Help Admin Server Monitor Agent Overview and Security

Site24x7 Server Monitoring Agent Overview & Security

Site24x7 provides an agent to monitor the performance of your servers. This agent will send performance data to the Site24x7 Data Center (DC) every minute/five minutes (based on your setting). The performance trends can be viewed in the Site24x7 web client, and thresholds can be configured to be notified when there is a breach.

These agents are downloadable and support Windows, Linux, FreeBSD, and OS X platforms. It is always recommended to have the latest version of the agent in the respective servers to ensure best performance. Since this is an agent-based approach, it is critical to know how secure the agent is, prerequites before installing the agent, and the resource utilization by the installed agent.

Agent Security

Site24x7 does not ask for any server password(s), so there is no data that can compromise the security of your server.

1. Encrypted HTTPS Protocol for Communicating to the Site24x7 Data Center:

The server monitoring agent uses a HTTPS connection to send performance data from the user environment to the Site24x7 Data Center.   

2. Outbound Access and Proxy Support:

Performance data is sent to the Site24x7 Data Center only through the outbound port 443. This permits only established outgoing traffic to the Site24x7 DC. Also, only the following domains and port needs to be whitelisted to allow access for the agent:

Domains - dms.zoho.com (Device messaging system), plus.site24x7.com (Primary data center), plus2.site24x7.com (Disaster recovery data center), plus3.site24x7.com (Disaster recovery data center)

Port - 443 (outbound port). Check out the list of IP addresses to be whitelisted

If your server needs a proxy to connect to these domains, use the proxy setting available during installation of the respective agents.

3. Web Client and Data Center Security:

Site24x7's web client security framework is aligned with ISO 27001:2013 and OWASP standards to ensure no security risks like cross-site scripting and security misconfigurations occur.

As with Sit24x7's data centers, they are hosted in some of the most secure facilities that are well-protected from physical and logical attacks as well as natural disasters.

  • The data centers are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
  • Each data center is monitored 7x24x365 with night vision cameras.
  • Biometric and Two-Factor Authentication must be used to enter the data center.
  • Zoho servers are located inside generic-looking, undisclosed locations and guarded safely inside bullet-resistant walls.

To read on our network security and other best practices for managing security and data protection risk, refer our security document.

4. Data Availability and Resiliency:

In Site24x7, three data centers - a Primary Data Center (PDC) and two Disaster Recovery Data Centers (DRDC) are set up at different locations to ensure server monitoring services remain uninterrupted even in the event of a data center failure. If any error occurs in the PDC, information via heartbeat check is sent to the Primary DRDC. In case there is an error in the Primary DRDC, the Secondary DRDC will still receive the heartbeat check to ensure continued monitoring. Learn more.

5. Real Time Communication via Device Messaging Service (DMS):

The Device Messaging Service (DMS) ensures real time communication to the monitored servers. Communication to the DMS (dms.zoho.com) happens every 30 seconds and the server monitoring agent performs several user-triggered actions like starting/stopping a process, discovering a service/process, upgrading the agent, generating a root cause analysis report, adding a port, URL, file, directory, or event log/syslog check. 

6. Minimal Resource Usage by the Agent:

Metrics Windows* Linux, FreeBSD, & OS X
CPU Less than 1% 0.1%
Memory 10 MB 25 MB
Bandwidth 20 KB every 5 minutes 30 KB every 5 minutes
Disk 200 MB 200 MB

*If there are Windows applications such as SQL, IIS running on the servers, the usage will differ from the given specifications.

The above resource usage slightly differs for the AppLogs agent. Learn more.  

Windows Agent

The Windows server monitoring agent runs as a SYSTEM role, and consists of four major services:

  1. Site24x7 Windows Agent
  2. Site24x7 Agent Helper
  3. Site24x7 APP Monitoring Agent 
  4. Site24x7 Plugin Agent

In addition to the above four, there is the Tray Icon (running as a process) and the Agent Logs ({installation directory}> Site24x7 > WinAgent > Monitoring > Logs). The agent is a native C/C++ executable file, run as either a Site24x7 Windows Agent service or a MonitoringAgent.exe process. The agent collects data using WMI queries, performance counters and few built-in APIs. The performance data and the agent's device key (for authorization purposes) are stored in the <installation dir>\monitoring\conf directory and then sent to the Site24x7 Data Centers, every minute or five minutes (based on your poll setting). Configuration data including the WMI queries, performance counters, proxy details etc. are stored in a SQLite DB and in the System Registry (HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageEngine). All agent upgrades are saved to the %temp% directory. We do not store information apart from the above mentioned file locations.

Once the Windows agent is installed, Microsoft applications including SQL, IIS, Exchange, BizTalk, Active Directory, Failover Clusters, SharePoint, Windows Backup servers, Windows Updates, and Hyper-V will be auto-discovered and added for monitoring. In case you wish to disable this setting, you can do it in the Settings (Admin > Server Monitor > Settings) page. Learn more.

Linux, FreeBSD, and OS X Agents

The Linux server monitoring agent is written in Python and has two components: the Site24x7Agent and the Site24x7AgentWatchdog that run as two separate processes. A root user or a non root user can install the Linux agent. Once the agent is installed, the user can opt to run the site24x7-agent as root or non root. Performance data is collected using shell commands like top, free, df, ps etc.

The agent is stored in the location,

  • /opt/site24x7/monagent for root
  • <home_dir_of_user_who_installed_the_agent>/site24x7/monagent for non root 

Configuration data including the the agent device key (for authorization purposes) and proxy details are stored in the agent configuration file. It is stored in the location

  • /opt/site24x7/monagent/conf/monagent.cfg for root 
  • <home_dir_of_user_who_installed_the_agent>site24x7/monagent/conf/monagent.cfg for non root

The FreeBSD and the OS X agents are similar to the Linux agent. The location where the agents and the configuration files are stored and the way in which performance data is collected is the same as the Linux agent.

Once the Linux/FreeBSD/OS X agent is installed, docker containers are auto-discovered and marked up for monitoring. If you wish to monitor only your servers, this option can be disabled

Plugin Integrations

Site24x7 provides 100+ ready-to-use plugin integrations or you can write your own plugin using PowerShell, VB, Batch, DLL for Windows and Python & Shell script for Linux.

All the plugin files are open source. The Site24x7 monitoring agent will communicate to the application monitoring interfaces over standard protocols (that is defined in the plugin script files) to collect the performance data, based on your poll setting (one minute or five minutes). Only the output of the executed plugin will be uploaded to the Site24x7 Data Center. Site24x7 does not store and access any kind of sensitive and confidential data written in the script file. 

Folder path for Windows plugins: C:\Program Files (x86)\Site24x7\WinAgent\monitoring\Plugins\

Folder Path for Linux plugins: /opt/site24x7/monagent/plugins/

AppLogs Agent

Site24x7's AppLogs agent works with an existing Site24x7 server monitoring agent. Once the AppLogs agent is installed in your server, it automatically discovers all the application logs natively supported by Site24x7. Once the logs are discovered, you can choose the logs that you wish to manage. Logs are stored in an encrypted format in our servers. All log data is retained for 30 days after it is generated, meaning you can no longer search for a particular log after that 30-day period.

The AppLogs agent and API log uploads work through HTTPS protocol. You have to log in to Site24x7's secure web client through HTTPS to access any log data. Site24x7 provides access only to members who have privileges to search that particular server log. You have to whitelist logu.site24x7.com along with plus.site24x7.com to use Site24x7 AppLogs. logu.site24x7.com will be used for uploading logs from your server to Site24x7.

Learn about the AppLogs agent's resource utilization.

Security for Resource Checks

Resource Checks are used to monitor internal server resources like files, directories, URLs, ports, syslogs, and event logs.

  • Only a Read permission is required to monitor the files, directories, and logs.
  • Only the meta data is accessed to monitor these resources, and not the entire content.* 
  • For event logs and syslogs, data is not stored anywhere, but only taken from the client servers and presented in the web client.

*An exception is Content Check, where the entire content in the file/directory is accessed, with a Read-Only permission.   

IT Automation

Only an Admin or a Super Admin can add a new or update an existing IT Automation Template, thus allowing you to decide who can run what automation.

  • For Server Script automation, 
    • The files uploaded by a user is sent to the Site24x7 Data Center and stored in the Zoho File Systems. During execution, the agent will download this file using a secured HTTPS connection. 
    • If only the file path is mentioned, the meta data is accessed and the required automation is executed.
  • For Server Command automation, the commands given by the user will be stored in the database (DB) present in the Site24x7 Data Center. When a threshold violation occurs, this data would be sent to the agent for executing the automation.
  • For all the other automations including IIS, Hyper-V, Server Reboot, etc., only the meta data is accessed for executing the given actions.

Service and Process Monitoring

Services and processes are monitored based on the service/process name, path, and process command line arguments. The command line arguments and path are encrypted and stored in Site24x7. 

Prerequisites for Installing the Agent

1. Enter the Device Key correctly.

2. Ensure the IP addresses, domains and ports mentioned in this document are whitelisted from your firewall.

3. Read the below system configurations for the supported OS platforms:

Parameters
Windows
Linux
FreeBSD
OS X
Minimum RAM Configuration & Processor Speed 512 MB & 1.0 Ghz 512 MB & 1.0 Ghz  512 MB & 1.0 Ghz 512 MB & 1.0 Ghz 
Disk Space 30 MB 70 MB  70 MB  70 MB 
OS version/flavors 2008, 2008 R2, 2012, 2012 R2, 2016, Windows 7 and above, Windows 2019 Debian, Ubuntu, CentOS, RedHat, Madriva, Fedora, Suse, Amazon Linux, Gentoo, CoreOS, Raspberry Pi, ARM Processor, RancherOS

Glibc version 2.5 and above is necessary*
9, 10 & 11 10 & above 

*To check the Glibc version, use the command "ldd --version" in your Linux terminal 

Security Certification

Zoho and its cloud services, including Site24x7, are certified with ISO/IEC 27001:2013 for applications, systems, people, technology, and processes. This certificate is awarded to organizations that comply with ISO's high global standards.

We are also SOC 2 compliant, that serves as an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria.


Related Articles:

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.

Help Admin Server Monitor Agent Overview and Security