Web Server Administration
Chapter 11
Monitoring and Analyzing the
Web Environment
Overview
Monitor operating systems
Monitor Web servers
Monitor other Web applications
Learn about some analysis tools
for Web servers
Monitoring Operating
Systems
Typically you analyze log files
Logs are used to detect problems
They contain information regarding
certain events
OS, application, or security problems
Various tools can monitor performance
Should create baseline at beginning of
OS lifecycle for comparison purposes
Monitoring Windows
Performance monitoring allows you
to compare system performance
over time
You can set multiple counters and watch
them in real-time
Windows Task Manager highlights
CPU and memory usage
You can modify services to notify you
if a service fails
Windows Event Viewer
The event viewer contains six event types shown in the left pane
Windows Event Logs
System and application events display
three levels of messages
Information
Warning
Error
Because many messages can be
generated, a filter focuses on what you
want to see
Over time, the logs fill up so you should
clear them or save them
Monitoring Linux
Logging is controlled by the syslogd daemon
Facilities represent daemons that used syslogd
Most facilities are listed below
Apache uses local7
Eight Levels of Message
Priorities in syslogd
Monitoring IIS
IIS has specific counters for use in the
Performance Monitor
The System event viewer provides
specific information
If IIS did not start, you can find out why
IIS has extensive logging capabilities
Default log format used by various thirdparty applications that analyze logs
You can create custom logs
Sample IIS Log
Monitoring Apache
Error Logs
By default, syslogd sends Apache
messages to /var/log/boot.log
Location of the error log
ErrorLog logs/error_log
logs refers to /var/log/httpd
You can create a different error log
for each virtual host
Monitoring Apache
Transfer Logs
Transfer logs tell you about the use of
your Web site
Default log based on combined format
Determined by the CustomLog directive in
httpd.conf
There are a number of sample formats or
you can create your own
By default, they are stored in
/var/log/httpd/access_log
Monitoring DNS
BIND uses a logging statement that you
configure in named.conf
Define logging in two parts
Channel defines where logging is sent
Category defines what will be sent
If the channel is going to a file, use the
versions option to define the number of
backups
Size option sets maximum size of the file
print-time adds the date and time to the file
BIND Categories
BIND Logging Entry
logging {
channel "techno_channel" {
file "named.log" versions 4 size 10m;
print-time yes;
};
category "resolver" {
"techno_channel";
};
};
Monitoring Exchange 2000
Uses Application portion of Event viewer
Should filter out informational messages
because there are over 50 just when it
starts
You can enable four types of logs
audit – access to mailboxes
protocol – commands used for SMTP, etc
message tracking – senders and receivers
diagnostic – analyze detailed problems
Analysis Tools for the Web
Server
Analysis tools extract system data from
logs and format the data
For IIS, one of the popular tools is
WebTrends from NetIQ
Helps you determine the source of Web traffic
Determines which pages are most popular
Nearly 50 different reports
123LogAnalyzer is available for both IIS
and Apache
Many reports are similar to WebTrends
However, you cannot compare reports over
time
Summary
Monitoring operating systems typically
involves performance monitor graphics and
analyzing log files
When monitoring systems, start with a
baseline
In Windows, Event Viewer is the primary
utility
BIND 9 DNS has extensive logging capability
Analysis tools take data in logs and help you
make sense of it in an easy to read format