The basic idea is to place a piece of software, an agent, on the computer to be monitored. The agent watches several sources on that computer, including the Windows Event Log, for specific events or alerts generated by the applications executing on the monitored computer. Upon alert occurrence and detection, the agent forwards the alert to a central SCOM server. This SCOM server application maintains a database that includes a history of alerts. The SCOM server applies filtering rules to alerts as they arrive; a rule can trigger some notification to a human, such as an e-mail or a pager message, generate a network support ticket, or trigger some other workflow intended to correct the cause of the alert in an appropriate manner.