Abstract
When event correlation was first used in integrated management, in the early 1980s, several techniques devised by the artificial intelligence and database communities were applied to network element management for analyzing alarms sent by expensive, self-monitoring telephone switches. Today, it is used for detecting faults in wireless networks, for monitoring the performance of commodity, often non-self-aware devices in enterprise networks, for detecting intrusions in firewalls, for ascribing breaches in service level agreements to specific problems in the underlying IT infrastructure, etc. In other words, the problem to be solved has changed completely. Can today’s event correlators still meet customers’ expectations? If not, how should they evolve to meet them? In this paper, we try to capture the main lessons learned by the integrated management community in event correlation in the past 25 years, and to identify important challenges that we are faced with. By doing this, we hope to streamline and encourage research in this field, which needs better models, algorithms and systems to deal with ever more complex and integrated networks, systems and services.
Similar content being viewed by others
References
Afergan, M., Wein, J., LaMeyer, A.: Experience with some principles for building an internet-scale reliable system. In: Proc. 2nd Usenix Workshop on Real, Large Distributed Systems (WORLDS 2005). San Francisco, CA, USA (December 2005)
Babaoglu, O., Jelasity, M., Montresor, A., Fetzer, C., Leonardi, S., van Moorsel, A., van Steen, M. (eds.): Self-Star Properties in Complex Information Systems: Conceptual and Practical Foundations. Springer, LNCS 3460 (2005)
Breiman, L., Friedman, J., Olshen, R.A., Stone, C. J.: Classification and Regression Trees. Wadsworth (1984)
Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture, vol. 1: A System of Patterns, Wiley (1996)
di Marzo Serugendo, G., Martin-Flatin, J.P., Jelasity, M. (eds.): Proc. 1st IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2007). Boston, MA, USA (July 2007)
Forgy, C.: Rete: a fast algorithm for the many pattern/many object pattern match problem. Artif, Intell. 19, 17–37 (1982)
Hegering, H.G., Abeck, S., Neumair, B.: Integrated Management of Networked Systems: Concepts, Architectures, and Their Operational Application. Morgan Kaufmann (1999)
Jakobson, G., Weissman, M.: Real-time telecommunication network management: extending event correlation with temporal constraints. In: Proc. 4th IEEE/IFIP International Symposium on Integrated Network Management (ISINM 1995), pp. 290–301. Santa Barbara, CA, USA (May 1995)
Jakobson, G., Weissman, M., Brenner, L., Lafond, C., Matheus, C.: GRACE: building next generation event correlation services. In: Proc. IEEE/IFIP Network Operations and Management Symposium (NOMS 2000), pp. 701–714. Honolulu, HI, USA (2000)
Kahn, J.M., Katz, R.H., Pister, K.S.: Mobile networking for smart dust. In: Proc. 5th Annual ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom 1999). Seattle, WA, USA (August 1999)
Klemettinen, M., Mannila, H., Toivonen, H.: Rule discovery in telecommunication alarm data. J. Netw. Syst. Manage. 7(4), 395–423 (1999)
Kliger, S., Yemini, S., Yemini, Y., Ohsie, D., Stolfo, S.: A coding approach to event correlation. In: Proc. 4th IEEE/IFIP International Symposium on Integrated Network Management (ISINM 1995), pp. 266–277. Santa Barbara, CA, USA (May 1995)
Lewis, L.: Managing Business and Service Networks. Kluwer (2001)
Martin-Flatin, J.P.: Web-Based Management of IP Networks and Systems. Wiley (2003)
Martin-Flatin, J.P.: Gestion intégrée de réseaux, de systèmes et de services, Habilitation (in French). University Pierre & Marie Curie (Paris 6), France (2005)
Martin-Flatin, J.P., Srivastava, D., Westerinen, A.: Iterative multi-tier management information modeling. IEEE Commun. Mag. 41(12), 92–99 (2003)
OGC, Service Support, ITIL series. TSO (2000)
Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann (1993)
Robertson, P., Shrobe, H., Laddaga, R. (eds.): Proc. 1st International Workshop on Self-Adaptive Software (IWSAS 2000). Oxford, UK, April 2000, Springer, LNCS (1936)
Russell, S., Norvig, P.: Artificial Intelligence: A Modern Approach, 2nd edn. Prentice Hall (2003)
Schank, R.C., Abelson, R.P.: Scripts, Plans, Goals and Understanding: An Inquiry into Human Knowledge Structures. Hillsdale (1977)
Shrewsbury, J.K.: An introduction to TMN. J, Netw. Syst. Manage. 3(1), 13–38 (1995)
Sterritt, R.: Discovering rules for fault management. In: Proc. 8th IEEE International Conference on the Engineering of Computer-Based Systems (ECBS 2001), pp. 190–196. Washington, DC, USA (April 2001)
Sterritt, R., Bustard, D., McCrea, A.: Autonomic computing correlation for fault management system evolution. In: Proc. 1st IEEE International Conference on Industrial Informatics (INDIN 2003), pp. 240–247. Banff, Alberta, Canada (August 2003)
Acknowledgment
J.P. Martin-Flatin thanks C. Kalmanek for suggesting, back in 2001, that event correlation was a research field worth looking into.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Martin-Flatin, J.P., Jakobson, G. & Lewis, L. Event Correlation in Integrated Management: Lessons Learned and Outlook. J Netw Syst Manage 15, 481–502 (2007). https://doi.org/10.1007/s10922-007-9078-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-007-9078-5