Table Of Contents

Previous topic

Introduction

Next topic

Reef Landing Pages

Overview

Abilisoft Reef is a web-based event management platform that gathers and manages infrastructure events. Reef accepts inbound events and processes them, performing automatic de-duplication and correlation of any events with matching criteria. Event de-duplication reduces the number of actual events that need to be maintained by the system by matching events with the same key and merging them. Event correlation finds matching fault and clear events in order to automatically clear a fault condition, reducing the user’s workload.

This section is purely background information but can be useful. However, if you want to get to the nitty-gritty on how to use Reef then skip this section and continue from Reef Landing Pages.

Architecture

The figure below, General Architecture, depicts Reef with some example event sources depicted on the left.

_images/reef_arch.png

General Architecture

Reef consists of two main components, the Reef Client and the Reef Server.

  • The Reef Client is an application that runs inside a Web Browser. It interacts with the Client Services interface provided by the Reef Server in order to provide the user with a set of dashboards that present event information. Furthermore the Reef Client allows the user to browse, take ownership, clear and delete events.
  • The Reef Server has two roles. Firstly, it provides an Event Processor which processes and stores received event data. Secondly, the server provides a Client Services interface to support Reef Client operations.

Your administrator will probably already have configured event sources for Reef, however if you require more information, it is available in the Reef Administration Guide.

Reef Events

A Reef Event is a simple structure that describes a condition that an event source has encountered. Events arrive at Reef over the HTTP protocol. It doesn’t matter if you don’t understand what HTTP is, it basically means that events are sent by various event sources to Reef ‘over the web’. Events can arrive individually or in batches and Reef will process and store them.

Each Reef Event will consist of a set of fields, none of the fields are mandatory but to get the best out of Reef some have a special purpose and are used during event processing. The event fields aren’t described here, refer to the Reef Administration Guide for more information on those. Post processing, we prefer to call the processed event simply an Event and each Event has a number of attributes which are described in the table below.

Attribute Description
key A unique identifier that defines the source of the event and can be any value. Reef uses the key to perform automatic event de-duplication and correlation.
label A short event descption.
type This attribute specifies the type of event and will be one of the following values; fault, clear, info, unknown. Reef uses the type attribute to perform event correlation.
severity This can be any value but Reef will colour-code event severities it recognises. Recognised severities include: critical, major, minor, info and unknown.
count This attribute records the number of Reef Events with matching key fields the event processor has encountered during an Event’s lifetime.
state The event processor will update the state of an event over its lifetime. A new Reef Event whose key has not been seen before will have a state of new. As subsequent Reef Events arrive, the processed Event will have its count increased and its state set to updated. If the event can be automatically correlated its state will be set to auto_cleared. If the event is manually cleared it’s state will be set to man_cleared.
node This is the host or fully-qualified domain name that was set by the event source. If the event source did not set a node name then Reef will attempt to infer it.
ip This is the IP address that was set by the event source. If the event source did not set an IP address then Reef will attempt to infer it.
first seen This is the date and time the event with this key was first seen.
last seen This is the date and time the event with this key was most recently seen.
expires If the event has been automatically or manually correlated this attribute specifies the event’s expiry time. This is the time at which the event will be removed from the event list.
owner Users can take ownership of an event and as such this attribute will be populated with their username.
group A group identifier, user defined at the source with no special meaning to Reef.
source The source of the event.
description A long event description.

You can use the Reef Client to examine event attributes in detail. There are other event attributes not discussed here because their content and meaning is implementation specific, so talk to your administrator for clarification.

Additional Event Fields

Inbound Reef Events may contain fields that the event processor does not recognise but that’s okay. The event processor will still store these additional attributes and make them available for inspection in the Reef Client.

Event Logs

During an event’s lifetime its attributes might be modified, for example an event source may send a Reef Event with a modified severity. When this happens, the event processor will create an Event Log entry which will be available for inspection in the Reef Client.

Event Ownership

Using the Reef Client a user can take ownership of an events by acknowledging them. Once an event is acknowledged the user’s username is recorded in the owner attribute.

Event De-duplication

Inbound Reef Events with the same key value won’t be recorded in the Reef database separately, rather the existing event’s count will be incremented and any field changes made and logged. This provides a natural de-duplication scheme driven by good practice in defining suitable keys at the event source.

Event Correlation

The Reef event processor will, during event insertion, check if the type of an event constitutes an automatic clear action. This provides an automatic correlation capability. Events can also be manually cleared via the Reef Client.