I am having some issues trying to get buy-in for event correlator operations. I want to engage systems owners and operators in such a way that they define what is important, what is work and what is an incident or a trouble ticket. I want to have them articulate how to combine log events to provide for a systems based business intelligence. I am a firm believer, but I need to articulate something to convince people that would otherwise not be involved, because they think this is the job for the network management platform.
Down events followed by up events are OK by themselves, but multiple cycles or bounces indicate an issue that just isn't going away. Does anyone know of a document that discusses event correlation in general, and particularly in how to look at at logs to determine what is important, and how things group together to provide effective event handling and consolidation? So how does one articulate the need to define what is an important notice, what is work, and what defines an incident? -- Tim Peiffer Network Support Engineer Office of Information Technology University of Minnesota/NorthernLights GigaPOP +1 612 626-7884 (desk) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
