B.9 Correlation Engine
-
Section B.9.1, Correlation Action Definition
-
Section B.9.2, Correlation Engine Configuration
-
Section B.9.3, Correlation Engine is Running
-
Section B.9.4, Correlation Engine is Stopped
-
Section B.9.5, Correlation Rule
-
Section B.9.6, Correlation Rule Configuration
-
Section B.9.7, Deploy Rules With Actions To Engine
-
Section B.9.8, Disabling Rule
-
Section B.9.9, Enabling Rule
-
Section B.9.10, Rename Correlation Engine
-
Section B.9.11, Rule Deployment is Modified
-
Section B.9.12, Rule Deployment Is Started
-
Section B.9.13, Rule Deployment is Stopped
-
Section B.9.14, Starting Engine
-
Section B.9.15, Stopping Engine
-
Section B.9.16, UnDeploy All Rules From Engine
-
Section B.9.17, UnDeploy Rule
-
Section B.9.18, Update Correlation Rule Actions
B.9.1 Correlation Action Definition
Table B-76 Correlation Engine : Correlation Action Definition
Severity
|
|
Event Name
|
New/Update/Remove
|
Resource
|
Correlation
|
SubResource
|
CorrelationActionDefinition
|
Message
|
Action Name: <name> with Id: <ID>
|
B.9.2 Correlation Engine Configuration
Table B-77 Correlation Engine : Correlation Engine Configuration
Severity
|
|
Event Name
|
New/Update/Remove
|
Resource
|
Correlation
|
SubResource
|
CorrEngineConfig
|
Message
|
Correlation Engine ID: <ID> Name: <name> Active: {2}
|
B.9.3 Correlation Engine is Running
The correlation engine process can be idled by the user. Its running state determines whether the active process is processing events or not. The process starts in the idle (stopped) state and waits to retrieve its configuration from the database. This event is sent when the engine changes state from stopped to running.
Table B-78 Correlation Engine : Correlation Engine is Running
Severity
|
1
|
Event Name
|
EngineRunning
|
Resource
|
CorrelationEngine
|
SubResource
|
CorrelationEngine
|
Message
|
Correlation Engine is processing events.
|
B.9.4 Correlation Engine is Stopped
This event is sent out when the engine changes state from running to stopped.
Table B-79 Correlation Engine : Correlation Engine is Stopped
Severity
|
1
|
Event Name
|
EngineStopped
|
Resource
|
CorrelationEngine
|
SubResource
|
CorrelationEngine
|
Message
|
Correlation Engine has stopped processing events.
|
B.9.5 Correlation Rule
Table B-80 Correlation Engine : Correlation Rule
Severity
|
|
Event Name
|
New/Update/Remove
|
Resource
|
Correlation
|
SubResource
|
CorrRule
|
Message
|
Rule Name: <name> Type: <type> Rule Id: <ID>
|
B.9.6 Correlation Rule Configuration
Table B-81 Correlation Engine : Correlation Rule Configuration
Severity
|
|
Event Name
|
New/Update/Remove
|
Resource
|
Correlation
|
SubResource
|
CorrRuleConfig
|
Message
|
Correlation Rule Config ID: <ID> Rule Definition ID: {1} Name: <name> Active: {3}
|
B.9.7 Deploy Rules With Actions To Engine
Table B-82 Correlation Engine : Deploy Rules With Actions To Engine
Severity
|
|
Event Name
|
deployRulesWithActionsToEngine
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Deploy Rules With Actions To Engine <enginId>: Rules: <ruleID> Actions: <actionID>
|
B.9.8 Disabling Rule
Table B-83 Correlation Engine : Disabling Rule
Severity
|
|
Event Name
|
disableRule
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Disable Rule: {ruleCfgId}
|
B.9.9 Enabling Rule
Table B-84 Correlation Engine : Enabling Rule
Severity
|
|
Event Name
|
enableRule
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Enable Rule: {ruleCfgId}
|
B.9.10 Rename Correlation Engine
Table B-85 Correlation Engine : Rename Correlation Engine
Severity
|
|
Event Name
|
renameCorrEngine
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Rename Engine to: <name> with EngineId: <ID>
|
B.9.11 Rule Deployment is Modified
This event is sent when an engine successfully reloads a rule deployment. This message is sent regardless of the engine‘s running state.
Table B-86 Correlation Engine : Rule Deployment is Modified
Severity
|
1
|
Event Name
|
DeploymentModified
|
Resource
|
CorrelationEngine
|
SubResource
|
Deployment
|
Message
|
Deployment <name> modified
|
B.9.12 Rule Deployment Is Started
This event is sent when an engine successfully loads a rule deployment. This message is sent regardless of the engine‘s running state.
Table B-87 Correlation Engine : Rule Deployment is Started
Severity
|
1
|
Event Name
|
DeploymentStarted
|
Resource
|
CorrelationEngine
|
SubResource
|
Deployment
|
Message
|
deployment <name> started
|
B.9.13 Rule Deployment is Stopped
This event is sent when an engine successfully unloads a rule deployment. This message is sent regardless of the engine‘s running state.
Table B-88 Correlation Engine : Rule Deployment is Stopped
Severity
|
1
|
Event Name
|
DeploymentStopped
|
Resource
|
CorrelationEngine
|
SubResource
|
Deployment
|
Message
|
deployment <name> stopped
|
B.9.14 Starting Engine
Table B-89 Correlation Engine : Starting Engine
Severity
|
|
Event Name
|
startEngine
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Start engine: <engineID>
|
B.9.15 Stopping Engine
Table B-90 Correlation Engine : Stopping Engine
Severity
|
|
Event Name
|
stopEngine
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Stop engine: <engineID>
|
B.9.16 UnDeploy All Rules From Engine
Table B-91 Correlation Engine : UnDeploy All Rules From Engine
Severity
|
|
Event Name
|
undeployAllRulesFromEngine
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Undeploy all rules from Engine:
|
B.9.17 UnDeploy Rule
Table B-92 Correlation Engine : UnDeploy Rule
Severity
|
|
Event Name
|
undeployRule
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Undeploy Rule: {ruleCfgId}
|
B.9.18 Update Correlation Rule Actions
Table B-93 Correlation Engine : Update Correlation Rule Actions
Severity
|
|
Event Name
|
updateCorrRuleActions
|
Resource
|
CorrelationManagementService
|
SubResource
|
CorrelationManagementService
|
Message
|
Update Rule Config {0} by deleting Actions: <actionID> and adding Actions: <actionID>
|