TCP Monitor
Monitor TCP port availability for databases, SSH servers, custom services, and any protocol that runs over TCP. Verify connectivity and measure response time.
What is a TCP Monitor?
A TCP Monitor attempts to establish a TCP connection to a specified host and port. If the connection succeeds, the check passes. If it fails or times out, the check fails.
Use Cases
- Database Servers: PostgreSQL (5432), MySQL (3306), MongoDB (27017), Redis (6379)
- Remote Access: SSH (22), RDP (3389), VNC (5900)
- Mail Servers: SMTP (25, 587), IMAP (143, 993), POP3 (110, 995)
- Custom Services: Microservices, game servers, message brokers
- Infrastructure: Load balancers, proxies, firewalls
Configuration Options
Basic Configuration
| Field | Description | Example |
|---|---|---|
| Name | Human-readable identifier | Production PostgreSQL |
| Host | Hostname or IP address | db.example.com or 192.168.1.10 |
| Port | TCP port number (1-65535) | 5432 (PostgreSQL) |
| Interval | Check frequency | 15s, 30s, 60s, 5m, 10m |
| Timeout | Max wait time for connection | 5s, 10s, 30s |
| Locations | Check regions | US East, EU West |
Common Ports
Databases
| Service | Port | Example Host |
|---|---|---|
| PostgreSQL | 5432 | postgres.example.com |
| MySQL/MariaDB | 3306 | mysql.example.com |
| MongoDB | 27017 | mongo.example.com |
| Redis | 6379 | redis.example.com |
| Cassandra | 9042 | cassandra.example.com |
| Elasticsearch | 9200 | elasticsearch.example.com |
Remote Access
| Service | Port | Protocol |
|---|---|---|
| SSH | 22 | Secure Shell |
| Telnet | 23 | Unencrypted remote access |
| RDP | 3389 | Windows Remote Desktop |
| VNC | 5900 | Virtual Network Computing |
Mail Servers
| Service | Port | Encryption |
|---|---|---|
| SMTP | 25 | None |
| SMTP (TLS) | 587 | STARTTLS |
| SMTP (SSL) | 465 | SSL/TLS |
| IMAP | 143 | None |
| IMAP (SSL) | 993 | SSL/TLS |
| POP3 | 110 | None |
| POP3 (SSL) | 995 | SSL/TLS |
Message Brokers & Queues
| Service | Port |
|---|---|
| RabbitMQ | 5672 |
| RabbitMQ (Management) | 15672 |
| Kafka | 9092 |
| NATS | 4222 |
| ActiveMQ | 61616 |
Configuration Examples
Monitor PostgreSQL Database
{
"type": "tcp",
"name": "Production PostgreSQL",
"host": "db.example.com",
"port": 5432,
"interval": 60000,
"timeout": 10000,
"locations": ["us-east", "eu-west"]
}Monitor SSH Server
{
"type": "tcp",
"name": "SSH Server",
"host": "server.example.com",
"port": 22,
"interval": 300000,
"timeout": 10000
}Monitor Redis Cache
{
"type": "tcp",
"name": "Redis Cache",
"host": "redis.example.com",
"port": 6379,
"interval": 60000,
"timeout": 5000
}Monitor Custom Microservice
{
"type": "tcp",
"name": "Payment Service",
"host": "payment-service.internal",
"port": 8080,
"interval": 30000,
"timeout": 10000
}Best Practices
1. Choose Appropriate Timeouts
Set timeout based on expected latency:
- Local network: 5 seconds
- Same region: 10 seconds
- Cross-region: 15-30 seconds
2. Combine with Application-Level Checks
TCP monitors only verify connectivity. For databases, also use HTTP monitors to check application-level health:
- TCP Monitor: Port 5432 is open
- HTTP Monitor:
/health/dbendpoint verifies query execution
3. Monitor from Multiple Locations
Check from 2-3 regions to detect:
- Regional network issues
- Firewall misconfigurations
- ISP-specific problems
4. Use Appropriate Check Intervals
- Critical databases: 30-60 seconds
- Background services: 2-5 minutes
- SSH/Admin access: 5-15 minutes
5. Whitelist Monitoring IPs
If your firewall blocks connections, whitelist BlackTide check runner IPs:
- US East: Contact support for IP ranges
- EU West: Contact support for IP ranges
Troubleshooting
Check Fails with "Connection Timeout"
Possible Causes:
- Service is down
- Firewall blocking connections
- Network routing issue
- Port is closed
Solution:
- Verify service is running:
# Check if PostgreSQL is running sudo systemctl status postgresql # Check if port is listening sudo netstat -tlnp | grep 5432 - Test connectivity manually:
# Test TCP connection nc -zv db.example.com 5432 # Or use telnet telnet db.example.com 5432 - Check firewall rules:
# List iptables rules sudo iptables -L -n # Check if port is allowed sudo ufw status | grep 5432 - Whitelist BlackTide IPs in firewall
Check Fails with "Connection Refused"
Cause: Port is closed or service not listening.
Solution:
- Verify service is running
- Check service is bound to correct interface (0.0.0.0 for external access)
- Verify port number is correct
Intermittent Failures
Possible Causes:
- Service is overloaded
- Connection pool exhausted
- Network congestion
Solution:
- Increase connection pool size
- Scale service horizontally
- Increase check interval to reduce load
Limitations
TCP vs Application Health
TCP monitors only verify the port is open. They don't verify:
- Service is responding correctly
- Database queries succeed
- Authentication works
- Data is accessible
For comprehensive monitoring, combine TCP with HTTP health checks.
No Protocol-Specific Validation
TCP monitors don't send protocol-specific commands. They can't:
- Execute SQL queries
- Authenticate to SSH
- Send email via SMTP
Use Custom monitors for protocol-specific checks.
Next Steps
- HTTP Monitor: Monitor web endpoints
- ICMP Monitor: Basic network connectivity
- Configure Alert Rules for your TCP monitors
- Best Practices for effective monitoring