In this lesson I'll discuss strategies for monitoring, I'll explain why monitoring is important, differentiate different monitoring strategies and also explore the impact on system administrators, when monitoring is in place. The importance of monitoring is huge. I can't stress the importance of monitoring. How do we know that systems remain up and running, if we don't have monitoring in place? Just basic up/down status on services or making sure a screen isn't blinking or HTTP requests or a whole bunch of other ways that we can monitor systems, are a way that we ensure systems are running. We may have mail systems, we may have web servers, we may have internet connections, all those different services have ways that we can monitor for their up/down status or running status. Active monitoring is where we are looking constantly at processes. So this could be things like looking at a web page or having a script look at a web page every five minutes, for example, make sure there's something coming up. This could be internet connection pinging from one system to another. If those pings ever go down, then we know that we have a problem. This could also be the lack of something, as well. So if we are expecting a bunch of logons to a system, even though our system may be up, maybe some other process failed. So if we're looking at log files as well, we may be able to tell what is wrong. So active monitoring could come in the form of log files, scripts, e-mails, text messages, pager requests, cell phone calls, a lot of different things. There's also a lot of different software out there that allows us to monitor systems effectively. So many a majority of those systems out there are actually free and can be built into the system management very easily. Auditing is a little bit different than monitoring. Auditing allows us more passive monitoring for systems. So let's say for example, that a system is continuously running and we don't get any alerts that something's wrong. What auditing would accomplish, would be to look at a system and understand that we have errors along the way or maybe it's an indication of some potential failure later on down the road. Auditing allows us to proactively make sure systems are on top working condition while monitoring looks at, well it's reactive. It's not passive. Auditing needs to be performed on a regular basis to make sure our systems are in good working condition. Whenever you start monitoring systems or services, you're going to find problems, specially when you start doing auditing. Windows systems especially, you could get into the weeds, for example, of looking through security events and see what happened here and what happened here. Why did this application crash? Why did they have a warning on this application or this file share or why did the user log in at this certain time? When you start monitoring and you start auditing you are going to get hit with all kinds of stuff that you may not want to know or may need fixed or may be a problem in general. So you will always find issues when you start monitoring. So it's important to fix those issues when you start to develop a monitoring or an auditing plan. Active monitoring again allows us to reactively fix things, while auditing allows us to proactively fix things. A system administration issues crop up also when we start to have a monitoring or an auditing stance in place or a plan in place. They're going to start fixing things. And that's the nature of system administration. They don't just ignore something, we try to fix it. So when you start to see those problems you're going to want to fix it. Also when we start to have a monitoring plan in place and an auditing plan, we're going to have to continue. You just don't do this once, you continually have to monitor. You continually have to audit, and then you also have to audit your auditing systems to make sure they're working. There has to be some kind of dedication to your monitoring strategy. Also, if there's something that users or system administrators need to do continuously or monitor for, maybe you're going to have to develop some kind of On-Call schedule for those systems administrators, to fix things. For example, our backup internet connection got destroyed unfortunately, the other day. They were doing construction along an interstate, at one of the local interstates around here, and a boring machine just obliterated the internet connection along with a lot of other services. So, we instantly know about that happening, and we can get somebody on the phone saying, "Hey, what happened? Where's the outage? How can we fix it?". So even though a backup process isn't your primary process, you still treat it like your primary because in case your primary goes down, then you're out of luck. If your backup is out. So in conclusion, monitoring should always be done on systems, on services. Auditing should also be performed, so you now get a mix of both active, passive monitoring, active monitoring and that reactive and proactive approach to the systems in general, to make sure that they're functioning all the time.
