Background

NetCrunch Platform Module

Advanced
Monitoring Configuration and Alerting

Set status for redundant connections with Business Status Node and avoid false positives with advanced thresholds and alerting conditions.

Manage monitoring configuration with templates, policies, and monitoring packs instead of manually changing configuration one by one.

Monitoring Packs

Download NetCrunch Trial

Setting an upper or lower threshold seems to be simple, right? What happens when the value is oscillating and goes over and under the threshold boundary every minute? Unfortunately, you get an alert every other minute.

This situation is just an example of why some simple models fall short sometimes, and you need to reach for a bit more advanced features like thresholds with separate reset boundaries.

Another example might be when you want to react only if both connections fail. Otherwise, you need just a notification. Advanced monitoring algorithms are the answer to these specific needs that might be not frequent but sometimes indispensable.

  • Top Benefits

    1. Use advanced alerting conditions to trigger alerts even when the event did not happen (like missing backup or heartbeat).
    2. Use Business Status Node to represent and calculate the status from multiple monitored elements.
    3. Use advanced thresholds to detect abnormal behavior and avoid false positives.
    4. Use organizational groups to manage access to nodes by a group of users quickly.
    5. Create automatic Monitoring Packs (policies) applied to nodes by the rule.
    6. Manage multiple NetCrunch profiles, their access rights, and notification schemes.
    7. Take dynamic views to the next level. Automatically create folders containing dynamic Atlas views by setting criteria for filtering and grouping nodes.
  • Advanced Alerting

    NetCrunch expands beyond traditional network device monitoring. Practically it can monitor any process and devices where a reaction time might be 15 seconds more.

    @Alerting Conditions

    Conditional Alerts

    NetCrunch can process events from many external sources that can behave unusually. That's why we have equipped NetCrunch in a range of additional conditions that you can add to any alert. NetCrunch provides conditional alerting, which allows monitoring heartbeats or react to missing events. It also can make the alert less sensitive to repetitive events.

    Correlation

    All NetCrunch internal alerts are correlated. For other external alerts (i.e., traps, syslog messages), it allows adding a list of actions to the alert that can close the alert. The alert can also be closed automatically after a given time. This kind of event has to occur on the same node.

    Another correlation can be defined for alerts happening on different nodes within the same time frame.

    Read more at Alert Conditions & Correlation

  • Business Status Node

    A node in NetCrunch is an Atlas entity, a group of services usually representing a network endpoint (interface)

    @Business Status Node

    Nevertheless, NetCrunch node can represent much more than just a network endpoint now, as the network monitoring model has evolved from simply looking at devices, later as a set of endpoints. Finally, we see a cloud of services.

    The node often doesn't need an IP address now. Such a node is a Business Status node representing a state of a group of services (nodes, sensors service, or monitoring packs) that is calculated automatically.

    You can add multiple elements to each group that translate to a logical condition determining the node's state.

    Business status can rely on another status node to easily create a path of critical services by building a chain of Business Status nodes.

  • Advanced Thresholds

    @Falling Threshold

    Unlike entry-level monitoring products, NetCrunch offers a vast range of threshold conditions, including baselines for professional usage.

    These thresholds will help you avoid false-positive alerts and detect abnormal behavior or an abrupt change of the monitored value,

    Event Triggers for Counters

  • Access Rights

    You can manage access to the NetCrunch program, its views, and even particular nodes. Because the Atlas is a hierarchical structure, the rights are inherited from top to bottom.

    Top alert setting levels are Program, Atlas, and Nodes.

    There are three access rights:

    • deny - access is denied even if it is granted at a higher level
    • access - this is read-only access to the element
    • manage - the user can manage settings of the element

    @Access Right

    Read more at Managing NetCrunch Users and Notifications

    Managing multiple NetCrunch users

    @Multi-user Management

    Users and Notifications

    You can create multiple users, and each user has its custom notification profile. Each profile has its own notification schedule, so you can set to receive SMS messages only on a particular day and time, and otherwise, you can get an email.

    Notification Groups

    It's much easier to manage notifications using groups. You can add and remove users to groups without changing any alerting scripts which always refer to a given group.

    NetCrunch allows creating complex notification schemas through escalation such as

    • after 5 minutes, send a notification to the administrators' group
    • after 30 minutes, send a notification to the senior admin group

    Because every member of the group has a custom profile, he will receive a notification when he wants and the way it has been specified to be delivered.

  • Imagine you need to set access for each view and node to different organizational groups - it's going to be a daunting task.

    You can assign nodes and persons to the organization groups, and all node views will accordingly display the filtered nodes.

    There are two meta groups - <root> visible to the top-level administrators and <public> visible to anybody.

    When you are a top-level administrator, you can select the organization filter from a combo box.

    Organizational Groups

    You can assign any node to the given organization. The people assigned to a given organization group will see only nodes from their organization group.

    @Organizational Groups

  • NetCrunch uses Monitoring Packs to control the monitoring settings. The settings consist of alerting rules and Data Collectors, which are mainly used for collecting data needed for reports.

    These settings are assigned to nodes manually or by the node filtering rule.

    Monitoring Packs are real policies. Unlike simple settings templates, they work as the policy, which means that regardless of how they are associated with the node (by the rule or manually), any change in the monitoring pack is automatically applied to the relevant nodes.

    The changes to alerting rules or actions can override inherited policy settings.

    You can also turn any existing Atlas views into policy by adding alerting rules to them and avoiding creating duplicated node groups.

    Monitoring Packs & Policies

    Reusability is essential in keeping control over complex settings. You can use the same rules and rule sets (Monitoring Packs) to avoid duplication and mistakes.

    @Sample Monitoring Packs

  • Filtering Condition

    The folder requires a filtering condition, such as any dynamic view. In fact, the folder can be a single view when there are no groups.

    @Filtering Condition

    Grouping

    Now we can define how to group the nodes to build each view. We need to select the grouping attribute (it doesn't need to be part of the filtering condition) and a minimum number of nodes required to create a separate view.

    @Folder Groups

    Dynamic Folder Views

    Besides creating filtered views, NetCrunch allows building multiple views grouped by specific attributes and located in one folder.

    Atlas Dynamic Folders

    This NetCrunch feature allows creating many pre-defined views which you can treat as examples of what you can do.

  • Monitoring template nodes allow defining multiple setting sections of the node and then applying them to nodes. You can see settings for SQL Server node with parameters for Windows machine services and node status on the screen below.

    These templates can be partially applied to the node, and any section can be overridden on the node level.

    @Node With Template Settings

    Monitoring Templates

    Templates are another kind of policy that goes beyond the single monitor and Monitoring Pack scope.

    @Template Sections

    Monitoring templates allow a higher level of monitoring settings management than Monitoring Packs because they combine each monitor (a section) and sensor or Monitoring Pack.

Accuracy

NetCrunch is built upon solid statistical analysis. The program offers high accuracy with somewhat lower precision to achieve a high level of performance.

Raw Data

NetCrunch stores both raw data and pre-computed data samples. Depending on the analysis level, the program uses different data streams to present data on the screen (you need no more data than your screen can display) accurately.

ADREM SOFTWARE IS A PARTNER OF