You can integrate your SimpleOne instance with any preferred active monitoring system (AMS) for supervising the stability and performance of your system. The AMS primary function is to query the observation object statuses and generate alerts if necessary. After that, using the data exchange mechanism between the AMS and the SimpleOne instance, based on these alerts, events are created with the desired notification type and some parameters set by the monitoring rules. These may be exception events, warning events, and information events.
The following scheme shows the whole process of the monitoring and event management:
Exception Events
Exception events have the highest priority on this list. An example of an exception event can be unavailability of a server or any other crucial service.
The processing of exception events using the events correlation engine is listed below (we will use the example with the server):
- The AMS sends a message: "
server is unreachable". - On the SimpleOne instance, in accordance with the monitoring rules specified, the Exception monitoring event is created, based on the message and in the Active state.
- The event is checked against an event rule. The system starts counting down the revalidation period (for example, the period is three minutes). The revalidation is executed when the period is over.
If the Ignore event correlation checkbox is selected in the event rule, the actions for this rule are performed without the revalidation period. Unlike other types, the related actions for the exceptional events are executed on every message received, regardless of whether they were performed on the previous message or not.
- Once the period expires, the system checks the state of the event associated with the message (the monitoring system updates message states, and the event states synchronize with them):
- If the event state is still Active – an infrastructure incident is created immediately.
- If the event state is changed to Inactive, then the incident is not created.
Warning Events
Warning events have a lower priority than exceptions. An example of a warning event can be low disk space.
The processing of warning events using the events correlation engine is listed below (we will use the example with the disk space):
- The AMS throws an alert: "
disk space is running out, X Mb left". - On the SimpleOne instance, in accordance with the monitoring rules specified, the Warning event is created, based on the alert and in the Active state.
- As opposed to the Exception events, the system does not start counting down the revalidation period. In accordance with the settings specified, to launch the revalidation period, there must be two active Warning events for this alert.
- If the second Warning event is received, then the revalidation periods starts. The period should pass before any actions can be undertaken.
- After the period expires, the system checks the state of the events associated with the message (the monitoring system updates message states, and the event states synchronize with them):
- If all the events are still Active – raise an incident immediately.
- If at least one event is Inactive, then the incident will not be raised.
Information Events
Information events are the lowest-priority events, and they are merely informational. An example of an information event is a user authorization notification. It is only necessary to obtain many similar events for a specified period, for example, ten login attempts of the same user per minute.
The processing of information events using the events correlation engine is listed below (we will use the example with the login attempts):
- The AMS sends a message about every unsuccessful attempt to log in to the system.
- The Monitoring and Event Management module collects ten login attempts of the same user per minute.
- After that, the system raises an incident about the suspicious activity. In this case, the revalidation period is not used.
