New alerts for SPMA

The DSW alerting service (SPMA) continues to add more functionality to fit our customers needs. Recent alerts added include

  • Send a Warning if the server reboots
  • Monitor the number of Terminal Services Connections (this can be configured to monitor any TCP port)
  • Monitor ISP Name Servers (ensure the Name Server responds in a timely manner and that the response is correct)

New alerts are added to SPMA on a monthly basis and if there is not an alert that suits your needs, then we will write one to fit the requirement.

Each alert can be configured on it’s own or follow the generic configuration. So if you want an alert to run on a different schedule, alert email sent to a different set of people or only alert during core/custom hours then SPMA can be configured for your exact needs.

The power of systems monitoring

DSW recently setup their SPMA (Systems Performance Monitoring & Alerting) system for one of our customers and to be honest, they didn’t quite understand what they would get out of it. After the system was running for less than 1 week, it showed some strange peaks in CPU and network usage.

DSW investigated this which turned out to be a Brute Force attack on their system to try and hack their Administrator password. Their systems were safe as DSW had already advised the customer to disable the Administrator account and use another administrator account for their day to day admin work.

The graphs produced for the customer also included the uptime of the server which showed for this customer that the server had been running for over 200 days. DSW questioned this with the customer as it was a Windows server and we would have expected a monthly reboot for patching. This has highlighted an issue with the WSUS server at the hosting company.

What the customer learned with SPMA is that it will show them a normal profile for the standard system usage but will highlight unusual usage which should be investigated.