HOME

TheInfoList



Click Here for Items Related To - Event Monitoring
OR:
Event Monitoring on:   [Wikipedia]   [Google]   [Amazon]

{{more citations needed, date=August 2017 In
computer science Computer science is the study of computation, information, and automation. Computer science spans Theoretical computer science, theoretical disciplines (such as algorithms, theory of computation, and information theory) to Applied science, ...
, event monitoring is the process of collecting, analyzing, and
signaling A signal is both the process and the result of transmission of data over some media accomplished by embedding some variation. Signals are important in multiple subject fields including signal processing, information theory and biology. ...
event occurrences to subscribers such as
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
processes, active
database In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and a ...
rules as well as human operators. These event occurrences may stem from arbitrary sources in both
software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
or hardware such as operating systems,
database management system In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and an ...
s,
application software Application software is any computer program that is intended for end-user use not operating, administering or programming the computer. An application (app, application program, software application) is any program that can be categorized as ...
and processors. Event monitoring may use a
time series database A time series database is a software system that is optimized for storing and serving time series through associated pairs of time(s) and value(s). In some fields, ''time series'' may be called profiles, curves, traces or trends. Several early tim ...
.


Basic concepts

Event monitoring makes use of a logical bus to transport event occurrences from
source Source may refer to: Research * Historical document * Historical source * Source (intelligence) or sub source, typically a confidential provider of non open-source intelligence * Source (journalism), a person, publication, publishing institute ...
s to
subscriber The subscription business model is a business model in which a customer must pay a recurring price at regular intervals for access to a product or service. The model was pioneered by publishers of books and periodicals in the 17th century. It i ...
s, where ''event sources'' signal event occurrences to all event subscribers and ''event subscribers'' receive event occurrences. An event bus can be distributed over a set of physical
node In general, a node is a localized swelling (a "knot") or a point of intersection (a vertex). Node may refer to: In mathematics * Vertex (graph theory), a vertex in a mathematical graph *Vertex (geometry), a point where two or more curves, lines ...
s such as standalone computer systems. Typical examples of event buses are found in graphical systems such as
X Window System The X Window System (X11, or simply X) is a windowing system for bitmap displays, common on Unix-like operating systems. X originated as part of Project Athena at Massachusetts Institute of Technology (MIT) in 1984. The X protocol has been at ...
,
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
as well as development tools such as SDT. ''Event collection'' is the process of collecting event occurrences in a filtered
event log In computing, logging is the act of keeping a log of events that occur in a computer system, such as problems, errors or broad information on current operations. These events may occur in the operating system or in other software. A message or ...
for analysis. A ''filtered event log'' is logged event occurrences that can be of meaningful use in the future; this implies that event occurrences can be removed from the filtered event log if they are useless in the future. ''Event log analysis'' is the process of analyzing the filtered event log to aggregate event occurrences or to decide whether or not an event occurrence should be signalled. ''Event signalling'' is the process of signalling event occurrences over the event bus. Something that is monitored is denoted the ''monitored object''; for example, an application, an operating system, a database, hardware etc. can be monitored objects. A monitored object must be properly conditioned with event
sensor A sensor is often defined as a device that receives and responds to a signal or stimulus. The stimulus is the quantity, property, or condition that is sensed and converted into electrical signal. In the broadest definition, a sensor is a devi ...
s to enable event monitoring, that is, an object must be instrumented with event sensors to be a monitored object. ''Event sensors'' are sensors that signal event occurrences whenever an event occurs. Whenever something is monitored, the
probe effect Probe effect is an unintended alteration in system behavior caused by measuring that system. In code profiling and performance measurements, the delays introduced by insertion or removal of code instrumentation may result in a non-functioning appl ...
must be managed.


Monitored objects and the probe effect

As discussed by Gait, when an object is monitored, its behavior is changed. In particular, in any
concurrent system Concurrency refers to the ability of a system to execute multiple tasks through simultaneous execution or time-sharing (context switching), sharing resources and managing interactions. Concurrency improves responsiveness, throughput, and scalabi ...
in which processes can run in
parallel Parallel may refer to: Mathematics * Parallel (geometry), two lines in the Euclidean plane which never intersect * Parallel (operator), mathematical operation named after the composition of electrical resistance in parallel circuits Science a ...
, this poses a particular problem. The reason is that whenever sensors are introduced in the system, processes may execute in a different order. This can cause a problem if, for example, we are trying to localize a fault, and by monitoring the system we change its behavior in such a way that the fault may not result in a failure; in essence, the fault can be masked by monitoring the system. The ''
probe effect Probe effect is an unintended alteration in system behavior caused by measuring that system. In code profiling and performance measurements, the delays introduced by insertion or removal of code instrumentation may result in a non-functioning appl ...
'' is the difference in behavior between a monitored object and its un-instrumented counterpart. According to Schütz,W. Schütz (1994). Fundamental issues in testing distributed real-time systems. ''Real-Time Systems'', 7(2):129–157 we can avoid, compensate for, or ignore the probe effect. In critical real-time system, in which timeliness (i.e., the ability of a system to meet time constraints such as deadlines) is significant, avoidance is the only option. If we, for example, instrument a system for testing and then remove the instrumentation before delivery, this invalidates the results of most testing based on the complete system. In less critical real-time system (e.g., media-based systems), compensation can be acceptable for, for example, performance testing. In non-concurrent systems, ignorance is acceptable, since the behavior with respect to the order of execution is left unchanged.


Event log analysis

Event log analysis is known as event composition in
active database In computing, an active database is a database that includes an event-driven architecture (often in the form of ECA rules) that can respond to conditions both inside and outside the database. Possible uses include security monitoring, alerting, s ...
s, chronicle recognition in
artificial intelligence Artificial intelligence (AI) is the capability of computer, computational systems to perform tasks typically associated with human intelligence, such as learning, reasoning, problem-solving, perception, and decision-making. It is a field of re ...
and as real-time logic evaluation in real-time systems. Essentially, event log analysis is used for
pattern matching In computer science, pattern matching is the act of checking a given sequence of tokens for the presence of the constituents of some pattern. In contrast to pattern recognition, the match usually must be exact: "either it will or will not be a ...
, filtering of event occurrences, and aggregation of event occurrences into composite event occurrences. Commonly, dynamic programming strategies from
algorithm In mathematics and computer science, an algorithm () is a finite sequence of Rigour#Mathematics, mathematically rigorous instructions, typically used to solve a class of specific Computational problem, problems or to perform a computation. Algo ...
s are employed to save results of previous analyses for future use, since, for example, the same pattern may be match with the same event occurrences in several consecutive analysis processing. In contrast to general rule processing (employed to assert new facts from other facts, cf.
inference engine In the field of artificial intelligence, an inference engine is a software component of an intelligent system that applies logical rules to the knowledge base to deduce new information. The first inference engines were components of expert systems ...
) that is usually based on
backtracking Backtracking is a class of algorithms for finding solutions to some computational problems, notably constraint satisfaction problems, that incrementally builds candidates to the solutions, and abandons a candidate ("backtracks") as soon as it de ...
techniques, event log analysis algorithms are commonly greedy; for example, when a composite is said to have occurred, this fact is never revoked as may be done in a backtracking based algorithm. Several mechanisms have been proposed for event log analysis:
finite-state automata A finite-state machine (FSM) or finite-state automaton (FSA, plural: ''automata''), finite automaton, or simply a state machine, is a mathematical model of computation. It is an abstract machine that can be in exactly one of a finite number o ...
,
Petri nets A Petri net, also known as a place/transition net (PT net), is one of several mathematical modeling languages for the description of distributed systems. It is a class of discrete event dynamic system. A Petri net is a directed bipartite grap ...
, procedural (either based on an imperative programming language or an object-oriented programming languages), a modification of
Boyer–Moore string-search algorithm In computer science, the Boyer–Moore string-search algorithm is an efficient string-searching algorithm that is the standard benchmark for practical string-search literature. It was developed by Robert S. Boyer and J Strother Moore in 1977. ...
, and simple
temporal network A temporal network, also known as a time-varying network, is a network whose links are active only at certain points in time. Each link carries information on when it is active, along with other possible characteristics such as a weight. Time-var ...
s.


See also

*
Event stream processing In computer science, stream processing (also known as event stream processing, data stream processing, or distributed stream processing) is a programming paradigm which views streams, or sequences of events in time, as the central input and output ...
(ESP) *
Complex event processing Event processing is a method of tracking and analyzing (processing) streams of information (data) about things that happen (events), and deriving a conclusion from them. Complex event processing (CEP) consists of a set of concepts and techniques de ...
(CEP) *
Network monitoring Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble. Network monitor ...
*
Runtime verification Runtime verification is a computing system analysis and execution approach based on extracting information from a running system and using it to detect and possibly react to observed behaviors satisfying or violating certain properties. Some very p ...
(RV)


References

Operating system technology Network management System monitors Systems management