The TEC rule language gives programmers the ability to manage the complexity by using BAROC class inheritance. You can write rules to fire on all Logfile_Base derived events or all ITM events. The relatively new State Based Correlation Engine (SCE) does not have this ability. The events it processes are not BAROC objects so the SCE can not evaluate BAROC class inheritance, attribute correctness, or even tell if the event class exists in a rule base at all.
When you write an SCE XML rule you specify the class of events that need to trigger the rule using the eventType tag. As I mentioned before, the SCE has no inheritance knowledge so you can not use
If no eventType is used then a SCE rule wile fire on all events and you must use conditions contained within the
ignoreMissingAttributes="true"/>
This rule will result in suppressing duplicate events within 30 seconds of each other as long as the source slot is set to LOGFILE. Remember, the SCE has no concept of the dup_detect BAROC facet so you have to specify what slots the state machine needs to track to identify duplicates. This is done using the attributeSet attribute of the
Not specifying an eventType causes the SCE to evaluate the predicate conditions on each and every received by the engine. While this may have an impact on performance, it makes maintaining the XML rules much easier since you will not have to modify the XML each time a new class is added.
As I said earlier, you can also use multiple eventType tags in an XML rule to filter events and improve overall performance. Again, pay attention to the cloneable tag. If you defined every Logfile_Base derived class as an eventType tag in a rule, you will still have same problem as the previous example if your attributeSet is not specific enough.
Thursday, March 6, 2008
Generic SCE Rules
One of the great flexabilities of TEC is the capability to define new BAROC classes to meet specific needs. More often than not, this leads to literally hundreds of classes defined for a given rule base and unless managed properly the sheer number of classes can result in many specific rules, each firing on a specific event class.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment