Step 6: Handling Stored A-events
|Top Previous Next|
This step corresponds to test_agg_lib_6.
Stored A-events, as their name implies, are first stored on the device. Stored A-events are kept in the log table, and log tables are handled by the TBL library [not yet documented]. Each stored A-event is kept in the log until the AGG library has a chance to send it to the AggreGate server. Once recorded, these A-events won't be lost. Having an AggreGate server connection is not a precondition for the generation of stored A-events. The disadvantage is somewhat heavier implementation and slower event handling speed.
There will be a separate log table [not yet documented] (and a file on the flash disk) for each type of stored A-event in your application. This is because different A-event types can potentially have a different set of fields and, hence, the different storage format.
Another important point to discuss: if you come from a field like access control or IT, then you may be accustomed to a certain way of using the term "event". You probably dealt with events like "access granted", "access violation", "access denied", and so on. Each one of those is considered to be a separate "event".
With AggreGate, if it comes from the same log table, then it is the same A-event. The ACE A-event below is generated on "access granted", "access violation", etc., yet it is all the same single event called the "Access Control Event (ACE)". It is the event description that differentiates each ACE A-event instance. Keep this in mind when reviewing the code added in step 6.
- The DT field for storing the date and time of the event.
- The AEL field for event the level. Stored A-events, like instant A-events, have the default event level which can be overridden. To be able to override, have a special field named AEL (A-event level) in your log table. This field must be of the byte type, with possible values from 0 to 5. Once you have the AEL field in the table, the event level for each particular event instance will come from this field.
- The DS field carrying the event description (like "access granted", "access violation", etc.). Notice how this field's size is only four characters — how can we possible fit a meaningful description in four characters?.. Read on and you will know!
To be able to see instances of your new event, right-click on the device in the tree and choose Monitor Related Events.