Wednesday, 31 October 2012

Measure Anything, Measure Everything, AppSensor and Simple Graphite Hosting

One of Nick's key concepts in his Amazing presentation on integrating security into the SDL presentation is the need to measure and visualize what is happening with an application (and the side-effects of code deployments/fixes).

A key reference is the Measure Anything, Measure Everything and Tracking Every Release posts which talk about how uses the Graphite ('Scalable Realtime Graphing') tool with some events consolidation/aggregation via StatsD

What is really interesting about this 'events monitoring capabilities' is that it can be used to monitor Network/Application behaviour/status, and capture/visualize security events (check out the login failures graph in the Measure Anything, Measure Everything post). And if you add this to an OWASP AppSensor aware app, we start to have a very interesting/powerful solution.

So (since we need a solution to monitor what is going on with I want to give Graphite a test drive.

The first problem is that the Graphite Installation page has a couple more dependencies and steps than I would like (I was expecting one download and two steps: download + Run :)  )

So since I'm not in the mood (or have the time) to do some linux hacking, I googled for a hosted solution and found the Hosted Graphite company who is providing what I need at a price that allows me to experiment them:

Let's see what happens :)