2.0 Examining the Architecture

The Event Manager works in conjunction with Operations Center to process and gather line-oriented ASCII data from a wide variety of sources. From this raw data, Event Manager can generate derived events and alarms. Alarms are lines of text that refer to the changing operational conditions of elements. Basic information contained in each alarm includes its severity, priority, affected element, the time when the alarm occurred, a text messages and a unique identification (ID) number for that alarm.

The Event Manager processes these alarms using predefined rulesets and passes the output of this processing to Operations Center. Additionally, alarms can consist of standard alarm messages that provide the status of network components, messages that create or delete elements, or messages that initiate certain actions. The end result is that, from an input of potentially thousands of messages, a very limited number of alarms—perhaps only several dozen—are forwarded to Operations Center.

The components that comprise the Event Manager are shown in Figure 2-1:

Figure 2-1 Event Manager Architecture

Agents are on a single machine or distributed across multiple machines.

The Event Manager’s architecture consists of the following components:

These components are described in detail in subsequent sections of this guide.