Continuity Event Management: Detection and Alert Process

Document created by user.oxriBaJeN4 Employee on Jan 19, 2017Last modified by user.oxriBaJeN4 Employee on Mar 6, 2017
Version 6Show Document
  • View in full screen mode

Continuity Event Management uses a detection algorithm to determine the likelihood of your email server being offline, or experiencing delivery difficulties. As issues arise or are fixed, a numeric failure count increases and decreases. By setting a threshold for the counter, you can control when you are alerted of potential issues. See the Configuring Continuity Event Monitoring page for full details. 


The algorithm monitors inbound and outbound traffic during consecutive two minute windows. The threshold counter is increased or decreased if one of the events listed below occurs at anytime during a two minute window. It is important to understand how this process works before deciding on your detection settings.

If both inbound and outbound checks are enabled, and either or both checks fail, the counter only increases by one per two minute check period.

Inbound Traffic


The algorithm monitors your organization's normal inbound email traffic. The events and their effect on the failure counter are:


EventFailure Count

A failure is detected.

A failure is detected based on the last usable route. If you've multiple fail over routes associated, all must fail before the failure counter is increased. 

Increases by 1.
No inbound traffic is detected.Decreases by 1.
A message is delivered successfullyDecreases by 1.


Outbound Traffic


With outbound traffic, Mimecast simulates an outbound email. This is achieved by logging on to a specified mailbox, and sending a specially formatted email outbound to "<custom-string>" email address. At the start of each two minute window, Mimecast checks to see if the last sent message was received, and if so, within the acceptable latency time specified.


The events and their effect on the failure counter are:


EventFailure Count

A failure is detected.

Increases by 1.
The test message is delivered successfullyDecreases by 1.


The Maximum / Minimum Failure Count 


When the failure counter reaches the specified threshold, an alert is sent to the specified email addresses and / or mobile cell phone numbers. The checks will continue, but will never increase the failure counter above the configured threshold. Additionally the failure counter cannot go below zero. If the failure counter is already at zero when a decrease is required, no decrease takes place.