Understanding Processing Rules

When you create most processing rules, you define how Microsoft Operations Manager 2000 (MOM) collects, handles, and responds to specific information. When MOM then receives information that matches a processing rule, a processing rule match occurs.

When a processing rule match occurs, MOM performs the actions of the processing rule as well as the response defined in that rule. For example, a processing rule might specify that an event is to be saved in the database, generate an alert, and send an e-mail to a network administrator.

MOM allows you to create different types of processing rules. Each type of processing rule has an implicit action, such as generating an event, generating an alert, or storing the data in the database.

When you create a processing rule, you can also define the significance of the specified condition and provide detailed information to help administrators resolve the problem. This information is stored with the processing rule, and is called the company knowledge base.


Event Processing Rules

MOM handles events through event processing rules. MOM evaluates event processing rules in the following order:

Collection rules
Identify events with specific criteria to be collected from specific sources. Collection rules do not generate alerts or provide responses.
Missing event rules
Specify that MOM generates an alert or provides responses when a defined event does not occur during a specified time. MOM stores missing event alerts in the database.
Consolidation rules
Specify that MOM groups multiple similar events on an agent computer into a single summary event. MOM stores summary events in the database.
Filtering rules
Specify whether you want MOM to ignore the specified events. Filtering rules typically identify events that you do not consider significant.
Event rules
Specify that you want MOM to generate an alert or run responses when specific events occur. You can create event rules when certain events are not covered in other processing rules. MOM stores the events and alerts in the database.

Alert Processing Rules

An alert processing rule allows you to specify a response for an alert or for a number of previously defined alerts. For example, you could specify that the High-Priority Notification Group gets paged for all Critical Error alerts resulting from the processing rules in the Microsoft SQL Server processing rule group.

Performance Processing Rules

The following rules define how MOM processes WMI numeric data:

Measuring rules
Specify that MOM collects numeric values from WMI. MOM stores sampled numeric measures in the database. You can view this graphical information using the Monitor snap-in and the Web Console. Measuring rules can include a response.
Threshold rules
Specify that MOM generates an alert when a WMI value crosses a defined threshold. MOM does not store threshold data in the database. Threshold rules can include a response.