net health monitoring jonathan franco itd application services
TRANSCRIPT
![Page 1: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/1.jpg)
.NET Health MonitoringJonathan Franco
ITD
Application Services
![Page 2: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/2.jpg)
What is .NET?
ASP.NET is a web application framework developed by Microsoft to allow programmers to build dynamic web sites, web application and web services.
It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft’s Active Server Pages (ASP) technology.
ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language.
![Page 3: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/3.jpg)
What is .NET Health Monitoring?
The ASP.NET Health Monitoring system is designed to monitor the health of a running ASP.NET application in a production environment.
The Health Monitoring system works by recording event information to a specified log source.
Log Sources• Email• Event Log• SQL• WMI• Trace
![Page 4: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/4.jpg)
System.Web.Management.
WebBaseEvent“All Events”
WebApplicationLifetimeEvent
“Application Lifetime Events”
WebRequestErrorEvent“Request Processing Errors”
WebErrorEvent“Infrastructure Errors”
WebRequestEvent“Request Processing Events”
WebHeartbeatEvent“Heartbeats”
WebBaseErrorEvent“All Errors”
WebAuditEvent“All Audits”
WebFailureAuditEvent“Failure Audits”
WebViewStateFailureAuditEvent
WebAutheticationFailureAuditEvent
WebSuccessAuditEvent“Success Audits”
WebAuthenticationSuccessAuditEvent
RequestTransactionAbort = 2002RequestTransactionComplete = 2003
DiskOutputCacheInformation = 5003DiskOutputCacheQuotaExceedeed = 5001RuntimeErrorPostTooLarge = 3004RuntimeErrorRequestAbort = 3001RuntimeErrorUnhandledException = 3005RuntimeErrorValidationFailure = 3003RuntimeErrorViewStateFailure = 3002
WebErrorCompilationError = 3007WebErrorConfigurationError = 3008WebErrorObjectFormatterDeserializationError = 3011WebErrorOtherError = 3009WebErrorParserError = 3006WebErrorPropertyDeserializationError =3010
AuditFileAuthorizationSuccess = 4004AuditUrlAuthorizationSuccess = 4003
AuditFormsAuthenticationSuccess = 4001AuditMembershipAuthenticationSuccess = 4002
ApplicationCompilationEnd = 1004ApplicationCompilationStart = 1003ApplicationShutdown = 1002ApplicationStart = 1001
AuditFileAuthorizationFailure = 4008AuditUnhandledAccessException = 4011AuditUnhandledSecurityException = 4010AuditUrlAuthorizationFailure = 4007
AuditFormsAuthenicationFailure = 4005AuditMembershipAuthenicationFailure = 4006
AuditInvalidViewStateFailure = 4009
Event Class Hierarchy
WebHeartbeatEvent = 1005
![Page 5: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/5.jpg)
Event Occurrence The chart below shows Event occurrences for an
outside facing server.
![Page 6: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/6.jpg)
Sample Application
![Page 7: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/7.jpg)
Error Handling When an error occurs for the web application the
error page should not give away any details. An error handler redirects to this error page.
![Page 8: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/8.jpg)
Improper Error Handling Lack of error handling can lead to an attacker
gaining additional information about the web server or application.
There are ways to force the web application to reveal information without proper error handling.
![Page 9: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/9.jpg)
Best Practices Error Page
• Add an error page to avoid giving information away to attackers.
Publish web sites to server• Don’t copy code to the servers. Copying code to the
servers will cause a fair amount of Health Monitoring Events to occur and is insecure.
Don’t debug on the server• Debugging on the server will cause various Health
Monitoring Events. Generating the wrong kinds of events can cause your IP to be blocked if done on the server.
![Page 10: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/10.jpg)
Email Layout
Provider that sent the Event.
Application Name, Event Code and Event Detail Code for the Event.
Stack trace for the Event.
![Page 11: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/11.jpg)
Email Layout
Event Message, time and ID. Event ID can be traced back to the Event Log if additional information is desired.
IP Address, regardless of proxy, that caused the Event.
![Page 12: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/12.jpg)
Custom Configuration
Developer Override for Email• Subject Prefix• Email List• Header and Footer for Body• Reply To• AppendEmail
Sample Subject line• HM [servername] Event Code: 3003 Event Message: A validation
error has occurred. Event type: WebRequestErrorEvent
![Page 13: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/13.jpg)
Settings
Buffer modes configured whether events are buffered or not.
Providers lists the providers that are configured along with information of where to send the event.
Profiles state any limits on sending the events. Rules link the Event Mapping to the Provider. Event Mappings tell what events to report.
![Page 14: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/14.jpg)
Migration/Deployment Notes Review settings of any existing web applications
that use Health Monitoring. Make sure there are no conflicts.
Deploy during working hours where everyone is available.
Periodically check occurrence of events and determine which providers should report these events.
![Page 15: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/15.jpg)
Non-ITD Provider Use
The Health Monitoring assemblies can be configured/used on your server.
Develop Provider• Develop HTTP Handler to get the Request information.• Sum up the compilation Events when web sites are
Published.• Obfuscate the offending content from a Validation Error,
shown in the Custom Event Details section.
![Page 16: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/16.jpg)
Future Enhancements
Heartbeat, make a web service to receive heartbeats from various applications and only send an email if there is trouble.
Detect and report HTTP POST with SQL Injection. Send an email for multiple start and stops of an
application based on a configured threshold.
![Page 17: NET Health Monitoring Jonathan Franco ITD Application Services](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649d9e5503460f94a88885/html5/thumbnails/17.jpg)
Any Questions/Comments?