System and network problems are complex and can surface in many different forms. Even a simple problem can leave behind a complex event trail. This can result in excessive confusion in problem determination efforts and unnecessary down time. However, in a well-tuned event management environment, event messages from sources such as application software, database monitors, system hardware and network management systems can often be linked together, or “correlated,” to identify the root cause of a problem. Correlation minimizes resources required to resolve the problem and reduce the resulting cost incurred.
The system and network management software industry is focusing increased attention on products that offer support for the disciplines of distributed monitoring and event management. All major systems management vendors are aggressively marketing products that promise improved capabilities in the area of enterprise systems management. There are many products that are currently available in the market. Products include Tivoli Systems' Tivoli Enterprise Console (TEC) and NetView, Computer Associates' CA UniCenter, Hewlett-Packard's OpenView and Event Correlation Service, BMC's Software Patrol, CommandPost and MAXM products and VERITAS' NerveCenter Pro. The invention is described in the context of the Tivoli TEC as an exemplary platform, but the invention is not limited to the TEC platform. Those skilled in the art will realize that many modifications and adaptations to the present invention are possible, and may even be desirable, in certain circumstances and are considered part of the present invention.
While computer networking customers may choose a broad range of event management product alternatives, there has been virtually no attention given by vendors of event management and monitoring products to develop methodologies and tools that assist the customers in effectively relating these event management and monitoring technologies to the specifics of their systems and distributed computing environments. As the individual customer's systems and distributed computing environment typically generate at least hundreds, if not thousands, of unique event messages, without systematic approaches to the tailored implementation of event management, and monitoring technologies, the resulting value to the user of these products is significantly reduced.
For the foregoing reasons, there is a need for a system and method that bridge the gap between the customer's unique systems and distributed computing event environments and the capabilities of an event management product.