Monitoring and event management

This practice provides systematic supervision on services and their components, recording and reporting situation changes as events. This practice recognizes infrastructure, service, process, security events, and prioritizes them and also predicts a proper reaction to them. With this practice events are managed therefore the incidents that have negative effects on business are prevented or their level of impact is decreased or they will be resolved.

Event: any change in the situation that affects a management service or CI. Events generally are known by messages generated via monitoring tools or IT services or CI. 

There are some tools to monitor the environment automatically and it could be implemented passively or actively. By a passive method, service components, themselves create monitoring data but by active method, a monitoring tool polls the data from them. Event management focuses on recording situation changes and recognizing them and then implementing control actions on them. Generally, the control action raises another practice but not all the time. Monitoring is needed for event management but not all monitoring actions lead to event management. 

There is not a common specification and reaction for all the events. Generally, they are categorized by three types: information, error, and warning. The information does not need control actions but analyzing them leads to proactive actions that support service improvement. Warnings guide to preventive activities before experiencing negative effects. Errors need to be noticed and acted on them even if they don’t show their effects at the moment. 

Monitoring and event management followed by these primary activities: 

1. Identifying which service, system, CI, or service component should be monitored. 
2. Implementing and maintaining monitoring by using utilities. 
3. Creating and maintaining conditions and thresholds in which situation changes are turned into events and choosing the type of resulting event. 
4. Defining and implementing policies to control each type of event and required actions triggered after the occurrence of the event.
5. Executing operational processes required by monitoring. 

Figure 5.22