[-]
  
  
[-]
  
  
  
  
  
  
  
 
 
[-]
  
  
  
  
[-]
  
 [+]
  
[-]
Monitoring
  
 [+]
 [+]
 [+]
  
[-]
Monitoring guides
  
  
[-]
Templates
  
  
  
[-]
Cloud monitoring
 [+]
  
  
 [+]
Kubernetes
[-]
Network checks
 [+]
  
  
  
[-]
 [+]
  
  
  
  
  
  
 [+]
 [+]
 [+]
 [+]
[-]
CounterMeasures
  
 [+]
 [+]
  
  
[-]
Panopta OnSight
 [+]
 [+]
[-]
SNMP
 [+]
  
[-]
Alerting
 [+]
 [+]
 [+]
 [+]
 [+]
[-]
Reporting
  
  
  
[-]
Maintenance
  
  
[-]
API
  
  
  
  
[-]
Users, Groups, and Authentication
 [+]
  
  
  
[-]
Billing and Payments
  
  
  
  
  
  
 
[-]
  
  
  
  
  
  
  
  
  
  
  
  
Updated on 10/10/2019
Online Help
Monitoring policies
Direct link to topic in this publication:
  • Monitoring
  • ยป
  • Monitoring policies

Managing monitoring configuration at scale is often onerous, especially in diverse environments with many types of applications and technologies. To handle this, managing monitoring configuration as part of the build and release process is often viewed as the end-goal. However, many companies are far from ready for this, for various reasons. Thankfully, your Monitoring Policy enables you to manage your monitoring configuration from a central location using a workflow-like interface.


Overview

The Monitoring Policy is a series of rules that are applied to your instances as the instances are added to Panopta.They usually include a condition - e.g. if Apache is on the instance - and an outcome - apply a template, apply a tag, etc. The policy conditions can be either a collection of OR or AND predicates, forming an IF...THEN statement. The conditions utilize our continually growing list of dimensions.

The rulesets are executed sequentially and will override any settings that were previously set. For example, if you set the instance group for an instance and then in the next rule set it to a different group, the latter will be utilized.

Default Rulesets

Out of the box, we supply default rulesets which help to enrich your instances. As the feature matures, more default rulesets will be introduced.

Default Tags

Based on the instance-type (cloud, agent, etc), we'll apply a number of tags based on the characteristics of the instance - cloud region, cloud service, OS, etc. These are helpful when building dashboards, creating maintenance periods, running reporting, and more.

Default Monitoring

For each application identified on an instance, a monitoring template will be applied so that metric collection will begin immediately. Note: most applications require at least some level of configuration (such as credentials) to enable monitoring. We'll still apply the appropriate template but metric collection can not begin in its entirety until configuration is completed. See our Application Plugins section for more information.

Fallback Location

If an instance group is not set via a custom ruleset, it will be placed in the group selected in the fallback location policy. While acting as the fallback group, a group cannot be deleted - a different fallback will need to be selected first.

Adding Custom Rulesets

To get started, select Add a Ruleset. Optionally, you can also click the + icon from the workflow sidebar. From there, you'll enter the ruleset builder where you can add any number of rules.

Always Rules

Always Rules allow you to take action on every instance that is processed by a Monitoring Policy. It has no requirements - it will always be executed when it's encountered. This is great for things such as applying foundational monitoring templates or tags.

When configuring your rule, simply select Always from the first dropdown. Whatever is selected in the resulting action step will always be applied.


Conditional Rules

Conditional Rules are the type you'll utilize most often. As the name suggests, an action is performed assuming a given condition is met. If the condition is not met, it merely skips over it.

The example below checks to see if an instance is an EC2 instance. You can add as many condition requirements or actions to your ruleset rule as necessary; decoupling them is encouraged for maintainability.

AND's and OR's

You can toggle your Conditional Rule between an AND requirement to an OR requirement by clicking the applicable term in your filter condition. AND requires all conditions to be met while OR requires only one of n.

Exiting Rulesets

Maintaining small, decoupled rulesets is encouraged for the sake of scalability and maintainability. One tool to aid in that is the ability to "exit" ruleset. When a condition is met and the action is Exit Ruleset, processing of that particular ruleset will cease and the workflow will move on to the ruleset. This makes it really easy to do things like "If not an EC2 instance, move on to the next ruleset."

Filterable Dimensions

Dimension
Description
Always
When encountered, always evaluates to true and causes the action to always be executed
FQDN
Any known public or private IP or domain name
Tags
Existing tags on an instance, from the cloud provider, or agent manifest file
Applications
Name(s) of applications discovered to be running on the instance by the Panopta monitoring agent
Instance Source
Panopta Agent, Cloud, OnSight Discovery, or API
CPU Architecture
CPU Architecture of the instance
CPU Core Count
number of cores on the instance
Kernel Version
OS kernel
Operating System
Windows, Linux
Operating System Distribution
Ubuntu, Red Hat, CoreOS, etc
Operating System Distribution Version
e.g., Ubuntu 16.04.4 LTS
AWS Availability Zone
Availability Zone the instance resides in
AWS Image ID
Instance's Image ID
AWS Instance ID
Instance's Instance ID
AWS Instance Type
Size of the instance e.g., t2.micro
AWS Region
Region the instance resides in
AWS Service
EC2, RDS, DynamoDB, etc.
Azure Availability Zone
Availability Zone the instance resides in
Azure Instance Type
Dsv3, Dv3, Fsv2, etc.
Azure Region
Region the instance resides in
Azure Service
Virtual Machine, SQL Server Database, etc.
Cloud Provider
AWS, Azure

Actions

Action
Description
Exit Ruleset
Immediately exits the current ruleset and moves onto the next one, if present
Set Destination
Sets the Instance Group which the instance will reside in
Add Tags
Adds additional tags to the instance - it does not remove any that are already present
Apply Template
Applies a template to an instance - previously applied templates are not removed
Set Alert Timeline
Sets the instance's Alert Timeline, replacing what was previously set
Set Monitoring Location
Sets the instance's Monitoring Location, replacing what was previously set