JP2017060012A - Fault detection device, fault detection method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To promptly detect faults due to an identical cause in a plurality of monitor target devices connected to a network.SOLUTION: A fault detection device to be used in a network to which the monitor target devices are connected includes: monitoring means 103 which executes at predetermined intervals monitoring processing of transmitting a monitor packet to each of the plurality of monitor target devices to be monitored, to thereby determine the existence or non-existence of a fault in each monitor target device and store the determination result into a data storage unit 102; determination means 104 which, based on the determination result for each monitor target device stored in the data storage unit, determines whether or not an increment in the number of monitor target devices determined to have a fault exceeds a predetermined threshold; and output means 106 which, when the determination means determines that the increment exceeds the predetermined threshold, outputs information indicating that the increment exceeds the predetermined threshold.SELECTED DRAWING: Figure 3

Description

  The present invention relates to a technique for detecting a failure related to a monitoring target device connected to a network.

  In order to monitor a network to which various devices are connected, a network monitoring device (hereinafter referred to as NMS) is used.

  One of the monitoring methods performed by the NMS is monitoring using Ping. Ping is a command used to check whether there is a failure related to the monitoring target device, and transmits a monitoring packet to the specified monitoring target device using ICMP (Internet Control Message Protocol), and The presence / absence of a failure in the monitoring target device is determined based on the presence / absence of a response packet.

  In general, in ping monitoring by NMS, ping is periodically performed for each monitored device to determine the presence or absence of a failure. For example, a failure occurrence point is visually detected as an alarm in a network configuration displayed as a MAP screen. indicate.

Japanese Patent Laying-Open No. 2015-61250

  The networks that are monitored by the NMS range from small to large. As a large-scale network, for example, there are several thousands to tens of thousands of monitoring target devices.

  In the operation of such a large-scale network, in particular, quick response to failures of a plurality of monitoring target devices caused by the same event is required. In the present specification, such a failure is referred to as a “bundle failure”. Bundle failure is difficult to solve by dealing with individual devices to be monitored, and it is necessary to find out the causative event and respond appropriately. A rapid response to a bundle failure is not limited to a large-scale network.

  However, since a conventional NMS outputs an alarm for each single failure, it is difficult to identify whether each alarm indicates a failure caused by an individual monitored device or a failure constituting a bundle failure There is a problem that.

  The present invention has been made in view of the above points, and an object of the present invention is to provide a technique that can quickly detect a bundle failure in a network to which a plurality of devices to be monitored are connected.

According to an embodiment of the present invention, a failure detection device used in a network to which a monitoring target device is connected,
A monitoring process for determining whether or not there is a failure with respect to each monitored device by transmitting a monitoring packet to each monitored device in a plurality of monitored devices to be monitored, and storing the determination result in the data storage unit for a predetermined time Monitoring means to be executed at intervals;
A determination means for determining whether or not an increase in the number of monitoring target devices determined to have a failure exceeds a predetermined threshold based on a determination result for each monitoring target device stored in the data storage unit;
A failure detection apparatus comprising: output means for outputting information indicating that the increase amount exceeds the predetermined threshold value when the determination unit determines that the increase amount exceeds the predetermined threshold value; Is provided.

Moreover, according to the embodiment of the present invention, there is a failure detection method executed by a failure detection device used in a network to which a monitored device is connected,
A monitoring process for determining whether or not there is a failure with respect to each monitored device by transmitting a monitoring packet to each monitored device in a plurality of monitored devices to be monitored, and storing the determination result in the data storage unit for a predetermined time A monitoring step that runs at intervals;
A determination step for determining whether or not an increase in the number of monitoring target devices determined to have a failure exceeds a predetermined threshold based on a determination result for each monitoring target device stored in the data storage unit;
An output step for outputting information indicating that the increase amount exceeds the predetermined threshold when it is determined by the determination step that the increase amount exceeds the predetermined threshold value. Is provided.

  According to the embodiment of the present invention, it is possible to quickly detect a bundle failure in a network to which a plurality of monitoring target devices are connected.

1 is an overall configuration diagram of a communication system in an embodiment of the present invention. It is a flowchart for demonstrating the outline | summary of the basic operation | movement of a communication system. 1 is a configuration diagram of a failure detection apparatus 100. FIG. 4 is a diagram illustrating an example of a table stored in a data storage unit 102. FIG. It is a figure for demonstrating group setting. It is a figure which shows the example of a transition of a failure state. It is the figure which showed the example of the failure state transition in more detail It is a figure which shows the example of the time change of the number of NG. It is a figure which shows the example of a display of group monitoring. It is a figure for demonstrating the logic of a search process. It is a figure which shows the example of a display of a search result.

  Embodiments of the present invention will be described below with reference to the drawings. The embodiment described below is only an example, and the embodiment to which the present invention is applied is not limited to the following embodiment. For example, in the following, a device connected to an access line is given as an example of a monitoring target device. However, the present invention is not limited to such a device, for example, on a relay network (core network, infrastructure network) side. The present invention can also be applied to a device.

(System configuration, operation overview)
FIG. 1 shows a configuration diagram of a communication system in the present embodiment. As illustrated in FIG. 1, the communication system according to the present embodiment includes a plurality of monitoring target devices 300 connected to a network 200 and a failure detection device 100. The failure detection apparatus 100 can communicate with each monitoring target apparatus 300 via the network 200. In addition, the failure notification destination terminal 400 is provided, and the failure detection apparatus 100 can transmit a failure notification by mail or the like to the failure notification destination terminal 400 via the network 200.

  The network 200 is an IP network such as the Internet, but is not limited thereto. The network 200 may be a network in which a private network and a public network are mixed.

  The monitoring target device 300 may be any device that can receive a Ping (not limited to Ping) monitoring packet from the failure detection device 100 and return a response packet. As an example, the monitoring target device 300 is a network device such as a router / switch, a server, a client, or the like. In the present embodiment, as an example, it is assumed that a large number of monitoring target devices 300 are provided over a wide area.

  The outline of the basic operation of the communication system in the present embodiment will be described with reference to the flowchart of FIG.

  In the present embodiment, the monitoring target devices 300 are divided into groups (step S101). The failure detection apparatus 100 holds information on which monitoring target apparatus 300 belongs to which group.

  The failure detection device 100 periodically pings each monitored device 300 (eg, every 5 minutes), and displays the monitoring result (OK: no failure or NG: failed) of each monitored device 300. It is held together with the monitoring time (step S102). When the monitoring result is NG, a failure (including a power failure) may occur in the monitoring target device 300 itself, or a failure may occur in a line to which the monitoring target device 300 is connected. In the present embodiment, “failure of the monitoring target device 300” or “failure related to the monitoring target device 300” includes both failures.

  The failure detection apparatus 100 determines whether or not a bundle failure has occurred for each group by performing a threshold determination for the number of NGs for each group based on the monitoring result obtained in step S102 (step S103). . Details of the determination logic of the bundle failure will be described later.

  If there is a group in which a bundle failure is detected by the determination in step S103, the failure detection apparatus 100 indicates information indicating that a bundle failure has been detected by, for example, screen display, e-mail notification, alarm ringing, etc. Information) is output (step S104).

(Configuration of failure detection apparatus 100)
FIG. 3 shows a configuration example of the failure detection apparatus 100. As shown in FIG. 3, the failure detection apparatus 100 according to the present embodiment includes a setting unit 101, a data storage unit 102 (database), a Ping monitoring unit 103, a bundle failure detection unit 104, a search unit 105, and an output processing unit 106. And an operation unit 107.

  The setting unit 101 stores various setting information such as monitoring target device information, group information, threshold information, mail destination, and Ping monitoring interval in the data storage unit 102 based on input information from the operation unit 107 and the like. Process. The data storage unit 102 is a database that stores setting information, monitoring result information, and the like.

  The Ping monitoring unit 103 executes Ping monitoring (Ping command) for each monitoring target device 300 and stores the monitoring result (NG / OK) in the data storage unit 102 together with the NG / OK determination time.

  Based on the monitoring result stored in the data storage unit 102, the bundle failure detection unit 104 periodically determines whether or not there is a bundle failure for each group (for example, every 5 minutes), and detects the occurrence of a bundle failure. When detected, the output processing unit 106 is notified of information indicating that a bundle failure has occurred along with information on the group in which the bundle failure has occurred.

  The search unit 105 searches the monitoring results stored in the data storage unit 102, extracts ongoing failures that have occurred within a specified period, and notifies the output processing unit 106 of the extraction results.

  The output processing unit 106 is a functional unit that outputs a result of the above-described bundle failure detection, a search result, and the like. For example, the output processing unit 106 can notify an external terminal of the result of bundle failure detection via a network by e-mail. Further, the output processing unit 106 may display a bundle failure detection result on the screen of an external terminal. Further, the output processing unit 106 may include a display, and a bundle failure detection result or the like may be displayed on the display. Further, the output processing unit 106 may output a sound indicating that a bundle failure has been detected.

  The output processing unit 106 may have all of the output functions or only a part of the output functions.

  The operation unit 107 is a means for an operator of the failure detection apparatus 100 to input information and the like. The operation unit 107 may be a functional unit including a keyboard / mouse or the like, or may be a terminal connected to the failure detection apparatus 100 via a network.

  The failure detection apparatus 100 may be realized by a single computer (eg, PC) or may be realized by a plurality of computers (servers).

  The failure detection apparatus 100 according to the present embodiment can be realized by causing one or a plurality of computers to execute a program describing the processing content described in the present embodiment. That is, the function of the device can be realized by executing a program corresponding to the process executed by the device using hardware resources such as a CPU, a memory, and a hard disk built in the computer. It is. The above-mentioned program can be recorded on a computer-readable recording medium (portable memory or the like), stored, or distributed. It is also possible to provide the program through a network such as the Internet or electronic mail. Hereinafter, the processing content etc. in the failure detection apparatus 100 are demonstrated in detail.

(About information stored in the data storage unit 102)
FIG. 4 shows an example of information stored in the data storage unit 102. FIG. 4 shows only main information.

  FIG. 4A shows an example of a table of monitoring results by the Ping monitoring unit 103. As shown in FIG. 4A, the data storage unit 102 stores monitoring time (date / time), device ID, and Ping monitoring result information as monitoring results.

  The monitoring time may be referred to as a determination time, and indicates the time when NG / OK determination is made in the corresponding record. This time may be a time when the monitoring packet is transmitted, a time when the response packet is received, a time when it is determined that the response packet is not received, or the like.

  The device ID is an ID for identifying the monitoring target device 300. Here, when each monitoring target apparatus 300 can be associated with one line, the apparatus ID may be a line ID. In addition, when one monitoring target device 300 has a plurality of ports and performs Ping monitoring for each port, the “device ID” is set to “port ID” (an ID for identifying which port of which device) A monitoring result may be stored for each “port ID”. In this case, the “port” may be interpreted as a “monitoring target device” described in the present embodiment.

  In the example illustrated in FIG. 4A, the Ping monitoring unit 103 is NG as a result of performing Ping monitoring on the monitoring target device 300 with ID0001 at a certain time, and the monitoring target device with ID0001 at another time. As a result of performing Ping monitoring on 300, it is shown that it is OK.

  FIG. 4B shows an example of group setting information. As shown in FIG. 4B, the data storage unit 102 stores a device ID and a corresponding group ID as group setting information. FIG. 4B shows, for example, that the devices with ID0001 and ID0002 belong to the group A.

<Group setting>
The group setting in the present embodiment will be described in relation to the above group setting information. As described above, group setting (including changes in addition to the initial setting) is performed by the setting unit 101. Specifically, for example, the setting unit 101 displays a screen describing input items for group setting on the output processing unit 106 (for example, a display), and the operator inputs input information from the operation unit 107 according to the screen. The setting unit 101 stores the input information in the data storage unit 102.

  As illustrated in FIG. 5, in group setting, a new group can be added, a threshold value for each group (for example, another threshold value can be set for day / night), a mail transmission destination for each group, and the like.

  There is no particular limitation on grouping in the group setting, and one monitoring target device 300 may belong to a plurality of groups. Examples of grouping include the same prefecture group, the same route use group, and the important base group.

(About bundle failure judgment logic)
Next, a bundle failure detection process executed by the bundle failure detection unit 104 will be described. The bundle failure detection unit 104 refers to the monitoring result stored in the data storage unit 102 at a predetermined time interval, and determines NG for each group in the monitoring result corresponding to the time to be referred to (= the latest from the time to be referred to). When the number (the number of NG records for each group in the example of FIG. 4) is calculated, the difference from the previous NG number is calculated, it is determined whether or not the difference exceeds the threshold set for the group, and It is determined that a bundle failure has occurred in the group. In other words, it is determined whether or not the increase amount of the number of monitoring target devices determined to be NG exceeds a threshold value, and if it exceeds, it is determined that a bundle failure has occurred in the group. More details are as follows.

  FIG. 6 is a diagram illustrating an example of a transition of a failure state for each monitoring target device. Here, a time that arrives at the predetermined time interval is referred to as an excess determination reference time. The excess determination reference time may be referred to as an aggregation timing. FIG. 6 is an example when the predetermined time interval is 5 minutes. Further, in this example, for ping monitoring, ping monitoring for all the monitoring target devices 300 is executed at each predetermined time interval. For example, when 1000 monitoring target devices 300 exist, Ping monitoring is performed once for each of 1000 devices in 5 minutes. From the perspective of each device, Ping monitoring is received approximately every 5 minutes.

  In FIG. 6, each band extending horizontally indicates a failure state of the monitoring target device 300 (hereinafter, “device”). For example, in the device A, NG is continued from the previous excess determination reference time to the current excess determination reference time. This is because, for example, the ping monitoring result for the device A that was made before the previous excess determination reference time is NG, and then the device A is connected between the previous excess determination reference time and the current excess determination reference time. The Ping monitoring result made for NG remains unchanged, which means that the current excess judgment reference time has arrived in this state.

  Further, for example, for the device D, the Ping monitoring result for the device D made before the previous excess determination reference time is OK, and then between the previous excess determination reference time and the current excess determination reference time. The Ping monitoring result made for the device D is NG, which means that the current excess judgment reference time has arrived in this state.

  As shown in FIG. 6, the bundle failure detection unit 104 extracts records (devices) whose ping monitoring result is NG at or near the current excess determination reference time, and counts the number for each group. Thus, the number of NG for each group is calculated. And the presence or absence of a bundle failure is determined by comparing the difference of the number of NGs with a threshold value for each group.

  FIG. 7 is a diagram more specifically showing examples of failure state transitions divided into patterns. Also in this example, it is assumed that the predetermined time interval is 5 minutes. In the example illustrated in FIG. 7, devices A to F belong to group 01. In addition, 5 minutes from a certain aggregation timing to the previous aggregation timing is called the latest 5 minutes, and 5 minutes from the previous aggregation timing to the previous aggregation timing is called the last 5 minutes.

  In the pattern 1 related to the device A, an OK monitoring result is obtained in the last 5 minutes, but it is NG in the latest 5 minutes. Therefore, the device A is not counted as the NG number at the previous counting timing, but is counted as the NG number at the current counting timing. Further, for example, in the pattern 3 related to the device C, an NG monitoring result is obtained in the last 5 minutes, but is OK in the latest 5 minutes. Therefore, the device C is counted as the NG number at the previous counting timing, but is not counted as the NG number at the current counting timing.

  The number of NG is similarly counted for other devices. As a result, regarding the group 01, the NG number in the last 5 minutes (previous counting timing) is 2, the NG number in the latest 5 minutes (current counting timing) is 5, and the difference is 3. Here, assuming that it is determined that a bundle failure has occurred when the difference is greater than or equal to the threshold 3, it is determined that a bundle failure has occurred in this case.

  FIG. 8 shows an example of the temporal change in the number of NGs for a certain group. In the example of FIG. 8, the predetermined time interval is 5 minutes, threshold = 5, and it is determined that a bundle failure has occurred when the difference exceeds the threshold.

  As shown in FIG. 8, the difference between the time point of 15 minutes and the time point of 20 minutes is 2, which is equal to or less than the threshold value, and it is determined that there is no bundle failure. That is, in this case, the number of NGs gradually increases within a range not exceeding the threshold value, and it cannot be said that a plurality of NGs have occurred due to the same event, and it is determined here that there is no bundle failure. On the other hand, the difference between the time point of 35 minutes and the time point of 40 minutes is 6, which exceeds the threshold value, so it is determined that a bundle failure has occurred.

  Note that there is no particular limitation on the threshold value determination method for bundle failure determination, but for example, the threshold value can be determined empirically based on past failure information. Further, as a cause of a bundle failure when the monitoring target device 300 connected to an access line extending from the relay network (core network) is a monitoring target, a communication device on the relay network side that accommodates a plurality of access lines fails. There are cases. Therefore, the threshold may be determined based on the number of access lines accommodated in each communication device on the relay network side.

(About output processing)
The bundle failure detection unit 104 notifies the output processing unit 106 of the result of the bundle failure determination for each group, and the output processing unit 106 displays the screen shown in FIG. 9, for example. As shown in FIG. 9, the difference between the current NG number and the previous time is displayed for each group on the screen. In addition, the group in which the difference exceeds the threshold (group D in FIG. 9) is set to be conspicuous, for example, displayed in red. In addition, when a group having a difference exceeding the threshold value is generated, a warning sound may be emitted in addition to displaying red. The screen shown in FIG. 9 is updated every time the aggregation timing (excess judgment reference time) is reached. Note that the display content illustrated in FIG. 9 is merely an example, and for example, information “bundling failure occurrence” may be displayed. “Band failure occurrence” is an example of information indicating that the increase amount of NG exceeds a predetermined threshold.

  When it is determined that a bundle failure has occurred in a certain group, the output processing unit 106 sends a bundle to a mail destination (for example, the failure notification destination terminal 400 in FIG. 1) determined for the group. An e-mail notifying that a failure has occurred may be transmitted. The email includes, for example, information notifying that the number of NGs has exceeded the threshold, and the device ID (or name associated with the ID) that detected NG.

(About search processing)
Next, an example of search processing executed by the search unit 105 will be described. The search unit 105 according to the present embodiment can search and extract ongoing failures (NG) that have occurred within a specified period from the monitoring results stored in the data storage unit 102. The search can be performed for each group, or can be performed for the entire group without specifying the group.

  The search unit 105, for the monitoring result stored in the data storage unit 102, “NG generation time is within the specified period” and “NG ends after the specified period or NG has not ended”. The record is searched, and the information of the record is extracted as information of “ongoing failure that occurred within the specified period”. The “NG occurrence time” is the time when the result of Ping monitoring changes from OK to NG. The “NG occurrence time” may include a case where the result of Ping monitoring does not change from NG to NG.

  A specific example will be described with reference to FIG. FIG. 10 shows devices A and B as examples of devices to be monitored. Further, the end point of the specified period (the right end point of the specified period in FIG. 10) is the current point in time when the search is performed or a point in time before the current point.

  As shown in FIG. 10, in the device A, it is changed from OK to NG during the specified period, and then again OK. In this case, since the failure that occurred within the specified period is not ongoing, the corresponding record is not extracted. On the other hand, in the case of the device B, it changes from OK to NG during the specified period, and NG continues until the end of the specified period. In this case, since the failure that occurred within the specified period is ongoing, the corresponding record is extracted.

  In the case where the monitoring result is a table as shown in FIG. 4A, for the device determined to be an ongoing failure, all the information of the NG determination record during the specified period is extracted. Alternatively, for example, it is possible to extract only the information of the record that becomes NG first. Since it is assumed that the specified period is longer than a predetermined interval for performing Ping monitoring, in the case of the former, a plurality of pieces of NG information are extracted for the same device.

  When a non-monitoring period is set for the monitoring target device 300, the fact that the final point in the specified period is not in the non-monitoring period and that the search execution time is not in the non-monitoring period are used as additional conditions. May be.

  The search unit 105 notifies the output processing unit 106 of the search result, and the output processing unit 106 displays, for example, a search result screen as shown in FIG. In the example shown in FIG. 11, the date and time of failure occurrence (for example, the last time when OK → NG within the specified period), device ID, and group ID are displayed as ongoing failure information. Of course, this is merely an example. For example, a name or the like associated with the device ID / group ID may be displayed instead of or in addition to the device ID / group ID.

  Further, for example, the output processing unit 106 displays a screen showing a device determined to have an ongoing failure on a map, and the operator selects (clicks) a desired device from the operation unit 107 while viewing the screen. Thus, the Ping monitoring unit 103 may be instructed to ping the device and automatically ping the device.

  By providing the search function as described above, for example, for each group, it is possible to extract only the devices that have failed within the specified period and continue to fail, and can narrow down the affected range easily. it can. For example, it is possible to search for a failure that has occurred only during the bundle failure occurrence period.

(Summary of the embodiment, effects, etc.)
As described above, in the present embodiment, a failure detection device used in a network to which a monitoring target device is connected, and a monitoring packet is sent to each monitoring target device in a plurality of monitoring target devices to be monitored. Monitoring means for determining whether or not there is a failure with respect to each monitoring target device and transmitting the determination result to the data storage unit at a predetermined time interval, and the monitoring target stored in the data storage unit Based on a determination result for each device, a determination unit that determines whether or not an increase amount of the number of monitoring target devices determined to have a failure exceeds a predetermined threshold value, and the determination unit determines that the increase amount is the predetermined threshold value. A failure detection device is provided that includes output means for outputting information indicating that the increase amount exceeds the predetermined threshold when it is determined that the increase amount exceeds the predetermined threshold.

  The determination means executes a determination as to whether the increase amount exceeds the predetermined threshold at predetermined time intervals, and determines the failure at the previous determination time from the number of monitoring target devices determined to have a failure at a certain determination time. It may be configured to determine whether or not the increase amount exceeds the predetermined threshold depending on whether or not a value obtained by subtracting the number of monitoring target devices determined to be present exceeds the predetermined threshold.

  The monitoring target devices to be monitored by the monitoring unit are grouped, the determination unit determines whether the increase amount exceeds the predetermined threshold for each group, and the output unit determines the increase Information indicating that the increase amount exceeds the predetermined threshold may be output for a group that is determined that the amount exceeds the predetermined threshold.

  The failure detection apparatus may further include setting means for storing the grouping setting information in the data storage unit.

  The failure detection device searches for a determination result stored in the data storage unit, thereby extracting information on a monitoring target device in which a failure has occurred within a specified period and the failure continues. The output unit may output information on the monitoring target device extracted by the search unit.

  With the technology in the present embodiment, it is possible to quickly grasp whether or not a bundle failure has occurred. Further, for example, by using a display screen for each group as shown in FIG. 9, it is possible to easily distinguish a group in which a bundle failure has occurred from a group in which only a single failure has occurred. Based on the group that occurred (eg, a specific city, etc.), the suspected event that caused the bundle failure (eg, a failure of a communication device that accommodates an access line in a specific city, a blackout in a specific city, etc.) Identification can be performed easily.

  The present invention is not limited to the above-described embodiments, and various modifications and applications are possible within the scope of the claims.

DESCRIPTION OF SYMBOLS 100 Failure detection apparatus 101 Setting part 102 Data storage part 103 Ping monitoring part 104 Bundle failure detection part 105 Search part 106 Output processing part 107 Operation part 300 Monitoring object apparatus 400 Failure notification destination terminal

Claims (7)

A failure detection device used in a network to which a monitoring target device is connected,
A monitoring process for determining whether or not there is a failure with respect to each monitored device by transmitting a monitoring packet to each monitored device in a plurality of monitored devices to be monitored, and storing the determination result in the data storage unit for a predetermined time Monitoring means to be executed at intervals;
A determination means for determining whether or not an increase in the number of monitoring target devices determined to have a failure exceeds a predetermined threshold based on a determination result for each monitoring target device stored in the data storage unit;
A failure detection apparatus comprising: output means for outputting information indicating that the increase amount exceeds the predetermined threshold value when the determination unit determines that the increase amount exceeds the predetermined threshold value; . The determination means executes a determination as to whether the increase amount exceeds the predetermined threshold at predetermined time intervals, and determines the failure at the previous determination time from the number of monitoring target devices determined to have a failure at a certain determination time. 2. The method according to claim 1, wherein whether or not the increase amount exceeds the predetermined threshold is determined based on whether or not a value obtained by subtracting the number of monitoring target devices determined to be present exceeds the predetermined threshold. The failure detection device described. The monitoring target devices to be monitored by the monitoring unit are grouped, and the determination unit determines whether or not the increase amount exceeds the predetermined threshold for each group,
The said output means outputs the information which shows that the said increase amount exceeds the said predetermined threshold value about the group determined that the said increase amount exceeds the said predetermined threshold value. The Claim 1 or 2 characterized by the above-mentioned. Failure detection device.   The failure detection apparatus according to claim 3, further comprising a setting unit that stores the grouping setting information in the data storage unit. The failure detection device searches for a determination result stored in the data storage unit, thereby extracting information on a monitoring target device in which a failure has occurred within a specified period and the failure continues. Further comprising
The failure detection device according to any one of claims 1 to 4, wherein the output unit outputs information on the monitoring target device extracted by the search unit. A failure detection method executed by a failure detection device used in a network to which a monitoring target device is connected,
A monitoring process for determining whether or not there is a failure with respect to each monitored device by transmitting a monitoring packet to each monitored device in a plurality of monitored devices to be monitored, and storing the determination result in the data storage unit for a predetermined time A monitoring step that runs at intervals;
A determination step for determining whether or not an increase in the number of monitoring target devices determined to have a failure exceeds a predetermined threshold based on a determination result for each monitoring target device stored in the data storage unit;
An output step for outputting information indicating that the increase amount exceeds the predetermined threshold when it is determined by the determination step that the increase amount exceeds the predetermined threshold value. .   The program for functioning a computer as each means in the failure detection apparatus of any one of Claims 1 thru | or 5.

Images