Composite Events for Network Event Correlation
Guangtian Liu, Aloysius K. Mok, Eric Yang
liugt@cs.utexas.edu, mok@cs.utexas.edu, eyang@tri.sbc.com
Abstract
With the increasing complexity of enterprise networks and the Internet, event
correlation is playing an increasingly important role in network as well as
integrated system management systems. Even though the timing of events
often reveals important diagnostic information about event relationships
and should therefore be represented in event correlation rules or models,
most extant approaches lack a formal mechanism to define complex temporal
relationships among correlated events. In this paper, we discuss the formal
use of composite events for event correlation and present a composite event
specification approach that can precisely express complex timing constraints
among correlated event instances, for which efficient compilation and detection
algorithms have been developed in [13, 14]. A Java
implementation of this approach, called Java Event CorrelaTOR (JECTOR),
is described, and some preliminary experimental results of using JECTOR
in an experimental network management environment are also discussed
in the paper.
Full Paper
im99.ps.gz: compressed postscript file
Copyright
Copyright 1999 IFIP. Published in the Proceedings of IM'99,
May 24-28, 1999 in Boston, MA. Personal use of this
material is permitted. However, permission to reprint/republish
this material for advertising or promotional purposes or for
creating new collective works for resale or redistribution to
servers or lists, or to reuse any copyrighted component of this
work in other works, must be obtained from IFIP or its designated
publisher and the undersigned party(ites).
Comment.
Last modified: Wed Feb 24 10:50:42 CST 1999