B.9 Correlation Engine
Below listed are relevant to correlation engine.
B.9.1 Correlation Action Definition
Table B-72 Correlation Engine - Correlation Action Definition
|
Severity
|
|
|
Event Name
|
New/Update/Remove
|
|
Resource
|
Correlation
|
|
SubResource
|
CorrelationActionDefinition
|
|
Message
|
Action Name: <name> with Id: <ID>
|
B.9.2 Correlation Engine Configuration
Table B-73 Correlation Engine - Correlation Engine Configuration
|
Severity
|
|
|
Event Name
|
New/Update/Remove
|
|
Resource
|
Correlation
|
|
SubResource
|
CorrEngineConfig
|
|
Message
|
Correlation Engine ID: <ID> Name: <name> Active: {2}
|
B.9.3 Correlation Engine is Running
The correlation engine process can be idled by the user. Its running state determines whether the active process is processing events or not. The process starts in the idle (stopped) state and waits to retrieve its configuration from the database. This event is sent when the engine changes state from stopped to running.
Table B-74 Correlation Engine - Correlation Engine is Running
|
Severity
|
1
|
|
Event Name
|
EngineRunning
|
|
Resource
|
CorrelationEngine
|
|
SubResource
|
CorrelationEngine
|
|
Message
|
Correlation Engine is processing events.
|
B.9.4 Correlation Engine is Stopped
This event is sent out when the engine changes state from running to stopped.
Table B-75 Correlation Engine - Correlation Engine is Stopped
|
Severity
|
1
|
|
Event Name
|
EngineStopped
|
|
Resource
|
CorrelationEngine
|
|
SubResource
|
CorrelationEngine
|
|
Message
|
Correlation Engine has stopped processing events.
|
B.9.5 Correlation Rule
Table B-76 Correlation Engine - Correlation Rule
|
Severity
|
|
|
Event Name
|
New/Update/Remove
|
|
Resource
|
Correlation
|
|
SubResource
|
CorrRule
|
|
Message
|
Rule Name: <name> Type: <type> Rule Id: <ID>
|
B.9.6 Correlation Rule Configuration
Table B-77 Correlation Engine - Correlation Rule Configuration
|
Severity
|
|
|
Event Name
|
New/Update/Remove
|
|
Resource
|
Correlation
|
|
SubResource
|
CorrRuleConfig
|
|
Message
|
Correlation Rule Config ID: <ID> Rule Definition ID: {1} Name: <name> Active: {3}
|
B.9.7 Deploy Rules With Actions To Engine
Table B-78 Correlation Engine - Deploy Rules With Actions To Engine
|
Severity
|
|
|
Event Name
|
deployRulesWithActionsToEngine
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Deploy Rules With Actions To Engine <enginId>: Rules: <ruleID> Actions: <actionID>
|
B.9.8 Disabling Rule
Table B-79 Correlation Engine - Disabling Rule
|
Severity
|
|
|
Event Name
|
disableRule
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Disable Rule: {ruleCfgId}
|
B.9.9 Enabling Rule
Table B-80 Correlation Engine - Enabling Rule
|
Severity
|
|
|
Event Name
|
enableRule
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Enable Rule: {ruleCfgId}
|
B.9.10 Rename Correlation Engine
Table B-81 Correlation Engine - Rename Correlation Engine
|
Severity
|
|
|
Event Name
|
renameCorrEngine
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Rename Engine to: <name> with EngineId: <ID>
|
B.9.11 Rule Deployment is Modified
This event is sent out when an engine successfully reloads a rule deployment. This message is sent out regardless of the engine running state.
Table B-82 Correlation Engine - Rule Deployment is Modified
|
Severity
|
1
|
|
Event Name
|
DeploymentModified
|
|
Resource
|
CorrelationEngine
|
|
SubResource
|
Deployment
|
|
Message
|
Deployment <name> modified
|
B.9.12 Rule Deployment is Started
This event is sent out when an engine successfully loads a rule deployment. This message is sent out regardless of the engine running state.
Table B-83 Correlation Engine - Rule Deployment is Started
|
Severity
|
1
|
|
Event Name
|
DeploymentStarted
|
|
Resource
|
CorrelationEngine
|
|
SubResource
|
Deployment
|
|
Message
|
deployment <name> started
|
B.9.13 Rule Deployment is Stopped
This event is sent out when an engine successfully unloads a rule deployment. This message is sent out regardless of the engine running state.
Table B-84 Correlation Engine - Rule Deployment is Stopped
|
Severity
|
1
|
|
Event Name
|
DeploymentStopped
|
|
Resource
|
CorrelationEngine
|
|
SubResource
|
Deployment
|
|
Message
|
deployment <name> stopped
|
B.9.14 Starting Engine
Table B-85 Correlation Engine - Starting Engine
|
Severity
|
|
|
Event Name
|
startEngine
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Start engine: <engineID>
|
B.9.15 Stopping Engine
Table B-86 Correlation Engine - Stopping Engine
|
Severity
|
|
|
Event Name
|
stopEngine
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Stop engine: <engineID>
|
B.9.16 UnDeploy All Rules From Engine
Table B-87 Correlation Engine - UnDeploy All Rules From Engine
|
Severity
|
|
|
Event Name
|
undeployAllRulesFromEngine
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Undeploy all rules from Engine:
|
B.9.17 UnDeploy Rule
Table B-88 Correlation Engine - UnDeploy Rule
|
Severity
|
|
|
Event Name
|
undeployRule
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Undeploy Rule: {ruleCfgId}
|
B.9.18 Update Correlation Rule Actions
Table B-89 Correlation Engine - Update Correlation Rule Actions
|
Severity
|
|
|
Event Name
|
updateCorrRuleActions
|
|
Resource
|
CorrelationManagementService
|
|
SubResource
|
CorrelationManagementService
|
|
Message
|
Update Rule Config {0} by deleting Actions: <actionID> and adding Actions: <actionID>
|