Chapter 11 Monitoring and Analyzing the Web Environment

At a Glance

Instructors notes
Chapter Objectives Instructor Notes Discussion Topics Quick Quizzes Key Terms

CHAPTER OBJECTIVES
Monitor operating systems Monitor Web servers Monitor other Web applications Learn about some analysis tools for Web servers

INSTRUCTOR NOTES
Monitoring Operating Systems Typically you analyze log files. The log files contain information regarding certain events. Logs are used to detect problems, such as with the OS, application or security . Various tools can monitor performance. You should create baseline at beginning of OS lifecycle for comparison purposes. Monitoring Windows Performance monitoring allows you to compare system performance over time. You can set multiple counters and watch them in real-time. Windows Task Manager highlights CPU and memory usage. You can modify services to notify you if a service fails and/or restart the computer. The event viewer contains six event types shown in the left pane. System and application events display three levels of messages: Information Warning Error Because many messages can be generated, a filter focuses on what you want to see. Over time, the logs fill up so you should clear them or save them. Monitoring Linux Logging is controlled by the syslogd daemon. Facilities represent daemons that used syslogd. Apache uses the local7 facility. There are eight levels of message priorities in syslogd. Monitoring IIS IIS has specific counters for use in the Performance Monitor. The system event viewer provides specific information. If IIS did not start, you can find out why. IIS has extensive logging capabilities. The default log format is used by various third-party applications that analyze logs. You can create custom logs. Monitoring Apache By default, syslogd sends Apache messages to /var/log/boot.log. It can be modified in Apache configuration to: ErrorLog logs/error_log logs refers to /var/log/httpd. You can create a different error log for each virtual host Transfer logs tell you about the use of your Web site. Default log based on combined format. It is determined by the CustomLog directive in httpd.conf. There are a number of sample formats or you can create your own. By default, they are stored in /var/log/httpd/access_log.

Monitoring DNS BIND uses a logging statement that you configure in named.conf. You need to define logging in two parts: Channel defines where logging is sent Category defines what will be sent If the channel is going to a file, use the versions option to define the number of backups. The size option sets maximum size of the file. The print-time option adds the date and time to the file. Monitoring Exchange 2000 Use Application portion of Event viewer to find out information on Exchange. You should filter out informational messages because there are over 50 just when it starts. You can enable four types of logs: audit access to mailboxes protocol commands used for SMTP, etc message tracking senders and receivers diagnostic analyze detailed problems Analysis tools for the Web server Analysis tools extract system data from logs and format the data. For IIS, one of the popular tools is WebTrends from NetIQ. It helps you determine the source of Web traffic. It determines which pages are most popular. It produces nearly 50 different reports. 123Analyzer is available for both IIS and Apache. Many reports are similar to WebTrends. However, you cannot compare reports over time.

QUICK QUIZ
True/False. Apache uses local7 facility for logging. Answer: True True/False. The Performance Monitor has counters specific to IIS. Answer: True True/False. A problem with DNS is that it has no logging capabilities. Answer: False BIND uses a logging statement that you configure in what file? Answer: named.conf For IIS, one of the most popular analysis tools is called what? Answer: WebTrends

Discussion Topics
1. What operations described in this chapter would you do daily, weekly, monthly? 2. Do you know of any other software used for analysis?

Key Terms
log files Files that contain information recorded by the operating system in response to certain events. LogFormat A directive that describes the format for data transfer in Apache, stored in httpd.conf. Apache has configured a number of sample formats from which you can choose.