Monitoring Linux OS in secured infrastructures is crucial for maintaining system health, detecting security threats, and ensuring overall performance.
By continuously tracking system resources like CPU usage, memory consumption, and disk I/O, administrators can identify potential bottlenecks and optimize resource allocation.
Additionally, monitoring system logs provides valuable insights into system events, errors, and security-related activities. This allows for early detection of anomalies, suspicious behaviors, and potential security breaches. Proactive monitoring enables prompt response to issues, minimizes downtime, and helps prevent unauthorized access or data breaches.
CYSEC SA offers hardened Linux-based microdistributions designed to run containerized applications and called ARCA Trusted OS. This operating system has an immutable root filesystem and is minimalist. Whereas, these specificities have clear advantages from the point of view of security, they limit the number of tools present in ARCA Trusted OS and prevent users from installing their own tools in the kernel or the root filesystem.
Concerning the system log generation, CYSEC SA has chosen to work with systemd that creates logs of the system in journals. The content of these journals can be processed and forwarded to your monitoring and supervision platform with the appropriate plugin.
In the solution architecture description below, we describe how to use Fluentbit to retrieve and forward the logs generated by ARCA Trusted OS.
