EMS Event
Processing
Event Flow
Generally, an event is an action or occurrence detected by a software
program. Specifically, EMS events are messages that report internal
activity and communication between the EMS server and each client
and managed SNMP device. For example, when a user launches the
EMS GUI, an event is logged and saved on the EMS server in the
security log and in the daily audit log.
Various EMS components detect and generate events. For example, EMS
translates a received SNMP trap into a formal EMS event to be processed
accordingly.
Events come from a variety of sources. Sources include the following
internal processes:
User Manager — processes all user login and logout activity
■
SNMP Trap Receiver — processes and translates all SNMP traps that
■
the EMS server receives
Syslog daemon — processes all of the syslog messages the EMS
■
server receives
EMS server process — monitors each time a user runs an operation
■
or changes an attribute/MIB value for an EMS client
For high event rates (over 60 events per minute), deploy the EMS server
using a supported external database, not the embedded database.
Depending on the source of the event, EMS processes events through the
different internal engines and applications found on the EMS server.
Figure 6
shows typical paths for different events.
EMS Event Processing
37