Help Admin Server Monitor Agent Overview and Security

Site24x7 Server Monitoring Agent Overview & Security

Site24x7 provides an agent to monitor the performance of your servers. This agent will send performance data to the Site24x7 data center (DC) every 1 min, 2 mins, 3 mins, 5 mins, 10 mins, 15 mins, 30 mins, 1 hour, 3 hours, 6 hours, 12 hours, or 1 day (based on your poll interval setting). The performance trends can be viewed in the Site24x7 web client, and thresholds can be configured to be notified when there is a breach.

These agents are downloadable and support Windows, Linux, FreeBSD, and OS X platforms. It is always essential to have the latest version of the agent in the respective servers to ensure best performance. Since this is an agent-based approach, it is critical to know how secure the agent is, prerequisites before installing the agent, and the resource utilization by the installed agent.

Agent Security

Site24x7 does not ask for any server password(s), so there is no data that can compromise the security of your server.

1. Encrypted HTTPS Protocol for communicating to the Site24x7 Data Center:

The server monitoring agent uses a HTTPS connection to send performance data from the user environment to the Site24x7 Data Center. 

2. Outbound Access and Proxy Support:

Performance data is sent to the Site24x7 Data Center only through the outbound port 443. This permits only established outgoing traffic to the Site24x7 Data Centre (DC). Add only the below-mentioned port and domains to the allowlist to provide access to the agent:

Domains - (Primary data center), (disaster recovery data center), and (disaster recovery data center)

Port - 443 (outbound port). Learn about the list of IP addresses to be allowed.

If your server needs a proxy to connect to these domains, use the proxy setting available during installation of the respective agents.

3. Web Client and Data Center Security:

Site24x7's web client security framework is aligned with ISO 27001:2013 and OWASP standards to avoid security risks like cross-site scripting and security misconfigurations.

As with Site24x7's data centres, they are hosted in some of the most secure facilities which are well-protected from physical and logical attacks as well as natural disasters.

  • The data centers are guarded non-stop by private security guards, seven days a week, 24 hours a day, each and every day of the year.
  • Each data center is monitored 7x24x365 with night vision cameras.
  • Biometric and two-factor Authentication must be used to enter the data centre.
  • Zoho servers are located inside generic-looking, undisclosed locations and guarded safely inside bullet-resistant walls.

To read more about our network security and other best practices for managing security and data protection risk, refer our security document.

4. Data Availability and Resiliency:

In Site24x7, three data centers - a Primary Data Centre (PDC) and two disaster recovery data centres (DRDC) are set up at different locations to ensure server monitoring services remain uninterrupted even in the event of a data center failure. If any error occurs in the PDC, information via heartbeat check is sent to the Primary DRDC. In case there is an error in the Primary DRDC, the Secondary DRDC will still receive the heartbeat check to ensure continued monitoring. Learn more.

5. Real Time Communication via Device Messaging Service (DMS):

The Device Messaging Service (DMS) ensures real-time communication to the monitored servers. Communication to the DMS ( happens every 30 seconds and the server monitoring agent performs several user-triggered actions like starting/stopping a process, discovering a service/process, upgrading the agent, generating a root cause analysis report, and adding a port, URL, file, directory, or event log/syslog check. 

6. Minimal Resource Usage by the Agent:

Metrics Windows* Linux, FreeBSD, & OS X
CPU Less than 1% Less than 1%
Memory 10 MB 25 MB
Bandwidth Less than 20 KB every 5 minutes Less than 30 KB every 5 minutes
Disk 200 MB 200 MB

*If there are Windows applications such as SQL or IIS running on the servers, the usage will differ from the given specifications.

The above resource usage slightly differs for the AppLogs agent. Learn more.  

Windows Agent

The Windows server monitoring agent runs as a SYSTEM role, and consists of four major services:

  1. Site24x7 Windows Agent
  2. Site24x7 Agent Helper
  3. Site24x7 APP Monitoring Agent 
  4. Site24x7 Plugin Agent

In addition to the above four, there is the Tray icon (running as a process) and the Agent Logs ({installation directory}> Site24x7 > WinAgent > Monitoring > Logs). The agent is a native C/C++ executable file, running as either a Site24x7 Windows Agent service or a MonitoringAgent.exe process.

Collection of performance data:

The agent collects data using VBScripts, PowerShell scripts, WMI queries, performance counters, and few built-in APIs. The performance data and the agent's device key (for authorization purposes) are stored in the <installation dir>\monitoring\conf directory and then sent to the Site24x7 Data Centers, based on your poll setting. Configuration data—including the WMI queries, performance counters, proxy details etc.—is stored in a SQLite DB and in the System Registry (HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageEngine).

Agent upgrade process:

All agent upgrades are saved to the %temp% directory. After getting an upgrade request by the agent, the agent downloads the Site24x7 Windows Agent Upgrader. After the download, the agent will check for checksum and verify the digital signature. After verification, the Site24x7 Windows Agent Upgrader will start and download the Site24x7 Windows Agent MSI file. There will again be a checksum and digital signature verification by the agent for the MSI file. Once that is successfully done, the upgrade process will be initiated.  

Apart from the above mentioned file locations, Site24x7 does not store any information anywhere else.

Microsoft Applications Monitoring:

Once the Windows agent is installed, Microsoft applications including SQL, IIS, Exchange, BizTalk, Active Directory, Failover Clusters, SharePoint, Windows Backup servers, Windows Updates, and Hyper-V will be auto-discovered and added for monitoring. In case you wish to disable this setting, you can do it in the Settings (Admin > Server Monitor > Settings) page. Learn more.

Linux, FreeBSD, and OS X Agents

The Linux server monitoring agent is written in Python and has two components: the Site24x7Agent and the Site24x7AgentWatchdog that run as two separate processes. A root user or a non root user can install the Linux agent. Once the agent is installed, the user can opt to run the site24x7-agent as root or non root. Performance data is collected using shell commands like top, free, df, ps, etc.

The agent is stored in the location:

  • /opt/site24x7/monagent for root
  • <home_dir_of_user_who_installed_the_agent>/site24x7/monagent for non root 

Configuration data, including the the agent device key (for authorization purposes) and proxy details are encrypted and stored in the agent configuration file. It is stored in the location:

  • /opt/site24x7/monagent/conf/monagent.cfg for root 
  • <home_dir_of_user_who_installed_the_agent>site24x7/monagent/conf/monagent.cfg for non root

The FreeBSD and the OS X agents are similar to the Linux agent. The location where the agents and the configuration files are stored and the way in which performance data is collected is the same as the Linux agent.

Once the Linux/FreeBSD/OS X agent is installed, docker containers are auto-discovered and marked up for monitoring. If you wish to monitor only your servers, the option to auto-discover can be disabled.

Plugin Integrations

Site24x7 provides 100+ ready-to-use plugin integrations or you can write your own plugin using PowerShell, VB, Batch, or DLL for Windows and Python and Shell script for Linux.

All the plugin files are open source. The Site24x7 monitoring agent will communicate to the application monitoring interfaces over standard protocols (that is defined in the plugin script files) to collect the performance data, based on your poll setting. Only the output of the executed plugin will be uploaded to the Site24x7 Data Center. Site24x7 does not store or access any kind of sensitive and confidential data written in the script file. You can choose to disable the addition of plugins while installing the agent.

Folder path for Windows plugins: C:\Program Files (x86)\Site24x7\WinAgent\monitoring\Plugins\

Folder Path for Linux plugins: /opt/site24x7/monagent/plugins/

AppLogs Agent

Site24x7's AppLogs agent works with an existing Site24x7 server monitoring agent. Once the AppLogs agent is installed in your server, it automatically discovers all the application logs natively supported by Site24x7. Once the logs are discovered, you can choose the logs that you wish to manage. Logs are stored in an encrypted format in our servers. All log data is retained for 30 days after it is generated, which means you can no longer search for a particular log after that 30-day period.

The AppLogs agent and API log uploads work through HTTPS protocol. You have to log in to Site24x7's secure web client through HTTPS to access any log data. Site24x7 provides access only to members who have privileges to search that particular server log. You have to allow along with to use Site24x7 AppLogs. will be used for uploading logs from your server to Site24x7.

Learn more about the resource utilization of the AppLogs agent.

Security for Resource Checks

Resource Checks are used to monitor internal server resources like files, directories, URLs, ports, syslogs, and event logs.

  • Only a Read permission is required to monitor the files, directories, and logs.
  • Only the meta data is accessed to monitor these resources, and not the entire content.* 
  • For event logs and syslogs, data is not stored anywhere, but only taken from the client servers and presented in the web client.

*An exception is Content Check, where the entire content in the file/directory is accessed, with a Read-Only permission.

IT Automation

Only an Admin or a Super Admin can add a new or update an existing IT Automation Template, thus allowing you to decide who can run what automation. 

  • For Server Script automation:
    • The files uploaded by a user is sent to the Site24x7 data Center and stored in the Zoho File Systems. During execution, the agent will download this file using a secured HTTPS connection. 
    • If only the file path is mentioned, the meta data is accessed and the required automation is executed.
  • From Linux agent version 18.2.0 and Windows agent version 20.1.0, the agent will perform a checksum check when files are uploaded.
  • For Server Command automation, the commands given by the user will be stored in the database (DB) present in the Site24x7 data centre. When a threshold violation occurs, this data would be sent to the agent for executing the automation.
  • For all the other automations including—IIS, Hyper-V, Server Reboot, etc., only the meta data is accessed for executing the given actions.
By default, IT Automation is disabled in Windows server monitoring agent versions 20.1.0 and Linux server monitoring agent version 18.2.0. You can enable them during installation by:
  • For Windows: Opting for IT Automation in Site24x7 Windows agent installer
  • For Linux: Adding "-automation=true" argument in installation command

Use our help document to view the instructions to enable or disable IT Automation in your server monitor.

Service and Process Monitoring

Services and processes are monitored based on the service/process name, path, and process command line arguments. The command line arguments and path are encrypted and stored in Site24x7.

Prerequisites for Installing the Agent

1. Enter the Device Key correctly.

2. Ensure the IP addresses, domains, and ports mentioned in this document are allowed by your firewall.

3. Read the below system configurations for the supported OS platforms:

Minimum RAM configuration & processor speed 512 MB & 1.0 Ghz 512 MB & 1.0 Ghz  512 MB & 1.0 Ghz 512 MB & 1.0 Ghz 
Disk Space 30 MB 70 MB 70 MB 70 MB
OS version/flavors Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, and 2022. Windows 7 and above. Debian, Ubuntu, CentOS, RedHat, Madriva, Fedora, Suse, Amazon Linux, Gentoo, CoreOS, Raspberry Pi, ARM Processor, RancherOS

Glibc version 2.5 and above is necessary*
9 and above 10 and above 

*To check the Glibc version, use the command "ldd --version" in your Linux terminal 

Security Certification

Zoho and its cloud services, including Site24x7, are certified with ISO/IEC 27001:2013 for applications, systems, people, technology, and processes. This certificate is awarded to organizations that comply with ISO's high global standards.

We are also SOC 2 compliant, that serves as an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria.

Related Articles:

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.

Help Admin Server Monitor Agent Overview and Security