Whoops, didn't mean to send to the entire list - I guess I had too many mini oreo cookies last night...
----- Original Message ----- From: Mike Peckar ov@fognet.com To: wlug@mail.wlug.org Sent: Thursday, October 11, 2001 11:27 PM Subject: [Wlug] more on event correlation...
Nice meeting you tonight, Chuck, and THANKS for the redhat cd's...
sec was the freeware event correlation tool I spoke of tonight: It is a straightforward perl script and doesn't implement a full state machine,
but
it nevertheless provides some inklings of what more complciated event correlators do. Check it at http://kodu.neti.ee/~risto/sec/
The best commercial event corellation tools IMHO are Nervecenter, Taave, Smarts, and Netcool. Each has its niche where it's best in class, and there are others, like HP's ECS, Logec, G2, etc.
My friend Doug Stevenson is a specialist in event correlation and wrote
the
Maji spec: the open source event correlation engine being developed under the umbrella of OpenNMS (yeah, so, it'll be java - but it will also be
very
feature rich). He masterfully defines some of the layers of granularity
that
one might see amongst the different offerings in the Event Correlation space. Types we talked about tonight include event correlation (reducing traps) and device correlation (mapping switch states to events). His definitions are listed below...
Mike
<snipped message> OK...
Here goes... § Event Correlation
§ Alarm Correlation
§ Device Correlation
§ System Correlation
§ Service Correlation
§ Performance Correlation
§ Security Correlation
Event Correlation - This is a correlation where multiple events are
filtered
and processed, thereby reducing the number of events presented. This is primarily done with event tally counts and trap problem verification.
Alarm Correlation - This is a correlation of alarms and alerts depicting true problems or root causes and their current status. Side effect alarms
or
alarms occurring as a result of a root cause alarm are suppressed or
become
subordinate to the root cause alarm.
Device Correlation - This is a correlation of devices, their specific internal components (both hardware and software), and the device's
behavior
with other devices. Additionally, device correlation lends itself toward configuration management as it is a dynamic inventory of devices, subsystems, components, and behaviors.
System Correlation - This is a correlation of devices and managed objects
as
they pertain to an overall system. This level of correlation enables one
to
manage and classify a conglomeration of managed objects as a manageable entity.
Service Correlation - This correlation is used to determine the devices
and
systems that make up an IT service. In essence, this is the correlation of managed objects and systems to business rules; similar to a translation of terms from computers and systems to business services. The Service Correlation can be extended to customer impact analysis, business profitability impact analysis, etc.
Performance Correlation - This correlation is used to determine the
effects
performance has with regards to a fault. It is unique in that performance correlation can be applied to enhance the correlation of all of the other categories.
Security Correlation - This correlation is used to determine the degree of threats caused by security incidents. It is unique in that security correlation is embedded among all the other six categories described
above.
HTH,
Doug...
Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug