Journal of Network and Systems Management

, Volume 15, Issue 4, pp 481–502 | Cite as

Event Correlation in Integrated Management: Lessons Learned and Outlook

  • Jean Philippe Martin-FlatinEmail author
  • Gabriel Jakobson
  • Lundy Lewis


When event correlation was first used in integrated management, in the early 1980s, several techniques devised by the artificial intelligence and database communities were applied to network element management for analyzing alarms sent by expensive, self-monitoring telephone switches. Today, it is used for detecting faults in wireless networks, for monitoring the performance of commodity, often non-self-aware devices in enterprise networks, for detecting intrusions in firewalls, for ascribing breaches in service level agreements to specific problems in the underlying IT infrastructure, etc. In other words, the problem to be solved has changed completely. Can today’s event correlators still meet customers’ expectations? If not, how should they evolve to meet them? In this paper, we try to capture the main lessons learned by the integrated management community in event correlation in the past 25 years, and to identify important challenges that we are faced with. By doing this, we hope to streamline and encourage research in this field, which needs better models, algorithms and systems to deal with ever more complex and integrated networks, systems and services.


Event correlation Event-based management Integrated management Network management System management Service management Rule-based reasoning systems Case-based reasoning systems Self-adaptive systems Self-organizing systems 



J.P. Martin-Flatin thanks C. Kalmanek for suggesting, back in 2001, that event correlation was a research field worth looking into.


  1. 1.
    Afergan, M., Wein, J., LaMeyer, A.: Experience with some principles for building an internet-scale reliable system. In: Proc. 2nd Usenix Workshop on Real, Large Distributed Systems (WORLDS 2005). San Francisco, CA, USA (December 2005)Google Scholar
  2. 2.
    Babaoglu, O., Jelasity, M., Montresor, A., Fetzer, C., Leonardi, S., van Moorsel, A., van Steen, M. (eds.): Self-Star Properties in Complex Information Systems: Conceptual and Practical Foundations. Springer, LNCS 3460 (2005)Google Scholar
  3. 3.
    Breiman, L., Friedman, J., Olshen, R.A., Stone, C. J.: Classification and Regression Trees. Wadsworth (1984)Google Scholar
  4. 4.
    Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture, vol. 1: A System of Patterns, Wiley (1996)Google Scholar
  5. 5.
    di Marzo Serugendo, G., Martin-Flatin, J.P., Jelasity, M. (eds.): Proc. 1st IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2007). Boston, MA, USA (July 2007)Google Scholar
  6. 6.
    Forgy, C.: Rete: a fast algorithm for the many pattern/many object pattern match problem. Artif, Intell. 19, 17–37 (1982)CrossRefGoogle Scholar
  7. 7.
    Hegering, H.G., Abeck, S., Neumair, B.: Integrated Management of Networked Systems: Concepts, Architectures, and Their Operational Application. Morgan Kaufmann (1999)Google Scholar
  8. 8.
    Jakobson, G., Weissman, M.: Real-time telecommunication network management: extending event correlation with temporal constraints. In: Proc. 4th IEEE/IFIP International Symposium on Integrated Network Management (ISINM 1995), pp. 290–301. Santa Barbara, CA, USA (May 1995)Google Scholar
  9. 9.
    Jakobson, G., Weissman, M., Brenner, L., Lafond, C., Matheus, C.: GRACE: building next generation event correlation services. In: Proc. IEEE/IFIP Network Operations and Management Symposium (NOMS 2000), pp. 701–714. Honolulu, HI, USA (2000)Google Scholar
  10. 10.
    Kahn, J.M., Katz, R.H., Pister, K.S.: Mobile networking for smart dust. In: Proc. 5th Annual ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom 1999). Seattle, WA, USA (August 1999)Google Scholar
  11. 11.
    Klemettinen, M., Mannila, H., Toivonen, H.: Rule discovery in telecommunication alarm data. J. Netw. Syst. Manage. 7(4), 395–423 (1999)zbMATHCrossRefGoogle Scholar
  12. 12.
    Kliger, S., Yemini, S., Yemini, Y., Ohsie, D., Stolfo, S.: A coding approach to event correlation. In: Proc. 4th IEEE/IFIP International Symposium on Integrated Network Management (ISINM 1995), pp. 266–277. Santa Barbara, CA, USA (May 1995)Google Scholar
  13. 13.
    Lewis, L.: Managing Business and Service Networks. Kluwer (2001)Google Scholar
  14. 14.
    Martin-Flatin, J.P.: Web-Based Management of IP Networks and Systems. Wiley (2003)Google Scholar
  15. 15.
    Martin-Flatin, J.P.: Gestion intégrée de réseaux, de systèmes et de services, Habilitation (in French). University Pierre & Marie Curie (Paris 6), France (2005)Google Scholar
  16. 16.
    Martin-Flatin, J.P., Srivastava, D., Westerinen, A.: Iterative multi-tier management information modeling. IEEE Commun. Mag. 41(12), 92–99 (2003)CrossRefGoogle Scholar
  17. 17.
    OGC, Service Support, ITIL series. TSO (2000)Google Scholar
  18. 18.
    Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann (1993)Google Scholar
  19. 19.
    Robertson, P., Shrobe, H., Laddaga, R. (eds.): Proc. 1st International Workshop on Self-Adaptive Software (IWSAS 2000). Oxford, UK, April 2000, Springer, LNCS (1936)Google Scholar
  20. 20.
    Russell, S., Norvig, P.: Artificial Intelligence: A Modern Approach, 2nd edn. Prentice Hall (2003)Google Scholar
  21. 21.
    Schank, R.C., Abelson, R.P.: Scripts, Plans, Goals and Understanding: An Inquiry into Human Knowledge Structures. Hillsdale (1977)Google Scholar
  22. 22.
    Shrewsbury, J.K.: An introduction to TMN. J, Netw. Syst. Manage. 3(1), 13–38 (1995)CrossRefGoogle Scholar
  23. 23.
    Sterritt, R.: Discovering rules for fault management. In: Proc. 8th IEEE International Conference on the Engineering of Computer-Based Systems (ECBS 2001), pp. 190–196. Washington, DC, USA (April 2001)Google Scholar
  24. 24.
    Sterritt, R., Bustard, D., McCrea, A.: Autonomic computing correlation for fault management system evolution. In: Proc. 1st IEEE International Conference on Industrial Informatics (INDIN 2003), pp. 240–247. Banff, Alberta, Canada (August 2003)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2007

Authors and Affiliations

  • Jean Philippe Martin-Flatin
    • 1
    Email author
  • Gabriel Jakobson
    • 2
  • Lundy Lewis
    • 2
    • 3
  1. 1.NetExpertGlandSwitzerland
  2. 2.Altusys Corp.NewarkUSA
  3. 3.Southern New Hampshire UniversityManchesterUSA

Personalised recommendations