It is necessary to investigate carefully any warnings or notifications from system or network monitoring systems. Despite the high probability of errors or false positive warnings, and the seeming uselessness of this work, this information can serve as an efficient method of preventive notification of specific types of security policy violations. For example, messages concerning disk space or RAM shortage can be evidence of the occurrence of DoS attacks. Warning messages on decreased network through-put can be of the same character.