Choosing Components Within Monitoring Targets
Once you’ve selected the IT systems that need monitoring, you must
analyze the component makeup of these targeted systems to select event
feeds (which we’ll cover in depth in the next chapter). To determine the
component makeup, you should break down each system into its core
elements, including the databases, web servers, application servers, and
various hosts upon which these solutions run. Depending on the components
in your solution, you might collect syslog messages from Unix/Linux
servers (and from Windows servers, if they’re configured with add-on
packages), monitor the AUD$ table on
Oracle databases, analyze the access_log from Apache web servers, and so
on.
Your system will also depend on complementary services such as authentication servers (LDAP, Active Directory, NIS+, etc.), caching servers, network attached storage (NAS), and so forth. Analyzing your policies will help you determine which complementary services you should monitor to complete your targeted monitoring plan. You should even consider network devices that serve access to your system; tools such as NetFlow and syslog can help trace device configuration changes, among many other things.
Example: ERP System
To illustrate the process of selecting components for monitoring, consider an installation of SAP R/3, which by definition is a three-tier architecture composed of presentation servers, application servers, and a database server. In a typical installation, the ...