When you create most processing rules, you define how Microsoft
Operations Manager 2000 (MOM) collects, handles, and responds
to specific information. When MOM then receives information that
matches a processing rule, a processing rule match
occurs.
When a processing rule match occurs, MOM performs the actions of
the processing rule as well as the response defined in that
rule. For example, a processing rule might specify that an event is
to be saved in the database, generate an alert, and send an e-mail
to a network administrator.
MOM allows you to create different types of processing rules.
Each type of processing rule has an implicit action, such as
generating an event, generating an alert, or storing the data in
the database.
When you create a processing rule, you can also define the
significance of the specified condition and provide detailed
information to help administrators resolve the problem. This
information is stored with the processing rule, and is called the
company knowledge base.
Note
Management Pack modules contain information from Microsoft
called the Microsoft Knowledge Base. You cannot edit the
Microsoft Knowledge Base.
Event Processing Rules
MOM handles events through event processing rules. MOM evaluates
event processing rules in the following order:
Collection rules
Identify events with specific criteria to be collected from
specific sources. Collection rules do not generate alerts or
provide responses.
Missing event rules
Specify that MOM generates an alert or provides responses when
a defined event does not occur during a specified time. MOM stores
missing event alerts in the database.
Consolidation rules
Specify that MOM groups multiple similar events on an agent
computer into a single summary event. MOM stores summary events in
the database.
Filtering rules
Specify whether you want MOM to ignore the specified events.
Filtering rules typically identify events that you do not consider
significant.
Event rules
Specify that you want MOM to generate an alert or run responses
when specific events occur. You can create event rules when certain
events are not covered in other processing rules. MOM stores the
events and alerts in the database.
Alert Processing Rules
An alert processing rule allows you to specify a response for an
alert or for a number of previously defined alerts. For example,
you could specify that the High-Priority Notification
Group gets paged for all Critical Error alerts resulting
from the processing rules in the Microsoft SQL Server
processing rule group.
Performance Processing Rules
The following rules define how MOM processes WMI numeric
data:
Measuring rules
Specify that MOM collects numeric values from WMI. MOM stores
sampled numeric measures in the database. You can view this
graphical information using the Monitor snap-in and the Web
Console. Measuring rules can include a response.
Threshold rules
Specify that MOM generates an alert when a WMI value crosses a
defined threshold. MOM does not store threshold data in the
database. Threshold rules can include a response.