Computer devices associated with a communication network typically report exceptions and abnormalities within the network by sending unsolicited messages to one or more predefined management stations. Such computer devices include, but are not limited to, routers, switches, hubs and servers that are connected to the network. The unsolicited notifications that are sent to the management stations, report device and network statuses and abnormalities from many diverse products and technologies.
The notifications have unique product identifiers, product-centric text, nonstandard style formats, and inconsistent technical level content which results in very few of the notifications being understandable by any typical network operation personnel. Simple network management protocol (SNMP) traps are one example of the unsolicited messages. As known in the art, a trap is an event that a router transmits to a network management station, wherein the event is a chain in the operation status of a router. SNMP traps often average over 1,000 characters in size and can utilize large amounts of network resources for transmission to the management station. In some environments, it is not unusual for millions of these notification messages to be generated on a daily basis. All of these notifications are typically logged to a single file, where they reside until they are eventually archived for long term storage.
The Internet engineering task force (IETF) has defined the structure and protocol for these SNMP traps, as well as defining the contents of five standard SNMP traps. Some products have “enhanced” these standards by adding additional variables to refine the meaning of the trap, which effectively make the trap not standard. The IETF addresses the product's unique requirements by defining an enterprise unique SNMP trap, which allows each reporting device to define unique messages and variables that will be “enveloped” into the SNMP trap. While this SNMP trap provides a powerful function for defining enterprise specific traps, it also complicates standardization efforts.
In addition to these network device generated notifications, network management applications typically perform status polling or network interface reachability monitoring that often results in the generation of additional notifications to report these reachability exceptional conditions. As an example, a single network circuit failure, such as, but not limited to, malfunction of a router may result in several network devices generating unsolicited notification messages to report multiple symptoms of the failed router, as well as notifications that may not be related to the specific router malfunction. At the same time, a network management application may generate hundreds of notifications reporting the inability to reach interface addresses on the far side of the failed router.
Another example may be where multiple network devices are connected together using a wide area network (WAN) or local area network (LAN) and a circuit connecting them is unstable such that the connection between the multiple network devices transitions between a good state and a bad state repetitively. In this situation, other affected network devices, as well as the management application, may generate many thousands of error notifications due to the single router failure. In addition to these network detected exceptions, many network users will be impacted by the failure, resulting in many additional problems being reported.
Unfortunately, there is no method of translating these diverse notification messages into a common format and terminology, since each product vendor documents its own unique messages. To further complicate this process, the many acquisitions and mergers of products over the years has resulted in the same lack of standardization within individual company product lines. Many of these notifications report status with numerical values representing a status or textual meaning of parts of the entire message. The numerical values are referred to as enumerated values wherein the enumerations are unique to each product and technology, requiring these specialized applications to translate the enumerated values to human readable format.
As noted hereinabove, the degree of complexity exists in processing high volumes of unsolicited notifications as well as providing a method to present these cryptic, complex, product-centric notifications to personnel who must interpret the meaning of the unsolicited notifications.