KNOWN ISSUE: Rules with multiple conditions falsely alerting based on multiple instances returned
|Article:TECH127445|||||Created: 2010-04-29|||||Updated: 2011-05-13|||||Article URL http://www.symantec.com/docs/TECH127445|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
A rule which has multiple conditions ('and' 'or' operators) for different metrics may alert when the instances don't match.
A rule is configured to check for "% free space" and "free space megabytes". The conditions are: "if free space less than 10%" and "free space megabytes less than 512". Both metrics are configured to return all available instances. This rule may trigger a false alert if the "C:\" drive matches the first condition and the "E:\" matches the second conditon (e.g. % free space on C:\ = 8%, and free space megabytes on E:\ = 367). The expected behavior is that the rule will only trigger if the C:\ drive matches both conditions.
- Monitor Solution for Servers 7.1 (and previous versions)
The architecture on how a rule evaluates multiple conditions in this scenario is working as designed. There is no mechanism to associate the individual instances for each metric with eachother if they match. In other words, if "metric A" and "metric B" both return an instance of "C:\", the Monitor Agent does not recognize that the instances match and therefore cannot tie the multiple conditions together for that instance.
This issue will be addressed in the 7.2 release of Monitor Solution for Servers. There will be new options implemented which will allow the user to choose how multiple instances will be handled by the rule.
In order to avoid this problem, you must explictly monitor each desired instance in its own metric and rule.
Logged in Etrack (Symantec) database
Article URL http://www.symantec.com/docs/TECH127445