Monitoring
NetTools watches your domains and servers around the clock and emails you the moment something breaks — no monitoring server of your own to run, and no credentials stored on our side. This page covers everything monitoring does and how to set it up.
What a monitor is
A monitor is one thing we check on a schedule. NetTools has four kinds:
- Uptime (HTTP/HTTPS) — is your website responding, and how fast?
- Port (TCP) — is a service (SSH, a database, a mail server) accepting connections?
- TLS certificate — how many days until the certificate expires?
- Domain Health — a single composite check of seven posture items (see below).
Every plan includes always-on monitoring, including Free. Plans differ in how many monitors you get, how often we check, and how far back the history goes — not in whether monitoring exists at all.
| Plan | Monitors | Interval | History |
|---|---|---|---|
| Free | 1 | 5 min | 30 days |
| Pro | 10 | 5 min | 90 days |
| AI Premium | 25 | 1 min | 365 days |
| MSP / MSP+ | 100 / 250 | 1 min | 365 days |
Add a monitor
- Open the Monitor area in the web app and go to the CLOUD tab.
- Enter a domain, host, or URL and pick the check kind. NetTools auto-detects a sensible default and pre-fills it — for a bare domain, that's Domain Health.
- Save. We run the first check immediately and email you a short "now monitoring X" confirmation with the current state, then keep checking on your plan's interval.
That's it — there's nothing to install for uptime, port, TLS, and Domain Health checks. They run from our cloud, looking at your target from the outside, exactly as a visitor or a mail server would.
Domain Health
The Domain Health monitor folds seven posture checks into one pass/warn/fail snapshot:
- TLS certificate valid and not expiring soon
- HTTPS redirect — plain HTTP forwards to HTTPS
- SPF — only authorised servers can send your mail
- DMARC — forged mail is caught, not delivered
- DNSSEC — your DNS answers are tamper-protected
- MX — mail routing is reachable
- Blacklist — your domain/IP isn't on a mail blocklist
Each line comes with a plain-language verdict: what it means and how to fix it. When something regresses — say your SPF record disappears — you get an email that names the specific check, not a cryptic error.
Alerts you can trust
Alert quality matters more than alert quantity. Two things keep NetTools from crying wolf:
- We re-check before alerting. A single failed probe never triggers an email; the problem has to be real and sustained.
- You can acknowledge a finding. If you already know about an issue, acknowledge that specific check and it drops out of the verdict and the fleet view until it changes — so it stops nagging without hiding anything.
Down, back-up, and certificate-expiring alerts arrive on every plan.
Fleet Health
The HEALTH tab is your single pane of glass. It folds every open issue across all your monitors and servers into one severity-ranked list — worst first, in plain language — with healthy items tucked below. Click any row to jump straight to the monitor and see the full breakdown.
Public status pages
Turn any group of monitors into a shareable status page — a public URL your users or clients can check during an incident. Status pages support host grouping, display settings, and an optional 4-character PIN if you'd rather keep it semi-private. On the MSP plans they're fully white-label: your brand, your logo, your own domain, and no ABR mention. See the MSP guide for that.
Server host metrics (agents)
For CPU, memory, disk, and temperature inside a server, install the lightweight metrics agent (AI Premium and up). It's outbound-only — the agent pushes metrics to us over HTTPS, so there are no inbound ports to open and no credentials stored. It runs on Linux, macOS, and Windows.
Install from the HOSTS tab, which gives you a one-line command with your token baked in. On Linux it looks like:
curl -fsSL https://nth02.abr.cloud/cloud/agent/script -o abr-agent.sh \
&& sudo ABR_AGENT_TOKEN=<your-token> sh abr-agent.sh install
(macOS is the same with ?os=macos; Windows gets a PowerShell one-liner — the
tab shows the right one for each OS.)
Once it's reporting you get per-host thresholds (alert only on sustained high load, never a brief spike), daily coverage bars, and a clickable update badge when a newer agent ships.
Your credentials stay yours
All outside-in checks (uptime, TLS, DNS, ports, Domain Health) need no credentials — they look at your target the way the public internet does. The host agent pushes metrics outward and never receives a connection. We never store SSH passwords or keys for monitoring. That's a deliberate design line, not a limitation we plan to remove.
Next steps
- Add your first monitor — free, no card.
- Running monitoring for clients? See the MSP guide.
- Automating with an agent? See MCP & agents.