A ruleset is a text file that describes how the Event Manager agents parse and extract meaningful information from raw text data.
Assign a ruleset to each agent in the network. The ruleset instructs the agent to process any raw data that it receives.
Event Manager rulesets are compatible with BMC Software MAX/Enterprise rulesets. Rulesets created using the MAX/Enterprise ruleset editor can be imported directly into the Event Manager.
Use rulesets to:
Generate alarms using information such as the alarm description, severity, and priority
Parse information from incoming events into attributes (standard or user-defined)
Reformat or embellish terse or cryptic messages to produce more meaningful messages
Escalate the severity or priority of a message based on the number of messages received, the period of time in which a message was received, or if an operator did not acknowledge the message
Remove messages that are invalidated by subsequent messages
Determine a course of action through simple IF/THEN logic
Identify matches between incoming events and parent and child level rules
Determine whether an incoming event displays as an alarm or is discarded
Parse information from an incoming event into variables (system or user-defined)
Define derived alarm information such as the alarm description, severity, and priority
Use a component level to identify a failed component or affected resource. Alarms display in the Operations Center console.
Discard irrelevant messages
Assign severity to messages
Delete redundant messages or events