| Abstrakt: |
Effective event correlation is essential for network management systems to promptly identify and address issues. However, conventional algorithms face performance challenges in scenarios with high bandwidth demand, leading to latency, packet losses, and out-of-order deliveries caused by the use of UDP protocols. This paper proposes a solution for event correlation in network management that combines rule-based correlation, real-time data collection, integration with various notification sources, and fault tolerance. The solution utilizes Logstash for real-time data collection, standardizing and publishing notifications via SNMP and Syslog protocols to a Kafka message broker. Notifications are matched against correlation rules, and a sliding window approach ensures timely correlation. A limitation of this work is that it requires an analyst to identify the necessary notifications to compose the correlation rules. The system achieves a 100% identification rate for real-world tests with multiple OLTs and ONTs. Simulated tests, considering packet loss and out-of-order delivery, yield an accuracy rate of 93.42%. |
Full text from SpringerLink