A key feature of the monitoring systems is theAlerting subsystem.

Thanks to it you can immediately notify IT managers of what is going on and activate the appropriate troubleshooting actions .

In the absence of an Alerting system IT administrators will be notified by the complaints of its customers who rip their clothes off because they cannot receive email or because they have to enter an order in a system that is not currently online .

Monitoring systems were born to avoid this negative scenario!
Now every IT administrator who takes advantage of these systems is promptly notified when a service is not working correctly so that he can restore it even before the users could notice.
But a new problem comes after the solution!
A first problem occurs during an event with a strong impact on the IT infrastructure, in this case monitoring systems tend to send an abnormal amount of emails and text messages and behave as if they were carrying out a dos attack to  IT services managers  mailbox or mobile phone.

A further problem arises when a device malfunction such as a router makes inaccessible a whole range of services that are reached through it. Even in this case, a monitoring system will send a notification for  the  router failure  and then one for each service that will not be reached .
In both cases, we have a monitoring system that sends a myriad of alerts  that probably will not be taken into consideration and that could also lead to the decision  of disabling  the alerting system .
How do we solve this problem ?
A modern monitoring system makes use of the following features :
a)  Accessibility Relationship

b ) Dependency Relationship
c)  Anti-flooding Filters

The Accessibility Relationship allows you to identify all the services and systems that are achieved through an intermediate system (typically, switch or router).
When the intermediate system will not work all the elements, that are reached through him, will be inaccessible . In this case, the monitoring system will send an alertonly and all not reached items will be placed  in a state of "  unreachable " without sending any other alert .
The Dependency Relationship behaves in a similar way but identifies the dependency between services. If a service operation requires a main service, we will say that the first service is dependent on the second one. If the main service will be in a critical state , of course, all the services that depend on it will find themselves in the same state . The monitoring system will send an alert only for the main service mulfunction .
The Anti-flooding Filter
is a powerful tool that allows you to prevent from alertsflooding inside  mailboxes or mobile phones.
This filter uses an observation window, for example 30 minutes, and a maximum  number of alerts that we want to receive within this window .
A classic flooding filter  is "Send Me A maximum of 5 alerts every 30 minutes."
In this case, if you exceed the number of 5- alerts within 30 minutes, starting from the sixth one they will be stored and sent all concentrated into a single alert message at the end of the observation window .

Copyright 2014 - Fata Informatica s.r.l.