Rule application Case-system warning filtering and collaboration

The communication system Company manages and operates the network system. In general, a communication network consists of a very wide range of nodes and the different edges of the connection nodes, which are different types of copper, fiber, or other cables. A typical network has tens of thousands of nodes, covering a range of kilometers. The network administrator manages these settings, relying on the signals of the rules that each node returns to the console, or "Heartbeat" information, which is the actual situation that the network reflects. This information is routed to the administrator's console. The administrator through these flow into the console of the regular information, management of the entire network, analysis of the various nodes or nodes between the situation, if necessary to send maintenance team to maintain the node and the connection line. Sending an unhealthy message is called an alert or warning, and the administrator is most concerned about the information. The warning messages returned by each network device are small in terms of total information, but pooled into the administrator's console, there are thousands of warnings, and the administrator must filter the information. Provides a way to generate warnings that can effectively help administrators filter some of the information, and about the information that really needs to be processed.

Consider the following situation where a small failure produces a series of fairly regular warning messages. As a UNIX system user, you will encounter the following situation, if you unplug the work station network cable, you will receive a series of annoying warnings on the UNIX console "is the network cable OK?" "If you plug the cable again, the information will be interrupted." If you unplug the network cable again, the warning message repeats. Then, as a system management, 2 system events should be recorded, rather than as 1 system events, 2 events truly reflect the situation of the system, so that maintenance personnel decide whether there is a need to take further maintenance information. However, the first series of warnings should be summed up as the 1th network event, and the second set of warning information is summarized as the 2nd network event, instead of the report administrator, there are thousands of warning events. In this way, it is necessary to have an event rule management: "If the same network device is issued 2 warning events within 5 seconds due to the same problem, they will be identified as the same failure"
In the definition of an object, the property of an event should contain the device, warning message, and all associated warnings, and a warning contains the device, warning message, and time of occurrence.

Object	Property
Warning Object	Device, warning message, time of occurrence
Event Object	Device, warning message, list< warning object occurred >

Article Source: Agile Business Rule Development, Process, Architecture and JRules Examples

More information: http://ckrule.cn/cn/solution/business/226.html

Rule application Case-system warning filtering and collaboration