6.1 Rule Sets
Binary events are analyzed by using an analysis engine to apply rules to them. Rules are designed to fire when a particular criteria, such as a threshold, is met. For example, if the number of events within a given time frame exceeds the threshold specified in a rule set, the rule fires.
Depending on the circumstances, a event may or may not fire any rules. Alternately, a single event can fire multiple rules. When a rule fires, it may or may not produce reports. In the case where reports are generated, a rule can create one or multiple reports. A report may be generated immediately, or may be generated after a gestation time period defined by the rule. Each report is stored in a instance file. After the report's expiration time period, as defined by the rules, the report is removed from the instance file.
Rules are also responsible for determining the output presented for a translated event.
Analysis rules are coded by Hewlett-Packard serviceability engineers or other domain knowledge specialists. These rule sets are stored in jar files located in the svctools\common\jars directory. Rule sets pertaining to the supported platforms are located in the jar files and can be installed, or "registered," for use with SEA. A rule set can later be "unregistered" if it is no longer applicable.