summaryrefslogtreecommitdiffstats
path: root/health/guides/web_log/web_log_5m_requests_ratio.md
blob: e2cf46f1600eec5054dc0c8338f40895cc15fca9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

### Understand the alert

The `web_log_5m_requests_ratio` alert indicates that there is a significant increase in the number of successful HTTP requests to your web server in the last 5 minutes compared to the previous 5 minutes. This alert is important for monitoring sudden traffic surges, which can potentially overload your server.

### Troubleshoot the alert

1. Check the source of the increased traffic
   Use web server logs to determine the source of the increased traffic. Identify if the requests are coming from a specific IP address, group of IP addresses, or even bots.

   For example, for Nginx, you can check the log files at `/var/log/nginx/access.log`. For Apache, the logs can be found at `/var/log/apache2/access.log`.

2. Analyze the requests
   Look at the type of requests (GET, POST, etc.) and the requested resources (URLs). This analysis can help you understand if the increase in traffic is legitimate or if it's due to an issue like a DDoS attack or a web crawler.

3. Monitor server performance
   Use monitoring tools like `top`, `iotop`, or Netdata itself to check your server's performance metrics. Keep an eye on CPU, RAM, and disk usage to ensure that the server is not getting overloaded.

4. Optimize server resources and configuration
   If you find that the traffic increase is legitimate and your server is struggling to handle the load, consider optimizing your server resources and configuration. Techniques include:

   - Increasing server resources (CPU, RAM, disk)
   - Using a caching mechanism
   - Load balancing and scaling out your infrastructure
   - User connection rate limiting and request throttling

5. Mitigate potential attacks
   If the analysis reveals that the increase in traffic is due to a DDoS attack, implement mitigation strategies like firewalls, IP blocking, or using a web application firewall (WAF). Ensure that you have a robust security system in place to protect your server from such attacks.

### Useful resources

1. [How to Manage Sudden Traffic Surges and Server Overload](https://www.nginx.com/blog/how-to-manage-sudden-traffic-surges-server-overload/)
2. [Attacks on Network Infrastructure](https://www.cloudflare.com/learning/ddos/ddos-attacks/)
3. [Using Nginx to Rate Limit IP Addresses](https://calomel.org/nginx.html)
4. [Setting up a Super Fast Apache Server with Cache](https://hostadvice.com/how-to/how-to-configure-apache-web-server-cache-on-ubuntu/)
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 06:55:35 +0000