Event Management Purpose
The purpose of managing events throughout their lifecycle is the purpose of event management. This life cycle of activities detects events, makes sense of them, and determines the appropriate control action coordinated by the event management process. Event management is, therefore, the basis for operational monitoring and control.
Event: Any change of state that has significance for the management of a service or other configuration item (CI). (ITIL4 Practice)
Monitoring and event management is used to manage events throughout their lifecycle to understand and optimize their impact on the organization and its services.
Monitoring and event management includes identification and categorization, or analysis, of events related to all infrastructure levels and service interactions between the organization and its service consumers. Monitoring and event management ensures appropriate and timely response to those events.
When events are programmed to communicate operational information such as warnings and exceptions, they can be used as the basis for automating many routine operational management activities.
For example, running scripts on remote devices, submitting jobs for processing, or even dynamically balancing service demand across multiple devices to improve performance.
An event can be defined as any status change that is important for managing a configuration item (CI) or an IT service. Events are usually recognized by notifications created by an IT service, CI, or monitoring tool. An effective service operation depends on knowing the condition of the infrastructure and identifying deviations from the usual or expected process.
Monitoring and event management data and information are an important input to many practices, including:
- incident management
- problem management
- information security management
- availability management
- performance and capacity management
- change enablement
- risk management
- infrastructure and platform management
- software development and management
The objectives of the event management process are to:
- Detect all changes of state that have significance for the management of a Cl or IT service
- Determine the appropriate control action for events, and ensure these are communicated to the relevant functions
- Provide the trigger, or entry point, for the execution of any service operation processes and operations management activities
- Provide the means to compare actual operating performance and behavior against design standards and SLAs
- Provide a basis for service assurance and reporting and service improvement.
This can be achieved through good monitoring and control systems based on two types of tools: Active monitoring tools that query key CIs to determine their status and availability. All exceptions generate a warning that must be forwarded to the appropriate tool or team for action.
Passive monitoring tools that detect and correlate operational alerts or communications generated by CIs. Area of application Event management can be applied to all aspects of service management that need to be controlled and automated. This includes configuration items (CIs). Some CIs are included because they need to be kept in a constant state.
For example, a network switch needs to stay on, and event management tools confirm this by monitoring responses to ‘pings.’ Some CIs will be included because their status needs to change frequently. Event management can automate this and Update the configuration management system (CMS) (e.g., updating a file server).
Environmental conditions (e.g., fire and smoke detection). Software license monitoring for usage to ensure optimum/legal license utilization and allocation.
Security (e.g. intrusion detection).Normal activity (e.g., tracking the use of an application or the performance of a server).
The difference between monitoring and event management Monitoring and event management are closely related but slightly different.
Event management is focused on generating and detecting meaningful notifications about the status of the IT infrastructure and services. While it is true that monitoring is required to detect and track these notifications, monitoring is broader than event management. For example, monitoring tools will check the status of a device to ensure that it is operating within acceptable limits, even if that device is not generating events. Put more simply. Event management works with occurrences that are specifically developed to be monitored. Monitoring tracks these occurrences, but it will also actively seek out conditions that do not create events.
Event Management – Value to Business
Event management’s value to the business is generally indirect; however, it is possible to determine the basis for its value as follows:
Event management provides mechanisms for the early detection of incidents. In many cases, the incident can be detected and assigned to the appropriate group for action before any actual service outage occurs. In addition, when integrated into other service management processes (such as, for example, availability or capacity management), Event management can signal status changes or exceptions that allow the appropriate person or team to perform early response, thus improving the performance of the process. This, in turn, will enable the business to benefit from more effective and more efficient service management overall.
Event management provides a basis for automated operations. Thus, increasing efficiency and allowing expensive human resources to be used for more innovative work. Such as designing new or improved functionality or defining new ways the business can exploit technology for increased competitive advantage. Event management can have a direct bearing on service delivery and customer satisfaction. As an example, an automated teller machine may generate event notifications that indicate the device is running low on cash—potentially avoiding the failure of the cash withdrawal portion of that service and its immediate impact on customer satisfaction.
Event Management – Types of Events
There are three types of Events:
These events only provide us with information like a scheduled workload has been completed. A user has logged in to use an application. An email has reached its intended recipient.
These events will provide us alerts when set thresholds levels have been achieved. For example, a server’s memory utilization reaches within 5% of its highest acceptable performance level. The completion time of a transaction is 10% longer than usual.
These events indicate that a CI or service operates abnormally. When a user attempts to log on to an application with the incorrect password. A device’s CPU is above the acceptable utilization rate. A PC scan reveals the installation of unauthorized software.
Warning events signify unusually, but not exceptional, operation. These are an indication that the situation may require closer monitoring. In some cases, the condition will resolve itself; for example, in the case of an unusual combination of workload, a regular operation is restored as they are completed. In other instances, operator intervention may be required if the situation is repeated or continues for too long. These rules or policies are defined in the monitoring and control objectives for that device or service.