ABSTRACT
The previous chapter discussed generating system events from logs, which is a passive approach, where the events can only be obtained after the computing systems output their logs. This passive approach is only applied to offline system analysis and is limited by the information described by the logs. Modern system management often seeks an active approach that can capture system events on its own initiative. This active approach is also known as monitoring.
