Anomaly alerting is a new feature of XorMon that helps you detect unusual patterns in critical infrastructure load and respond to suspicious activity in a timely manner. Unexpected CPU load or unusual traffic on disk array volumes can signal unexpected user interest in an application, as well as a code error or potential threat from attackers.

Anomaly alerting allows you to monitor selected metrics of key infrastructure elements and receive alerts when unexpected behavior occurs.

System requirements

The XorMon Appliance already meets the necessary requirements for using Anomaly Alerting.

Older appliances for LPAR2RRD/STOR2RRD/XorMon Original and manually installed operating systems require the installation of additional components necessary to run Anomaly Alerting.
Please follow the instructions: https://xormon.com/Enhanced-Predictions-troubleshooting.php

Configuration

The Anomaly Alerting settings are almost identical to the performance alerting settings.

• Go to Settings ➡ Alerting and select the Anomaly tab in Alerts
• The "New Alert Group" button opens the familiar form for selecting the items you want to monitor
• Select the metrics for which you want to be notified of their behavior
• Similar to performance alerting, anomaly alerting can send information about detected events via email or other configured integrations

There are two new settings

• Mode
  Selects the anomaly detection method
• Sensitivity
  Generally sets the sensitivity to changes in normal behavior on a scale from 0 to 100, where 0 is the least sensitive and 100 is the most sensitive setting.

Alert message example

Impact on resources and performance

Anomaly Alerting requires extra resources from the operating system where XorMon is running.

We recommend using this tool for selected critical infrastructure items, monitoring XorMon's load, and adding additional monitored items in smaller batches.