5.1.1.1 Employ technology watches or other technology monitoring notification systems

From aptrust
Jump to: navigation, search


5.1.1.1 Employ technology watches or other technology monitoring notification systems
Status Ready for review
Compliance Rating Fully compliant
Responsible

The repository shall employ technology watches or other technology monitoring notification systems.

Supporting Text

This is necessary to track when hardware or software components will become obsolete and migration is needed to new infrastructure.

Examples for Meeting the Requirement

Management of periodic technology assessment reports. Comparison of existing technology to each new assessment.

Discussion

The objective is to understand when any subsystem poses a risk of obsolescence, and enable planning migration to new technology before interoperability mechanisms are no longer available. This can be driven by proprietary software dependencies (the vendor no longer supports the subsystem component), and by emergence of new protocols (the mechanism for accessing the system has become obsolete and is no longer supported).

Evidence Provided

Servers and services are monitored using the community supported open source software Icinga2. When a server or service fails, is non-responsive or exhausts available resources Icinga2 notifies the operations team per email and Slack notification (depending on the severity of the failure) in order ensure a quick resolution. Icinga2 tracks performance and resource data over time so spikes can be reviewed and analyzed if issues have occurred.

Application and service log files are analyzed using the open-source tool Logwatch (https://sourceforge.net/projects/logwatch/files/). The tool parses and analyzes log files for certain patterns and sends email reports on malicious or irregular activity. This reactive strategy allows us to identify gaps in the systems configuration and mitigate eventual issues.

See Monitoring for more details.