How do I monitor my Managed File Transfer system?
Most Managed File Transfer (MFT) products contain a dedicated reporting component, available either in the base licence or as an additional module which can be purchased and installed separately.
Many businesses will want to pass this reporting into their monitoring solution, to consolidate all their reporting in one place. But what’s the best way to do this? The majority of MFT solutions generate simple alerts to notify operators or administrators of potential problems. In this article, I’ll explore some of the ways that you can use these interfaces to best suit your needs.
Before you even consider how you want to interface your MFT to your monitoring, you need to take a long look at whether something is, in fact, worth monitoring. For example, would you want to be alerted when someone fails to login to your FTP server? If it’s a wannabe hacker and their IP address gets automatically locked out, then probably not. If it’s a production batch account, then probably yes. Think about your MFT system in component pieces and judge each part on its own merit. Just because you monitor some of it, you don’t have to do it all.
1. The problem with email
One of the easiest monitoring methods is to generate an email when something goes wrong. Unfortunately though, this is also one of the biggest monitoring failures for a couple of reasons.
First, relying on email does not preclude a failure or delays in your mail system. Emails can potentially get lost or marked as spam by the mail server if enough are generated. Secondly, if you are only notified of failure, but you don’t receive any emails, is your system working?
2. Simple network management protocol
SNMP is a protocol designed for monitoring a network and its various devices. There are several monitoring solutions commercially available, however you need to check your MFT system to determine if it is able to create an SNMP trap. If not, you are limited to just monitoring the MFT server(s).
3. Log watcher
Most monitoring tools contain a log watcher of some description. The monitoring solution can be set to read your log files on a regular basis and will generally remember which parts of the log have already been read. An alert is raised when a certain regular expression is encountered in the log file.
Be careful when using this approach that you do not inadvertently change the log levels of the MFT solution and that error text does not change with software upgrades.
4. Event log
Some MFT solutions allow writing to Windows event logs, which you can then monitor with any commercial monitoring solution. On a Linux or Unix system, you would perhaps be checking the /var/log directory (system logs are written to /var/log/messages).
If your MFT solution writes log records to a database, use a query launched from the monitoring solution to routinely extract error events. Depending upon the frequency of execution, this can give near real-time results.
6. And finally… scripting
If your MFT product provides an API, why not use some scripting to generate events? A Cron or Windows scheduled task can routinely check directly into your system for noteworthy events.
Now that you’ve worked out a way to get the events from your MFT system into your Monitoring solution, you need to consider how you want to be alerted. Of course, this is the responsibility of the monitoring solution, but consider how you would like to grade the events that you receive. Do they all require your immediate attention, or can you apply a priority to some, while others can wait? In practice, it makes sense to prioritise events before passing them to the monitoring solution.
If you need help setting up your monitoring, please contact Pro2col. Our experts deliver professional services on all aspects of your MFT solution.
We’ve been specialising in solutions that securely transfer data, integrate with on-premise, hybrid and cloud systems since 2004. We are partners for the majority of the leading file transfer vendors, delivering accredited support services.