Monitoring — SUN¶
Classification: CONFIDENTIAL — Internal Use Only
SUN (192.168.120.3) runs SUN · Prometheus and Grafana, providing real-time metrics and alerting for all four WDC servers.
Service Overview¶
| Service | Port | Access |
|---|---|---|
| SUN · Prometheus | 9090 | Management network only |
| Grafana | 3000 | Management network only |
| node_exporter (SUN self) | 9100 | localhost |
Scrape Targets¶
SUN · Prometheus scrapes every 15 seconds:
| Target | Port | Metrics |
|---|---|---|
| SKY | 9100 (node_exporter) | CPU, memory, disk, network |
| SKY | 9119 (bind_exporter) | DNS queries/sec, zone transfers, errors |
| RAIN | 9100 | CPU, memory, disk, network |
| RAIN | 9119 | DNS query rates, DNSSEC, zone transfers |
| SUN | 9100 (self) | SUN OS metrics |
Grafana Dashboards¶
| Dashboard ID | Name | Purpose |
|---|---|---|
| 1860 | Node Exporter Full | OS metrics for all servers |
| 13955 | BIND DNS Exporter | DNS performance and DNSSEC health |
Alert Thresholds¶
| Alert | Severity | Condition |
|---|---|---|
| Scrape target down | P1 | Target unreachable > 2 minutes |
| Disk usage high | P2 | Any server disk > 80% |
| DNS query rate spike | P3 | Abnormal query volume |
| Zone transfer failure | P2 | BIND AXFR/IXFR failed |
Wazuh Email Alerting (MAPLE)¶
Wazuh Manager on MAPLE sends email alerts for high-severity events via Postfix relaying through Gmail SMTP.
Configuration¶
| Setting | Value |
|---|---|
| MTA | Postfix (MAPLE) relaying via Gmail SMTP |
| SMTP relay | smtp.gmail.com:587 (STARTTLS) |
| Sender | alerts@greenpeace.us |
| Recipient | rajesh.chhetry@greenpeace.us |
| Alert threshold | Level 10 (High) — only level 10+ alerts trigger email |
Postfix Configuration (MAPLE)¶
# /etc/postfix/main.cf additions
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
Wazuh ossec.conf Email Settings (MAPLE)¶
<!-- /var/ossec/etc/ossec.conf -->
<global>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>alerts@greenpeace.us</email_from>
<email_to>rajesh.chhetry@greenpeace.us</email_to>
<email_alert_level>10</email_alert_level>
</global>
After configuring, restart both services:
Email delivery was validated during the BT-002 drill — all 4 custom LOLBin rules (level 10–12) triggered email alerts within 60 seconds. See BT-001 LOLBin Drill for details.
Post-Change Checklist¶
Mandatory after every config change
sudo aide --update && sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz- Log change to
/var/log/asset-inventory.log
See the full guide: sun-wind-monitoring-logging.md
Monitoring · v1.2 · 2026-04-09 · GPUS-IT · Classification: CONFIDENTIAL — Internal Use Only