virtualcontext

Event correlation

Discussion created by virtualcontext on Dec 9, 2011
Latest reply on Jan 19, 2012 by ntimm

I would like to know how to correlate alerts in a little bit smarter way than we have been doing it.

 

For example, for our exchange server, we have the net connect probe checking the ports, we have the services probe checkig windows services, we have the process probe, ntevl probe, etc. All making sure email stays running 100%.

 

When we reboot the server, this generates about 30 alerts. We would like to have some dependencies. For example

 

if you cant ping the server, it is "down" and you should generate one alert for this server, not one alert for every single item it is monitoring.

 

We have critical severity alerts generating email which automatically creates a service request in our helpdesk system, which is very tedious to go and close 30 alerts every time we reboot a server, etc. It is a real hassle.

 

If anybody has any ideas, I would love to hear it.

 

Thanks,

 

Paul

Outcomes