Decision-making algorithms for Alerting (ADA)

System administrators of larger infrastructures can be overwhelmed by the amount of events that occur. Soon important events are overlooked. Events can  trigger actions. Actions include:

  • Sending an alert email.
  • Executing a program or command script.

Quantellium provides mechanisms to separate important events from unimportant ones and triggers actions for those events that meet certain criteria or a certain priority level! Quantellium offers two different decision-making algorithms: Static and Device rank.

Realize that all events are received and displayed, but that only those events that are important enough can trigger actions! The ADA algorithms determine whether an action should follow, not whether an event should be blocked!

Examples of the severity of events

  1. An “No repoonse” event from a router in your network is likely to cause problems that require urgent attention, while the same type of event does not raise an eyebrow from a user’s PC!
  2. Power loss in the computer room can cause system crashes, file system damage, and data loss. To prevent this, many organizations use a UPS. You probably want to receive an alert for any type of event that occurs on a UPS device (low battery, overload, source power failure, faulty fan).
  3. An impact of the failure of a heavily loaded production server is most likely higher than the same failure of a test server. You probably want an alert from the first and the second is less important!

Static ADA

Static ADA is based on user defined static alert settings at the Class level.

The screenshot shows the default set of Classes and their Static ADA settings (dcETAF column). All event-types from Firewall or UPS devices can trigger actions. A trap that has been sent by a printer, will not trigger an action but a “No response” event will.

Static ADA does not distinguish between a production server and a test server. Both are servers! If you want to apply different alert settings for different server types, you should define a new class (or clone an existing) for each type of server.

Device rank ADA distinguishes between servers. Test servers are probably getting a lower rank!

Device Rank ADA

Device Rank (DR) ADA, is the name of the functionality to rank devices based on their role, behavior, use and importance in the network! The higher the rank, the more important the device.

Device Rank ADA probably reduces the number of alarms even more than static ADA, but it also carries a risk! Events of devices classified as “low priority” can be wrongly ignored! In order to limit this risk, Device Rank is only activated if:

  1. SNMP is enabled and correctly configured on at least 70% of the devices in a project.
  2. Quantellium has “learned” the network for at least 2 weeks.
  3. It is manually selected on the Administration | Various system settings page.

Regardless of the setting, Quantellium is run in static ADA mode until both criteria are met!

For new projects, static ADA is selected by default. 

How to enable Static or Device Rank ADA

To switch between Static- and Device Rank ADA:

  1. Log on with Administrator rights
  2. Select Administration | Various system settings from the main menu
  3. Select the ADA type of your choice from the listbox on the Alerts and Notifications pane

The active ADA setting can be checked by looking at the upper right corner of a Quantellium web page.

To adjust the Static ADA settings for a Class:

  1. Log on with Administrator rights
  2. Select Classes from the main menu of the left.
  3. Click the Modify link of the Class whose settings you want to change

The screenshot above shows the Device list while Device Rank ADA is enabled (yellow ellipse). The rank of a device (green ellipse) has a direct relationship with the alerting schedule.