Message storm detection and suppression

A message storm is the phenomenon that occurs when an unusually high number of new messages arrive on the management server within a short time interval and flood the active message browser. During a message storm, the disc space consumption for the database increases significantly.

Frequently, message storms can lead to management server outages. It could take a significant amount of time to reset the management server to a consistent state.

Message storm root causes

Message storms can occur for the following reasons:

• Wrongly designed policies that generate a high number of messages. In many cases the messages describe the same event.
• Due to some network problems or long-lasting maintenance tasks, agents were disconnected from the management server. During this time, the agents detected multiple problems, generated a high number of messages, and buffered them locally. When the communication to the management server is re-established, the agents send the buffered messages within a short time interval.
• If network devices are included in the managed environment, these devices might generate considerably more SNMP traps than usual in case of serious network failures. If the monitoring policies do not consider this by applying suppression rules, then the system forwards SNMP events endlessly. This can lead to message storms.

Related Topics:

• Detect and suppress message storms
• Configure the message storm detection mechanism