Overview of Core

1. Multiple agents can live underneath omosd.
2. Agents can be passive, for example, listening to Syslog, or TRAPs; or, active, for example, pinging, SNMP and polling.
3. The agents are extremely 'chatty' picking up bits of information and forwarding the data to omosd.
4. When omosd receives the information, rules in the alert_rules table instruct omosd to take information from the agent and translate it into a new alert or event.
   1. In the alert_rules table, the filter field contains syntax that allows you to set Boolean conditions on the values that are passed from the agents to omosd. If the Boolean conditions equate to a value of TRUE, a new alert, and a new alert event are created in the rivermuse database. If the Boolean conditions evaluate to FALSE, omosd will move onto the next filter. If the Boolean condition evaluates to FALSE on all the filters, omosd will apply a hardcoded default rule.
5. omosd and the agents input alerts and events into the rivermuse database.
6. yarpd monitors the the rivermuse database for new alerts, or changes to alerts.
7. yarpd has a set of 'watch' conditions, so yarpd is informed when specific actions occur.
8. On acknowledgement of a new alert or change to an alert, yarpd executes the rule logic present in the database to perform correlation, which can be actions on the database, and the running of external actions (scripts).
   1. In the the alert_rules table, the discriminator field dictates whether an alert is unique for deduplication. In the alerts table, if you try and create an alert with the same discriminator, RiverMuse will automatically deduplicate the alert.