This invention relates generally to the field of computer event notification and security, and more specifically, to a process on a computer that collects and analyzes data from mainframe system events and/or messages as they occur, and issues alert messages to various targets. It solves the problem of how to extract from large volumes of event and message data what data is meaningful, and how to alert security administrators and auditors according to rules they specify.