Web Server Administration
Chapter 11
Monitoring and Analyzing the Web
Environment
Overview




Monitor operating systems
Monitor Web servers
Monitor other Web applications
Learn about some analysis tools for
Web servers
Monitoring Operating Systems

Typically you analyze log files


Logs are used to detect problems



They contain information regarding certain
events
OS, application, or security problems
Various tools can monitor performance
Should create baseline at beginning of
OS lifecycle for comparison purposes
Monitoring Windows

Performance monitoring allows you to
compare system performance over time



You can set multiple counters and watch
them in real-time
Windows Task Manager highlights CPU
and memory usage
You can modify services to notify you if
a service fails
Windows Event Viewer

The event viewer contains six event types shown in the left pane
Windows Event Logs

System and application events display three
levels of messages





Information
Warning
Error
Because many messages can be generated, a
filter focuses on what you want to see
Over time, the logs fill up so you should clear
them or save them
Monitoring Linux



Logging is controlled by the syslogd daemon
Facilities represent daemons that used syslogd
Most facilities are listed below

Apache uses local7
Eight Levels of Message
Priorities in syslogd
Monitoring IIS


IIS has specific counters for use in the
Performance Monitor
The System event viewer provides specific
information


If IIS did not start, you can find out why
IIS has extensive logging capabilities


Default log format used by various third-party
applications that analyze logs
You can create custom logs
Sample IIS Log
Monitoring Apache
Error Logs

By default, syslogd sends Apache
messages to /var/log/boot.log

Location of the error log



ErrorLog logs/error_log
logs refers to /var/log/httpd
You can create a different error log for
each virtual host
Monitoring Apache
Transfer Logs


Transfer logs tell you about the use of your
Web site
Default log based on combined format



Determined by the CustomLog directive in
httpd.conf
There are a number of sample formats or you can
create your own
By default, they are stored in
/var/log/httpd/access_log
Monitoring DNS


BIND uses a logging statement that you
configure in named.conf
Define logging in two parts



Channel defines where logging is sent
Category defines what will be sent
If the channel is going to a file, use the
versions option to define the number of
backups


Size option sets maximum size of the file
print-time adds the date and time to the file
BIND Categories
BIND Logging Entry
logging {
channel "techno_channel" {
file "named.log" versions 4 size 10m;
print-time yes;
};
category "resolver" {
"techno_channel";
};
};
Monitoring Exchange 2000

Uses Application portion of Event viewer


Should filter out informational messages because
there are over 50 just when it starts
You can enable four types of logs




audit – access to mailboxes
protocol – commands used for SMTP, etc
message tracking – senders and receivers
diagnostic – analyze detailed problems
Analysis Tools for the Web
Server


Analysis tools extract system data from logs
and format the data
For IIS, one of the popular tools is
WebTrends from NetIQ




Helps you determine the source of Web traffic
Determines which pages are most popular
Nearly 50 different reports
123LogAnalyzer is available for both IIS and
Apache


Many reports are similar to WebTrends
However, you cannot compare reports over time
Summary





Monitoring operating systems typically
involves performance monitor graphics and
analyzing log files
When monitoring systems, start with a
baseline
In Windows, Event Viewer is the primary
utility
BIND 9 DNS has extensive logging capability
Analysis tools take data in logs and help you
make sense of it in an easy to read format