Functionality, security and performance monitoringsanjay@astiostech.com |Microsoft MVP | ELITE M’sia

Topics • What is monitoring

• The need for monitoring• Options available out there

• Core components of a typical website• What to monitor?

• Inter-networking• Physical• OS• Backend• Frontend

• An introduction to Nagios - Framework Monitoring • Q&A

What is monitoring?Wiki:

Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages. It is part of network management.

Ping – my first monitoring tool..

Monitoring is an art, it’s an orchestration for visibility

Why monitor?• Commercial impact• Personal impact• Organizational and establishment impacts

If’s there aren’t any problems, just wait..

If your digital assets are valuable, your monitoring tool will help sustain that

Why? Some, of the many many reasons..• Measure performance, monitor security and

assure functionality• Slowdowns make search engines to not like

you anymore• Problems will make customers cringe • Security breaches can hurt credibility • Plan wisely, save money• Service levels• Compliance

http://backlinko.com/search-engine-ranking

The application and monitoring conundrum

Your Site

Your Monitoring

If users complain and if you don’t know

YOU NEED MONITORING

Questions to ask…• Do I know what’s going on with my site(s)?• Do I know what is the experience of my consumers on my site

are like?• Do I know if my resources are sufficient?• Is there any room for improvement?• Am I sufficiently informed on issues?• Do I comply with industry standards?

Smart admins automate as much..Smart developers get smart admins to help them automate as much..

Options available out thereWhat to use?

Monitoring software• Virtually hundreds.• Some commercial, some free, some free and open source.

Some on cloud and some hybrid and some on premises.• Examples of Open Source Monitoring Tools

• Nagios• Cacti• Icinga• Opsview• OpenNMS• Op5

General guidelines when choosing• Familiarity • Functionality• Flexibility• Cost• Complexity/Completeness• Support (and roadmap)

What to monitor?With special focus on Joomla and its ecosystem

The drawing board – Relative OSI model

The drawing board– A typical Joomla Site

Inter- Networki

ngPhysical OS Backend Frontend

The drawing board - Supporting Actors• Application load balancers• Security solutions• Cipher off loaders• Clustering• Caching technologies• Custom app add-ons• Others…

Each one of those components, can and will affect your site.Thus, every one of those should be monitored.

What to monitor General connectivity

• Routes• DNS• Local vs Geographical reachability

• Edge devices• Firewalls• IPS/IDS• Routers• Switches• Load balancers

Inter-networking• ICMP Ping

• Host up or down• Roundtrip time & Latency• Packet loss

• TCP Ping• Port specific

• UDP Ping• Send with / expected reply

DNS – The building blocks of the internet

• DNS Resolution• Correctness• Speed

• Domain expiry• Rogue domains

proliferation

Firewalls• Thousands of logs? Are we

reading them? Well we should!• What’s inside those logs?

• Can we form a pattern to be preemptive rather than reactive?

• Is the firewall the bottleneck?• Is the firewall overworked?

What to monitor • Physical

• CPU• Memory• Disk• Temperature• Hardware modules

• RAID• Fans• Power Unit

• Power

Server (s) capacity

What to monitor – OS• Operating System (OS)

• Updates• Open files• OS messages• Interface Bandwidth• Attempted/Unauthorized access• Rogue apps/Trojans/Rootkits• File accessibility• File configuration changes• Check for ports/processes• Check for services• Check for job completions/backup completions• Check HA/Replication• Date and Time

Rootkit

What to monitor - Backend• Backend

• PHP engine (Apache/IIS/NGINX)• Databases (PostgreSQL/MySQL/MSSQL)• SSL engine (mods)• Data replication • HA and load balancing • Caching engine• FTP/SSH/SFTP etc..• Others

• Email server• LDAP/Directory• File share• Virtualization • Remote access• VPNs

PHP/Webserver• Is the webserver running• Is the PHP engine running• Is it running the latest relative

version• Other PHP modules loaded and

working properly• E.g. suhosin, mod_security

• Worker processes• Compilation/execution time• Throughput• Server crashes• Requests vs responses• Error codes/Events

Databases• Is the database server running• Queries

• Slow queries• Rogue queries (injection attempts)

• Check # of processes/queue• Replication statuses• Latency of read/write• Table statues• Connections to the server• Threads• Errors• Memory and CPU usage

Frontend• Checking functionality of the PHP scripts

• WebInject• Checking PHP script data size consistency• PHP version• Apdex score• Events• Responses• Defacement• Periodic & Automatic auditing• Check Joomla version against yours

• Updates• Security• Mods

Frontend reverse check• An interesting way to have a real life test on your servers

Normal way

Interesting way

Nagios – Framework MonitoringPerhaps the best monitoring tool, I know…and here’s why

Introduction to Nagios• N.A.G.I.O.S -> Nagios Ain't Gonna Insist On Sainthood

• Worlds most deployed open source monitoring solution

• Winner of several awards and recognitions

• Can monitor *anything*, really..!

More on Nagios..• Nagios is a framework• Enterprise grade

• Same class as HPOV, Tivoli, etc..• Supports just about anything you have• It's open source • Highly scalable• Easy to use and customize• Built around largely successful apps such as

MRTG, MySQL, Apache and surely, Linux

Typical monitoring offerings• Other monitoring solutions…

• It’s a nice house• It will only be like that as

designed by the architects• You can renovate, but cost you

lots of $$$• You have to always go back to

the developer for help• If you wish to do more, you

need to buy a new house

Framework?• With Nagios

• Make the most beautiful house• You decide how your house

should look like• Renovate, redesign, rebuild

and customize, no additional cost!

• Anyone knows to use a LEGO set, knows how to support your house

• Need to do more? Don’t need to buy a new house, just use the blocks and enjoy…

Why Nagios?• Building a monitoring solution of what you need, not what the product can offer

• Unlimited possibilities• Monitor everything

• No license cost• No maintenance cost

What Nagios can do?• Again, quite a bit, specifically…

• Hardware• Software• Event logs• Any logs• Clustering support• Through WMI• Through scripting (VB, PowerShell, cmd.exe)

Plugins are at the heart of Nagios’s success

Plugins: Nagios is has the largest repository of plugins in the planetOver 5000 and counting

Customizing – Creating your own plugin

• Simple logic to do so• If something = some value

then set OKelse then set WARNING

• Exit codes tells Nagios to set OK, warning or critical. So if I exit 0=OK, exit 1=warning, exit 2=critical

Just about any system..

Response: If <event>, then, do this, that…

Something went wrong

Send alerts

Remedyand more..

The B list of stuff to monitor• File and print server availability. Fake a file save operation and see if that

worked/or not..• Check if clusters are still “clustering”• Scan network for open ports• Scan if a log has been compromised. Or, scan logs for a particular keyword• Check if the last backup was successful• Check licenses on a license server (e.g. lm-manager)• Check if servers running on UPS or city power• Check any log files• Run shell codes to gather informaton

• Unix shell, MS Powershell

And finally..• Environmental devices • Other Monitoring Tools

Thank you | Q&A

Copyright 2016 © Astiostech Sdn Bhd. For informational purposes only. No warranties of any kind are made and you have to verify all information before using it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties or on our website.

Experts in Open Source Network Monitoring | VoIP | Cloud Telephony | Security | CMDB