Web Server Administration

Chapter 11Monitoring and Analyzing the

Web Environment

Overview

Monitor operating systems Monitor Web servers Monitor other Web applications Learn about some analysis tools

for Web servers

Monitoring Operating Systems Typically you analyze log files

They contain information regarding certain events

Logs are used to detect problems OS, application, or security problems

Various tools can monitor performance

Should create baseline at beginning of OS lifecycle for comparison purposes

Monitoring Windows Performance monitoring allows you

to compare system performance over time You can set multiple counters and

watch them in real-time Windows Task Manager highlights

CPU and memory usage You can modify services to notify

you if a service fails

Windows Event Viewer The event viewer contains six event types shown in the left pane

Windows Event Logs System and application events display

three levels of messages Information Warning Error

Because many messages can be generated, a filter focuses on what you want to see

Over time, the logs fill up so you should clear them or save them

Monitoring Linux Logging is controlled by the syslogd daemon Facilities represent daemons that used syslogd Most facilities are listed below

Apache uses local7

Eight Levels of Message Priorities in syslogd

Monitoring IIS IIS has specific counters for use in the

Performance Monitor The System event viewer provides

specific information If IIS did not start, you can find out why

IIS has extensive logging capabilities Default log format used by various third-

party applications that analyze logs You can create custom logs

Sample IIS Log

Monitoring ApacheError Logs

By default, syslogd sends Apache messages to /var/log/boot.log Location of the error log

ErrorLog logs/error_log logs refers to /var/log/httpd

You can create a different error log for each virtual host

Monitoring ApacheTransfer Logs Transfer logs tell you about the use of

your Web site Default log based on combined format

Determined by the CustomLog directive in httpd.conf

There are a number of sample formats or you can create your own

By default, they are stored in /var/log/httpd/access_log

Monitoring DNS BIND uses a logging statement that you

configure in named.conf Define logging in two parts

Channel defines where logging is sent Category defines what will be sent

If the channel is going to a file, use the versions option to define the number of backups Size option sets maximum size of the file print-time adds the date and time to the file

BIND Categories

BIND Logging Entry

logging { channel "techno_channel" {

file "named.log" versions 4 size 10m;

print-time yes; }; category "resolver" {

"techno_channel"; };};

Monitoring Exchange 2000 Uses Application portion of Event viewer

Should filter out informational messages because there are over 50 just when it starts

You can enable four types of logs audit – access to mailboxes protocol – commands used for SMTP, etc message tracking – senders and receivers diagnostic – analyze detailed problems

Analysis Tools for the Web Server Analysis tools extract system data from

logs and format the data For IIS, one of the popular tools is

WebTrends from NetIQ Helps you determine the source of Web traffic Determines which pages are most popular Nearly 50 different reports

123LogAnalyzer is available for both IIS and Apache Many reports are similar to WebTrends However, you cannot compare reports over

time

Summary Monitoring operating systems typically

involves performance monitor graphics and analyzing log files

When monitoring systems, start with a baseline

In Windows, Event Viewer is the primary utility

BIND 9 DNS has extensive logging capability

Analysis tools take data in logs and help you make sense of it in an easy to read format