|
|
|
Information about events in your environment passes through a number of stages, from initial occurrence to possible final display by CA Enterprise Log Manager. Because the term "event" can refer to any one of these stages, we use the following terminology for the possible event states in your environment:
Refers to the original occurrence of the state or action that triggers the event, a failed authentication, or firewall violation for example. The appropriate connector or listener service sends native events, parsed and mapped as appropriate, then inserted into the event log store, where it is available for display as raw or refined events.
Refers to the communication sent by the appropriate monitoring agent. Raw events contain information about the native event, often in the form of a syslog string or a name-value pair. This information is stored and searchable unless altered by suppression or summarization rules. Suppressed events are not recorded in the event log store; a set of summarized events is recorded as a single event expressing the outcome of the summarization.
Refers to the event information as mapped and summarized by CA Enterprise Log Manager. This information is stored and searchable.
Refers to the raw or refined event information in the event log store. Raw events and refined events are always recorded unless suppressed or summarized. Mapped events have both raw and refined information available. This information is stored and searchable.
Consult the following diagram for information about event states:
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |