T 3.36 Misinterpretation of events

When a management system is used, it is the task of the system administrator in charge to analyse and interpret the messages of the management system in order to take appropriate measures. As a rule, the messages of the management system are based on monitoring mechanisms which automatically search system protocols of various types according to certain rules. In the process, it is not easy to automatically recognise abnormalities from the wide range of auditing data that occurs and to produce relevant messages for the system administrator. In addition, an error here may not be discovered. The incoming messages must therefore always be viewed and interpreted by the system manager, as the messages (in the case of an error) are based on symptoms of errors and their (automatic) interpretation. A system administrator must also be able to recognise false alarms and incorrect messages. If the administrator incorrectly interprets system messages, countermeasures intended to correct the situation may actually make things worse.