Monitoring Server

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey, Cybrarians.
00:00
>> Welcome back to
00:00
>> the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to be
00:00
covering monitoring and monitoring servers.
00:00
Upon completion of today's lesson,
00:00
you are going to be able to explain the importance of
00:00
monitoring servers and why they're
00:00
important to system administration.
00:00
We're going to talk about how monitoring servers
00:00
work at a high level.
00:00
Then we're going to use some local
00:00
monitoring commands such as top.
00:00
Systems administrators generally have
00:00
a lot of servers under their care and it's not
00:00
uncommon for a team of systems administrators to
00:00
support a hundreds or even thousands of servers.
00:00
It's impossible to keep an eye on
00:00
every single server all the time.
00:00
However, larger organizations often
00:00
employ something called a network operation center,
00:00
which tends to look like
00:00
the photo that we see over here on the right.
00:00
Some other organizations that have
00:00
a lot of security consciousness,
00:00
they tend to employ something called the
00:00
security operation center or SOC.
00:00
But regardless of whether or not
00:00
the you have a NOC or SOC,
00:00
either one is only as good as their training
00:00
and the monitoring tools that are provided to them.
00:00
Therefore, it's really important to
00:00
configure and monitoring on your servers.
00:00
Good monitoring is going to let you
00:00
know when something on a server has failed.
00:00
This is going to be known as reactive monitoring.
00:00
But the best types of monitoring are the ones
00:00
that let you know when something is about to fail.
00:00
Proactive monitoring.
00:00
This is the difference between something telling you
00:00
that your memory has failed on
00:00
a server versus telling you that you're running low on
00:00
disk space and you're going to run
00:00
out in an estimated amount of time.
00:00
Some other things that come into play here
00:00
are things that are like aggregation and correlation,
00:00
putting all of your logs in the same place, for instance.
00:00
Getting all your monitoring in
00:00
the same place so that you can
00:00
correlate all that together.
00:00
Take a look at what's going on with your logs versus
00:00
what of alarms you're getting from your servers.
00:00
Then you can also get into something even more
00:00
complicated than that called observability.
00:00
If you geek out on metrics and data analysis,
00:00
definitely take a look into these things.
00:00
But moving on, monitoring servers are configured to
00:00
notify or email
00:00
systems administrators when something happens.
00:00
This can be a fallback for
00:00
a network operation center or security operation center.
00:00
But in some cases it might be the only option.
00:00
In my career, I've worked in a lot of places
00:00
where there was no operation center.
00:00
There is just a system administrator who got a pager.
00:00
There are many monitoring tools that are out there.
00:00
For example, you might see Nagios or Cacti.
00:00
Those are used to monitor system activity.
00:00
Then there's other things like wireshark and tcpdump,
00:00
which monitor network activity.
00:00
Now system and network monitoring tools
00:00
can operate in a few ways.
00:00
They can accept in
00:00
simple network management protocol messages,
00:00
SNMP messages, and these are sometimes called traps.
00:00
What will happen is the server will trap or
00:00
it'll alarm on an SNMP issue,
00:00
usually what's called a MIB
00:00
and it'll send the information
00:00
over to the monitoring server
00:00
and say, ''Hey, I've got an issue.''
00:00
The other side of it is that
00:00
the monitoring server itself can go out and
00:00
pull the server itself
00:00
on an ongoing basis and it can check it,
00:00
make sure that it's app could use SNMP to do that.
00:00
It could also use paying or SSH to run a command on
00:00
the server just to check the health of
00:00
the server on an ongoing basis.
00:00
Unfortunately, installing
00:00
configuring monitoring tools is complicated.
00:00
It really is a course in and of itself.
00:00
But what we can do today is
00:00
look at another type of monitoring tools,
00:00
which are local monitoring tools
00:00
that work on a single system.
00:00
Let's do that with some demo time.
00:00
Here we are in our CentOS environment.
00:00
Let's take a look at a few of these tools.
00:00
The first one we'll look at is the command top [NOISE].
00:00
Now top will display all running processes,
00:00
as well as information about
00:00
the load average which we see here,
00:00
and information about the CPU and memory that's in use.
00:00
By default top refreshes the screen every three seconds.
00:00
We can change that by hitting the S key on
00:00
our keyboard and then entering plus and then the number.
00:00
I'm going to change it to plus five,
00:00
and now it will refresh every five seconds.
00:00
Instead of top, we can also sort by the amount of
00:00
CPU use by hitting a shift P on our keyboard.
00:00
Or we can sort by the amount of memory usage and show
00:00
the highest memory use with Shift M. In this case,
00:00
we can see that the gnome shell,
00:00
that the graphical user environment is
00:00
the highest memory user on my system right now in top.
00:00
Let's go ahead and quit out of this.
00:00
To exit out of top,
00:00
we can hit q, and then we go ahead and clear the screen.
00:00
Now another good command that you can use,
00:00
especially for looking at memory,
00:00
is something called free.
00:00
By default, free is going to show you
00:00
information about the memory on your system.
00:00
But by default, that looks awful.
00:00
I mean, there's just a bunch of numbers here.
00:00
What is the value of these numbers?
00:00
Well, we can use Free dash H to
00:00
display all of this in a human-readable format.
00:00
The H is for human-readable [NOISE].
00:00
We can see that the actual number
00:00
value instead of just being numerically,
00:00
we can actually see that it's in megs
00:00
or gags or what have you.
00:00
That's just another really good command use.
00:00
The final command to talk to you
00:00
today about is the PS command.
00:00
Now the PS command itself is very complicated.
00:00
It has a bunch of different commands and options,
00:00
and it can be used in a bunch of different ways because
00:00
there's just been around forever.
00:00
It's been used since BSD and Unix.
00:00
It has a lot of different options that you can use.
00:00
The one that I like to use the most PS AUX.
00:00
I actually like to pipe it to less because
00:00
otherwise it just displays a
00:00
bunch of stuff on the screen.
00:00
Now when do this,
00:00
you can see the user ID, the process.
00:00
You can see the amount of CPU and
00:00
memory that a process might use.
00:00
You can see information about the status of it as well as
00:00
the time it's been running and the command that was run.
00:00
There are a lot of other
00:00
monitoring tools that you could use,
00:00
even just locally on a system.
00:00
But these are the big three that I use.
00:00
That's why I wanted to show them to
00:00
you today here in a demo.
00:00
With that we've reached the end of this lesson.
00:00
In this lesson we covered the
00:00
importance of monitoring and
00:00
monitoring servers when we're
00:00
doing system administration,
00:00
we talked a little bit about how
00:00
monitoring service can work from a high level.
00:00
Then we use some local monitoring tools
00:00
like top ps and free.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next