Root Cause Analysis (RCA) plugin

The root-cause analysis (RCA) plugin receives a subset of enriched events from the Event Gateway and determines which of the events are root cause and which events are symptoms. RCA only receives events that affect the routing of traffic through the network.

A failure situation on the network usually generates multiple alerts, because a failure condition on one device may render other devices inaccessible. The alerts generated indicate that all of the devices are inaccessible. Network Manager performs root cause analysis by correlating event information with topology information, thereby determining which devices are temporarily inaccessible due to other network failures. Alerts on devices which are temporarily inaccessible are suppressed, that is, shown as symptoms of the original root cause alert. Root cause alerts are shown in alert lists and topology maps; if the severity_from_causetype ObjectServer automation has been created and enabled, then these root cause alerts have the highest severity so that operators can easily identify them.