Bradmark Surveillance uses an extensive event management facility that comes with a library of predefined or custom rules. Rule-based protocols activate the Session Agent Manager (SAM) which gathers data information, and create alerts based on requested thresholds and writes records to the local repository.
Rules can be assigned for any supported database and OS. Additionally, User Defined Collections (UDCs) can be created for files and non-standard databases to utilize all of Surveillance's SAM functionality.
A RULE requests a COLLECTION which performs logical tests, and when appropriate, creates an EVENT which is sent to the ALERTER. The EVENT creates an INCIDENT which is the list of actions to be performed with options. A Rule configuration includes a WHERE clause to test the columns of the source collection, the ability to suppress alert storms over an interval, the ability to alert each time the rule is true (called STD) or alert the first time and then when the rule is next false (called SET/RESET).
To ensure the network traffic is planned around peak system traffic loads, the information gathered is written to a local repository and remains until a scheduled request to copy to the central repository is made for reporting and trend analysis. As long as the Server Agent is running, Surveillance will provide continuous, unattended event monitoring of the rules that IT personnel has explicitly turned on, even if the Surveillance console is not connected.
Surveillance Event Management proactively notifies IT personnel about performance issues before end users are affected. Key parameters are collected and analyzed against rules. When a rule threshold is exceeded, the event handlers perform defined actions. The event actions can be Pop-Ups, Email, Paging, External commands or scripts, SNMP traps, native integration with HP OpenView and Tivoli, and Forwarding. Alerts can also be sent when the events are resolved. Forward actions are used to send events to a common agent called the Central Alert Server, or CAS. This allows you to send events for a set of systems from one server. A combination of Central Alert Servers and standalone servers allows you to manage your environment based on your requirements.