Server Monitoring Policy
|Version: 1.00||Issue Date: 12/16/2014|
This Server Monitoring Policy is intended to ensure that computers are regularly monitored for events which may cause problems including system errors and signs of intrusion.
This Server Monitoring Policy is an internal IT policy which defines the monitoring of servers in the organization for both security and performance issues.
This Server Monitoring Policy is designed both to protect the the organization against loss of service by providing minimum requirements for monitoring servers. It provides for monitoring servers for file space and performance issues to prevent system failure or loss of service. This Server Monitoring Policy establishes a minimum process for monitoring the organizational computers on the network for performance and security issues. This policy shall define who is responsible for monitoring the servers.
This policy is effective as of the issue date and does not expire unless superceded by another policy. This Server Monitoring Policy applies to all production servers and infrastructure support servers including but not limited to the following types of servers:
4.0 Daily Checking
All servers shall be checked manually on a daily basis the following items shall be checked and recorded:
The amount of free space on each drive shall be recorded in a server log.
The system log shall be checked and any major errors shall be checked and recorded in the server log.
Services shall be checked to determine whether any services have failed.
The status of backup of files or system information for the server shall be checked daily.
A daily server check report shall be provided to management before the close of each business day by the designated server administrator(s). If the report is not submitted in a timely manner, the manager must check the status to determine why the report was not submitted on time and correct the situation.
5.0 External Checks
Essential servers shall be checked using either a separate computer from the ones being monitored or a server monitoring service. The external monitoring service shall have the ability to notify multiple IP personnel when a service is found to have failed. Servers to be monitored externally include:
The mail server
The web server
External DNS servers
Externally used application servers.
Database or file servers supporting externally used application servers or web servers.
6.0 Corrective Activity
When significant errors are found due to server monitoring activities, appropriate and timely action is taken to correct problem whether the error is due to:
An intrusion - Actions outlined in the incident response plan and procedures is implemented.
Interruption of service - A task is started to restore service and the priority is set based on the severity and impact of the interruption.
System low on disk space - A task is started to determine a solution whether it be to add more room or clean up files.
General system or application errors - Many of these errors may be minor. The administrator must check the error type on the vendor website and determine the severity or threat to the system or services. If the threat is considered significant, a task must be started to investigate and correct the error.
All significant errors are logged and a task is started to address them. All tasks must be tracked until resolved.
7.0 Management Actions
Management must implement new projects in a timely manner to upgrade servers in the event of a performance issue due either to equipment failure or increased use.
The business managers must provide realistic and current information about expected volume of use including expected peak loads, to the IT department so new systems can be appropriately sized and current systems can be upgraded to meet increased demand.
It management uses tools and expert opinion to forecast demands on IT resources and make appropriate decisions based on the forecasts.
Demand forecasting techniques are evaluated by management based on past performance and accuracy of previous forecasts.
Since server monitoring is important to maintain the performance and security of the organizational services and network and to prevent unauthorized data disclosure, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.
9.0 Other Requirements
A list of processes that should be running on each server must be created.
Files that are required to be backed up should be recorded for each server.
Procedures for checking servers should be written and a form should be created either on paper or in electronic format.
Performance of servers should be monitored at least monthly and a baseline performance indicator for all servers should be kept. Server performance reports should be sent to management.
Auditors should audit every six months to be sure all servers are being monitored regularly. Auditors must report results to senior management.
Approved by:__________________________ Signature:_____________________ Date:_______________