Rule Types

MOM processes three distinct types of data, events, performance counter data, and alerts. As a result, three distinct rule types have been created to enable utilization of these data types. All data that is analyzed by MOM is normalized, or converted, into one of these data types. This means that a WMI and a Windows Event Log event, or a Windows Performance Counter and WMI numeric data instance, can be analyzed and processed in exactly the same way.

This enables MOM to provide three basic rule types and a common user interface to work with the data. The rule types are:

  • Events Rules

  • Performance Rules

  • Alert Rules

Event and Performance rules can be composed of one or more of following components. These components include:

  • Provider

  • Criteria/Threshold

  • Schedule

  • Alert Suppression Policy

  • Reponses

  • Vendor Knowledge

  • Customer Knowledge

  • Advanced Settings

A rules sub type determines which components are exposed and configurable in a rule. These rule types, and their sub types, are covered in detail in the sections that follow.

Alert rules are different than Event and Performance rules. They are designed to do post processing on the Alerts that are generated by either Event or Performance rules. For more information, see the Alert Rules section in this guide.