5.2.1.2. ON Analytics Monitoring

We define and strongly recommend to have a monitoring process in place for each Role (Sensor, Core, Analytics) in any productive environment.

We classify and define different monitoring methods as:

Trending: Where the system resources monitor hardware performance and its status.
External services: Availability where those are checked from outside.
Processes and Events to be monitored: That are up and running along with its related events.
Healthcheck: ON Analytics has a multiple internal checks to make sure services are up and running as expected.

To understand better how to monitor the ON Analytics, we recommend to review the openNAC Analytics Architecture section

5.2.1.2.2. External Services

Check service availability:

Logstash Port: TCP 5000 (only for role analy+agg or aggregators)

Kibana Ports: TCP 5601 (only for role analytics or analy+aggr)

Elastic Ports: TCP 9200 (only for role analytics or analy+aggr)

5.2.1.2.3. Processes and Events to be monitored

The next services can be externally monitored.

Logstash

Kibana

Elasticsearch

rsyslog

5.2.1.2.4. Healthcheck

Different modules are being checked by out of the Box ON Analytics instances. For the different roles of the ON Core we can find:

5.2.1.2.4.1. ON Analytics

To configure the ON Principal healthcheck, see healthcheck configuration:

CACHE
COLLECTD
DISK_ROOT
DISK_TMP
DISK_VAR
DISK_VAR_LOG
DNS
ELASTICSEARCH
ELASTIC_INDEX_READ_ONLY
LOGCOLLECTOR
RAM
SYSTEM_INFO
SYSTEM_LOAD
TIME_SYNC

5.2.1.2.4.2. ON Aggregator