...
A minimum install of opEvents 4 requires NMIS 9 as the base and requires a minimum of 4vCPU and 8GB-RAM as a starting point8GBRam. However, operational system resource requirements will depend highly on the number of devices, interfaces being collected, additional of syslog processing and maximum number of events / minute to bee handled. More information can be found HERE: Plan
...
Configure opEvents for Device Dependency Dependency Mapping
If you have opCharts installed with NMIS9 and opEvents4 you should configure opCharts for automated dependency mapping, AND configure opEvents to process events from a JSON stream. The following links detail how to configure each option.
Scenario: A firewall has been misconfigured, preventing traffic from passing through the firewall. As NMIS attempts a Ping or SNMP/WMI Collection on devices behind the firewall individual Node Down events are raised for each non-responding device. Dependency Mapping has been configured, and opCharts has mapped parent/child relationships for devices beyond the firewall, identifying common routings like server → switch → router → firewall. These relationships are stored with each device's details in NMIS and are used when processing the Node Down event; child outages are suppressed in favor of the parent outage until the only reported outage passed to opEvents is that of the Firewall.
opCharts must be configured to map device dependency, NMIS to hold events while parent/child dependency is determined, and opEvents to process the modified event stream:
Add/Edit Correlation Rules
Correlation rules allow opEvents to consolidate multiple events reported within a specified window of time based on selected common fields.
Scenario: During a regional power outage several devices located within that area loose power and due to lack of battery backup or alternate power source shutdown. As NMIS attempts a Ping or SNMP/WMI Collection on these devices a Node Down event is raised for each non-responding device. Normally, opEvents would see these as individual events, creating multiple notifications. By enabling a Location based Correlation rule opEvents instead groups these Node Down events into a single event making it easier for the engineer to see the scope of the problem. This approach also has the added benefit of reducing ancillary notifications, like EMAIL, SMS/Text, and opening help desk tickets.
This solution guide provides an excellent example of configuring a Correlation based on a device's Location field: opEvents - Solution Guide - Event Consolidation Based on Location
...