Table of Contents

Application Examples Overview


Hello World – Getting Started!

Show Details

“Hello World” let’s you process your own events immediately while getting acquainted with basic tasks, such as saving ECAs (Event Correlation Applications), restarting the server, using the Event Viewer, and very common filters and parameters, such as the Edit Field Filter and the Count Unique Events Filter, and the frequently used Condition, Action List, Expression, and Time Interval parameters.

Complexity: Basic

Action Manager – Ready-to-Go Application

Show Details

The ORION Action Manager receives messages from a wide range of event sources and initiates user defined actions. Different actions can be taken based on configurable time windows during which individual messages are received. The original messages and the result of their actions can be automatically emailed/paged to you and are displayed in the EventViewer console.

The Action Manager can run local commands on Windows and Linux, run remote ssh and telnet commands, and run email-only actions.

Actions can be triggered by messages from local and remote Windows Event Logs, local and remote Windows and Linux text logs, email, Syslog, SNMP, and raw TCP/IP messages, as well as a built-in calendar scheduler.

ORION Action Manager is a Ready-To-Go Application for which you only have to specify the commands to execute, and the email server information. Certain optional remote data sources also require configuration of login accounts. This application is provided in “ORION Source Code” form, which means that you can easily customize its function in the ORION Manager user interface.

Complexity: Moderate

Windows Events to Syslog – Ready-to-Go Application

Show Details

This application centralizes Windows Event Logs without requiring a local agent on each system. It also receives syslog messages and combines them with Windows events for real-time viewing in the ORION Event Viewer or forwarding to another syslog server.

Windows events are read in real-time, which let’s you diagnose problems leading up to a Windows server crash, even if the server is no longer able to boot.

This application is a “Ready-To-Go” application, which only requires setting the login information of the remote Windows servers, and designating a syslog server to forward events to.

The application is provided as a fully customizable ORION source code application. It runs only on Windows.

Complexity: Moderate

Load Test – Ready-to-Go Application

Show Details

There is only one way to determine accurate and relevant performance numbers for complex event processing systems – that is you run your production application on your production hardware. Given a specific hardware configuration, the performance depends on the throughput of input protocols, as well as the tasks performed on each event within the filters, which can vary greatly. However, sometimes it helps to know what throughput a hardware platform is capable of. This question is answered by the Load Test application. It generates as many events as possible, injects them into ORION, counts them in a Filter Stack, and releases easy to understand summary statistics for every 10,000 input events.

Complexity: Basic

Cisco PIX to DBMS

Show Details

This application demonstrates database queuing of events in detail with a lot of event parsing and normalization. It is also a good example of a “best practices” design pattern for routing events through different filter stacks, such that the application is easily maintainable and expandable over time as message formats are added and changed. Lot’s of SQL examples are given for the use with the Sql Command Filter and also regular expression examples to parse messages with the Regular Expression Group Filter. This application uses two ECA files that communicate with each other via a database queue. The application can be split so that the event reading, normalization, and database writing takes place on one host, and the database reading and output processing takes place on another host.

Complexity: High