Monitor your Web server in real time, Part 1

The Percollator applet makes its Web-monitoring debut

There are a number of factors involved in the successful delivery of Web pages to browsers. One is the quality of the content, and another is the quality of the service in terms of availability and response time. Over the next three months, we'll develop a monitoring applet that will provide a framework for analyzing your Web server's performance. Finally, we'll turn it lose on JavaWorld's server, letting you see how it performs.

The three-part series will roughly follow this roadmap:

  1. GUI interface and interface to static data display
  2. User-selectable graph types and statistics
  3. Alarms and a real-time interface

Current state of the art

There are few if any packages today that automatically monitor your site from any station capable of running Java. In New York we are often not close to the NOC (Network Operations Center) when a crisis occurs with the Web server. NOC access usually is restricted and has a high infrastructure associated with it, making it too involved to bring up performance-analysis tools on the server itself from remote locations.

Many studies indicate that Internet Web users simply go to another site when it is not working on the Internet. Intranet users, however, are another matter. A company's internal Web server should always be available and reliable since its users have no place else to go. Current monitoring packages tend to lack interactivity and offer little more than GIF files flying back and forth across the network.

How does one monitor a Web site?

Many computer companies trying to sell Web server solutions have several core technologies that can be used to monitor Internet sites. Basically, the principles are no different from managing other sites, except for the lack of control over delivery to the user and the lack of SNMP-cognizant back-end httpd servers.

Proposed solutions should address the following system-monitoring, fault resolution, and system-analysis requirements. System analysis refers to understanding how data moves in and out of the system and what type of data it is. Fault resolution refers to restoring service after some interruption. Systems analysis data often is used during fault resolution to understand what the state at the time of a fault was.

System monitoring

Here are some key points that any system-monitoring package should address:

  • Instant notification of loss of connectivity. This is often accomplished by pinging at a specified rate to various objects in the vicinity. The pings are programmed from a state machine so that a router being down is not confused with a system being down. Another approach is to use alerts that generate traps when the specified condition arises.
  • The httpd server software is not responding, but the CPU is operational. A series of httpd commands can be sent at a specified rate and the response can be analyzed. Server providers should offer SNMP agents that generate performance parameters and indicate operational status. Ideally they should send a Java applet with the data to analyze the data and preferably not use e-mail as the delivery mechanism. How would you like to tell your manager that the alert was delayed in the mail?
  • There are a number of SNMP parameters available in the MIBS that need to be looked at. Further research is required on the interaction of these parameters and Web load. The correlation of several of these parameters can be very useful in identifying bottlenecks. Some companies are beginning to provide servers that have this ability delivered via Java.
  • Probable CPU failure. The LAN is okay but the CPU is not responding.
  • End-to-end round-trip times between strategic points on the internal network and important external networks. A custom program needs to be written to do this.
  • Router alarms for rejects due to congestion and lack of input traffic. This should be programmable as an alarm with SNMP directly.
  • Optional periodic attack by a security package with important holes noted. Site specific using various packages like Satan and COPS.
  • Implement monitoring scripts for DNS described in DNS and BIND by Paul Albitz & Cricket Liu (O'Reilly & Associates, 1994).

System analysis

A system-analysis package should provide the following features:

  • Graphical traffic analysis continuously displayed on the Web administration station with a breakdown of traffic by type protocol (TCP/IP, UDP), and service (HTTPD, DNS, TELNET, etc.).
  • Printed reports and color graphs available on demand.
  • Summary and statistical reports to be e-mailed automatically to a group of users.
  • Saving of data for historical analysis and capacity planning.

Percollator (sic)

Over the next three months we'll develop an applet that will allow you to get the following information about a Web site from datafiles created by Percollator.se and from live socket connections or CGI scripts:

  • historical data
  • graphs of various types
  • statistics
  • Instrumentation usr definable alerts

Percollator.se is described in Adrian Cockcroft's companion article "Watching your Web server" (March SunWorld Online). Each line contains data fields in the following format:

timestamp               Unix time
locltime                local time of day hh:mm:ss
DNnsrkcmdi              rules for Disk,Net,nfs,swap,ram,kmem,cpu,mutex,dnlc,inode
wbgARB                  rule status white,blue,green,Amber,Red,Black
usr                     usr CPU time for the interval
sys                     system CPU time for the interval
pdb                     peak disk busy - utilization of the busiest of the disks
mdb                     mean disk busy - utilization averaged over all the disks
Ipkt/s, Opkt/s, Coll%   Ethernet stats per second and collision%
tcpIn/s, tcpOut/s       system total TCP traffic bytes/s
DupAck/s, Retran%       more TCP stuff - ignore it
httpop/s                access log entries per sec over the reporting interval
httpb/                  access log value of bytes per second
http/p5s                peak 5 second interval access rate
get/s, post/s, cgi/s    Requests per second
to4KB/s....to256KB/s    http transfer in that range
ov256KB/s               http transfer over that range
192.9.9.64              number of accesses from 192.9.9.64 (e.g., SWAN gateway)

The data files must have the above format. Future releases may permit you to specify the titles and types in the file as options. Here is an example: March 8th data from www.sun.com.

The Percollator applet brings up a card panel that allows you to select from among various monitoring functions. This first installment partially implements the Active, Load, and Display options. These allow you to load a particular dataset, display it in the active window, and display summary graphs.

If you are using the Netscape browser, the applet will not function properly unless the datafiles are available on the server from which you loaded the applet. The Netscape browser's security policy causes a security exception if you attempt to load a URL from a server that is different from the one hosting the applet.

You can bypass these security restrictions by using the appletviewer available from Sun's JDK with the following URL to load data at www.sun.com:

appletviewer http://www.javaworld.com/jw-04-1996/javadev/Percollator.html

Here is the applet displaying some data files gathered from www.sun.com on the 14th of March:

How do I install this at my local site

The data used by the Percollator applet is generated by the tool described by Adrian Cockcroft in "Watching your Web server" (March SunWorld Online). After you download and install this tool on your Web server, you can use the data it generates to drive the monitoring applet we'll develop over the next three months.

The Percollator applet architecture is based on reusable component class libraries. Good, tested, reusable component libraries help developers build applets quickly and with fewer errors. For example, the Percollator applet uses a reusable component class for drawing the charts (class PlotMixin) and a reusable component class for reading data in a URL (class FileMixin). Without them, the Java source program would be five to ten times larger. These and other reusable component class libraries are available from Inductive Solutions.

Rinaldo S. DiGiorgio works for Sun Microsystems as a Systems Engineer in the New York City office and provides frequent demonstrations of Java Technology. DiGiorgio is currently working on the integration of many technologies into HotJava/Java. Some of these technologies are database connectivity, portfolio management, low-cost video, and analytical applications in the financial and emerging genetics market. DiGiorgio has been using Unix-based operating systems since 1979, when he was deploying Unix solutions in paper mills. He sees HotJava/Java as the technology to minimize two great cost factors in the computer industry: distribution and code development.