File and database activity monitoring
- TAGS:audit trails, DAM, database activity, database monitoring, directory monitoring, enterprise, FAM, file monitoring
- IT TOPICS:Enterprise Apps, Infrastructure Management, Networking
When I started my career in network management many years ago, my primary focus with file sharing and database applications was to make sure that they had enough disk space to grow. This basic level of monitoring is still important today. However, due the amount and sensitivity of data on today's networks, this basic monitoring has being extended and is now being referred to as FAM (file activity management) and DAM (database activity management).
The scope of what is covered by DAM and FAM can be broad depending on who you talk to. For this post, I just want to cover off how to get visibility into what is happening with your files and databases. I have looked at many different tools and applications, and I have found that they all use one or more of these monitoring techniques.
- Event logging on the host server.
- Installation of agents or client software on laptops and PC's.
- Passive monitoring of network traffic to and from the host server.
Event logging on the host server
While I am a fan of event logs for very specific things like a user network logon, I am not convinced that they can be successfully used for database or file activity monitoring. On the plus side it can be easy to setup, just enable logging on the servers. However, for even the simplest transaction, a large number of events can be generated. This can impact on server performance, result in huge log-files and you may end up losing data as log files get over-written. If you do want to use event logs, I would suggest you consider getting a log and event manager. This will take some of the load off the servers hosting your databases and files.
Installation of agents or client software on laptops and PC's.
Some auditing solutions involve the installation of software on all PCs and laptops. This can be an ideal solution for small networks where the network administrator knows where everything is. However, it can get expensive and difficult to manage on large networks. There is also a problem when it comes to monitoring users working from home or users bringing their own devices onto the network. So, while I won't rule out this form of auditing, I would suggest you consider costs and management implications before considering agents or clients software.
Passive monitoring of network traffic
The third method of implementing FAM or DAM involves the monitoring of the network traffic to and from the servers which host the databases and files. You do need to install a traffic analysis system which is capable of processing network packets.
These types of systems can be easy to deploy and you pick up all clients connecting no matter where there are located or what OS they run. As users access the databases and file shares, the traffic analysis system stores a record of these transactions. In a previous post I discussed how this monitoring technique can also be used to troubleshoot application problems.
So, if you need to look at a FAM or DAM solution, there are many options out there. No matter what solution you consider you need to factor in the monitoring of remote users, teleworkers, mobile devices and smartphones. Â On small networks you can focus on monitoring PCs and laptops with agents and clients, but on networks of 100 users and above you should focus on monitoring servers.
Darragh
Darragh Delaney is head of technical services at NetFort Technologies. As Director of Technical Services and Customer Support, he interacts on a daily basis with NetFort customers and is responsible for the delivery of a high quality technical and customer support service.
Free Insider Guide