5.2.1.3. ON Analytics Monitoring

We define and strongly recommend to have a monitoring process in place for each Role (Sensor, Core, Analytics) in any productive environment.

We classify and define different monitoring methods as:

• Trending: Where the system resources monitor hardware performance and its status.

• External services: Availability where those are checked from outside.

• Processes and Events to be monitored: That are up and running along with its related events.

• Healthcheck: ON Analytics has a multiple internal checks to make sure services are up and running as expected.

To understand better how to monitor the ON Analytics, we recommend to review the openNAC Analytics Architecture section

5.2.1.3.1. Trending

It is possible to find the status of the system resources. We can find it in the Status > Trending. The system resources monitored are:

• CPU

• OpenNAC

• Disk

• Interface

• Load

• Memory

• Mysql

• Redis

• Other

• Conntrack

5.2.1.3.2. External Services

Check service availability:

• Logstash Port: TCP 5000 (only for role analy+agg or aggregators)

• Kibana Ports: TCP 5601 (only for role analytics or analy+aggr)

• Elastic Ports: TCP 9200 (only for role analytics or analy+aggr)

5.2.1.3.3. Processes and Events to be monitored

The next services can be externally monitored.

• Logstash

• Kibana

• Elasticsearch

• rsyslog

5.2.1.3.4. Healthcheck

Different modules are being checked by the out of the Box ON Analytics instances. For the different roles of the ON Core we can find:

To configure the ON Sensor healthcheck, review the healthcheck configuration:

• CACHE

• COLLECTD

• DHCPHELPERREADER

• DISK_ROOT

• DISK_TMP

• DISK_VAR

• DISK_VAR_LOG

• DNS

• FILEBEAT

• RAM

• SYSTEM_INFO

• SYSTEM_LOAD

• TIME_SYNC

• ZEEK