With technological advances in computing, networking, and storage systems, information networks are becoming increasingly complex. Such complex information networks produce a large amount of event-based data that can be collected for network security and management analysis. The reliability of complex information networks depends on the ability to properly detect and manage problems that occur in such systems, wherein the detecting and handling of exceptional events (or alarms) plays a central role in network management. Problems can include component failures, congestion, faults, performance degradation, intrusion attempts, and other exceptional operational conditions that require handling. The problems that arise within an information network generate observable events, and these events can be monitored, detected, reported, analyzed and acted upon using automated methods.
As information networks have become more complex, the rate at which observable events occur has significantly increased, making problem management more difficult. Often, a single problem will be manifested through a large number of alarms. These alarms must be analyzed and correlated to determine their causes so that problems can be handled effectively. Automated event correlation and management techniques are utilized to reduce the number of symptoms in a system which needs to be analyzed, and to accurately determine the number and identity of discrete problems which need to be rectified. Unless events are correlated, a single problem in a single subsystem could result in multiple, uncoordinated corrective actions. Accordingly, the implementation of fast and efficient event correlation methods for problem detection can lead to great improvements in the quality and cost of information network management.