A mid-sized hosting company running 60 servers discovered their database monitoring approach was fundamentally flawed at 2:47 AM on a Tuesday. Their PostgreSQL connections had climbed to 190 of 200 maximum, Redis was refusing new connections, and MongoDB primary was struggling under connection pressure. Standard monitoring tools showed "everything normal" because they measured database performance, not connection availability.
The Crisis That Changed Everything
The cascade started with a single WordPress site experiencing a traffic spike. Within minutes, the connection pool exhaustion spread across three database technologies. Each database's internal monitoring reported healthy query times and normal CPU usage right up until the moment they started rejecting connections.
Traditional database monitoring focuses on query performance, memory usage, and disk I/O. None of these metrics warned about the approaching connection cliff. By the time max_connections errors appeared in application logs, 200+ websites were already timing out.
The Missing Early Warning System
Database-specific monitoring tools require queries to gather statistics, adding overhead precisely when systems are under pressure. More importantly, they measure database health from the inside out, missing the network-level view that reveals connection pressure before it becomes connection rejection.
The hosting company needed monitoring that detected connection pool trends without adding database load. The solution lay in Linux's network stack reporting through the /proc filesystem.
Building Connection Pool Monitoring Without Database Queries
Connection pool exhaustion appears in network statistics before database logs. Every database connection exists as a TCP socket, tracked by the kernel regardless of application type. This system-level view provides earlier warning than database-specific metrics.
For PostgreSQL (default port 5432), monitoring active connections requires parsing /proc/net/tcp for ESTABLISHED connections. A simple bash function counts current PostgreSQL connections without touching the database:
postgres_connections() {
awk '$4 ~ /:1538$/ && $4 == "01" {count++} END {print count+0}' /proc/net/tcp
}Redis connection monitoring follows the same pattern, parsing for port 6379 (1AF7 in hex). MongoDB connections appear on port 27017 (6979 in hex). This approach works regardless of database configuration, query load, or internal database monitoring setup.
Process-Level Connection Tracking
For more granular analysis, counting file descriptors in /proc/[pid]/fd/ reveals connection pressure at the process level. Database processes under connection stress show increasing socket file descriptors before reaching configured limits. This method catches connection leaks that network-level monitoring might miss.
The hosting company implemented alerts when PostgreSQL connections exceeded 150 (75% of max_connections), Redis connections surpassed 8,000, and MongoDB connections crossed 500. These thresholds provided 15-20 minutes of warning before customer impact.
Real-World Pattern Recognition
Connection pool exhaustion follows predictable patterns. Normal PostgreSQL connections fluctuate between 20-60 throughout the day. Redis maintains steady connection counts with occasional spikes during backup operations. MongoDB shows gradual connection increases during business hours.
Abnormal patterns trigger investigation before crisis. PostgreSQL connections climbing from 45 to 120 in ten minutes indicates application connection leaks. Redis connections jumping by 2,000+ suggests a runaway script. MongoDB connections increasing linearly over hours points to connection pooling misconfiguration.
The hosting company's early warning system approach monitors connection rate-of-change alongside absolute values. A sudden 50% increase triggers warnings even when total connections remain below static thresholds.
Integration with Existing Monitoring
Filesystem-based connection monitoring integrates naturally with lightweight monitoring approaches. Server Scout's bash-based architecture parses /proc/net/tcp without additional dependencies or database credentials. The same agent monitoring CPU and memory usage tracks database connections through kernel statistics.
This approach complements rather than replaces database-specific monitoring. Internal database metrics remain valuable for query optimisation and performance tuning. System-level connection monitoring adds the early warning layer that prevents connection exhaustion from becoming customer outages.
Lessons from Production Implementation
Connection pool monitoring revealed insights invisible to database-focused tools. The hosting company discovered that backup scripts were opening persistent connections without proper cleanup, slowly exhausting pools over days. Weekend traffic spikes stressed connection limits despite normal database performance metrics.
Most importantly, they gained 20 minutes of reaction time. Connection pool exhaustion alerts now trigger automatic connection cleanup scripts and proactive capacity scaling before customers experience timeouts.
Filesystem-based database monitoring proves that the most effective alerts often come from outside the application layer. Linux's network stack provides the comprehensive view that application-specific monitoring inherently cannot achieve.
FAQ
How accurate is /proc/net/tcp for counting database connections compared to database-specific tools?
The /proc/net/tcp method is actually more accurate for connection counting because it shows all TCP connections regardless of database configuration or query permissions. Database-specific tools can miss connections in certain states or require special privileges that may not be available during emergencies.
What connection pool thresholds should trigger alerts for PostgreSQL, Redis, and MongoDB?
Start with 75% of max_connections for PostgreSQL, 80% of maxclients for Redis, and monitor rate-of-change rather than absolute numbers for MongoDB. These thresholds typically provide 15-20 minutes of warning before exhaustion, but adjust based on your application's connection patterns and recovery time requirements.
Can this monitoring approach detect connection leaks that database logs might miss?
Yes, monitoring /proc/[pid]/fd/ directory contents reveals connection leaks at the process level before they appear in database logs. This filesystem approach catches connections in various TCP states that database internal monitoring might not report, including connections stuck in TIME_WAIT or other transitional states.