Lucee Performance Analyzer Plugin

Just published v1.0.0.1, it’s available via your Lucee Administrator.

It’s a simple little plugin which provides a summary view of all the debug logs, I’ve been
using these scripts for a while to track down performance problems.

If you like it, please star the repo GitHub - zspitzer/lucee-performance-analyzer: Performance Analyzer plugin for Lucee, to be used in the Lucee Admin or Standalone.

• Slowest Queries
• Var Scoping Problems

image1468×769 141 KB

There are some outstanding issues relating to Implicit Scopes (aka var scoping)
but this is a really easy way to identify performance bottle necks

https://luceeserver.atlassian.net/issues/?jql=labels%20%3D%20scope%20ORDER%20BY%20updated%20DESC

v1.0.0.2

• added a sortable debug log list, including scope and exception counts
• filter only debugging logs since last analysis

just click the headers to sort any of the reports

Hi Zac

First of all, thank you for providing this great plugin. I can see that this will be of great use.

I have installed it using your repo instructions.

When I hit the local URL of one of my web roots, it starts spitting out results, which is great.

However, these are only local URL, 127.0.0.1:888/mywebsite

How do I get it to trace requests coming in from the public internet.

Like:

I am using this on my production server Windows 2019 + IIS?

garbage in, garbage out

I wouldn’t be enabling debugging on a production website, to be honest

Oh I see.

I just wanted to see what URLs are hitting my webserver [application server].
FR is too expensive and it also keeps crashing my server.

Recently the DNS Server [on my VPS] has been hogging memory [eventually crashing my Lucee application server], so I have had to restart it, every few weeks.
I reckon it might be some kind of mini DDOS attack, pinpointing a form on one of my Coldfusion websites.

If I can see which URL is being hammered, I can comment out the form or tighten up my Cross-Site Request Forgery defence etc

why not just check your webserver logs?

Depending on the version of Java that you are using, you may be able to use SeeFusion:

We have used this for years as a simple, no frills, low overhead APM. It does not include anywhere near the detail that FusionReactor does, but offers enough insight to a server to pick up on some problems. Unfortunately it is no longer maintained and I have not been able to get it working with Java21.

An up-to-date version of SeeFusion would be brilliant to have if anybody knows how to update it.

Thanks. I will see if seeFusion works. I am using Windows 2019 Server, so it’s Java version will probably be fine.
The webserver logs for some reason don’t seem to show anything via IIS Request Monitor → Worker Processes
So, I feel an application server solution is more appropriate.

I would highly recommend cloudflare, they will show you traffic logs and protect you from DDOS (well you need to survive the initial onslaught)

Doesn’t it put that weird looking Cloudflare screen, before arriving at a website. Or is there a setting to remove that.
I always thought that looked a bit unprofessional?
I’ll have a look at the cost and then decide.
I agree, DDOS is a horrendous experience.
I have already had to take down one entire website, on an older VPS, because of DDOS.
Currently, I am blocking spiders using Windows Defender Firewall Inbound settings. I have set some in IP ranges. This is actually quite effective. But new spiders pop up, every day.

By the way, thanks for the suggestion at looking at the Windows inetpub logs. This has exposed some decent request information.
I used it today to block several new spiders, including TikTok and the Chinese Sogou Bot.
It’s zapped a decent amount of activity.

That is only if you configure challenge on every request. You would only need that if your server is under attack.

Bots can cause additional session overhead

Session Handling in Lucee :: Lucee Documentation (See best practices)