On Mon, May 14, 2012 at 03:10:55PM +0200, Stanisław Findeisen wrote: > What tools would you recommend for monitoring the following on a server? : I'd say you need several different things here:
> * kernel + process images in memory > * shape of the process tree -snmpd -cgroups configuration, if I'm understanding you correctly. > * binary integrity of files + permissions > * users, groups -Integrity and/or intrusion detection: aide, tripwire and alikes, plus a centralized configuration management system: say puppet, chef, cfengine, ... > * network connections -snmpd -iptables, psad, fail2ban, etc (and before someone jumps in and say: "those are not monitoring tools", think twice) > * user sessions -snmpd, IIRC > * log files > How about reporting? Logging would be good but logging to a local file > is problematic as that could be compromised on a server hack... WRT to logging security, syslog-ng can use TCP (more relable than UDP) and SSL/TLS security. And you can always log to a remote server if you are concerned about security. After having these tools installed and configured, you can start using a monitoring solution to integrate all the info in a centralized web view. I know nagios is pretty standard, but what most people is not telling is most its developers fleed. You should check Icinga instead. https://www.icinga.org/2011/11/03/icinga-vs-nagios-a-developers-comparison/ My personal choice is zabbix. The only thing I miss with zabbix is snmpv3 SHA/AES support. Other would be munin, cacti. Most probably all of those monitoring solutions have templates for OSes and applications (apache, jboss, ... you name it) -- Primary key fingerprint: AD8F BDC0 5A2C FD5F A179 60E7 F79B AB04 5299 EC56
signature.asc
Description: Digital signature
