DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4-7, 9, 13, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Rodgers (2019/0324649) in view of Carpenter et al. (2020/0341868).
Regarding claim 1:
Rodgers teaches:
storing buffered log data in at least one memory buffer during an execution of one or more threads [par 12, 25, 25 – event buffer that buffers event-related log messages, an application contains at least one thread]; 
receiving thread execution data descriptive of the execution of the one or more threads [par 26-29 – log messages containing data regarding application execution are received]; 
inputting the thread execution data into an anomalous program event detector module, wherein the anomalous program event detector module is configured to detect an anomalous program execution event in the thread execution data [par 28, 29, 37, 38 – the buffer manager monitors the incoming logging messages and determines if an event has occurred that triggers buffer transfer]; and 
wherein the anomalous program event detector module is further configured to generate an anomalous program event signal in response to detecting the anomalous program execution event in the thread execution data [par 28, 29, 37, 38, 50 – the manager triggers the buffer transfer manager to start transfer of the logging messages from the buffer];
 searching the buffered log data for event specific log data in the at least one memory buffer with a log dependency analyzer module in response to the anomalous program event detector module generating the anomalous program event signal, wherein the log dependency analyzer module is configured for selecting event specific log data from the buffered log data specified by the anomalous program execution event [par 29, 30, 45, 46, 50 – the buffer transfer manager searches the logged messages from the buffer based on event transfer criteria to select particular logged messages that meet the criteria for transfer with respect to a particular event] ; and 
writing the event specific log data to an event specific log file using a log archive writer module configured to format the event specific log data as the event specific log file [par 46, 47].
Rodgers does not explicitly teach receiving execution data and storing buffered log data in real time. Rodgers does, however, seek to record events from an event stream without any significant performance impact.
Carpenter teaches collecting and monitoring events in a log buffer in real time [par 3, 12, 21, 31].
It would have been obvious to one of ordinary skill in the art prior to the effective filing date to combine the real-time nature of Carpenter with the logging, triggering and filtering of Rodgers.
One of ordinary skill in the art prior to the effective filing date would have been motivated to make the combination because Carpenter teaches that logging and analyzing in real time decreases the amount of resources needed for effective logging, reduces noise and makes for more efficient investigation [par 31].

Regarding claim 4:
The combination teaches:
The method of claim 1, wherein the at least one memory buffer is a global memory buffer [Rodgers Fig 1- 140, par 28 – depicts a single global event buffer].

Regarding claim 5:
The combination teaches:
The method of claim 1, wherein the anomalous program event detector module is configured to detect the anomalous program execution event according to a set of anomalous program execution event rules [Rodgers par 37, 41; Carpenter par 21].

Regarding claim 6:
The combination teaches:
The method of claim 5, wherein the set of anomalous program execution event rules comprise one or more of the following: one or more event exceptions, one or more return codes, or one or more error tags [Rodgers par 37; Carpenter par 21, 27].

Regarding claim 7:
The combination teaches:
The method of claim 1, wherein the anomalous program event detector module is configured to detect the anomalous program execution event in response to one or more of the following: entries in specific programming tasks, declines in resource usage of the computer system, changes in memory usage outside of a predetermined range, exceeding boundary values for one or more variables, or exceeding boundary values for one or more counters [Rodgers par 37; Carpenter par 23, 27 – disclose at least examples of boundary values being exceeded].

Regarding claim 9:
The combination teaches:
The method of claim 1, wherein the log dependency analyzer module is configured to select the event specific log data from the buffered log data by using selection rules determined by the anomalous program execution event [Rodgers par 30 – criteria mapped to trigger event].

Regarding claim 13:
The combination teaches:
The method of claim 1, wherein the at least one memory buffer is dynamically allocated according to a rate of receiving anomalous program event signals or stored in temporary memory [Rodgers par 13, 28; Carpenter par 12 – stored in temporary memory].

Regarding claims 18 and 19:
See the teachings of the combination above.
The combination further teaches a computer program product [Rodgers par 80] and a system containing one or more processors, one or more computer readable storage media and instructions on the media for execution by the one or more processors [Rodgers par 67-79].

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over the Rodgers-Carpenter combination as applied to claim 1 above, and further in view of Karppanen (2017/0102919).
Regarding claim 2:
See the teachings of the combination above.
The combination does not explicitly teach the at least one memory buffer comprising a thread memory buffer for each of the one or more threads, and the buffered log data is divided into and stored as thread specific log data in the respective thread memory buffer. The combination does, however, teach an application and teaches that there could be more than a single buffer that makes up the event buffer.
Karppanen teaches multiple threads of an application that are each provided with a thread memory buffer for storing thread specific log data [par 14, 21]. 
It would have been obvious to one of ordinary skill in the art prior to the effective filing date to combine the thread memory buffers of Karppanen with the buffering of the combination.
One of ordinary skill in the art prior to the effective filing date would have been motivated to make the combination because Karppanen discloses that the use of the thread memory buffer technique allows for logging for purposes of diagnosing issues without altering the operation of software or hardware and without dramatically slowing code execution that can cause performance issues [par 3].

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over the Rodgers-Carpenter combination as applied to claim 1 above, and further in view of Gefen et al. (2019/0228296).
Regarding claim 8:
See the teachings of the combination outlined above.
The combination does not explicitly teach using a trained neural network to detect anomalous events. The combination does, however, teach using particular rules and criteria to evaluate buffered logs and detect anomalous events.
Gefen teaches using a trained neural network to detect anomalous events [par 32, 37]
It would have been obvious to one of ordinary skill in the art prior to the effective filing date to combine the anomaly detection of Gefen with anomaly detection of the combination.
One of ordinary skill in the art prior to the effective filing date would have been motivated to make the combination because Gefen discloses that using neural networks for anomaly detection is a known method and that using such automated anomaly detection and log analysis methods address the problems of slow and costly processes, low accuracy and lack of real-time visibility [par 4, 32].

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over the Rodgers-Carpenter combination as applied to claim 1 above, and further in view of Bacha (2018/0307551).
Regarding claim 12:
See the teachings of the combination outlined above.
The combination does not explicitly teach using a trained neural network to select events from a buffered log to be included in an event log file. The combination does, however, teach using rules and criteria to identify which event specific log data to select from buffered log data.
Bacha teaches using a trained neural network to select relevant event logs for storage [par 13, 14, 23, 24].
It would have been obvious to one of ordinary skill in the art prior to the effective filing date to combine the deep learning model of Bacha with the selection process of the combination.
One of ordinary skill in the art prior to the effective filing date would have been motivated to make the combination because Bacha discloses that using a neural network for selection can result in efficiently preserving necessary information while saving storage space by eliminating irrelevant logs [par 9-13]. 

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over the Rodgers-Carpenter combination as applied to claim 1 above, and further in view of Dukes et al. (91226940).
Regarding claim 14:
See the teachings of the combination outlined above.
The combination does not explicitly teach wherein the log archive writer module is configured to delete the event specific log file based, at least in part on, a determination that duplicates are present in an existing event specific log file. The combination does, however, discarding unneeded log entries.
Dukes teaches wherein the log archive writer module is configured to delete the event specific log file based, at least in part on, a determination that duplicates are present in an existing event specific log file [col. 9 lines 48-56 – deduplicating stores the same information only a single time].
It would have been obvious to one of ordinary skill in the art prior to the effective filing date to combine the concept of deduplication as taught by Dukes with the log filtering of the combination.
One of ordinary skill in the art prior to the effective filing date would have been motivated to make the combination because Dukes discloses that deduplication reduces data storage resources required for log data and is easily scalable [Abstract; col. 1 lines 45-48].

Allowable Subject Matter
Claims 3, 10, 11, and 15-17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
‘498 to Sakae et al. discloses filtering an event history set to determine which events from the set should be excluded from deletion from the history memory and storing the other events in a secondary memory.
‘726 to Paithane et al. discloses storing events from each of a plurality of threads separately in an event log, maintaining relationships between the threads and the processes that execute them, determining anomalous events and rending a display of the events and relationships at a thread level.
‘080 to Walker et al. discloses a log buffer to collect entries associated with software process events in a global events log, searching the log for entries that relate to specific events and managing the event log to group the entries by events.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARC M DUNCAN whose telephone number is (571)272-3646. The examiner can normally be reached M-F 7-330.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached on 571-272-3655. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MARC DUNCAN/Primary Examiner, Art Unit 2113