PATROL® Enterprise Manager bmcMessageProcessor Version BMCMP5-20030131

Agenda bmcMessageProcessor Architecture Message Processing Notification Service View Utilities

bmcMessageProcessor Methodology Policy based Similar events are consolidated into a common “policy” initiating standard action When the workflow changes, the event definition does not have to change Process / work flow oriented Integrate with business processes by use of a central information dispatcher End–to–end processing of information Capture all information required to address an issue and place it into the message stream

bcmMessageProcessor Architecture

Filter Path - 1 Left Connection Programs AgentConnection CEF format bbtrapd / bmctrapd CEF210 format via bmcSnmpTransforme agct (telnet) Unformatted messages bmcTaildSpit (taild|spit)

Filter Path - 2 agcMux agcReplace bmcSnmpTransform Opens socket to monitor the flow of messages agcReplace Inserts {Start} and {End} Translates text and phrases Translates special characters bmcSnmpTransform Converts SNMP traps to CEF210 format

Filter Path - 3 bmcMsgPrc transformer Recognizes messages by matching patterns Re-formats messages into CEF210 format Substitutes token values Substitutes free form message text Adds configuration information Preserves extended message text Allows for filtering based on “managed object” definitions

Filter Path - 4 bmcMsgSup transformer CEF210 Filter Engine Suppress messages based on context Suppress messages based on schedules CEF210 Filter Engine Pre-defined action based alerts (= “Policies”) Workflow management alerts (Heartbeat, Escalation, Notification Requests)

Post-Processing bmcCommnt bmcHeartBeat EHD client, daemon Looks for alerts containing extended message flag Inserts extended message text into the comment field of the alert bmcHeartBeat Automation module Checks for missing heartbeats and creates “NoHeartBeat alerts

Notification Manager: bmcNotify EHD Client Runs in the background (daemon) Processes selected events Table Driven The notification table contains Selection Criteria Escalation Criteria Notification methods Information top be passed to the notification tool

Automated Notification - 1 createTicket Responds to “TicketRequested” alert Program “stub” to manage the information contained in the TicketRequested alert Requires insertion of installation specific code sendEmail Responds to “EmailRequested” alert Composes e-mail and sends it to specified recipients Sends “Closing” e-mails

Automated Notification - 2 sendPage Responds to “PageRequested” alert Works on e-mail based alpha-paging Composes e-mail and sends it to specified recipients phoneCall Responds to “CallRequested” alert Modified version of the PPinitiate program Initiates PhonePoint action

Automated Operation xqtCommand Responds to “CommandRequested” alert Issued command-line commands and record response UNIX targets only

Service Mapping: bmcSvcGen EHD Client Runs in the background (daemon) Processes selected events Table Driven Measurement Points Table to define relationships between technical alert and “Service Element” Service Objects Table to define the impact (in %) of on service object on other service objects

Service Mapping: Hierarchy

Utilities - 1 pemStatistics logFileMaintenance filterAnalyze Extracts and reports usage information from sybase logFileMaintenance Cleans up log files created by bmcMessageProcessor components based on retention date filterAnalyze Creates html files from text filter files including token mapping and alert closing confitions

Utilities - 2 alertSimulator logSpooler Table driven Provides a vehicle for Testing automation modules Verifying Maps Demos and performance tests logSpooler Re-plays message and log files Re-creating selected events

Where to go? For installation and Training: Author: BMC Professional Services Author: Dieter Wutherich Technical Services 416-457-3706 Dieter_Wutherich@BMC.com