You are on page 1of 21


Infrastructure Events and Alerts

Event Management and Correlation
Event Rules Condition Correlation Event Procedures Event Integration South-Bound-GW

Event Notifications

SSA 3.0: Service AND Event/Alert Umbrella

Infrastructure Events and Alerts

Can be created also manually through Event Configuration Editor. SPECTRUM can also generate an alarm based on the results of a SpectroWATCH violation. SPECTRUM generates an alarm when an event specifies that one should be created. . or as a result of SPECTRUM detecting an abnormal situation not based on an event (inference handler based).What is an Event versus an Alarm?  Events An event is a SPECTRUM object that indicates that something significant has occurred within SPECTRUM itself or within the managed environment. Typically. abnormal condition exists in a model. imported via MIB Tools or created by editing the Event Configuration Files.An alarm is a SPECTRUM object that indicates that a user-actionable.  Alarms .

Events in Spectrum Oneclick .

Alarms in Spectrum Oneclick ECE .

 PCause files control what is displayed in the Probable Cause information.  The dynamic alarm title attribute can be populated with an Event Variable. event variables information.Alarms information in Spectrum Oneclick  PCause code is specified for each alarm that displays the Probable Cause information for an alarm.  PCause files are static.pdf . The dynamic varbind ID is 76620 (or 0x12b4c). This allows for a single Probable cause to have a dynamic alarm title. See Event Configuration User Guide.

11.0x00561001.1.2620.(event [{e}]) --------------------------------------------File: CsPCause/Prob00561001 > Alarm Message Content: FIREWALL STATUS ALARM SYMPTOMS: A Firewall System status is over the treshold. Event Message is: {S 101}. %Y .6.%T"} .1.6.U -----------------------------------------File: CsEvFormat/00561001 > Event Message Content: {d "%w.2620.4.1.1.%d %m-. 0x561001 -------------------------------------------File: EventDisp > Maps Event to Alarm 0x00561001 Content: 0x00561001 E 50 A 1.Example: Trap Forwarding of external Managers and Event/Alarming in SPECTRUM Example: Checkpoint FW Manager File AlertMap > Maps Trap to Event 00561001 SS/CsVendor/<customer>_Checkpoint Content: 1.3.0(101.6. PROBABLE CAUSES: 1) A Trap from the firewall system was send 2) Firewall System has to high system usage RECOMMENDED ACTIONS: 1) Check the Event Message in the SPECTRUM Alarm Manager 2) Inform the Firewall Administrator 3) Check the thresholds on the Firewall System --------------------------------------------- .Device {m} of type {t} generated.

Event Management and Correlation .

Secondary alarms are just those with a lesser severity.Spectrum Event Correlation  Fault Suppression  Downstream device fault suppression (including VPM)  Child (Port/Process) suppression  Port flapping  Other default EventRules based Correlations  Alarm De-duplication  Recurring events for the same field of the existing alarm. .  Alarm Filtering  from alarm console.

Simple Event Configuration updates This includes specifying which events generate/clear alarms and event variables to discriminate. In addition. Events (or the be inferred. event and alarm descriptions can be modified and enriched. 3. They are listed below: 1. Condition Correlation Condition correlation allows for multiple events to be correlated across groups of models. 5. 2. Event Rules Event rules allow for events to be correlated on individual models (of the same modeltype). including creating new event variables and asserting events on models other than the source (between different models(types)). You can also influence the automatic Faultisoltion Event and Alarming behavior . 4.Extending Event Correlation  There are a number of ways that SPECTRUM Event Correlation capabilities can be updated and enhanced. Event Procedures Complex expressions that allow for events to be manipulated at a very granular level.

pdf . Settings in Component Details view of the VNM model See also for example Modeling and Managing Your IT Infrastructure Administrator Guide. 2.Inductive Modeling Technology Setting Fault Isolation Parameters 1.

not to groups of models.Event Rules  Event Rules permit you to specify a more INTELLIGENT decision-making to indicate how an event is to be processed.  Event Rules available:  Event Condition  Event Pair  Event Rate  Event Series  Event Counter  Hearbeat  Single Event  Solo Event .  Event rules allow you to correlate multiple events on the same model.

{S \ \*\"})".3:3.2.Examples: Event Pair & Event Condition GUI ConditionEventRule for SPM Tests: Generate event(alarm) 0xfffffffa only.2:2.9 0x0456000b E 20 R Aprisma. and deliver Var 1.EventCondition.3.9:9" EventDisp File .1 (SPM-Test name) starts with AUA . if var. "0xfffffffa 1:1. "regexp({v 1}.

Example: SPECTRUM Condition Correlation Editor LSP Alarms generate one MPLS Backbone Error Alarm Create Condition: left side (eg Error Backbone Error (type: counts) these but show as symptomes .

dann soll auch ein Event/Alarm auf dem entsprechenden Port erzeugt und ausgewertet werden 0xbeecc001 E 50 P " \ ForEach( \ GetModelsByAttrValue( \ { H 0x10069 }. Dann Check. hier dann IP Adresse) Dann.) des Devices. \ Nil()))" Die Proc findet zuerst mal alle Modelle (GetModelsByAttrValue). mit denselben Varbinds wie der ursprüngliche Event.h. (z. d.B.B. \ { U 0 }. \ CreateEventWithAttributes( \ { V portModel }. \ { V portMh }. CA) # Ziel: wenn dieser SPM-Event/Alarm auf dem Device erzeugt wird. falls der Port matched (hier z. \ { H 0x11348 } ). ifIndex). um den richtigen Port zu finden. wird ein neuer Event auf ihm generiert (0xbeecc002)..Example: Event Procedures (in EventDisp Files) # wenn Event beecc001 erzeugt wird. \ { V dummyRetValue }. \ { H 0xbeecc002 }. . führe folgende Procedure aus ( Johannes Kroupa . wird auch nichts gemacht (Nil()). in der Schleife behandelt). ob ifIndex (0x11348) am Port derselbe ist wie Varbind 1 im Event. \ { H 0x129fa } )). \ GetEventAttributeList()). \ If( \ Equals( \ ReadAttribute( \ { V portMh }. Falls der Port nichts matched. \ ReadAttribute( \ { C CURRENT_MODEL }. alle Ports (und Apps. \ GetEventVariable( { U 1 } )).

Architecture .CA Event Integration (EI) .


SNMP and CORBA etc. Vendor Specific EMS via Trap Vendor Specific EMS via XML double click . LogFiles (SYSLOGs !). DBs .Southbound Gateway Non-SNMP. Traps. V.24 and others Events and Traps from different Sources For example Logfiles. Element Managers via XML.

Event Notification .

alarm-processing applications and SANM (Policy Manager) work together in the alarm monitoring process. .Alarm Notification CA Spectrum.

thank you .