5.1.3. ON Sensor Monitoring

We define and strongly recommend to have a monitoring process in place for each Role (Sensor, Core, Analytics) in any productive environment.

We classify and define different monitoring methods as:

• Trending: Where the system resources monitor hardware performance and its status.

• External services: Availability where those are checked from outside.

• Processes and Events to be monitored: That are up and running along with its related events.

• Healthcheck: ON Sensor has a multiple internal checks to make sure services are up and running as expected.

To understand better how to monitor the ON Sensor we recommend to review the openNAC Sensor Architecture section

5.1.3.1. Trending

You can find the status of the system resources in the Status -> Trending. The system resources monitored are:

• CPU

• OpenNAC

• Disk

• Interface

• Load

• Memory

• Mysql

• Redis

• Other

• Conntrack

For more information about this topic, see the full trending explanation.

5.1.3.2. External Services

Check service availability:

• ON Sensor doesn’t provide any external services. The sensor sends information to the ON Analytics as main function.

5.1.3.3. Processes and Events to be monitored

The following services can be externally monitored.

• zeek

• filebeat

5.1.3.4. Healthcheck

Different modules are being checked by the out of the Box ON Analytics instances. For the different roles of the ON Core we can find:

To configure the ON Sensor healthcheck, review the healthcheck configuration:

• DHCP

• DNS

• CACHE

• QUEUES

• LOGCOLLECTOR

• COLLECTD

• FILEBEAT

• DHCPHELPERREADER

• BRO

• RAM

• SWAP

• TIME_SYNC

• BACKUP

• DISK_ROOT

• DISK_VAR

• DISK_VAR_LOG

• DISK_TMP

• DISK_BACKUP

• SYSTEM_LOAD

• SYSTEM_INFO