Upload
imogene-welch
View
219
Download
0
Embed Size (px)
Citation preview
Web Server Administration
Chapter 11Monitoring and Analyzing the
Web Environment
Overview
Monitor operating systems Monitor Web servers Monitor other Web applications Learn about some analysis tools
for Web servers
Monitoring Operating Systems Typically you analyze log files
They contain information regarding certain events
Logs are used to detect problems OS, application, or security problems
Various tools can monitor performance
Should create baseline at beginning of OS lifecycle for comparison purposes
Monitoring Windows Performance monitoring allows you
to compare system performance over time You can set multiple counters and
watch them in real-time Windows Task Manager highlights
CPU and memory usage You can modify services to notify
you if a service fails
Windows Event Viewer The event viewer contains six event types shown in the left pane
Windows Event Logs System and application events display
three levels of messages Information Warning Error
Because many messages can be generated, a filter focuses on what you want to see
Over time, the logs fill up so you should clear them or save them
Monitoring Linux Logging is controlled by the syslogd daemon Facilities represent daemons that used syslogd Most facilities are listed below
Apache uses local7
Eight Levels of Message Priorities in syslogd
Monitoring IIS IIS has specific counters for use in the
Performance Monitor The System event viewer provides
specific information If IIS did not start, you can find out why
IIS has extensive logging capabilities Default log format used by various third-
party applications that analyze logs You can create custom logs
Sample IIS Log
Monitoring ApacheError Logs
By default, syslogd sends Apache messages to /var/log/boot.log Location of the error log
ErrorLog logs/error_log logs refers to /var/log/httpd
You can create a different error log for each virtual host
Monitoring ApacheTransfer Logs Transfer logs tell you about the use of
your Web site Default log based on combined format
Determined by the CustomLog directive in httpd.conf
There are a number of sample formats or you can create your own
By default, they are stored in /var/log/httpd/access_log
Monitoring DNS BIND uses a logging statement that you
configure in named.conf Define logging in two parts
Channel defines where logging is sent Category defines what will be sent
If the channel is going to a file, use the versions option to define the number of backups Size option sets maximum size of the file print-time adds the date and time to the file
BIND Categories
BIND Logging Entry
logging { channel "techno_channel" {
file "named.log" versions 4 size 10m;
print-time yes; }; category "resolver" {
"techno_channel"; };};
Monitoring Exchange 2000 Uses Application portion of Event viewer
Should filter out informational messages because there are over 50 just when it starts
You can enable four types of logs audit – access to mailboxes protocol – commands used for SMTP, etc message tracking – senders and receivers diagnostic – analyze detailed problems
Analysis Tools for the Web Server Analysis tools extract system data from
logs and format the data For IIS, one of the popular tools is
WebTrends from NetIQ Helps you determine the source of Web traffic Determines which pages are most popular Nearly 50 different reports
123LogAnalyzer is available for both IIS and Apache Many reports are similar to WebTrends However, you cannot compare reports over
time
Summary Monitoring operating systems typically
involves performance monitor graphics and analyzing log files
When monitoring systems, start with a baseline
In Windows, Event Viewer is the primary utility
BIND 9 DNS has extensive logging capability
Analysis tools take data in logs and help you make sense of it in an easy to read format