compute and/or network construct that participates in a logical and/or physical network)]; wherein the security operations are performed on data that are associated with the dynamic group (Jain Col. 5 line 2-7) [security services, data management services, applications, rules engines, and the like. These network services 204 may be used to analyze and/or process data generated by a network addressable device 220 and the network services 204 may be configured to perform an action based on the analysis]; 
It is noted that Jain does not explicitly disclose defining a log generation rule; associating the log generation rule with the dynamic group; and distributing definitions 
However, Shanumgam discloses defining a log generation rule (Shanumgam Col. 2 lines 18-25) [central policy server includes a log collecting and archiving module for periodically receiving health and status information from each of the policy enforcers]; associating the log generation rule with the dynamic group (Shanumgam Col. 1 lines 20-24) [collecting logs and statistics information from remote private networks in a distributed policy management system]; and distributing definitions of the dynamic group and the log generation rule to a plurality of host computers that use the log generation rule to determine how to log security operations (Shanumgam Col. 6 lines 45-60) [the log collecting and archiving module 304 collects information about the status and usage of resources from the policy enforcers 124, 126 as well as from the management module 302, and stores them in the archive database 318. The policy server reports module 316 then uses the collected logs and archives to generate reports in an organized report format.  According to one embodiment of the invention, each policy enforcer 124, 126 maintains a log file with information collected about the flow of traffic through the policy enforcer as well as the status and usage of resources associated with the policy enforcer]
Thus, before the effective filing date of the claimed invention it would have been recognized by one of ordinary skill in the art that applying the known technique taught by Shanumgam to the computer security system of Jain would have yield predictable results and resulted in an improved system, namely, a system that would provide a (Shanumgam Col. 2 lines 14-17)

As to claim 12, Jain discloses further comprising, before distributing the definitions, identifying the plurality of host computers on which the plurality of DCNs associated with the dynamic group execute (Jain Fig. 2, Col. 4 lines 25-40) [system 200 for a multi-tiered data processing service comprising computing nodes having defined computing capacity tiers and the computing nodes are connected by a network. More specifically, the system 200 may include network addressable devices 220 that may be in network communication with one or more network edge devices 218 and a computing service environment 202. Illustratively, the network addressable devices 220 may have minimal, limited, or no computing capabilities as compared to other devices in the multi-tiered data processing service]

As to claim 13, the combination of Jain and Shanumgam discloses wherein the log generation rule comprises a criterion through which the log generation rule is associated with the dynamic group Shanumgam Col. 1 lines 20-24) [collecting logs and statistics information from remote private networks in a distributed policy management system] See also, Thus, before the effective filing date of the claimed invention it would have been recognized by one of ordinary skill in the art that applying the known technique taught by Shanumgam to the computer security system of Jain (Shanumgam Col. 2 lines 14-17)

As to claim 16, the combination of Jain and Shanumgam discloses wherein the log generation rule comprises a logging protocol based on which the plurality of DCNs transmit the generated logs to a log server (Shanumgam Col. 17 lines 26-44) [As new protocols are defined in the future and/or users create their own custom applications with custom protocols, a need may arise to add recognition of these protocols to the protocol classification engine. The described protocol classification engine architecture allows such additions by simply adding a new scripted definition of the new protocol to the protocol classification engine without having to change the design each time a new protocol is added]
See also, Thus, before the effective filing date of the claimed invention it would have been recognized by one of ordinary skill in the art that applying the known technique taught by Shanumgam to the computer security system of Jain would have yield predictable results and resulted in an improved system, namely, a system that would provide a central policy server defining the first and second policy settings and monitoring the health and status of the policy enforcers from a single location (Shanumgam Col. 2 lines 14-17)

As to claims 17-19, the combination of Jain and Shanumgam discloses wherein the security operations comprise firewall operations performed on data messages destined for and initiated by the plurality of DCNs; wherein determining how to log the security operations comprises determining whether to log a resolution of a firewall rule performed on a data message destined for a DCN or to forego logging the resolution of the firewall rule performed on the data message; wherein the resolution of the firewall rule performed on the data message comprises one of allowing the data message to be forwarded to the DCN and dropping the data message (Shanumgam Col. 14 lines 13-25) [The firewall policies decide the network traffic that is to be allowed to flow from the public Internet 108 into the local networks 102, 104, and the traffic that is to be blocked] See also, Thus, before the effective filing date of the claimed invention it would have been recognized by one of ordinary skill in the art that applying the known technique taught by Shanumgam to the computer security system of Jain would have yield predictable results and resulted in an improved system, namely, a system that would provide a central policy server defining the first and second policy settings and monitoring the health and status of the policy enforcers from a single location (Shanumgam Col. 2 lines 14-17)

As to claims 20-21, the combination of Jain and Shanumgam discloses wherein the security operations that are performed on the plurality of DCNs are defined for the plurality of DCNs independent of the log generation rule; wherein the dynamic group comprises a data structure, wherein associating the log generation rule with the dynamic group comprises adding a reference to the log generation rule to the data Jain Col. 4 line 25-40) [FIG. 2 is a block diagram that illustrates an example system 200 for a multi-tiered data processing service comprising computing nodes having defined computing capacity tiers and the computing nodes are connected by a network. More specifically, the system 200 may include network addressable devices 220 that may be in network communication with one or more network edge devices 218 and a computing service environment 202.]

As to claims 22-23, Jain discloses wherein the plurality of DCNs comprises a plurality of virtual servers that implement a tier of a multi-tier distributed application; wherein the multi-tier distributed application comprises a web tier, an application tier, and a database tier (Jain Fig. 1, Col. 2 line 28-35) [a multi-tiered data processing service that includes multiple computing nodes capable of processing data generated by network addressable devices using data rule sets defined by computing service customers or a computing service provider. In this technology, a computing node may be selected to host a data rule set using characteristics of the computing node and the data rule set]

As to claims 24-26, claims 24-26 recite respectively the claimed that contain similar limitations as claims 11-13; therefore, they are rejected under the same rationale.

As to claims 29-30, claims 29-30 recite respectively the claimed that contain similar limitations as claims 16-17; therefore, they are rejected under the same rationale.
Allowable Subject Matter
Claims 14-15 and 27-28 are objected to as being dependent upon a rejected base claim. Independent claims 11 and 24 would be allowable if subject matter of both claims (14 and 15) are incorporated into each independent claim 1 and 24. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438.  The examiner can normally be reached on Monday -Thursday 7:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B. Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  




/EVANS DESROSIERS/Primary Examiner, Art Unit 2491