christopher.harris

Best practice for alerting only after multiple occurrences?

Discussion created by christopher.harris on Jul 27, 2009
Latest reply on Oct 5, 2009 by keith_k
I have a number of cases where I need to monitor for multiple
occurrences of an event (or performance counter) within a period of
time. I know that I can use ntevl to look for the event and can use the
NAS to hide/show the alert and send an email only after multiple
occurrences. To do this I believe it will require the following (please
correct me if I'm wrong):
  • A profile in the probe (ntevl or ntperf) to monitor for the event
  • An AO profile to make the first alert invisible
  • An AO profile to make the alert visible if the Message Counter exceeds x
  • An AO profile to clear the alert if there are no additional events with y minutes
Setting
this up once isn't that big of a deal; however, by the time I get
setting up all of our monitoring I anticipate having dozens of such
cases.

My concern is that there is no clear link between the
profe profile and the various AO profiles. This means that a month from
now it will be very challenging for me - and especially anyone else -
to figure out how things work.

Are there any best practices for setting up monitoring of this type?

Thanks,
Chris

BTW
- I realize that this functionality is built into the CDM probe, but
that applies to only a microscopic subset of performance counters.

Outcomes