The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Problems in data communication networks generally lead network devices (such as routers and switches) generating event messages. Often, the event messages refer to symptoms rather than root causes, and in many cases the significance of an event is not immediately recognized at a network management computer or through review by a human analyst. At the same time, many events contain only limited information about context in which they occur. Such context can include information about certain state or even statistical information at the time of event occurrence, such as current link or CPU utilization. Context information is fleeting, and by the time an external application, or user, or support staff decides to issue a query, it may already have been lost. Context information may be different for different event messages, so that each particular event or event type is associated with a different interesting and unique context. The information that is relevant and needed is often specific to the event, operational environment, heuristics that are applied by a particular operator, and/or the network deployment; in many cases it is not known a priori what that information is; instead, it is the result of operational experience that is gained over time.
Thus, collecting timely and relevant information about network events has been a difficult task in past practice, and past attempts to address the problem have been inadequate. For example, network devices can be programmed with scripts that can be executed on the device, triggered by certain events. The Package Distribution System allows to dynamically distribute and to install packages containing data files (for data driven systems) or even entire applications. SUT (Syslog Usability Tool) maintains information about system messages, message definitions, and facilitates system message definition development. SUT allows users to provide additional information about messages that improve their documentation and over time help build a knowledge base.
However, even these components provide no practical way for a user to dynamically customize, over time, the context information that is to be collected in a timely manner for events within a device or across the network. Historically heavy system, or network, administration tasks have been required, involving writing scripts and managing their installation and activation across the network. Further, the learning of one user about what constitutes interesting context in a given situation has been difficult to benefit another user.