5.1.2. ON Analytics Monitoring

We define and strongly recommend to have a monitoring process in place for each Role (Sensor, Core, Analytics) in any productive environment.

We classify and define different monitoring methods as:

Trending: Where the system resources monitor hardware performance and its status.
External services: Availability where those are checked from outside.
Processes and Events to be monitored: That are up and running along with its related events.
Healthcheck: ON Analytics has a multiple internal checks to make sure services are up and running as expected.

To understand better how to monitor the ON Analytics, we recommend to review the openNAC Analytics Architecture section

5.1.2.2. External Services

Check service availability:

Logstash Port: TCP 5000 (only for role analy+agg or aggregators)

Kibana Ports: TCP 5601 (only for role analytics or analy+aggr)

Elastic Ports: TCP 9200 (only for role analytics or analy+aggr)

5.1.2.3. Processes and Events to be monitored

The next services can be externally monitored.

Logstash

Kibana

Elasticsearch

rsyslog

5.1.2.4. Healthcheck

Different modules are being checked by out of the Box ON Analytics instances. For the different roles of the ON Core we can find:

5.1.2.4.1. ON Analytics

To configure the ON Principal healthcheck, see healthcheck configuration:

DNS
CACHE
LOGCOLLECTOR
COLLECTD
RAM
SWAP
ELASTICSEARCH
KIBANA
TIME_SYNC
BACKUP
DISK_ROOT
DISK_VAR
DISK_VAR_LOG
DISK_TMP
DISK_BACKUP
SYSTEM_LOAD
SYSTEM_INFO

5.1.2.4.2. ON Aggregator