Server Monitoring Policy

Version: 1.00Issue Date: 12/16/2014

This Server Monitoring Policy is intended to ensure that computers are regularly monitored for events which may cause problems including system errors and signs of intrusion.

1.0 Overview

This Server Monitoring Policy is an internal IT policy which defines the monitoring of servers in the organization for both security and performance issues.

2.0 Purpose

This Server Monitoring Policy is designed both to protect the the organization against loss of service by providing minimum requirements for monitoring servers. It provides for monitoring servers for file space and performance issues to prevent system failure or loss of service. This Server Monitoring Policy establishes a minimum process for monitoring the organizational computers on the network for performance and security issues. This policy shall define who is responsible for monitoring the servers.

3.0 Scope

This policy is effective as of the issue date and does not expire unless superceded by another policy. This Server Monitoring Policy applies to all production servers and infrastructure support servers including but not limited to the following types of servers:

  1. File servers
  2. Database servers
  3. Mail servers
  4. Web servers
  5. Application servers
  6. Domain controllers
  7. FTP servers
  8. DNS servers
  9. Firewalls
  10. Routers

4.0 Daily Checking

All servers shall be checked manually on a daily basis the following items shall be checked and recorded:

  1. The amount of free space on each drive shall be recorded in a server log.
  2. The system log shall be checked and any major errors shall be checked and recorded in the server log.
  3. Services shall be checked to determine whether any services have failed.
  4. The status of backup of files or system information for the server shall be checked daily.

A daily server check report shall be provided to management before the close of each business day by the designated server administrator(s). If the report is not submitted in a timely manner, the manager must check the status to determine why the report was not submitted on time and correct the situation.

5.0 External Checks

Essential servers shall be checked using either a separate computer from the ones being monitored or a server monitoring service. The external monitoring service shall have the ability to notify multiple IP personnel when a service is found to have failed. Servers to be monitored externally include:

  1. The mail server
  2. The web server
  3. External DNS servers
  4. Externally used application servers.
  5. Database or file servers supporting externally used application servers or web servers.

6.0 Corrective Activity

When significant errors are found due to server monitoring activities, appropriate and timely action is taken to correct problem whether the error is due to:

  • An intrusion - Actions outlined in the incident response plan and procedures is implemented.
  • Interruption of service - A task is started to restore service and the priority is set based on the severity and impact of the interruption.
  • System low on disk space - A task is started to determine a solution whether it be to add more room or clean up files.
  • General system or application errors - Many of these errors may be minor. The administrator must check the error type on the vendor website and determine the severity or threat to the system or services. If the threat is considered significant, a task must be started to investigate and correct the error.

All significant errors are logged and a task is started to address them. All tasks must be tracked until resolved.

7.0 Management Actions

  • Management must implement new projects in a timely manner to upgrade servers in the event of a performance issue due either to equipment failure or increased use.
  • The business managers must provide realistic and current information about expected volume of use including expected peak loads, to the IT department so new systems can be appropriately sized and current systems can be upgraded to meet increased demand.
  • It management uses tools and expert opinion to forecast demands on IT resources and make appropriate decisions based on the forecasts.
  • Demand forecasting techniques are evaluated by management based on past performance and accuracy of previous forecasts.

8.0 Enforcement

Since server monitoring is important to maintain the performance and security of the organizational services and network and to prevent unauthorized data disclosure, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

9.0 Other Requirements

  • A list of processes that should be running on each server must be created.
  • Files that are required to be backed up should be recorded for each server.
  • Procedures for checking servers should be written and a form should be created either on paper or in electronic format.
  • Performance of servers should be monitored at least monthly and a baseline performance indicator for all servers should be kept. Server performance reports should be sent to management.
  • Auditors should audit every six months to be sure all servers are being monitored regularly. Auditors must report results to senior management.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________