TUM Logo

SAURON - Advanced Monitoring of Distributed Components

Monitoring a distributed system brings its own challenges compared to monitoring a single system. However, a monitoring solution is required to recognize problem sources early. Network bandwidth usage, system resources used, and database storage consumed are all a concern when designing such a system.In this thesis I propose a solution for the Holmes-Processing system, a malware analysis platform. The solution is as efficient as possible, but has its drawbacks. It consumes almost no resources on the host system and the basic monitoring functionality consumes almost no bandwidth. However, due to the lack of a watchdog that limits the amount of generated log messages, the overhead of sending these logs cripples the entire network. Due to packet losses it cannot provide monitoring in a situation where network overload is present.The basic principle works and if some future work is dedicated towards it, it will become an efficient extension to the Holmes-Processing framework. Especially when data aggrega- tion algorithms are introduced to reduce the log message overhead.

SAURON - Advanced Monitoring of Distributed Components

Supervisor(s): George Webster
Status: finished
Topic: Linux stuff
Author: Maximilian Schott
Submission: 2017-02-01
Type of Thesis: Bachelorthesis
Proof of Concept No

Astract:

Monitoring a distributed system brings its own challenges compared to monitoring a single system. However, a monitoring solution is required to recognize problem sources early. Network bandwidth usage, system resources used, and database storage consumed are all a concern when designing such a system.In this thesis I propose a solution for the Holmes-Processing system, a malware analysis platform. The solution is as efficient as possible, but has its drawbacks. It consumes almost no resources on the host system and the basic monitoring functionality consumes almost no bandwidth. However, due to the lack of a watchdog that limits the amount of generated log messages, the overhead of sending these logs cripples the entire network. Due to packet losses it cannot provide monitoring in a situation where network overload is present.The basic principle works and if some future work is dedicated towards it, it will become an efficient extension to the Holmes-Processing framework. Especially when data aggrega- tion algorithms are introduced to reduce the log message overhead.