Site24x7 Server Monitoring Agent Overview & Security
Site24x7 provides an agent to monitor the performance of your servers. This agent will send performance data to the Site24x7 Data Center (DC) every minute/five minutes (based on your setting). The performance trends can be viewed in the Site24x7 web client, and thresholds can be configured to be notified when there is a breach.
These agents are downloadable and support Windows, Linux, FreeBSD, and OS X platforms. It is always recommended to have the latest version of the agent in the respective servers to ensure best performance. Since this is an agent-based approach, it is critical to know how secure the agent is, prerequites before installing the agent, and the resource utilization by the installed agent.
- Agent security
- Windows agent
- Linux, FreeBSD, and OS X agents
- Plugin integrations
- AppLogs agent
- Resource checks
- IT Automation
- Service and process monitoring
- Prerequisites for installing the agent
- Security certification
Agent Security
Site24x7 does not ask for any server password(s), so there is no data that can compromise the security of your server.
1. Encrypted HTTPS Protocol for Communicating to the Site24x7 Data Center:
The server monitoring agent uses a HTTPS connection to send performance data from the user environment to the Site24x7 Data Center.
2. Outbound Access and Proxy Support:
Performance data is sent to the Site24x7 Data Center only through the outbound port 443. This permits only established outgoing traffic to the Site24x7 DC. Also, only the following domains and port needs to be whitelisted to allow access for the agent:
Domains - dms.zoho.com (Device messaging system), plus.site24x7.com (Primary data center), plus2.site24x7.com (Disaster recovery data center), plus3.site24x7.com (Disaster recovery data center)
Port - 443 (outbound port). Check out the list of IP addresses to be whitelisted
If your server needs a proxy to connect to these domains, use the proxy setting available during installation of the respective agents.
3. Web Client and Data Center Security:
Site24x7's web client security framework is aligned with ISO 27001:2013 and OWASP standards to ensure no security risks like cross-site scripting and security misconfigurations occur.
As with Sit24x7's data centers, they are hosted in some of the most secure facilities that are well-protected from physical and logical attacks as well as natural disasters.
- The data centers are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
- Each data center is monitored 7x24x365 with night vision cameras.
- Biometric and Two-Factor Authentication must be used to enter the data center.
- Zoho servers are located inside generic-looking, undisclosed locations and guarded safely inside bullet-resistant walls.
To read on our network security and other best practices for managing security and data protection risk, refer our security document.
4. Data Availability and Resiliency:
In Site24x7, three data centers - a Primary Data Center (PDC) and two Disaster Recovery Data Centers (DRDC) are set up at different locations to ensure server monitoring services remain uninterrupted even in the event of a data center failure. If any error occurs in the PDC, information via heartbeat check is sent to the Primary DRDC. In case there is an error in the Primary DRDC, the Secondary DRDC will still receive the heartbeat check to ensure continued monitoring. Learn more.
5. Real Time Communication via Device Messaging Service (DMS):
The Device Messaging Service (DMS) ensures real time communication to the monitored servers. Communication to the DMS (dms.zoho.com) happens every 30 seconds and the server monitoring agent performs several user-triggered actions like starting/stopping a process, discovering a service/process, upgrading the agent, generating a root cause analysis report, adding a port, URL, file, directory, or event log/syslog check.
6. Minimal Resource Usage by the Agent:
Metrics | Windows* | Linux, FreeBSD, & OS X |
CPU | Less than 1% | 0.1% |
Memory | 10 MB | 25 MB |
Bandwidth | 20 KB every 5 minutes | 30 KB every 5 minutes |
Disk | 200 MB | 200 MB |
*If there are Windows applications such as SQL, IIS running on the servers, the usage will differ from the given specifications.
The above resource usage slightly differs for the AppLogs agent. Learn more.
Windows Agent
The Windows server monitoring agent runs as a SYSTEM role, and consists of four major services:
- Site24x7 Windows Agent
- Site24x7 Agent Helper
- Site24x7 APP Monitoring Agent
- Site24x7 Plugin Agent
In addition to the above four, there is the Tray Icon (running as a process) and the Agent Logs ({installation directory}> Site24x7 > WinAgent > Monitoring > Logs). The agent is a native C/C++ executable file, run as either a Site24x7 Windows Agent service or a MonitoringAgent.exe process.
Collection of performance data:
The agent collects data using WMI queries, performance counters and few built-in APIs. The performance data and the agent's device key (for authorization purposes) are stored in the <installation dir>\monitoring\conf directory and then sent to the Site24x7 Data Centers, based on your poll setting. Configuration data including the WMI queries, performance counters, proxy details etc. are stored in a SQLite DB and in the System Registry (HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageEngine).
Agent upgrade process:
All agent upgrades are saved to the %temp% directory. After getting an upgrade request by the agent, the agent downloads the Site24x7 Windows Agent Upgrader. After download, the agent will check for checksum and verify the digital signature. After verification, the Site24x7 Windows Agent Upgrader will start and download the Site24x7 Windows Agent MSI file. There will again be a checksum and digital signature verification by the agent for the MSI file. Once that is successfully done, the upgrade process will be initiated.
Apart from the above mentioned file locations, Site24x7 does not store any information.
Microsoft Applications Monitoring:
Once the Windows agent is installed, Microsoft applications including SQL, IIS, Exchange, BizTalk, Active Directory, Failover Clusters, SharePoint, Windows Backup servers, Windows Updates, and Hyper-V will be auto-discovered and added for monitoring. In case you wish to disable this setting, you can do it in the Settings (Admin > Server Monitor > Settings) page. Learn more.
Linux, FreeBSD, and OS X Agents
The Linux server monitoring agent is written in Python and has two components: the Site24x7Agent and the Site24x7AgentWatchdog that run as two separate processes. A root user or a non root user can install the Linux agent. Once the agent is installed, the user can opt to run the site24x7-agent as root or non root. Performance data is collected using shell commands like top, free, df, ps etc.
The agent is stored in the location,
- /opt/site24x7/monagent for root
- <home_dir_of_user_who_installed_the_agent>/site24x7/monagent for non root
Configuration data including the the agent device key (for authorization purposes) and proxy details are encrypted and stored in the agent configuration file. It is stored in the location
- /opt/site24x7/monagent/conf/monagent.cfg for root
- <home_dir_of_user_who_installed_the_agent>site24x7/monagent/conf/monagent.cfg for non root
The FreeBSD and the OS X agents are similar to the Linux agent. The location where the agents and the configuration files are stored and the way in which performance data is collected is the same as the Linux agent.
Once the Linux/FreeBSD/OS X agent is installed, docker containers are auto-discovered and marked up for monitoring. If you wish to monitor only your servers, this option can be disabled.
Plugin Integrations
Site24x7 provides 100+ ready-to-use plugin integrations or you can write your own plugin using PowerShell, VB, Batch, DLL for Windows and Python & Shell script for Linux.
All the plugin files are open source. The Site24x7 monitoring agent will communicate to the application monitoring interfaces over standard protocols (that is defined in the plugin script files) to collect the performance data, based on your poll setting (one minute or five minutes). Only the output of the executed plugin will be uploaded to the Site24x7 Data Center. Site24x7 does not store and access any kind of sensitive and confidential data written in the script file. You can choose to disable the addition of plugins while installing the agent.
Folder path for Windows plugins: C:\Program Files (x86)\Site24x7\WinAgent\monitoring\Plugins\
Folder Path for Linux plugins: /opt/site24x7/monagent/plugins/
AppLogs Agent
Site24x7's AppLogs agent works with an existing Site24x7 server monitoring agent. Once the AppLogs agent is installed in your server, it automatically discovers all the application logs natively supported by Site24x7. Once the logs are discovered, you can choose the logs that you wish to manage. Logs are stored in an encrypted format in our servers. All log data is retained for 30 days after it is generated, meaning you can no longer search for a particular log after that 30-day period.
The AppLogs agent and API log uploads work through HTTPS protocol. You have to log in to Site24x7's secure web client through HTTPS to access any log data. Site24x7 provides access only to members who have privileges to search that particular server log. You have to whitelist logu.site24x7.com along with plus.site24x7.com to use Site24x7 AppLogs. logu.site24x7.com will be used for uploading logs from your server to Site24x7.
Learn about the AppLogs agent's resource utilization.
Security for Resource Checks
Resource Checks are used to monitor internal server resources like files, directories, URLs, ports, syslogs, and event logs.
- Only a Read permission is required to monitor the files, directories, and logs.
- Only the meta data is accessed to monitor these resources, and not the entire content.*
- For event logs and syslogs, data is not stored anywhere, but only taken from the client servers and presented in the web client.
*An exception is Content Check, where the entire content in the file/directory is accessed, with a Read-Only permission.
IT Automation
Only an Admin or a Super Admin can add a new or update an existing IT Automation Template, thus allowing you to decide who can run what automation.
- For Server Script automation,
- The files uploaded by a user is sent to the Site24x7 Data Center and stored in the Zoho File Systems. During execution, the agent will download this file using a secured HTTPS connection.
- If only the file path is mentioned, the meta data is accessed and the required automation is executed.
- For Server Command automation, the commands given by the user will be stored in the database (DB) present in the Site24x7 Data Center. When a threshold violation occurs, this data would be sent to the agent for executing the automation.
- For all the other automations including IIS, Hyper-V, Server Reboot, etc., only the meta data is accessed for executing the given actions.
Users can choose to disable the IT Automation feature while installing the agent, so that no automation action is executed by the agent. By default, this option is enabled in the agent.
Service and Process Monitoring
Services and processes are monitored based on the service/process name, path, and process command line arguments. The command line arguments and path are encrypted and stored in Site24x7.
Prerequisites for Installing the Agent
1. Enter the Device Key correctly.
2. Ensure the IP addresses, domains and ports mentioned in this document are whitelisted from your firewall.
3. Read the below system configurations for the supported OS platforms:
Parameters |
Windows |
Linux |
FreeBSD |
OS X |
Minimum RAM Configuration & Processor Speed | 512 MB & 1.0 Ghz | 512 MB & 1.0 Ghz | 512 MB & 1.0 Ghz | 512 MB & 1.0 Ghz |
Disk Space | 30 MB | 70 MB | 70 MB | 70 MB |
OS version/flavors | 2008, 2008 R2, 2012, 2012 R2, 2016, Windows 7 and above, Windows 2019 | Debian, Ubuntu, CentOS, RedHat, Madriva, Fedora, Suse, Amazon Linux, Gentoo, CoreOS, Raspberry Pi, ARM Processor, RancherOS Glibc version 2.5 and above is necessary* |
9, 10 & 11 | 10 & above |
*To check the Glibc version, use the command "ldd --version" in your Linux terminal
Security Certification
Zoho and its cloud services, including Site24x7, are certified with ISO/IEC 27001:2013 for applications, systems, people, technology, and processes. This certificate is awarded to organizations that comply with ISO's high global standards.
We are also SOC 2 compliant, that serves as an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria.