Server Monitoring Techniques

Updated: October 05, 2010

Internal Monitoring

You can perform the most basic internal monitoring on a Linux dedicated server at the operating system level. There are a number of command-line tools that can be accessed via SSH (Secure Shell), including the following:

dmesg - Typing this command outputs kernel messages from the system log. Most messages will occur at boot, although some may produce output periodically. Most messages are benign, but some kernel-level errors may appear here.

top - The "top" command lists the most resource-heavy processes, along with their CPU percentage and memory usage. One useful indicator in "top" is the load average, which is an estimate of amount of stress on your server at a given time.

/proc - Proc is not a command but is a directory containing important hardware information. To view information files in the directory, you can use the "cat" command. For example: "cat /proc/cpuinfo"

/var/log - Another important directory, /var/log contains nearly all of the important system and application logs. Here you can view web server logs, mail server logs, kernel messages, network logs, and more. The best way to view these logs is to use the "less" or "more" commands.

Web-based solutions - Many server control panels come with useful monitoring tools. You can also download free and open source monitoring software, such as phpsysinfo (link: http://phpsysinfo.sourceforge.net/). Because these solutions depend on your web server, they will not work if your web server crashes or fails to respond. In those situations, you need external monitoring tools.

External Monitoring

External service monitoring is an excellent way to know what is going on with your server, even when you do not have immediate access to it. Some services are simply web-based port monitors that will switch from green to red whenever a service, such as your web server, goes down. Others are more advanced and can even send you text messages or emails when your server is not responding.

There are many free service monitors that provide basic monitoring, and even some free and open source solutions that offer advanced features. Additionally, many services offer paid solutions that may have other features beyond monitoring.

The primary monitoring ports are:

Web server: 80 (http) and 445 (https)

FTP server: 21

SSH server: 22

Mail server: 25 (smtp), 110 (pop), 104 (imap)

Ping - Probably the most basic way to find out if a server is live is to ping it. Nearly all operating systems come with a ping tool, including Windows, Mac OS X, and Linux. To use it, just open a terminal or command line window and type "ping", followed by the ip address or hostname of your site. There are also commercial sites that offer regular pinging to alert you when a site does not respond (Pingdom, Alertbot, etc.)

Traceroute - Like ping, traceroute is a standard networking tool that comes with most operating systems. Not only will this command tell you if a server is responding, it will also show you the specific connection point where the transaction fails.

DNS services - DNS monitoring services, such as DNSstuff.com (link: http://www.dnsstuff.com/), will tell you if something is wrong with your server at the DNS level. They may provide information on nameservers, reverse DNS, mail server (MX), DNS zone records, IP address lookup, and various network protocol compliance.