When reviewing the new Rule creation method in LM, the use of the Tags has taken a more prominent role compared to the legacy (is it too early to call them legacy?) Syslog and Trap viewer rules.
What I would like to propose is that when creating a rule which has a Tag message as an action, that this be applied, or at least the option to apply to historic data as well.
- Most commonly rules/alerts are created after the reception of a message has been identified as being alert worthy. Therefore retrospectively marking historic event messages matching the criteria will allow historic analysis to be performed much easier
- With the ability to chart event data, seeing quantities of events received is important
- Reporting will be accurate across the full timescale of the log data
I appreciate this will place a greater load on the database to apply, but this is suitable work for the CLR within SQL Server.
Installation | Consultancy | Training | Licenses