Skip to main content
Version: 1.15.1

Event Types and Processing

You can integrate your SimpleOne instance with any preferred active monitoring system (AMS) for supervising the stability and performance of your system.

The primary function of an AMS is to query the observation object statuses and generate alerts if necessary. After that, using the data exchange mechanism between the AMS and the SimpleOne instance, based on these alerts, events are created with the required notification type and some parameters set by the monitoring rules. These may be information events, warning events, exception events, and instructional events.

The following scheme shows the whole process of the monitoring and event management:

Information events

Information events respond to similar non-critical events accumulated over a certain period.

An example of an information event is a user authorization notification. An incident is triggered when many similar events occur within a specified period. For example, ten login attempts by the same user per minute.

The processing of information events using the events correlation engine is listed below (we will use the example with the login attempts):

  1. The AMS sends a message about every unsuccessful attempt to log in to the system.
  2. The Monitoring and Event Management module collects ten login attempts of the same user per minute.
  3. The system raises an incident about the suspicious activity. In this case, the revalidation period is not used.

Warning events

Warning events track whether a service or device parameters have reached a threshold value. An example of a warning event can be low disk space.

The processing of warning events using the events correlation engine is listed below (we will use the example with the disk space):

  1. The AMS throws an alert: "disk space is running out, X Mb left".
  2. On the SimpleOne instance, in accordance with the monitoring rules specified, the Warning event is created, based on the alert and in the Active state.
  3. As opposed to the Exception events, the system does not start counting down the revalidation period. In accordance with the settings specified, to launch the revalidation period, there must be two active Warning events for this alert.
  4. If the second Warning event is received, then the revalidation periods starts. The period should pass before any actions can be undertaken.
  5. After the period expires, the system checks the state of the events associated with the message (the monitoring system updates message states, and the event states synchronize with them):
    1. If all the events are still Active – raise an incident immediately.
    2. If at least one event is Inactive, then the incident will not be raised.

Exception events

Exception events determine whether a metric for a service or a system component has reached a specified breach value. An example of an exception event can be unavailability of a server or any other crucial service.

The processing of exception events using the events correlation engine is listed below (we will use the example with the server):

  1. The AMS sends a message: server is unreachable.

  2. On the SimpleOne instance, in accordance with the monitoring rules specified, the Exception monitoring event in the Active state is created based on the message.

  3. The event is checked against an event rule. The system starts counting down the revalidation period (for example, the period is three minutes).

  4. The revalidation is executed when the period is over.

    note

    If the Ignore event correlation checkbox is selected in the event rule, the actions for this rule are performed without the revalidation period. Unlike other types, the related actions for the exceptional events are executed on every message received, regardless of whether they were performed on the previous message or not.

  5. Once the period expires, the system checks the state of the event associated with the message (the monitoring system updates message states, and the event states synchronize with them):

    1. If the event state is still Active – an infrastructure incident is created.
    2. If the event state is changed to Inactive, the incident is not created.

Instructional events

Instructional events inform about the need to perform instruction-based tasks, for example, routine maintenance.

Unlike the other event types, instructional events do not result in incidents. However, a timely response to these events is important as it helps avoid future incidents.