Effective monitoring for your servers for an early error detection

  • For us, early error detection is the essential part of our service. So we keep our systems operating with higher rates which makes more likely to stop error before they reach our customers.

    –FRANCIS BROSNAN BLÁZQUEZ, ASPL HOSTING

fondoAzulRoyalblue
deteccion-temprana

Early detection

Our policy is to apply an intensive monitoring of the internal status of our servers in order to detect problems as soon as possible.

fondoAzul.Normalpng
servicio-modificacion-48x48

Early solution

The early detection help us to offer you a highly available service. Most of the incidents that happen have their origin in small problems that are easy to solve. That way we can avoid serious problems in the future.

fondoAzul
core-admin-logo

Core-admin / Panel

The monitoring is done in real time (when error happens) using the monitorin technology included in Core-Admin (a panel developed by ASPL for a server).


But, what kind of monitoring do you do?

All monitoring done by our systems and tech support, is focus on three aspects, which are the following:

  • Internal server state monitoring: which covers checking the server internally and its general health.
  • Server log monitoring: which covers real-time server logs monitoring to spot failures, problems and hints about server configuration problems and security issues.
  • File system monitoring: which covers real-time monitoring for changes happening at the file system to detect and report unauthorized changes.


Internal server state monitoring

Next, we show a list of basic elements reviewed by checkers by default included at Core-admin.

Checker: hostname
Description

Ensure hostname is configured in a consistent way with the rest of the system.

What solves

Many applications do not work properly if this value (hostname) is not configured properly and synchronized with IP information

Checker: dns
Description

Ensure DNS server configured at the system is working right..

What solves

Most of applications do fails when DNS service is not available or not working right.

Checker: swap
Description

Ensure swap configuration is working and it does not reaches warning and/or critical levels.

What solves

To avoid reaching critical/warning levels of working memory held by the swap. To avoid the server do not enters into “swapping” state.

Checker: syncookie
Description

Ensures syncookie setting is enabled to mitigate synflood

What solves

Mitigate and reduce synflood attacks.

Checker: pop3
Description

Ensure pop3 service is working right (if it is installed). This checker has support for complete ring-test.

What solves

Detect and recover pop3 service failures

Checker: imap
Description

Ensures imap service is working right (if it is installed).

What solves

Detect and recover imap service.

Checker: smtp
Description

Ensure SMTP service is working right. This checker is a full ring-test.

What solves

Detect and recover SMTP service failures.

Checker: apache2
Description

Ensure apache2 works right and all ports are returning OK codes (like 200).

What solves

Detect and recover apache2 service failures.

Checker: mysql
Description

Ensure MySQL service is working right and max connection limit is not reached.

What solves

Detect and recover MySQL failures

Checker: crontab
Description

Track and check changes to crontab are safe and not used for exploit/rootkit/hacking

What it solves

To avoid malware/hacking/exploits to be executed periodically.

Checker: uptime
Description

Check startup time is consistent to detect unexpected reboots.

What solves

Detect and report uptime system changes

Checker: tmp-working
Description

Check and ensure system temporal directory is working right (allows users to create and remove their files), that has correct permissions and it is not full.

What solves

Most of the applications do not work with /tmp full or not working. This checker tries to avoid this point of failure and report it.

Checker: disk-full
Description

Check and monitor harddisks usage status to report when warning/critical levels are about to be reached.

What solves

Detect and report hardisks are filling so actions can be taken beforehand.

Checker: loopback
Description

Ensure and check loopback interface is configured and working

What solves

Many applications do not work right if they do not have a loopback interface working in the system. This checker tries to detect and recover (if possible) this interface.

Checker: syn-flood-detect
Description

Check and block those ips that create too many connections in “half-opened” state to disable or mitigate DOS based syn-flood attacks.

What solves

To provide an automatic and first container to block and detect these kind of attacks.

Comprobador: arcconf
Description

In the case your system has a PMC-Sierra raid card, this checker reviews its status, memory, battery and hard disk errors.

What solves

Track and ensure raid workds

Checker: hpacucli
Description

In the case your system has a HP SmartArray raid card, this checker reviews its status, memory, battery and harddisk status.

What solves

To ensure raid is working.

Checker: mdadm
Description

In the case of a raid software installation, this checker reviews its status and hard disks errors.

What solves

To ensure raid works

Checker: megaraid
Description

In the case your system has a LSI Megaraid raid card, this checker reviews its status, memory, battery and harddisk status.

What solves

To ensure raid is working.

Checker: cpu-usage
Description

Check and track cpu usage in a general manner and also at particular level..

What solves

To avoid broken or unauthorized processes to use more cpu than requiered.

Checker: renamed-process
Description

Check and track processes that started with a binary path and then changed to something different. Basic attack to hide processes.

What solves

Detect renamed processes as basic additional early attack detection

Comprobador: iptables-running
Description

Check and ensure iptables firewall is running.

What solves

Ensures iptables firewall is running and bring it up (if possible) when it is not found started.

Real time server log monitoring

Next it is shown a some of the elements checked at the system logs. This information is send in real-time to tech support center for its evaluation and early response if needed.

Kernel hangs
Description

Search for evidences for kernel hangs (“stack traces”) so that we can anticipate fixing a possible problem by doing an early restart or replace a hardware component.

Comando no encontrado
Description

Search evidences for “command not found” to rule out configuration problems or attack attempts..

Corrupt databases
Descripción

Search for evidences of database failures or pending to be repaired (MySQL, SQLite, PostgreSQL).

Shutdowns and reboots
Description

Search for evidences to detect reboots and shutdowns to ensure they are legitimate.

Failure in mailserver components
Descripción

Search for evidences for failures in any of the components required by mail servers.

Database connection failures
Description

Search for evidences for database connection failures to databases that should be working.

Unauthorized use of mail accounts detection
Description

Search for evidences about unauthorized usage of mail accounts to avoid they are captured or compromised to be used to send Spam or supplantation operations.

Detect and block login failure attempts (pop3, smtp, imap, ftp, ssh, sip…)
Description

Search for evidences and block IPs that when they are detected causing connection failure attempts (and it is found they are fraud).

Detect and log ssh accesses
Description

Search for evidences about ssh accesses received by the server.

File system monitoring

Next, there is a list of some of the file system changes that are monitored. This information is sent to the tech support center for its evaluation and response.

Changes requested by the user
Description

The user configures different folders and expressions to monitor when they are changed.

Changes inside /etc
Description

Monitoring changes in the configuration directory used by default in Linux systems.

Changes in web hosting folders (.php and similar)
Description

Changes in web hosting files are monitored to detect unauthorized/hacking code that might cause problems to the web or the server itself.