Uptime Monitoring

TCP Monitors

Monitor port connectivity, TLS certificates, and service availability with TCP monitors.

TCP Monitors

TCP monitors verify that a port is open and responding. Use them to monitor databases, mail servers, custom services, and TLS certificate health.

Creating a TCP Monitor

Basic Configuration

Name: Database Connection Check
Host: db.example.com
Port: 5432
Interval: 1 minute

Full Configuration

Name: PostgreSQL Monitor
Host: db.example.com
Port: 5432
Timeout: 10 seconds
TLS:
  Enabled: false
Interval: 1 minute
Locations:
  - us-east
  - eu-west

Connection Types

Plain TCP

Simple port connectivity check:

Name: Redis Monitor
Host: redis.example.com
Port: 6379
TLS:
  Enabled: false

TLS/SSL

Secure connection with certificate validation:

Name: HTTPS Server
Host: example.com
Port: 443
TLS:
  Enabled: true
  Verify: true

TLS Certificate Monitoring

When TLS is enabled, tracer captures certificate details:

Certificate Information

FieldDescription
SubjectCertificate subject (domain)
IssuerCertificate authority
Valid FromStart date
Valid UntilExpiration date
Days RemainingDays until expiration
Chain ValidCertificate chain validation
ProtocolTLS version (1.2, 1.3)
CipherCipher suite used

Certificate Alerts

Set up alerts for certificate expiration:

TLS:
  Enabled: true
  Alert Before Expiry: 30 days

This triggers an alert 30 days before the certificate expires.

Common Use Cases

Database Monitoring

PostgreSQL

Host: postgres.example.com
Port: 5432
TLS: false

MySQL

Host: mysql.example.com
Port: 3306
TLS: false

MongoDB

Host: mongo.example.com
Port: 27017
TLS: true

Redis

Host: redis.example.com
Port: 6379
TLS: false

Mail Servers

SMTP

Name: Mail Server - SMTP
Host: mail.example.com
Port: 25
TLS: false

SMTP with STARTTLS

Name: Mail Server - STARTTLS
Host: mail.example.com
Port: 587
TLS: true

IMAP

Name: Mail Server - IMAP
Host: mail.example.com
Port: 993
TLS: true

Custom Services

SSH

Name: SSH Server
Host: server.example.com
Port: 22
TLS: false

Message Queues

Name: RabbitMQ
Host: rabbitmq.example.com
Port: 5672
TLS: false

Response Metrics

Each run captures:

MetricDescription
Connect TimeTime to establish connection
TLS TimeTLS handshake duration (if TLS enabled)
Total TimeTotal check duration
Connection StatusSuccess/failure

Assertions

Connection Success

Assertions:
  - type: connection
    status: success

Response Time

Assertions:
  - type: response_time
    less_than: 500  # milliseconds

TLS Certificate Expiry

Assertions:
  - type: certificate_expiry
    greater_than: 30  # days

TLS Version

Assertions:
  - type: tls_version
    in: ["TLSv1.2", "TLSv1.3"]

Advanced Configuration

Connection Options

Timeout: 30 seconds
Retry on Failure: true
Max Retries: 3
Retry Delay: 5 seconds

TLS Options

TLS:
  Enabled: true
  Verify: true
  Min Version: TLSv1.2
  Server Name: example.com  # SNI
  Skip Hostname Verify: false

Setting Skip Hostname Verify: true or Verify: false reduces security. Only use for testing or internal services with self-signed certificates.

Send Data After Connect

For services that expect data after connection:

Send After Connect: "PING\r\n"
Expect Response: "+PONG"

This is useful for Redis, memcached, and similar services.

Troubleshooting

Connection Refused

Problem: Monitor reports "connection refused"

Causes:

  • Service not running
  • Wrong port number
  • Firewall blocking connection

Solutions:

  • Verify service is running
  • Check port number
  • Verify firewall rules allow connection from tracer IPs

Connection Timeout

Problem: Monitor times out

Causes:

  • Network issues
  • Service overloaded
  • Firewall dropping packets (vs rejecting)

Solutions:

  • Increase timeout value
  • Check network path
  • Verify service health
  • Check for rate limiting

TLS Handshake Failed

Problem: TLS connection fails

Causes:

  • Certificate expired
  • Certificate hostname mismatch
  • Incompatible TLS version
  • Self-signed certificate

Solutions:

  • Renew certificate
  • Check certificate subject matches host
  • Update minimum TLS version
  • For self-signed: set Skip Hostname Verify: true

tracer monitors connect from specific IP addresses. You may need to allowlist these IPs in your firewall. Check the Agent IPs page for current addresses.

Best Practices

  1. Monitor critical infrastructure - Databases, caches, message queues
  2. Set appropriate timeouts - Account for network latency
  3. Use TLS where available - And monitor certificate expiration
  4. Run from multiple locations - Identify network-specific issues
  5. Alert on certificate expiry - Set alerts for 30+ days before expiration
  6. Combine with application monitoring - TCP up doesn't mean app is healthy

API Monitors

Create multi-step API workflows with variable extraction, chained requests, and comprehensive assertions.

DNS Monitors

Validate DNS records, check propagation, and monitor domain health.

On this page

TCP MonitorsCreating a TCP MonitorBasic ConfigurationFull ConfigurationConnection TypesPlain TCPTLS/SSLTLS Certificate MonitoringCertificate InformationCertificate AlertsCommon Use CasesDatabase MonitoringPostgreSQLMySQLMongoDBRedisMail ServersSMTPSMTP with STARTTLSIMAPCustom ServicesSSHMessage QueuesResponse MetricsAssertionsConnection SuccessResponse TimeTLS Certificate ExpiryTLS VersionAdvanced ConfigurationConnection OptionsTLS OptionsSend Data After ConnectTroubleshootingConnection RefusedConnection TimeoutTLS Handshake FailedBest Practices