READ ME BPPM Event Management Rules How-To Video

This readme document contains information about the example rule shown and discussed in the video. If you are going to copy the rule for testing in your environment please read and observe the information here.

Solution Components
The following describes the solution components of the BPPM environment used in the making of the video. BPPM v.8.6.02 SP1 (All components were updated to this patch level.) NOTE: This rule can be used with BPPM version 9.0 and other versions previous to v8.6. It is also compatible with GA versions of BMC Event Manager and BMC Service Impact Manager. PATROL Agent & KM

BII4P3 v3.1.10

READ ME BPPM Event Management Rules How-To Video

Monitored Server & Management Platform

READ ME BPPM Event Management Rules How-To Video

Event Flow
The following describes the event floe architecture of the BPPM environment used in the making of the video. The server was monitored by PATROL. PATROL generated events for Service down occurrences as demonstrated in the video. The events were processed as shown below. PATROL BII4P3 Remote Event Management Cell The event correlation rule was configured and demonstrated in the remote event management cell running on the same Virtual machine with PATROL, BII4P3 and the monitored operating system. BII4P3 was configured to process only NT_SERVICES related events from the PATROL KM. This was to eliminate any possible flood of events into the event cell. The process would work the same way if the different solution components were distributed on different machines. In production implementations the events should flow to a PATROL Notification Server before being processed by BII4P3. This is to support scalability and ensure the smallest possible number of required BII4P3 instances

Important Usage Notes

This correlation rule is a simple example for demonstration and training purposes only . The correlation rule must be edited if used in production. This includes changing the event classes referenced and the slot names in the where clause as appropriate to your needs. It also requires adding hostname and potentially other criterion to the where, within, and when clauses of the rule. Hostname was deliberately left out of the where clause in the example MRL code so that it will run for any managed host. This makes the rule generic to any test environment that involves monitoring Windows 2008 SP1. The demonstration environment implementation started with a clean install of the BPPM solution as described above. The only customization added was the correlate_svc_down.mrl rule file discussed in the video. No other rules, policies, or other event processing was involved that is not described in this readme document. You should be able to test or play with the rule file in your environment with no other additions.