Monitoring Policies
Monitoring Policies are the cornerstone of ensuring that your endpoints are always under vigilant observation. Level provides you with a set of default monitoring policies, but you can enhance your setup by creating custom policies that better suit your needs.
Creating a Global Policy
A Global Policy is designed to provide a unified monitoring framework that applies across your entire network of devices, ensuring consistent monitoring and alerting.
Purpose and Benefits
A Global Policy ensures that every device in your infrastructure is monitored according to a baseline set of rules, reducing the chances of gaps in your monitoring strategy.
Steps to Create:
In the Monitoring Policies section, click "Create New Policy" and name it "Global."
Review Monitors and Configuration: Set up the monitors that will be universally applied. This might include system performance metrics, security scans, and resource utilization.
Review Notification Configuration: Level notifies over email make sure to add any email address you would like to notify when this policy alerts.
Assign to Devices Through Tags: Use tags to apply this policy across your entire device inventory or to specific groups that require a uniform monitoring approach. Here we made the policy work on workstation and server tags. This gets all of our devices on this account.
Creating a Security Policy
Security Policies are essential for proactively identifying and responding to potential threats within your network.
Purpose and Focus
A Security Policy is specifically designed to monitor for vulnerabilities, unauthorized access attempts, and other security-related events.
Steps to Create:
Select "Create New Policy" and name it "Security Policy".
Review Monitors and Configuration: Configure monitors to track security-specific metrics, such as failed login attempts, suspicious network activity, or unauthorized software installations.
Review Notification Configuration: Security alerts should be configured to ensure immediate notification of potential breaches.
Assign to Devices Through Tags: Apply this policy to devices that are critical to your security posture, such as production servers, exchange servers, and servers handling sensitive data.
Creating a Service Policy (e.g., Exchange, Nginx)
Service Policies are tailored for monitoring specific services or applications running on your network.
Purpose and Customization
Whether you’re monitoring an Exchange server, Nginx web server, or another critical application, a Service Policy ensures these services are performing optimally and are secure from threats.
Steps to Create:
Select "Create New Policy" and name it "Nginx Policy" etc.
Review Monitors and Configuration: Customize the monitors based on the specific needs of the service. For example, for an Nginx server, you could monitor the service and make sure it's always running. You also can have it start the service if it stops ensuring level will keep nginx running!
Review Notification Configuration: Make sure your email is configured and now you will receive emails if nginx ever stops.
Assign to Devices Through Tags: Use tags to ensure that this policy is applied to the servers running the specific service, ensuring consistent and focused monitoring.
Creating a Debug Policy
The Debug Policy is a specialized configuration designed for troubleshooting and analyzing specific issues within your system. Unlike regular monitoring, this policy includes additional monitors that you might only want to enable during a debugging session.
Select "Create New Policy":
Name it "Debug Policy" to clearly define its role in your monitoring strategy.
Review Monitors and Configuration:
Consider adding additional monitors that might be useful when diagnosing issues. These could include monitors that track less common metrics or provide more detailed insights into system performance, which are typically unnecessary for day-to-day operations.
Review Notification Configuration:
Adjust the notifications to focus on specific debugging alerts.
You might even consider disabling email notifications for the Debug Policy, especially if you’re actively monitoring the system through the dashboard or another interface. This approach helps to avoid notification overload during intensive troubleshooting sessions.
Assign to Devices Through Tags:
Use the debug tag to apply this policy selectively to the devices that are currently under investigation. This targeted approach ensures that the additional monitors are only active when needed, minimizing any unnecessary overhead.
Managing and Stacking Policies
After creating your policies, you can view all applied policies in your device management interface. level allows for policies to be stacked, meaning multiple policies can be applied to a single device.
You can view a summary of all monitors applied to a device from the Monitors tab under device details.
Adding Emails to Specific Policies: For each policy, you can add specific email addresses of the team members responsible for that area. For example, your IT operations team might only receive notifications from the Server Policy, while your security team is alerted to issues from the Security Policy. This customization helps streamline communication and ensures that only the necessary teams are notified about relevant issues.
Conclusion
In conclusion, level is a highly modular platform that can be configured to meet the specific needs of your organization. You can set up monitoring policies for servers, workstations, services, or anything custom you need.
If you have any custom monitors that you need assistance with or require help setting up any aspect of level, our support team is here to help. Feel free to reach out to them at [email protected], and they will assist you in configuring level exactly as you need it.