I just finished reading The Linux Journal’s “Geek’s Guide to Enterprise Monitoring Success“. It was good, talking about how to leverage the monitoring to work for the IT department in an organization. This also talked about some business problems you can face, which I’ve seen first hand. I’ve been in the “metrics from another group’s monitoring tools” meeting before. Trust me, you need to be sure of yourself and what you’re doing for the company before that happens. I’ve also seen monitoring systems destroyed because the wrong people had too much access and trying to tune the system for their needs only.
For what it was, this was a good guide. From the title though, I expected something different.
My issue is if you’re going to claim to be a Geek Guide to something, think about what the audiences needs are. I went in to this thinking it was going to be more a guide with an overview of different systems, pros, cons, and recommendations for different deployment scenarios.
My biggest issues with trying to set up a monitoring solution in the past, and the same issue I have now is: WHAT TO USE? That is what I expected this guide to cover.
I’ve played with Security Onion a little in classes, but still don’t know what the best use for it is. I used AlienVault years ago (2008 or 2009) and didn’t care for the interface back to the point I rolled my own system for the business’ needs, partly because AV had too much. (Note I do have both in my lab right now and like the changes to AV since I first tried to use it).
Whenever I have needed to set a system up, whether email, web, database, monitoring, sftp, etc… the one thing I have had the hardest time finding was good documentation to help me make decisions on what to use. I don’t want “fanboy” use X because it’s awesome or Y sucks because of a patched security hole from 4 major versions ago. What want and need is neutral documentation that contains the following:
- What system X are out there, and what areas do they specialize in.
- What the Pros and Cons are to each one.
- What the hardware / OS set up requirements and recommendations for small, medium and large enterprise set ups.
- What gotchaya’s to look out for during setup.
Things like that list are what I’m expecting from something that calls it’s self a Geek Guide. Something that actually guides me through areas I need help with. Sure we have a great industry, but I don’t want to call my friends at the local VAR, MSP, or company down the street and ask them what to use. I don’t want to ask them over beer either.