ibm.com/redbooks Event Management and Best PracticesBest Practices Tony Bhe Peter Glasmacher Jacqueline Meckwood Guilherme Pereira Michael Wallace Implement and use best practices for event processing Customize IBM Tivoli products for event processing Diagnose IBM Tivoli Enterprise Console, NetView, Switch Analyzer Front cover Event Management and Best Practices June 2004 International Technical Support Organization SG24-6094-00 © Copyright International Business Machines Corporation 2004. All rights reserved. Note to U.S. Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. First Edition (June 2004) This edition applies to the following products: Version 3, Release 9, of IBM Tivoli Enterprise Console Version 7, Release 1, Modification 4 of IBM Tivoli NetView Version 1, Release 2, Modification 1 of IBM Tivoli Switch Analyzer Note: Before using this information and the product it supports, read the information in “Notices” on page ix. Note: This IBM Redbook is based on a pre-GA version of a product and may not apply when the product becomes generally available. We recommend that you consult the product documentation or follow-on versions of this IBM Redbook for more current information. © Copyright IBM Corp. 2004. All rights reserved. iii Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xi The team that wrote this redbook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Chapter 1. Introduction to event management. . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Importance of event correlation and automation . . . . . . . . . . . . . . . . . . . . . 2 1.2 Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2.1 Event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2.2 Event management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2.3 Event processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.4 Automation and automated actions. . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3 Concepts and issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3.1 Event flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3.2 Filtering and forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.3.3 Duplicate detection and throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.3.4 Correlation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3.5 Event synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.3.6 Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 1.3.7 Trouble ticketing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 1.3.8 Escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 1.3.9 Maintenance mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 1.3.10 Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 1.4 Planning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 1.4.1 IT environment assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 1.4.2 Organizational considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 1.4.3 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 1.4.4 Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Chapter 2. Event management categories and best practices . . . . . . . . . 25 2.1 Implementation approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.1.1 Send all possible events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.1.2 Start with out-of-the-box notifications and analyze reiteratively . . . . 27 2.1.3 Report only known problems and add them to the list as they are identified . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.1.4 Choose top X problems from each support area . . . . . . . . . . . . . . . 28 iv Event Management and Best Practices 2.1.5 Perform Event Management and Monitoring Design . . . . . . . . . . . . 28 2.2 Policies and standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 2.2.1 Reviewing the event management process . . . . . . . . . . . . . . . . . . . 33 2.2.2 Defining severities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 2.2.3 Implementing consistent standards. . . . . . . . . . . . . . . . . . . . . . . . . . 36 2.2.4 Assigning responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 2.2.5 Enforcing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 2.3 Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 2.3.1 Why filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 2.3.2 How to filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 2.3.3 Where to filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.3.4 What to filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.3.5 Filtering best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 2.4 Duplicate detection and suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 2.4.1 Suppressing duplicate events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 2.4.2 Implications of duplicate detection and suppression. . . . . . . . . . . . . 46 2.4.3 Duplicate detection and throttling best practices. . . . . . . . . . . . . . . . 50 2.5 Correlation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 2.5.1 Correlation best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 2.5.2 Implementation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 2.6 Notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 2.6.1 How to notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 2.6.2 Notification best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 2.7 Escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 2.7.1 Escalation best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 2.7.2 Implementation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 2.8 Event synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.8.1 Event synchronization best practices . . . . . . . . . . . . . . . . . . . . . . . . 67 2.9 Trouble ticketing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 2.9.1 Trouble ticketing best practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 2.10 Maintenance mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 2.10.1 Maintenance status notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 2.10.2 Handling events from a system in maintenance mode . . . . . . . . . . 74 2.10.3 Prolonged maintenance mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 2.10.4 Network topology considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 76 2.11 Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 2.11.1 Automation best practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 2.11.2 Automation implementation considerations . . . . . . . . . . . . . . . . . . 80 2.12 Best practices flowchart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Chapter 3. Overview of IBM Tivoli Enterprise Console . . . . . . . . . . . . . . . 85 3.1 The highlights of IBM Tivoli Enterprise Console . . . . . . . . . . . . . . . . . . . . 86 3.2 Understanding the IBM Tivoli Enterprise Console data flow . . . . . . . . . . . 87 Contents v 3.2.1 IBM Tivoli Enterprise Console input . . . . . . . . . . . . . . . . . . . . . . . . . 88 3.2.2 IBM Tivoli Enterprise Console processing . . . . . . . . . . . . . . . . . . . . 89 3.2.3 IBM Tivoli Enterprise Console output . . . . . . . . . . . . . . . . . . . . . . . . 90 3.3 IBM Tivoli Enterprise Console components . . . . . . . . . . . . . . . . . . . . . . . 91 3.3.1 Adapter Configuration Facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 3.3.2 Event adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 3.3.3 IBM Tivoli Enterprise Console gateway . . . . . . . . . . . . . . . . . . . . . . 92 3.3.4 IBM Tivoli NetView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 3.3.5 Event server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 3.3.6 Event database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 3.3.7 User interface server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 3.3.8 Event console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 3.4 Terms and definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 3.4.1 Event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 3.4.2 Event classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 3.4.3 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 3.4.4 Rule bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 3.4.5 Rule sets and rule packs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 3.4.6 State correlation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Chapter 4. Overview of IBM Tivoli NetView. . . . . . . . . . . . . . . . . . . . . . . . 101 4.1 IBM Tivoli NetView (Integrated TCP/IP Services) . . . . . . . . . . . . . . . . . . 102 4.2 NetView visualization components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 4.2.1 The NetView EUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 4.2.2 NetView maps and submaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 4.2.3 The NetView event console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 4.2.4 The NetView Web console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 4.2.5 Smartsets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 4.2.6 How events are processed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 4.3 Supported platforms and installation notes . . . . . . . . . . . . . . . . . . . . . . . 120 4.3.1 Supported operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 4.3.2 Java Runtime Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 4.3.3 AIX installation notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 4.3.4 Linux installation notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 4.4 Changes in NetView 7.1.3 and 7.1.4. . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 4.4.1 New features and enhancements for Version 7.1.3 . . . . . . . . . . . . 124 4.4.2 New features and enhancements for Version 7.1.4 . . . . . . . . . . . . 126 4.4.3 First failure data capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 4.5 A closer look at the new functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 4.5.1 servmon daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 4.5.2 FFDC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Chapter 5. Overview of IBM Tivoli Switch Analyzer . . . . . . . . . . . . . . . . . 141 vi Event Management and Best Practices 5.1 The need for layer 2 network management. . . . . . . . . . . . . . . . . . . . . . . 142 5.1.1 Open Systems Interconnection model . . . . . . . . . . . . . . . . . . . . . . 142 5.1.2 Why layer 3 network management is not always sufficient. . . . . . . 143 5.2 Features of IBM Tivoli Switch Analyzer V1.2.1 . . . . . . . . . . . . . . . . . . . . 144 5.2.1 Daemons and processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 5.2.2 Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 5.2.3 Layer 2 status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 5.2.4 Integration into NetView’s topology map. . . . . . . . . . . . . . . . . . . . . 157 5.2.5 Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 5.2.6 Root cause analysis using IBM Tivoli Switch Analyzer and NetView160 5.2.7 Real-life example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Chapter 6. Event management products and best practices . . . . . . . . . 173 6.1 Filtering and forwarding events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 6.1.1 Filtering and forwarding with NetView. . . . . . . . . . . . . . . . . . . . . . . 174 6.1.2 Filtering and forwarding using IBM Tivoli Enterprise Console. . . . . 205 6.1.3 Filtering and forwarding using IBM Tivoli Monitoring . . . . . . . . . . . 210 6.2 Duplicate detection and throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 6.2.1 IBM Tivoli NetView and Switch Analyzer for duplicate detection and throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 6.2.2 IBM Tivoli Enterprise Console duplicate detection and throttling . . 212 6.2.3 IBM Tivoli Monitoring for duplicate detection and throttling. . . . . . . 217 6.3 Correlation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 6.3.1 Correlation with NetView and IBM Tivoli Switch Analyzer . . . . . . . 218 6.3.2 IBM Tivoli Enterprise Console correlation . . . . . . . . . . . . . . . . . . . . 232 6.3.3 IBM Tivoli Monitoring correlation. . . . . . . . . . . . . . . . . . . . . . . . . . . 244 6.4 Notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 6.4.1 NetView. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 6.4.2 IBM Tivoli Enterprise Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 6.4.3 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 6.4.4 IBM Tivoli Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 6.5 Escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 6.5.1 Severities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 6.5.2 Escalating events with NetView . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 6.6 Event synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 6.6.1 NetView and IBM Tivoli Enterprise Console . . . . . . . . . . . . . . . . . . 295 6.6.2 IBM Tivoli Enterprise Console gateway and IBM Tivoli Enterprise Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 6.6.3 Multiple IBM Tivoli Enterprise Console servers. . . . . . . . . . . . . . . . 297 6.6.4 IBM Tivoli Enterprise Console and trouble ticketing . . . . . . . . . . . . 302 6.7 Trouble ticketing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 6.7.1 NetView versus IBM Tivoli Enterprise Console. . . . . . . . . . . . . . . . 307 6.7.2 IBM Tivoli Enterprise Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Contents vii 6.8 Maintenance mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 6.8.1 NetView. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 6.8.2 IBM Tivoli Enterprise Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 6.9 Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 6.9.1 Using NetView for automation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 6.9.2 IBM Tivoli Enterprise Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 6.9.3 IBM Tivoli Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Chapter 7. A case study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 7.1 Lab environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 7.1.1 Lab software and operating systems . . . . . . . . . . . . . . . . . . . . . . . 358 7.1.2 Lab setup and diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 7.1.3 Reasons for lab layout and best practices . . . . . . . . . . . . . . . . . . . 362 7.2 Installation issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 7.2.1 IBM Tivoli Enterprise Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 7.2.2 NetView. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 7.2.3 IBM Tivoli Switch Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 7.3 Examples and related diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 7.3.1 Event flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 7.3.2 IBM Tivoli Enterprise Console troubleshooting . . . . . . . . . . . . . . . . 377 7.3.3 NetView. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394 7.3.4 IBM Tivoli Switch Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Appendix A. Suggested NetView configuration . . . . . . . . . . . . . . . . . . . . 401 Suggested NetView EUI configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Event console configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Web console installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Web console stand-alone installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Web console applet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Web console security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Web console menu extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 A smartset example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423 viii Event Management and Best Practices [...]... by message type When an event is allowed to enter the event processing hierarchy, it is said to be forwarded Events can be forwarded from event sources to event processors and between event processors Chapter 2, Event management categories and best practices on page 25, discusses the preferred methods of filtering and forwarding events 1.3.3 Duplicate detection and throttling Events that are deemed... event- handling procedures The linkages between the various departments within the organization required to handle events and the flow of this information between them is the focus of event management Tools are mentioned in reference to how they fit into the flow of 4 Event Management and Best Practices event information through the organization and to which standards should be applied to that flow Since events... States and other countries SET, SET Secure Electronic Transaction, and the SET Logo are trademarks owned by SET Secure Electronic Transaction LLC Other company, product, and service names may be trademarks or service marks of others x Event Management and Best Practices Preface This IBM Redbook presents a deep and broad understanding about event management with a focus on best practices It examines event. .. Austin, Texas 78758-3493 Preface xiii xiv Event Management and Best Practices 1 Chapter 1 Introduction to event management This chapter explains the importance of event correlation and automation It defines relevant terminology and introduces basic concepts and issues It also discusses general planning considerations for developing and implementing a robust event management system © Copyright IBM Corp... responses to events, eliminates duplication of effort, and simplifies the configuration and maintenance of the tools used for event management 1.2.3 Event processing While event management focuses on the high-level flow of events through an organization, event processing deals with tools Specifically, the term event processing is used to indicate the actions taken upon events automatically by systems management. .. generate events Events may also be used as reminders to take action manually or as notification that an action has occurred 1.2.2 Event management The way in which an organization deals with events is known as event management It may include the organization’s objectives for managing events, assigned roles and responsibilities, ownership of tools and processes, critical success factors, standards, and event- handling... failed and sends an event to an event processor The event describes an error condition, called a problem event When the service is later restored, the agent sends another event to inform the event processor the service is again running and the error condition has cleared This event is known as a clearing event When an event processor receives a clearing event, it normally closes the problem event to... the organization This is one of the 10 Event Management and Best Practices purposes of the event management process described in 1.2.2, Event management on page 4 Root cause correlation A problem may sometimes trigger other problems, and each problem may be reported by events The event reporting the initial problem is referred to as a root cause, or primary event Those that report the subsequent... between the problem and clearing event can be depicted graphically as shown in Figure 1-1 The correlation sequence is described as follows: Problem is reported when received (Service Down) Event is closed when a recovery event is received (Service Recovered) 8 Event Management and Best Practices Service Down (Problem Event) Service Recovered (Clearing Event) Figure 1-1 Problem and clearing correlation... implementing actions to deal with the related events is known as event correlation Correlated events may reference the same affected resource or different resources They may generated by the same event source or handled by the same event processor Problem and clearing event correlation This section presents an example of events that are generated from the same event source and deal with the same system resource . ibm.com/redbooks Event Management and Best PracticesBest Practices Tony Bhe Peter Glasmacher Jacqueline Meckwood Guilherme Pereira Michael Wallace Implement and use best practices for event processing Customize. . . . . . . . . . . . 28 iv Event Management and Best Practices 2.1.5 Perform Event Management and Monitoring Design . . . . . . . . . . . . 28 2.2 Policies and standards . . . . . . . . . and introduces basic concepts and issues. It also discusses general planning considerations for developing and implementing a robust event management system. 1 2 Event Management and Best Practices 1.1