| 摘要 |
A technique is provided for systematically constructing one or more correlation rules for use by an event management system for managing a network with one or more computing devices. The technique comprises the following steps. First, in association with an event cache, event data representing past or historical events associated with the network of computing devices being managed by the event management system is obtained. Next, a first pattern is found or detected in the obtained event data associated with the event cache. The pattern is then classified. Then, at least one correlation rule is constructed based on the classified pattern. Lastly, in association with the event cache, the one or more events included in the pattern are replaced with a composite or cumulative event such that hierarchical patterns may be subsequently found for use in constructing further correlation rules.
|
