In the field of network monitoring, devices dispersed throughout one or more networks may monitor device statistics and provide either individual device statistics or network-based statistics in real-time (or near real-time) to a central repository or collection and correlation. In different monitoring environments, different amounts of processing happen at the device that is initially collecting the metric (e.g., device statistic). After or as part of collection, some amount of processing may happen locally at the collecting device prior to transmission to the central repository (or storing locally in some configurations). Of course, different networks (e.g., subnets) may be partitioned such that there are different places where historical monitoring data may be stored. For example, each network portion (e.g., subnet or set of subnets) of a corporate network may feed all of the data collected for that network portion to a single repository (e.g., designated to be associated with that network portion). In other cases, data may be stored locally on each device and periodically gathered for analysis. In yet another case, there may be a single comprehensive repository for all metric data. Many different configurations are possible.
Metrics collected may represent the state of the device (e.g., CPU utilization, dropped packets, active sessions, denied packets, etc.) or may represent the state of the network (e.g., packet collisions, network throughput, percentage of broadcast packets, etc.). Also, monitors may be in place to issue events or alerts. In the case of alerts, they may be issued based on detection of a network occurrence (e.g., router unreachable, DNS service not available, etc.) or a monitored metric crossing a threshold (e.g., CPU utilization over 80%, available storage under 20%, etc.). In the case of events, the data may simply represent a current value that may be monitored to collect time series data and the event may be generated based on a value change or periodically at different time internals (or a combination of both). Monitors represent computer processes that, as the name implies, track a value and may have knowledge of what that value (e.g., of a metric) should typically be. Monitors may react to instantaneous metric values or metric values over a period of time. In any case, monitors may be in place to assist network administrators maintain the quality of service of the network (e.g., uptime, performance).