topic Monitoring Approach Strategy in Monitoring Splunk

Monitoring Approach Strategy

sbucchianeri — Mon, 31 Mar 2014 09:02:44 GMT

Hi All

I am looking for "Best Practice" type information on a Monitoring Approach Strategy. These would be things like:

What to log? (Windows, Linux, etc.)
What events to monitor?
What events to tune?
What do you do with the output?

Any help anyone can provide would be appreciated.

Thanks

Re: Monitoring Approach Strategy

kristian_kolb — Mon, 31 Mar 2014 15:11:38 GMT

That would totally depend on your use cases.

Compliance? Security? Operations? Development? Billing? Business Intelligence?

Sorry, but you need to refine your question a bit before you can get any good answers.

Re: Monitoring Approach Strategy

sbucchianeri — Mon, 31 Mar 2014 16:41:37 GMT

Apologies. I am looking for a balance between Security, Compliance & Operations for the Financial Services industry. Hope that helps.

Re: Monitoring Approach Strategy

lukejadamec — Mon, 31 Mar 2014 18:00:09 GMT

Assuming that you are new to Splunk, but not new to computers in a Financial Services industry, then you should step back and consider your environment.

Somewhere in your organization the computers and servers you use were built and are maintained according to some form of Security/Compliance Guidelines. Those guidelines specify what you want to log, and why you want to log it.

Those are the things that you want to monitor and analyze with Splunk. You will probably find that each of those (and there are probably many) are separate topics here on Answers.

For example, when a Windows server was put into production it was preconfigured by someone at your shop to log a specific set of events, for a specific reason. We do not know that information.

Re: Monitoring Approach Strategy

kristian_kolb — Mon, 31 Mar 2014 18:09:17 GMT

+1. The question is still a bit open-ended.

What types of systems, standard applications, bespoke applications, what compliance framework (if any)...etc