Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The instant application having Application No. 17/339,262 filed on 06/04/2021 in which claims 1-20 are pending in the application, all of which are ready for examination by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-6, 9-14, and 17-19 are rejected under pre-AIA  35 U.S.C. 103 as being unpatentable over Shcherbakov et al. (U.S. Patent 10,929,415; hereinafter “Shcherbakov”) in view of Sedlack (U.S. PGPub 2002/0178253).

As per claims 1, 9, and 17, Shcherbakov discloses a method, a computing apparatus, and a non-transitory computer readable storage medium for determining an order of parsing rules for routing incoming security logs for processing thereof, the method being implemented by at least one processor, the method comprising:
receiving, by the at least one processor, a first plurality of logs; (See Fig. 33, col. 6, ll 56-67 and col. 8, ll 1-7,wherein logs are disclosed; as taught by Shcherbakov.)
sequentially applying, by the at least one processor to each log from among the first plurality of logs, a set of parsing rules to determine a respective destination, the set of parsing rules having a first order for application thereof; (See col. 8, 5-14, and col. 16, ll 24-31, wherein parsing data process are disclosed, also See col. 23, 17-56, wherein rules and forwarder data functions are disclosed; as taught by Shcherbakov.)
However, Shcherbakov fails to disclose determining, by the at least one processor for the first plurality of logs, whether an efficiency of the sequential application of the set of parsing rules would be increased by adjusting the first order into a second order; reordering, by the at least one processor, the set of parsing rules into the second order based on a result of the determining; receiving, by the at least one processor, a second plurality of logs; and sequentially applying, by the at least one processor, the reordered set of parsing rules to each log from among the second plurality of logs.
On the other hand, Sedlack teaches determining, by the at least one processor for the first plurality of logs, whether an efficiency of the sequential application of the set of parsing rules would be increased by adjusting the first order into a second order; (See Figs. 5, 6 and 10-11, paras. 36-40, 80-82, and 90, wherein parsing rules; as taught by Sedlack.)
reordering, by the at least one processor, the set of parsing rules into the second order based on a result of the determining; (See Figs. 5, 12, paras. 36-40, 82, and 90, wherein reordering process are disclosed; as taught by Sedlack.)
receiving, by the at least one processor, a second plurality of logs; (See Figs. 4, 5, wherein logs are disclosed; as taught by Sedlack.)
and sequentially applying, by the at least one processor, the reordered set of parsing rules to each log from among the second plurality of logs. (See Figs. 5, 12, paras. 36-40, 46, wherein parsing rules and reordering process are disclosed; as taught by Sedlack.)
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Sedlack teachings in the Shcherbakov system. Skilled artisan would have been motivated to incorporate the method for establishing compatibility between heterogeneous web server access log formats taught by Sedlack in the Shcherbakov system to determine relationships between components of the isolated execution environment system.  In addition, both of the references (Shcherbakov and Sedlack) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as database operations.  This close relation between both of the references highly suggests an expectation of success. 

As per claims 2, 10, and 18, Shcherbakov fails to disclose wherein for each log from among the first plurality of logs, the respective destination corresponds to one log normalization routine selected from among a plurality of log normalization routines that are configured to reformat each log into a common format.
On the other hand, Sedlack teaches wherein for each log from among the first plurality of logs, the respective destination corresponds to one log normalization routine selected from among a plurality of log normalization routines that are configured to reformat each log into a common format. (See Figs. 4, 9, paras. 37, wherein converting format process  of Common Log Format (CLF) are disclosed; as taught by Sedlack.)
See claims 1, 9, and 18 for motivation above.

As per claims 3, 11, and 19, Shcherbakov discloses wherein the determining whether the efficiency would be increased comprises: determining, for each log from among the first plurality of logs, a respective log type; (See Figs. 31C, 32B, col. 8, ll 1-7, wherein source types are disclosed; as taught by Shcherbakov.)
determining, for the first plurality of logs, a respective volume that corresponds to each determined log type; (See Figs. 31C, 32B, col. 8, ll 1-7, wherein source types are disclosed; as taught by Shcherbakov.)
However, Shcherbakov fails to disclose adjusting the first order into the second order based on the determined volume for each determined log type.
On the other hand, Sedlack teaches adjusting the first order into the second order based on the determined volume for each determined log type.(See Figs. 5, 12, paras. 36-40, 46, wherein parsing rules and reordering process are disclosed; as taught by Sedlack.)
See claims 1, 9, and 18 for motivation above.

As per claims 4 and 12, Shcherbakov discloses quantifying each determined respective volume as a corresponding data rate for each determined log type, based on both of the determined volume and the corresponding data rate for each determined log type. (See Figs. 31C, 32B, col. 8, ll 1-7, wherein source types are disclosed, also col. 29, ll 59-65, wherein rate of data are disclosed; as taught by Shcherbakov.)
However, Shcherbakov fails to disclose wherein the adjusting of the first order into the second order is performed.
On the other hand, Sedlack teaches wherein the adjusting of the first order into the second order is performed. (See Figs. 5, 6 and 10-11, paras. 36-40, 80-82, and 90, wherein parsing rules; as taught by Sedlack.)
See claims 1, 9, and 18 for motivation above.

As per claims 5 and 13, Shcherbakov discloses wherein the determining whether the efficiency would be increased comprises:
determining, for each log from among the first plurality of logs, a respective log type; (See Figs. 31C, 32B, col. 8, ll 1-7, wherein source types are disclosed; as taught by Shcherbakov.)
determining, for the first plurality of logs, a respective complexity that corresponds to each determined log type; and order based on the determined complexity for each determined log type; (See Figs. 31C, 32B, col. 8, ll 1-7, wherein source types are disclosed, also See col. 50, ll 59-64 and col. 51, ll 5-22, wherein level of priority are disclosed, also See col. 161, ll 4-9, 54-67 and col. 162, ll 1-4, wherein severity level of events are disclosed; as taught by Shcherbakov.)
However, Shcherbakov fails to disclose adjusting the first order into the second order.
On the other hand, Sedlack teaches adjusting the first order into the second order. (See Figs. 5, 6 and 10-11, paras. 36-40, 80-82, and 90, wherein parsing rules; as taught by Sedlack.)
See claims 1, 9, and 18 for motivation above.

As per claims 6 and 14, the combination of Shcherbakov and Sedlack discloses wherein the determining of the respective complexity that corresponds to each determined log type is based on at least one from among an amount of data and a type of data included in each determined log type, and wherein the type of data included in each determined log type includes at least one from among text data, voice data, image data, and color data. (See Figs. 31C, 32B, col. 8, ll 1-7, wherein source types are disclosed, also See col. 50, ll 59-64 and col. 51, ll 5-22, wherein level of priority are disclosed, also See col. 161, ll 4-9, 54-67 and col. 162, ll 1-4, wherein severity level of events are disclosed, also See Fig. 29C, col. 19, ll 7-15 and col. 191, ll 21-24, wherein images, voice data are disclosed; as taught by Shcherbakov.)

Allowable Subject Matter
1.    Claims 7, 8, 15, 16, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if 112(b) rejections are overcome and rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Reasons for the Indication of Allowable Subject Matter
2.    The following is a statement of reasons for the indication of allowable subject matter:
3.    The primary reason for allowance of claims 7, 8, 15, 16, and 20 in the instant application is because the prior arts of record do not teach or suggest: Claim 7: translating each determined complexity into a respective equivalent volume for each determined log type; and quantifying each determined respective equivalent volume as a corresponding data rate for each determined log type, wherein the adjusting of the first order into the second order is performed based on all of the determined complexity, the determined respective equivalent volume, and the corresponding data rate for each determined log type. 
Claim 8: determining a first time interval that corresponds to an amount of time during the first plurality of logs is received; assigning all logs received starting immediately after the first time interval has elapsed and ending when a subsequent elapsement of the first interval has occurred to the second plurality of logs; determining, for the second plurality of logs, whether the efficiency of the sequential application of the reordered set of parsing rules would be increased by adjusting the second order into a third order; and reordering the set of parsing rules into the third order based on a result of the determining of whether the efficiency would be increased by adjusting the second order into the third order.
The prior art of record including the disclosures above neither anticipates nor renders obvious the above recited combination.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
1) Awadallah et al. (U.S. PGPub 2016/0005196) discloses constructing a graph that facilitates provision of exploratory suggestions.
2) Crabtree et al. (U.S. PGPub 2018/0183766) discloses detecting and mitigating forged authentication object attacks using an advanced cyber decision platform.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIN LIN M HTAY whose telephone number is (571)272-7293.  The examiner can normally be reached on M-F, 7am-3pm, PST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alford Kindred can be reached on (571)272-4037.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/L. L. H./
Examiner, Art Unit 2153

/KRIS E MACKES/           Primary Examiner, Art Unit 2153