Operations | Monitoring | ITSM | DevOps | Cloud

IPHost

Security monitoring optimization: typical problems and their solutions

Security issues can be a challenge; preventing them via properly set up monitoring can save many resources. However, as network grows, the list of resources subject to monitoring may grow much faster. A typical situation is a data center: when new hosts (servers) are added, multiple monitors of the same type can be added (depending on server type: Web server, mail server and so on). In such a situation, it is required to reduce possible amount of monitors to as small number as possible.

Make your monitoring efficient: use clear and visible alerts

Default monitoring settings can be quite usable for most use cases; however, as the monitoring setup grows, certain configuration tweaks might be required to make monitoring more efficient. Alerts should actually attract attention of network administrator; otherwise, they are as good as gone. Alerts sent by monitoring tools should reach their destination. Although it can look obvious, there are several common pitfalls we should warn you about.

Optimize email notifications - maximum flexibility with minimum efforts

By default, in default IPHost installation the simplest email notification is used. While it’s suitable for most small or testing setups, more complex notifications may be required for real-life monitoring setups. By means of inheritance and composite alerts, notification system can be made quite flexible: small changes may be required to handle typical use cases. Let’s mention several pieces of advice to control notifications with less efforts.

Custom Nagios plugins

Nagios is a well-known monitoring framework; it’s also known for its plugins, the software components that are actually providing monitoring capabilities. IPHost allows using Nagios plugins directly; we have detailed instructions on setting up and using Nagios plugins; below is the essence of these instructions. Plugins can be anything executable – native application, a script file (including Unix shell files or Windows PowerShell scripts) and so on.

Use SNMP to monitor whatever you need

SNMP (Simple Network Management Protocol) is a popular protocol family, supported by majority of network devices, as well as available for every more or less popular operating system. One of most useful features of modern SNMP servers implementations is user-defined extensions. Simply put, one can instruct SNMP server to hold data returned by any user-defined action (such as output printed by a script or program). That can be used to use SNMP as container protocol, to deliver whatever data you need.

Make your monitors nearly real-time

Most of existing IPHost monitor types are passive, meaning they are being polled by IPHost – directly, or via remote network agent. There are two “active” monitors, that perform “Event” type alert, when receiving data from remote host: Syslog monitor and SNMP Generic Trap monitor. Although it’s not possible to transform all possible passive monitors to active, there are several approaches to make monitoring nearly real-time in certain situations.

Beyond the standard monitoring

In most cases, monitoring is often viewed as pretty dumb alarm system – built to notify if something goes wrong. However, there could be cases when monitoring software can be used not so straightforward, or apply non-obvious settings or means to handle the task. Some of them are listed below. If you can think of any other case, please let us know in the comments form in the bottom.