Context
Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.
You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:
Details
The IBM® Tivoli® Netcool/OMNIbus product provides a wide range of out-of-the-box functionality designed to consolidate
and filter Events to ensure that required actions are taken, and only relevant data presented to the user. All rules
and automated actions within OMNIbus and its probes are configured in simple script or procedural SQL languages
enabling ongoing customization using readily available or quickly learned skills. Modifications to the rule sets may be
made in real-time and enabled without interruption to end-user service. Full details are provided in the OMNIbus and
Probe Administration guides available for download.
As events are collected by the many different probes and monitors within the Netcool suite, they are normalized into a
common event format. This common event format allows the events to be properly categorized and enables the event
management engine (the ObjectServer) to recognize events that are duplicates of existing events; i.e., when multiple,
repetitive events are received for the same problem on the same element. Database triggers within the ObjectServer
recognize the repeating event in real-time, and consolidate the information into a single event recording the First and
Last Occurrence times, and incrementing a Count to indicate the number of occurrences of the event. This technique
ensures that other automations and user actions may focus on the consolidated data rather than be flooded with
repetitive information.
The following diagram shows the consolidation of four ping failure events for the same managed object by de-duplication
into a single event giving the First and Last Occurrence times and a Count of the number of occurrences in that time
frame. Note that the Event Severities are set and displayed by default according to the ISO standards of six severities
ranging from 0=Clear=green to 5=Critical=red
The resulting event shown here in Operator Desktop view is then available for further automation and/or Operator
intervention.
Netcool provides automated, out-of-the-box, state-based correlation at the object level (e.g., if a 'link down' event
is received for a router interface which then corrects itself and generates a subsequent 'link up' event, the system
correlates the two and clears the original 'link down' event). During the collection process Netcool probes and
monitors analyze the incoming events and classify them as problem or resolution events. Once inserted into the
ObjectServer, a series of automations provide the correlation needed for problem and resolution events to be properly
associated and cleared as appropriate removing the need for manual correlation and resolution by an Operator.
The following diagram shows the visual representation of the pairing and clearing of related problem and resolution
events.
Temporal automations may be applied to manage related events where for example the existence or resolution of a problem
may vary according to an event sequence including the absence or occurrence of a related event.
The follow diagram shows an example of key data fields set in probe rules and automations to identify the Link Down
root cause and the symptomatic interface or circuit alarms that may be suppressed.
The predefined automations that Tivoli Netcool/OMNIbus provides are written in procedural SQL and may be extended using
the GUI based OMNIbus Administrator tool, or via a command line interface. For example the configuration for the
provided trigger to delete cleared events after a period of time shown in GUI format below includes the SQL command to
delete events from the database that are cleared (Severity = 0) and have not been modified in the last 2 minutes (120
seconds):
delete from alerts.status where Severity = 0 and StateChange < (getdate() - 120);
Radio buttons to the right provide tools to assist in the structure of the SQL, table and column reference, available
properties and a parser to check the validity of the statements.
The powerful combination of probe rules and automations coupled with filters configurable both by the administrator and
optionally by the end user ensure that User views are focused on consolidated Alarms while retaining related events
that may be required for further analysis by external systems or viewed by the Operator for information.
For More Information
For more information about this tool, click on the link for this tool at the top of this page.
|