BPPM Event Correlation Rules How-To Video.pdf - BMC Communities
BPPM Event Correlation Rules How-To Video.pdf - BMC Communities
BPPM Event Correlation Rules How-To Video.pdf - BMC Communities
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
READ ME<br />
<strong>BPPM</strong> <strong>Event</strong> Management <strong>Rules</strong> <strong>How</strong>-<strong>To</strong> <strong>Video</strong><br />
This readme document contains information about the example rule shown and discussed in the video. If<br />
you are going to copy the rule for testing in your environment please read and observe the information<br />
here.<br />
Solution Components<br />
The following describes the solution components of the <strong>BPPM</strong> environment used in the making of the<br />
video.<br />
<strong>BPPM</strong> v.8.6.02 SP1 (All components were updated to this patch level.)<br />
NOTE: This rule can be used with <strong>BPPM</strong> version 9.0 and other versions previous to v8.6. It is also<br />
compatible with GA versions of <strong>BMC</strong> <strong>Event</strong> Manager and <strong>BMC</strong> Service Impact Manager.<br />
PATROL Agent & KM<br />
BII4P3 v3.1.10
READ ME<br />
<strong>BPPM</strong> <strong>Event</strong> Management <strong>Rules</strong> <strong>How</strong>-<strong>To</strong> <strong>Video</strong><br />
Monitored Server & Management Platform
<strong>Event</strong> Flow<br />
READ ME<br />
<strong>BPPM</strong> <strong>Event</strong> Management <strong>Rules</strong> <strong>How</strong>-<strong>To</strong> <strong>Video</strong><br />
The following describes the event floe architecture of the <strong>BPPM</strong> environment used in the making of the<br />
video.<br />
The server was monitored by PATROL. PATROL generated events for Service down occurrences as<br />
demonstrated in the video. The events were processed as shown below.<br />
PATROL BII4P3 Remote <strong>Event</strong> Management Cell<br />
The event correlation rule was configured and demonstrated in the remote event management cell<br />
running on the same Virtual machine with PATROL, BII4P3 and the monitored operating system. BII4P3<br />
was configured to process only NT_SERVICES related events from the PATROL KM. This was to<br />
eliminate any possible flood of events into the event cell. The process would work the same way if the<br />
different solution components were distributed on different machines.<br />
In production implementations the events should flow to a PATROL Notification Server before being<br />
processed by BII4P3. This is to support scalability and ensure the smallest possible number of required<br />
BII4P3 instances<br />
Important Usage Notes<br />
This correlation rule is a simple example for demonstration and training purposes only.<br />
The correlation rule must be edited if used in production. This includes changing the event classes<br />
referenced and the slot names in the “where” clause as appropriate to your needs. It also requires adding<br />
hostname and potentially other criterion to the where, within, and when clauses of the rule. Hostname<br />
was deliberately left out of the where clause in the example MRL code so that it will run for any managed<br />
host. This makes the rule generic to any test environment that involves monitoring Windows 2008 SP1.<br />
The demonstration environment implementation started with a clean install of the <strong>BPPM</strong> solution as<br />
described above. The only customization added was the correlate_svc_down.mrl rule file discussed in<br />
the video. No other rules, policies, or other event processing was involved that is not described in this<br />
readme document. You should be able to test or play with the rule file in your environment with no other<br />
additions.
Change language