Web Server Administration Chapter 11 Monitoring and Analyzing the Web Environment Overview Monitor operating systems Monitor Web servers Monitor other Web applications Learn about some analysis tools for Web servers Monitoring Operating Systems Typically you analyze log files Logs are used to detect problems They contain information regarding certain events OS, application, or security problems Various tools can monitor performance Should create baseline at beginning of OS lifecycle for comparison purposes Monitoring Windows Performance monitoring allows you to compare system performance over time You can set multiple counters and watch them in real-time Windows Task Manager highlights CPU and memory usage You can modify services to notify you if a service fails Windows Event Viewer The event viewer contains six event types shown in the left pane Windows Event Logs System and application events display three levels of messages Information Warning Error Because many messages can be generated, a filter focuses on what you want to see Over time, the logs fill up so you should clear them or save them Monitoring Linux Logging is controlled by the syslogd daemon Facilities represent daemons that used syslogd Most facilities are listed below Apache uses local7 Eight Levels of Message Priorities in syslogd Monitoring IIS IIS has specific counters for use in the Performance Monitor The System event viewer provides specific information If IIS did not start, you can find out why IIS has extensive logging capabilities Default log format used by various third-party applications that analyze logs You can create custom logs Sample IIS Log Monitoring Apache Error Logs By default, syslogd sends Apache messages to /var/log/boot.log Location of the error log ErrorLog logs/error_log logs refers to /var/log/httpd You can create a different error log for each virtual host Monitoring Apache Transfer Logs Transfer logs tell you about the use of your Web site Default log based on combined format Determined by the CustomLog directive in httpd.conf There are a number of sample formats or you can create your own By default, they are stored in /var/log/httpd/access_log Monitoring DNS BIND uses a logging statement that you configure in named.conf Define logging in two parts Channel defines where logging is sent Category defines what will be sent If the channel is going to a file, use the versions option to define the number of backups Size option sets maximum size of the file print-time adds the date and time to the file BIND Categories BIND Logging Entry logging { channel "techno_channel" { file "named.log" versions 4 size 10m; print-time yes; }; category "resolver" { "techno_channel"; }; }; Monitoring Exchange 2000 Uses Application portion of Event viewer Should filter out informational messages because there are over 50 just when it starts You can enable four types of logs audit – access to mailboxes protocol – commands used for SMTP, etc message tracking – senders and receivers diagnostic – analyze detailed problems Analysis Tools for the Web Server Analysis tools extract system data from logs and format the data For IIS, one of the popular tools is WebTrends from NetIQ Helps you determine the source of Web traffic Determines which pages are most popular Nearly 50 different reports 123LogAnalyzer is available for both IIS and Apache Many reports are similar to WebTrends However, you cannot compare reports over time Summary Monitoring operating systems typically involves performance monitor graphics and analyzing log files When monitoring systems, start with a baseline In Windows, Event Viewer is the primary utility BIND 9 DNS has extensive logging capability Analysis tools take data in logs and help you make sense of it in an easy to read format