Sensory Overload
Too much of a good thing can be bad. While it's great to be notified about a problem, receiving 500 or 1,000 notifications is impossible to deal with.
This is an all too common a problem with monitoring systems. You can receive a "flood" of notifications that make it difficult to figure out the real problem.
Various strategies can be used to overcome this problem. While they are helpful, they often only cover a small percentage of the problems that arise in the real world.
JavaScript
JavaScript is a scripting language developed by Netscape and first released in 1995. The name has been confusing and a source of controversy because of its suggestion of a connection to the Java™ language.
JavaScript shares some syntax with Java, but it is quite a different language. It was designed to be easier to use for non-programmers.
For more information, see the Wikipedia article on JavaScript.
Notification Correlation
Monitoring systems often generate multiple events when things change. To fully understand what is happening, you need to look at a group of events. As an example, a service may send an SNMP trap whenever it terminates. It may also send a second trap explaining why it is terminating or no second trap if it terminates because of a fault. You may need to take some action when a service terminates because of a fault. But a service terminating because the operator stopped it for regular maintenance is not a problem. ArteMon's notification correlation capability lets you handle these situations.
Defining Correlation Groups
In ArteMon, a correlation group is a set of notifications that are handled as a group. The group is defined by giving it a name and the set of notifications that make up the group. When a notification that is in a correlation group is generated, it is not sent to any action handler. Instead, the notification is added to a collection for the group and a timer is started. When you define a correlation group, you provide a delay time. This time is used to set an interval for the timer. Any additional notifications that are generated before the timer expires are added to the group's collection of notifications. When the timer finally expires, JavaScript code is executed to process the group of notifications. The JavaScript is provided as part of the correlation group's definition.
Taking Action
How do you handle a group of related notifications? To provide as much flexibility as possible, ArteMon executes a JavaScript defined as part of the group. This group has access to the collection of notifications received during the delay interval. The script can cancel any or all of the notifications. It can even generate an entirely new notification. And the script can also modify details of any of the notifications, including changing their severity levels.
