Wednesday, May 27, 2009

Minimizing the impact of Alarm Storms...

I was working with a client today that just converted to dopplerVUE from a “traditional" log system that uses an event viewer to display each individual event. This was a big problem because he could not see how many different types of problems were occurring. The screen refreshed so fast leaving him with a new batch of alerts that he was unable to read or interpret since the last batch of alerts displayed. Let me show you an example of the screen and the problem:

In the below screenshot, identical copies of alarms are displayed in a new row.









Example 1: syslog event viewer

This type of event viewer becomes nearly useless when you are getting a large volume of alarms. Often times, the most valuable alarms are hidden in the clutter and are off the screen before you can react. You can only see the last few alarms and they may not be the critical ones.

These systems provide filtering to help you go back and search the log history. This is good if you want to get more detail about an old alert and you were able to write down or memorize the syntax. But, an even better way exists…

The dopplerVUE and NeuralStar displays are designed to consolidate identical alarms into a single row and display the total count and the first and last time when these alarms began occurring.








Alarm grid from dopplerVUE (http://www.dopplerVUE.com)

In this picture, you can clearly see what the different types of alarms are, how many of them have occurred and when they started occurring. Now, real time monitoring of alarm conditions has value and is actionable. In this display, you even have syslog, snmp performance, snmp traps aggregated side by side for a complete picture.

No comments:

Post a Comment