Unsolicited notification messages are typically sent by computer devices within a network to one or more predefined management stations to report status and abnormalities within the network. Such computer devices include, but are not limited to, routers, switches, hubs and servers that are connected to the network. The unsolicited messages that are sent to the management stations, report device and network abnormalities from many diverse products and technologies, as well as service problems.
The notification messages have unique product identifiers, product centric text, non-standard style formats, and inconsistent technical level content which results in very few of the notification messages being understandable by any typical network operation personnel. The notification messages are referred to as alarms, events, traps, syslog messages, and often contain variable contents that alter the meaning of the messages. Simple network management protocol (SNMP) traps are one example of the unsolicited messages.
As known in the art, a trap is an event that an SNMP enabled device, such as a router, transmits to a network management station, wherein the event is a change in the operation status of a router. SNMP traps often average over one thousand (1,000) characters in size and can utilize large amounts of network resources to process at the management station. In some environments, it is not unusual for millions of these notification messages to be generated on a daily basis. All of these notifications are typically logged to a single file, where they reside until they are eventually archived for long term storage.
The Internet engineering task force (IETF) has defined the structure and protocol for some of these SNMP traps, as well as defining the contents of five standard SNMP traps. Some products have “enhanced” these standards by adding additional variables to refine the meaning of the trap, which effectively make the trap nonstandard. The IETF addressed the unique requirements of the product by defining an enterprise specific SNMP trap, which allows each enterprise or product to define unique messages and variables that will be “enveloped” into the SNMP trap. While the enterprise specific SNMP trap provides a powerful function for defining enterprise specific traps, it also complicates standardization efforts.
In addition to these network device generated notifications, network management applications typically perform status polling or network interface reachability monitoring that often results in the generation of additional notification messages to report these reachability exceptional conditions.
Unfortunately, there is no method of translating these diverse notification messages into a common format and terminology, since each product vendor documents its own unique messages and the product vendors have no interest in working with their competitors to resolve the inconsistencies. To further complicate this process, the many acquisitions and mergers of products over the years has resulted in the same lack of standardization within individual company product lines. Many of these notifications report status with numerical values representing a status or textual meaning of parts of the entire message. The numerical values are referred to as enumerated values wherein the enumerations are unique to each product and technology, also requiring translation to human readable format.
Network operation managers find it difficult to build or maintain a staff to cover the many products, services, and technologies included in modern networks. Therefore, in many cases, critical status messages are logged with millions of other messages, with no indication of the critical message ever presented to the responsible manager because the meaning and importance of the message was not understood.
Complex communication networks and emerging technologies require new methods to monitor the status of all products, components, and functions that are part of these networks. Problem identification, symptoms vs. problems, and efficient correlation are becoming more difficult using current processes and tools.