What enterprise monitoring needs to focus on

At present, there are many open source free products on the market for enterprise monitoring, but sometimes it is difficult to find a practical and convenient software, many open source software only focus on a point, maybe do well, but many times the enterprise needs is a face, so that the enterprise will deploy a lot of software to support the operation of the system, This is not all, often a lot of open source or free software configuration is more complex, often a function from learning to use, need to spend a lot of costs, if encountered problems, it is difficult to have effective support services, most of the situation is their own Baidu forum to solve. And a lot of software does not have any relationship, resulting in a lot of interface, often no time to see or simply do not look.

for many small and medium-sized enterprises, their own equipment and systems are not too many, equipment is generally several to dozens of units, the system is generally a few sets. But perfectly formed, small and medium-sized enterprises in the business operation and maintenance of security management needs may not be much different from big companies, the only thing is less money. If you spend too much resources and money to invest, many companies do not have enough, if not to engage and inconvenient. What to do, this product is born. This product through itself and other software cooperation to complete the Enterprise information monitoring compliance business needs. Analyze compliance by monitoring all possible logs to meet Business Analytics.

What are the objectives of monitoring and monitoring? Everyone has different answers, and we believe that the ultimate goal of monitoring is to keep the business running and stable. Monitor the main content of the business, operations and security. Several concepts of monitoring.

Monitoring object: What is the object to monitor, which is what you want to monitor.

Metrics for monitoring objects: What properties do we have to monitor this thing? such as CPU Memory utilization.

Determine the alarm baseline: What is the fault, to call the police? such as CPU load to how much to need to alarm?

From the most basic to the top-level steps to analyze the main content of monitoring.

Hardware monitoring, system monitoring, Application service monitoring, website monitoring, security monitoring, file monitoring, operation monitoring, database monitoring, business monitoring and so on.

hardware monitoring and monitoring of the first step, if the hardware is a problem is more serious, all the applications running on this hardware will not play a role. The server hardware management interface uses the industry's unified IPMI protocol, ranging from 1.5 to 2.0 . There are two ways to monitor, one is to proactively get IPMI sensor parameters, and the other is to send an IPMI device alarm notification, and the Protocol that is commonly used is SNMP Trap Protocol. The first situation when monitoring the details of the use of more than, for example, to obtain graphs and so on, the focus should focus on the second, this log is mainly hardware alarm information.

System Monitoring is the basis of monitoring system, the main object of system monitoring is CPU,Memory,IO and other in-depth including the system, External link ports, file changes, file changes the main face is the need for tamper-proof, the importance of this is no doubt.

Application service monitoring is also an important part of the monitoring system, mainly the health of the software that provides the service, for exampleApachenumber of connections, response time,JVMstack usage and so on, garbage collection situation, etc.,Apacheprovides aMod_statusand theMod_infomodule is used to outputApacheof the state;Nginxwhen compiling, add-With-http_stub_status_module, and then you can useStub_status onto open it;JVMUseJmconsole,Metrics, orJMXremote monitoring is possible.

website monitoring, through the Web access log monitoring, through the log can get a lot of useful information, such as PV, independent IP, geographical distribution, Browser distribution, status, access ranking and so on.

Security monitoring, security monitoring including attack monitoring, system vulnerability monitoring. Attack monitoring mainly sub- Web site attacks, such as server attacks, such as the majority of these can be analyzed through the log, such as Web site attacks can be through the WAF Logs and Web Logs for server attacks can be analyzed by the system log to analyze the server attack.

operation Monitoring, the operation of monitoring is to log on to the server operation of the behavior of monitoring, to prevent misoperation or the occurrence of intrusion behavior.

database Monitoring, database monitoring for data access to monitor, including logins,SQL queries, slow performance of the query and so on.

Business Monitoring, which is related to each business system, such as active users for most sites, new users, trading situation, etc. these are more important indicators.

the system through the operating system log, bypass packet capture logs,WAF logs, monitoring logs,ftp logs,WAF Logs and other possible logs to be analyzed to monitor the above content, to ensure that users in the business operation and maintenance of security requirements. At present the product has integrated the Mysqlsniffer plug-in, Httpsniffer plug-in, inotify plug-in, will be integrated collected plug-ins and OpenVAS plugins.

For more information, please follow the product introduction and upgrade content on the OSC.

What enterprise monitoring needs to focus on