Anomaly alerting is a new feature of XorMon that helps you detect unusual patterns in critical infrastructure load
and respond to suspicious activity in a timely manner.
Unexpected CPU load or unusual traffic on disk array volumes can signal unexpected user interest in an application,
as well as a code error or potential threat from attackers.
Anomaly alerting allows you to monitor selected metrics of key infrastructure elements
and receive alerts when unexpected behavior occurs.
System requirements
The XorMon Appliance already meets the necessary requirements for using Anomaly Alerting.
Older appliances for LPAR2RRD/STOR2RRD/XorMon Original and manually installed operating systems
require the installation of additional components necessary to run Anomaly Alerting.
Please follow the instructions:
https://xormon.com/Enhanced-Predictions-troubleshooting.php
Configuration
The Anomaly Alerting settings are almost identical to the performance alerting settings.
- Go to Settings ➡ Alerting and select the Anomaly tab in Alerts
- The "New Alert Group" button opens the familiar form for selecting the items you want to monitor
- Select the metrics for which you want to be notified of their behavior
- Similar to performance alerting, anomaly alerting can send information about detected events via email or other configured integrations
There are two new settings
- Mode
Selects the anomaly detection method
- Sensitivity
Generally sets the sensitivity to changes in normal behavior on a scale from 0 to 100,
where 0 is the least sensitive and 100 is the most sensitive setting.
Alert message example
Impact on resources and performance
Anomaly Alerting requires extra resources from the operating system where XorMon is running.
We recommend using this tool for selected critical infrastructure items, monitoring XorMon's load,
and adding additional monitored items in smaller batches.