Suspicious Web Server downtime notifications

Posted on 2012-09-09
Last Modified: 2013-07-08

We have a web server set up on a DMZ network in our company. The traffic flow is such that internet line from ISP comes to a firewall, goes to IPS connected to specific dmz interface for that web server, from IPS goes to dmz switch from where it goes to web server.

The setup was done by another person, so please no questions or comments on best practices there.

Further, we enabled web server monitoring using this site:

Initially all was fine. Recently we are getting downtime notifications and then it will come up again after few minutes. And this happens twice or thrice in the day. Example below for notification for when the site comes up after it has gone down.

Funny part is when the downtime notification comes, we immediately attempt to connect to the web server and it seems to be running fine.

Any ideas of where i can/should start looking???


 Hello,  now work

   Operation restored at 2012-09-08 16:25:42.

   Url was down as a result of:

     Http error:Http_client.Bad_message("Unknown reason (e.g. unexpected eof,

   First error was detected at 2012-09-08 16:19:30

   Last error was detected at 2012-09-08 16:25:07

   Downtime total 5 min(s) 37 sec(s).
Question by:dxbit
    LVL 6

    Accepted Solution

    Hello, does the generates this message?

    Maybe you could check the webserver logs if there were some requests or errors during that "downtime"?

    I tried to google for that error message but no luck to find this kind of a message...

    I would use another monitoring tool check that what monitors is right...

    Author Comment

    Thanks Jelcin.

    Yes the message is generated by the external monitoring site 'host tracker'.

    Will check on those corresponding web server logs when I get back to work tomorrow. Any particular path I should check assuming its a windows 2003 server with iis installed with defaults??

    And yes, setting up two extra external monitoring solutions is exactly what I did some time back. To see if the host tracker may be generating false alarms.

    Will keep you updated.

    Author Closing Comment

    Yes, it seems they were false alarms, since moving to an alternate monitoring solution didn't give the same problem.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Transparency shows that a company is the kind of business that it wants people to think it is.
    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now