Single points of failure
Monitoring, apart from backing up and staying updated is one of fundamental principles of information security. However, every one of those principles is in fact intertwined with the remaining two. Monitoring is no exception.
A simple example: if there’s a monitoring service that watches all the resources you need, reports as required and does it well, it’s still no guarantee you will be alerted to whatever wrong could happen to your assets. Imagine connectivity loss, or monitoring service failure (everything breaks sooner or later).
Apart from backing up data, one should also back up every component used by monitoring service – including monitoring service itself.
Stopped monitoring service
Unless measures have been taken to ensure IPHost monitoring service to auto-start after failure, its absence may be incorrectly taken for “OK” state for all the monitors.
One of solution is to have another IPHost installation to monitor the one in question (and vice versa). The second installation may only monitor the main one, and be able to notify of its shutdown.
This situation is a typical pitfall; make sure you watch the monitoring service itself and render its absence a critical failure.
No valid SMTP server
By default, IPHost default settings do not contain valid SMTP server and proper credentials to send email. As a result, no notifications are sent (apart from default pop-ups, in case user sees the desktop of the system running IPHost).
Thus, we recommend, after the IPHost has been set up and run for the first time, set up at least one (the primary one) mail server. After its data has been verified via “Send test email alert”, setting secondary SMTP server is recommended, in case the primary one isn’t accessible.
Connectivity loss
Regardless of how reliable are SMTP server(s), if there’s no connectivity at the system running IPHost, notifications might be not able to reach their destinations.
One of backup means is to set up SMS sent via GSM modem; please note that this service may incur extra charge from mobile operator.
Setting up alternate Internet connection, provided that outbound traffic is routed via it automatically (when primary connection channel breaks), is another solution, unrelated directly to IPHost.
Human errors
The $AdminMail, primary email address used by IPHost in variety of abnormal situations (set in “Settings > Email Settings”), might receive many messages from monitoring setup. If those are filtered out/otherwise automatically moved out of inbox, an important notification may be missed. It is recommended to create custom messages for email alerts, modifying subject line, so it can’t be confused with any other message – and ensure that messages related to “Down” state for critical monitors are paid attention to.
Another typical mistake is disabling alerts (say, for duration of maintenance) without automatically enabling them. Please note that IPHost continues to notify, by sending message to $AdminMail, that alerting are disabled (every 3 hours).
We would recommend making IPHost notifications as “noisy” as possible in the beginning; after you understand how well they are noticeable, you might wish to draw your attention to critical monitors, wherever marking all the rest as less important.
Do you know of any other typical human errors or other monitoring setup flaws preventing them from working as expected? We would be glad to know – feel free to comment here or email us message.
