|
|
|
Information about events in your environment passes through a number of stages, from initial occurrence to possible final display by CA Enterprise Log Manager. Since the term "event" can refer to any one of these stages, we use the following terminology for the possible event states in your environment:
Refers to the original occurrence of the state or action that triggers the event, a failed authentication or firewall violation for example. Native events are sent by the appropriate connector or listener service, parsed and mapped as appropriate, then inserted into the event log store, where it is available for display as raw and/or refined events.
Refers to the communication sent by the appropriate monitoring agent. Raw events contain information about the native event, often in the form of a syslog string or a name-value pair. This information is stored and searchable unless it is altered by suppression or summarization rules. Suppressed events are not recorded in the event log store; a set of summarized events is recorded as a single event expressing the outcome of the summarization.
Refers to the event information as mapped and/or summarized by CA Enterprise Log Manager. This information is stored and searchable.
Refers to the raw or refined event information in the event log store. Raw events and refined events are always recorded unless suppressed or summarized. Mapped events normally have both raw and refined information available. This information is stored and searchable.
Consult the following diagram for information on event states:
| Copyright © 2010 CA. All rights reserved. | Email CA Technologies about this topic |