7.1 Understanding Rulesets

A ruleset is a text file that describes how the Event Manager agents parse and extract meaningful information from raw text data.

Assign a ruleset to each agent in the network. The ruleset instructs the agent to process any raw data that it receives.

Event Manager rulesets are compatible with BMC Software MAX/Enterprise rulesets. Rulesets created using the MAX/Enterprise ruleset editor can be imported directly into the Event Manager.

Use rulesets to:

  • Generate alarms using information such as the alarm description, severity, and priority

  • Parse information from incoming events into attributes (standard or user-defined)

  • Reformat or embellish terse or cryptic messages to produce more meaningful messages

  • Escalate the severity or priority of a message based on the number of messages received, the period of time in which a message was received, or if an operator did not acknowledge the message

  • Remove messages that are invalidated by subsequent messages

  • Determine a course of action through simple IF/THEN logic

  • Identify matches between incoming events and parent and child level rules

  • Determine whether an incoming event displays as an alarm or is discarded

  • Parse information from an incoming event into variables (system or user-defined)

  • Define derived alarm information such as the alarm description, severity, and priority

    Use a component level to identify a failed component or affected resource. Alarms display in the Operations Center console.

  • Discard irrelevant messages

  • Assign severity to messages

  • Delete redundant messages or events