We monitor server conditions
For every server we manage, we install custom software that monitors all the conditions in that server:
- Server load
- CPU usage
- Memory usage (both physical and swap)
- Disk usage
- RAID array status
- Running processes (webserver, MySQL, PHP, etc...)
- Running services (FTP, POP3, SMTP, etc...)
If any of these conditions goes over our pre-determined thresholds, we're alerted to this fact right away, and will take steps to correct the issue. Our alert levels are set quite low, so we can get ahead of issues before they become a major problem.
Log file analysis
Each day we analyze system log files for each server. We're looking for trends, potential invalid logins, recurring problems, etc... We have both automated scripts and regular human reading of the logs to try and spot any issues, or potential security problems.
Firewalls and Intrusion Detection Systems (IDS)
Each server has a custom configured software firewall (we use CSF with custom settings and scripting) to keep each server secure. In addition to CSF's process monitoring, we've developed many custom scripts that are used to spot hacked accounts, compromised mailboxes, and watch conditions on load and memory usage per process. This allows us to be proactive in stopping problems before they snowball.