Windows事件--重复事件检测

监视器--Windows事件--重复事件检测--计时器重置:

自动重置计时器:指定等待时间10分钟,则在10分钟后自动关闭该警报,更改状态为 正常(绿色)

 

检测事件1,事件3重置计数器状态,2分钟内检测到3次 事件1 触发Alert

重复设置--计数模式

计时器触发:检测到 事件1,开始计时,达到2分钟触发Alert
计数器触发:检测到 事件1,在2分钟内检测到3次触发Alert
计数器,滑动:00:01检测到 事件1,计时器窗口从该时间点开始算起,如果在2分钟内未再次检测到 事件1,则不会触发Alert;在00:04检测到 事件1,计时器窗口重新从该时间点开始算起,如果在00:06之前还未检测到3次 事件1,则计时器窗口又重新开始计算;在00:05检测到 事件1,到00:07时共检测到3次 事件1,则触发Alert

 

 

 

Repeated Events Example

To help with understanding the different algorithms used for repeated event detection, the following table shows the effect on health state for monitors based on the different kinds of consolidation. This is based on a repeated event monitor that uses the following details:

  • Consolidation interval: 2 minutes

  • Compare count: 3 (ignored by Trigger on Timer)

  • Health state on repeated event: Critical

  • Reset Logic: Event reset using Event 3

 

TimeEventTrigger on TimerTrigger on CountTrigger on Count, Sliding

00:00:00

-

Healthy

Healthy

Healthy

00:01:00

Event 1

Healthy

Healthy

Healthy

00:02:00

-

Healthy

Healthy

Healthy

00:02:30

-

Healthy

Healthy

Healthy

00:03:00

-

Critical

Healthy

Healthy

00:03:30

Event 3

Healthy

Healthy

Healthy

00:04:00

Event 1

Healthy

Healthy

Healthy

00:04:30

-

Healthy

Healthy

Healthy

00:05:00

Event 1

Critical

Healthy

Healthy

00:05:30

-

Critical

Healthy

Healthy

00:06:00

-

Critical

Healthy

Healthy

06:30:00

Event 1

Critical

Healthy

Healthy

07:00:00

Event 1

Critical

Healthy

Critical

07:30:00

-

Critical

Healthy

Critical

00:08:00

Event 1

Critical

Healthy

Critical

00:08:30

-

Critical

Critical

Critical

00:09:00

Healthy

Critical

Healthy

Healthy

  • Using trigger on timer, a critical state is set at 00:03:00 event though the event is received at 00:01:00 because the time window starts when the monitor is loaded. The start is reset to healthy at 00:03:30, but the critical state is again triggered at 00:05:00 from the time window started at 00:03:00.

  • Using trigger on count, the event at 00:05:00 does not trigger a critical state because the time window started by the event at 00:01:00 would have expired at 00:03:00. This event is instead part of the time window started by the event at 00:04:00 which expires at 00:06:00. The monitor triggers a critical state at 00:08:30 because of the 3 events detected in the time window started with the event at 00:06:30.

  • Using trigger on count, sliding, each occurrence of Event 1 starts its own window. The critical state is triggered at 00:07:00 from the 3 events detected in the time window started with the event at 00:05:00.

 

      自:http://technet.microsoft.com/en-us/library/hh457566.aspx

posted on 2013-08-27 21:23  momingliu11  阅读(502)  评论(0编辑  收藏  举报