Event Management explained
When you actually study these ITIL v3 books they start to make a lot of sense. Last night I treated myself to a "getting to know Event Management" evening.
The basic premise for Event Management is "detectable and discernable" occurences where a response can be largely automated.
First point of clarity is that Event Management and Monitoring are linked but different concepts. Events can be monitored, but monitoring also includes tracking entities that are operating within normal ranges. An event
Events can be generated for configuration items, environmental conditions, software, security and standard activities (e.g. completion of a batch job).
Events need to be classified according to their significance. Events can be informational, warnings or exceptions; and it is warnings that need to be intelligently assessed as part of the Event Management process. Informational events do not require any action and exceptions may actually be inputs for the incident management process or the change management process.
Event warnings are processed by a correlation engine that contains business rules that intelligently decide upon a response.
The response - which should be automated - can include logging, generation of alert requiring human intervention or even a link to change management should the event indicate an exception (e.g. new devices detected on the network - which indicates a bypassing of the Change Management process) or an indication that intervention is required (e.g. network link is within 5% of its maximum operating capability).
The process - one of the Service Operations processes - actually makes a lot of sense when studied and properly understood.
The basic premise for Event Management is "detectable and discernable" occurences where a response can be largely automated.
First point of clarity is that Event Management and Monitoring are linked but different concepts. Events can be monitored, but monitoring also includes tracking entities that are operating within normal ranges. An event
Events can be generated for configuration items, environmental conditions, software, security and standard activities (e.g. completion of a batch job).
Events need to be classified according to their significance. Events can be informational, warnings or exceptions; and it is warnings that need to be intelligently assessed as part of the Event Management process. Informational events do not require any action and exceptions may actually be inputs for the incident management process or the change management process.
Event warnings are processed by a correlation engine that contains business rules that intelligently decide upon a response.
The response - which should be automated - can include logging, generation of alert requiring human intervention or even a link to change management should the event indicate an exception (e.g. new devices detected on the network - which indicates a bypassing of the Change Management process) or an indication that intervention is required (e.g. network link is within 5% of its maximum operating capability).
The process - one of the Service Operations processes - actually makes a lot of sense when studied and properly understood.
Labels: correlation engine, event management, ITIL, ITIL trigger point, ITIL version 3
posted by ITSMer at
12:54 AM
0 Comments
