This is the ultimate tutorial to Ruby on Rails application monitoring in 2020.

In this comprehensive guide I'll cover:

Explanation of Ruby on Rails metrics worth monitoring

Breakdown of different monitoring departments

How to pick the right tool for the job

Ruby on Rails application monitoring tools comparison

An overview of things to consider as an application maintainer

Sane guide to Rails logger and monitoring tools setup

So if you want to sleep through the night with your Ruby on Rails application monitoring in place, you are in the right place.

Table of contents

Let's do it.

#Ruby on Rails Application Monitoring Basics

Out of the box, Ruby on Rails comes to us with a Rails.logger , an amazing tool that's both simple to use and easily extendable.

In its basic form, the Rails logger is writing the application output to the dedicated log file as well as to the running process' stdout

A name of the log file depends on the RAILS_ENV we are running the app in. In the default configuration in the log directory in the application root you will find:

development.log

test.log

production.log

On top of that, the logger is equipped in an ability to differentiate various events severity levels:

debug

info

warn

error

fatal

unknown

It's very useful for filtering, grouping and aggregating logs via third party services described in the next parts of this article.

#Breakdown of Ruby on Rails Application Monitoring

As we know by this point, the dedicated Rails logger serves one purpose, and that's telling us exactly what happens in the domain of our Ruby on Rails application.

However, that's not even a tip of an iceberg when considering the full suite Ruby on Rails application - there's so much more to consider.

It all comes to asking ourselves - what exactly do we want to know about our Ruby on Rails application?

Let's break it down in order to answer this question.

#Application Performance Monitoring

First things first: we want to know about our Ruby on Rails application's bottlenecks.

A bottleneck is a point of congestion in a production system - such as an assembly line or a computer network - that occurs when workloads arrive too quickly for the production process to handle. "Business Esentials" by Investopedia

This is the domain covered the most thoroughly by SaaS services, it even has its own shortcut, APM.

Let's break down the classic Ruby on Rails usage, MVC, into small parts that one wants to monitor in the performance perspective:

Model - how long does it take for my app to communicate with its database?

View - how performant is my app's views rendering engine?

Controller - how fast is my app responding to the received requests?

Whenever thinking about the performance, the information we want to obtain is the execution time of different parts of our application.

Remember, those are only basics - other things to compartmentalize in the performance perspective I can think of of the top of my head are:

How long does it take to run various rake tasks?

How performant is my background job processing?

Are there any bottlenecks in my mailing service adapter?

Is my payment processing fast enough?

It all depends on what your app does for a living. Let's take for example the processing of payments.

It is crucial for our customers not to wait for payments to be processed for 3 days or even 3 hours - and that's exactly the bottlenecks we want and need to know about.

With a correctly working APM in place, we are equipped to react quickly to the Rails application bottlenecks, which results in a better end-user experience.

#Ruby logger: Error and Exception Monitoring

The next part is the scariest one, yet inevitable - we want to know when our Ruby on Rails application behaves unexpectedly.

Our Ruby on Rails logger comes to the rescue - by default, it logs all exceptions raised both into stdout and the dedicated file.

Rails neatly prints the thrown exceptions' stack trace, which allows us to pinpoint the exact line of code causing the error.

Rollbar's example of code line throwing an exception

That said, even for small applications that's not enough to easily work with. Why?

Log files format is not easy to read

No easy searching and filtering

Nobody wants to watch live app's stdout for a living

That's where an awesome error and exception monitoring services come with a HUGE help.

When hooked up correctly, the amount of information on thrown exceptions provided is just enough for a developer to solve any problem in minutes.

On top of that, you can usually tweak them with even more helpful intel, such as for example:

An exact user that caused the exception

Received request parameters

Custom tags

Any custom data that you find useful for a given part of your app

Let's be honest with each other - there isn't any golden bullet solution to prevent all of our Ruby on Rails application crashes.

And its crashes are a piece of must-have knowledge for anybody responsible for maintaining a healthy system.

With a correctly hooked up exception monitoring in place, we are equipped in just the right tools to fix them as quickly as possible.

Thanks to no longer being blind to our Ruby on Rails application errors, our end-user gets exactly the experience we expect them to get by fixing anything that's out of place.

#Server and System monitoring

Ruby on Rails by itself is just a simple process running on the system that launched it - nothing more, nothing less.

In order to obtain a full knowledge about our application, we want to have at least a basic intel about the system that runs our Ruby on Rails application.

In the simplest form, this breaks down to other processes that are essential for our application to work as expected:

System: VPS, Cloud or any other,

Database: MySQL, PostgreSQL or any other

HTTP servers: Nginx, Apache or any other

Other popular tools like Redis, Sidekiq, RabbitMQ - you name it

It all comes down to what you use.

When planning your monitoring suite, try to break it down to those little pieces and think about each process without which your Ruby on Rails application will not work as expected.

#Ruby logs monitoring

This one serves as an alternative both to the Ruby on Rails exception monitoring and the APM.

The idea is to hook up your logs with some other process that aggregates them.

Fragment of raw Rails logs

It means that on top of errors and exceptions, you can extract additional data about anything that your Ruby on Rails logger tells you and break it down into both performance and exceptions reports.

That is especially useful when you use Rails logger extensively with the information and warning severities.

By customizing the tool of your choice a little, you can easily aggregate the data you need for almost any intel required to successfully maintain your Ruby on Rails application.

Some common use-cases are:

gathering info on email delivery

setting warnings for various processes' performance drops

gluing together reports from multiple places

There are pros and cons of this solution.

On the one hand, you get the full, detailed overview of what you exactly need - no more, no less, just what you extract.

On the other hand, this usually is not a drop-in solution to all your problems, and costs you the actual implementation time - the more you want to know, the more work you gonna put in.

#System Security monitoring

There is one metric that when tread too lightly can even put you in jail these days.

We're talking about information security.

This topic is easily overlooked at the beginning and costs more than its worth in the later stages of the Ruby on Rails application lifetime.

Cybersecurity breaks down to a multitude of aspects that both developers and business owners sadly don't bother much with on a daily basis.

The good part is that the day you implement at least minimal security measures into your application is the day when you become less likely a target of any security breach.

Most of the hackers do not waste time on difficult targets whenever there's an alternative in the low hanging fruit.

All that said, Ruby on Rails security monitoring is a very, very nice thing to have in place.

What are some common attacks that we want to monitor for?

Denial of Service, DDoS

SQL injection

Cross-Site Scripting, XSS

and many, many more

Further down the article, I will present you with some examples of the tools we can use to monitor Ruby on Rails application security.

That said, in my opinion, an increased awareness combined with prevention in the security field comes a long way.

And there are tools to use in order to implement it.

In this part, we compare a multitude of logging and monitoring tools and services.

In order to effectively do so, we take the following features into consideration:

Free - the limit of using the tool without paying a dime

- the limit of using the tool without paying a dime Trial - can we test the tool without paying for it, and if so, for how long

- can we test the tool without paying for it, and if so, for how long 100k/m - how much does 100 thousand metrics (or requests if you wish) cost in their cheapest plan yearly - for easier comparison

- how much does 100 thousand metrics (or requests if you wish) cost in their cheapest plan yearly - for easier comparison Lowest - the cheapest option's cost, and what do we pay for

- the cheapest option's cost, and what do we pay for Since - since when is the tool available on the market

In order to fairly compare the costs, the 100k/m column is calculated from the break down of the Lowest metric into the monthly cost of 100k requests in the annual plan.

Stand aware that this is unfortunately not applicable to every single service available, as their plans vary.

One other thing worth noting: the order of those tools does not matter in this comparison, they are simply sorted lexically.

#Ruby on Rails Application Performance Monitoring

Let's take a look at various APM options available for our Ruby on Rails application monitoring.

Tool Free Trial 100k/m Lowest Since AppNeta yes* ? ? $119* / ? 2011 AppSignal no 30 days $7.6 $19 / 250k 2012 Instrumental no other $340 $0.0034 / metric/ day 2012 New Relic yes 14 days ? $12.5 / month 2007 RoR vs Wild < 100k 14 days $0.8396 / 100k $41.98 / 5000k 2017 Skylight < 100k 30 days $2.23 / 100k $20 / 1000k 2012

This is the one department of the market that thrives, which has its pros and cons.

PRO : Pricing is more or less leveled

: Pricing is more or less leveled CON: Hard to decide if you're not sure what is it you're looking for

On the other hand, the moment we can ignore the pricing is the moment when we can focus on selecting both the features that really matter to us and a UI that we are the most comfortable to work with on the daily basis.

Let's see what's available for Ruby on Rails Application Performance Monitoring.

AppNeta is a SaaS heavily focused on across-network performance monitoring.

Free Trial 100k/m Lowest Since yes* ? ? $119* / ? 2011

Addressing the * asterisk in the comparison table: their pricing page does not reveal any details, just the plans, but I've managed to track it on the HackersNews Tools of The Trade repository.

It comes in two available Cloud plans, Public and Private

In other words, it means that you can either use their public hosting for all the monitored data or keep it on your own premises.

To get the big picture, you need to see further. Your business doesn't happen within your walls as much as it used to. appneta.com

All that could mean that offered solutions are carefully crafted to your specific needs - you can get a quote by providing some basic information and being called or emailed by their Sales Team.

AppNeta does not maintain any open sourced Ruby gem on their official GitHub organization website for integrating with them - there are either private gems or more likely their official API that you'd need to integrate with.

One way or another, implementation costs exist and it is probably not a drop-in solution for the Ruby on Rails Application Performance Monitoring.

Summing up, AppNeta is a complex solution and probably not the first choice. Its sales transparency has some room for improvement, as it is not easy to compare with other tools in order to pick the best one for us.

AppSignal is a dedicated solution for monitoring Ruby on Rails and Elixir applications.

Free Trial 100k/m Lowest Since no 30 days $7.6 $19 / 250k 2012

This can potentially go a long way for your Ruby on Rails Application.

My reasoning is that the dedicated solution focused on the narrow niche such as Ruby on Rails applications might easily become the best tool for the job, providing unique flavors of the framework internals monitoring out of the box.

Catch errors, track performance, monitor hosts, detect anomalies — all in one tool. appsignal.com

On their official Github organization website, AppSignal hosts an open-sourced appsignal-ruby gem dedicated to communicating with their cloud services.

On top of that, they offer advanced integration with your Github account.

All the reported data is available via the web browser, in the neatly crafted and what seems easy to use UI.

Summing up, AppSignal offers transparent and fair pricing completed with an open-sourced gem used for implementing it in your Ruby on Rails application.

Instrumental provides a solution for monitoring both Ruby on Rails applications and their infrastructure.

Free Trial 100k/m Lowest Since no other $340 $0.0034 / metric/ day 2012

Free Trial marked as other means that there is a free plan with up to 500 metrics with 3 hours of data visibility - a great option for development purposes.

Next to dedicated Ruby implementation, they support .NET, Java, Node.js, PHP and Python, to name a few.

By infrastructure monitoring, they mean drop-in solutions for AWS, Docker, MySQL, PostgreSQL, MongoDB, Redis and Memcached.

Instrumental helps you quickly get answers to complex questions - and you'll feel good doing it. instrumentalapp.com

Instrumentalapp on their official Github account hosts an open-sourced instrumental_agent-ruby gem code for integrating with their monitoring cloud.

On top of a dedicated UI, they provide Instrumental Query Language that allows end-users to aggregate, transform and time-shift all the data gathered.

Summing up, Instrumentalapp offers a complex APM solution for Ruby on Rails application performance monitoring, as well as rich infrastructure monitoring options.

However, it comes with a price not suited for small starting projects but scales nicely for big enterprises.

#New Relic

New Relic is one of the most popular choices for APM solutions world-wide.

Free Trial 100k/m Lowest Since yes 14 days ? $12.5 / month 2007

I did not manage to break down the cheapest plans costs into the price of 100k metrics a month - if you know how to do that, please leave me a comment.

Uptime is everything. That's why observability is so critical for today’s business infrastructure. newrelic.com

The APM plan goes way beyond just Ruby on Rails monitoring, and it includes:

Response Time

Throughput and Error Rates

Filterable Error Analytics and Traces

Database Monitoring for Metrics and SQL Analysis

New Relic on their official Github organization account hosts an open-sourced newrelic_rpm gem that transmits any Ruby on Rails application metrics to their cloud for your real-time monitoring.

Summing up, New Relic is by far one of the most complex solutions on the market. Both wide-world usage and the big corporate structure speak in its favor.

Despite the lack of an actual pricing comparison data, it is worth mentioning that this solution is not recognized as cheap on the Internet.

#RoR vs Wild

RoRvsWild is a dedicated Ruby on Rails application performance monitoring solution.

Free Trial 100k/m Lowest Since < 100k 14 days $0.8396 / 100k $41.98 / 5000k 2017

It is worth noting that the presented prices are converted from € to $ on the day when $1.08 is €1. The actual cheapest plan's price on their website is €39 / 5000k monthly.

Slow and unreliable websites lose customers. RoRvsWild monitors the performances and errors of your Ruby on Rails applications, and provides you with insights to optimize what matters. rorvswild.com

Ruby on Rails versus Wild is one of the products created by the small web design & development studio Base Secrète from Geneva, Switzerland, that specializes in Ruby on Rails applications.

Strong sell points of the product are the fact, that its a dedicated Rails monitoring solution and ridiculously generous free tier.

On their official Github organization account, they host an open-sourced gem rorvswild dedicated to integrating with their cloud monitoring services.

Their web UI is slick, intuitive and very easy to catch up with, and I foresee a bright future for this product when combining this fact with their freemium scope.

Summing up, RoRvsWild despite being very young, seems very promising and prospectful.

I especially recommend using it for monitoring the performance of small, rising Ruby on Rails applications.

Skylight is yet another APM service dedicated to Ruby on Rails application monitoring.

Free Trial 100k/m Lowest Since < 100k 30 days $2.23 / 100k $20 / 1000k 2012

It heavily focuses on maintaining simplicity in its dashboards, which saves us a lot of time when analyzing our Ruby on Rails application performance.

Trends at a glance. Endpoints to improve. Questions answered. Just the essentials. Not a zillion charts you don’t need. skylight.io

On their official Github organization website, they maintain an open-sourced skylight-ruby gem serving the sole purpose of communicating with their cloud servers.

Summing up, Skylight's offer is very transparent, easy to understand and generous.

That, combined with the fact that it is a dedicated Ruby on Rails monitoring solutions makes this service very attractive.

#Poor Man's Choice: Rails Performance

Not only for those who decide not to pay for APM, but also a very nice solution to have bundled into you Ruby on Rails development process for a constant overview, is a rails_performance gem.

A self-hosted tool to monitor the performance of your Ruby on Rails application. This is simple and free alternative to the New Relic APM, Datadog or other similar services. Rails Performance README.md

It is a relatively new project that has started in January 2020, so the features are limited - it only allows real-time monitoring, with a data-retention period equal to your Redis' TTL.

What I personally like to do in my Ruby on Rails projects is launching it in the development process and glance at the dashboard from time to time.

It is not a perfect solution, but still gives me some idea on how well the Ruby on Rails application performs, and can potentially point me in the right direction.

#Ruby on Rails Error and Exception Monitoring

Now that we went through our options for the Ruby on Rails application performance monitoring, the next step is to get the right tool for error and exception logging and analytics.

Tool Free Trial 100k/m Lowest Since Airbrake < 7.5k 30 days $59 / 100k $59 / 100k 2008 Bugsnag < 7.5k 14 days $39.34 / 100k $59 / 150k 2012 Honeybadger < 12k 15 days $26.23 / 100k $59 / 225k 2012 Raygun no 14 days $79 / 100k $19 / 1k 2007 Rollbar < 5k 14 days $83 / 100k $83 / 1000k 2012 Sentry < 5k 30 days $26 / 100k $26 / 1000k 2012

That's another branch of the market that is very well suited, which has roughly the same pros and cons as the APM part.

Let's see what Ruby on Rails Error and Exception Monitoring options there are available.

AirBrake is one of the most popular choices not only for Ruby on Rails application monitoring but also for a wide range of other languages and frameworks.

Free Trial 100k/m Lowest Since < 7.5k 30 days $59 / 100k $59 / 100k 2008

It does not monitor only errors and exceptions raised in the Ruby on Rails application - just recently they've released a dedicated APM solution along with the main product.

On their official Github organization account, they maintain an open-sourced gem airbrake dedicated to sending errors straight to their API.

What's worth mentioning, the gem equips Ruby on Rails in a very straightforward generator, a command-line tool that sets everything up with a single execution - neat.

Airbrake's powerful error monitoring is lightweight and dead simple to set up so you can spend less time tracking down problems and more time developing. airbrake.io

On top of that, it still is fully customizable - in its basic form it just reports uncaught exceptions, but you are free to send any other events you like.

Summing up, Airbrake is a solid choice for production-scale Ruby on Rails application errors and exceptions monitoring.

However, there are cheaper options to start with, what can be considered a flaw. Read on.

Bugsnag is yet another widely used tool for Ruby on Rails application errors and exceptions monitoring.

Free Trial 100k/m Lowest Since < 7.5k 14 days $39.34 / 100k $59 / 150k 2012

Like the previous one, it does not stop on Rails but is highly recognizable among other technologies, too - over 50 in total, as they say.

Bugsnag monitors application stability so you can make data-driven decisions on whether you should be building new features, or fixing bugs. bugsnag.com

One nice thing about it is that we have a choice between using their servers and hosting it on our own premises.

On their official Github organization website, they host an open-sourced bugsnag-ruby gem responsible for communicating with their API.

Summing up, Bugsnag is a legit solution for whose quality speaks the fact that it supports many technologies.

Combined with reasonable pricing that scales nicely, it seems like a good fit for medium to enterprise applications.

Honeybadger is Ruby on Rails application monitoring for exceptions born from the frustration of the author's own Ruby on Rails project error.

Free Trial 100k/m Lowest Since < 12k 15 days $26.23 / 100k $59 / 225k 2012

Here's a little backstory, bear with me.

Honeybadger's authors used to use a tool called Hoptoad - now Airbrake - created by Thoughtbot and then sold.

When they got frustrated with its unreliability, they created Honeybadger, which is now officially bundled with one of the most popular open-source Rails Application Templates, Suspenders, authored by Thoughtbot.

History comes full circle.

On their official Github organization website, they host an open-sourced honeybadger-ruby gem dedicated to reporting errors to their API.

Zero-instrumentation, 360 degree coverage of errors, outages and service degradation. Deploy with confidence and be your team's devops hero. honeybadger.io

Strong sell point of the tool is the fact that it started from Ruby on Rails application monitoring, and is created by Ruby on Rails developers.

They emphasize being dedicated to smaller teams, which is exactly the case most of the time - and also a very good reason to use it from your Ruby on Rails application's production day #1.

Raygun is yet another platform that offers crash reporting for Ruby on Rails applications and other tools, among many other solutions.

Free Trial 100k/m Lowest Since no 14 days $79 / 100k $19 / 1k 2007

Here I've departed from the rule of comparing the cheapest plan, as it would heavily misrepresent this tool - in the 100k/month column I've included their second-cheapest plan for a better overview.

This is one of those full-spectrum solutions, that provides a wide range of things - APM, users' sessions monitoring and even some basic SEO analysis.

Raygun gives you visibility into how users are really experiencing your software. Detect, diagnose and resolve issues with greater speed and accuracy. raygun.com

One can easily see that this guy's agenda is so much more than simple errors and exceptions Ruby on Rails monitoring.

Take into consideration that they're a jack of all trades which probably results in being master of none.

It'd be hard to be the best in everything, so from the errors and exceptions monitoring perspective, the dedicated, single-purpose solution might work better for you - at least in the beginning.

On their official Github organization website, they host an open-sourced raygun4ruby gem dedicated to communicating with their API.

Summing up, Raygun is long-established on the market and definitely solid solution for Ruby on Rails application crashes monitoring.

Rollbar is one of two solutions for Ruby on Rails application monitoring we've decided to include in Hix on Rails right from the start.

Free Trial 100k/m Lowest Since < 5k 14 days $83 / 100k $83 / 1000k 2012

It was due to the fact that it is very popular among the Ruby community, easy to set up and you can start using it for free.

Spend less time worrying and more time on improving code. With Rollbar, you can feel safe knowing every error is reported in real-time. rollbar.com

It's worth noting that its offer is even more generous - in the annual plan you also get the first two months for free.

On their official Github organization website, you can find an open-sourced rollbar-gem , and what's even better, you can follow our comprehensive, step by step tutorial on how to set up Rollbar as the Ruby on Rails application monitoring tool.

One thing I can tell from my own experience about Rollbar is that its Ruby gem, compared to its other open-source integrations, is just a little behind.

There are some options available in other languages, such as for example PHP, and unavailable in Ruby.

Don't be put off by that though - I can still honestly recommend using Rollbar for your Ruby on Rails application monitoring.

Summing up, Rollbar is a very reliable, sophisticated solution - and I am telling you that from my own experience, as that's what I use daily at work.

Sentry is another Ruby on Rails application monitoring solution included in Hix on Rails from its start.

Free Trial 100k/m Lowest Since < 5k 30 days $26 / 100k $26 / 1000k 2012

Similar to Rollbar, we've decided to go with it due to being very popular among the Ruby on Rails community and offering a free start for everybody, no matter how big a project they develop.

Sentry scales with your application. Just keep those bugs to a minimum and you’ll love us. sentry.io

This is so true - I still run some of my not-so-popular side-projects with Sentry hooked up and easily manage to stay on the free plan.

Hooking up a tool like Sentry for Ruby on Rails application monitoring from its first day on production goes a long way - and you can easily do that following our step by step tutorial on how to set up Sentry in Ruby on Rails.

On their official Github organization profile, they host an open-sourced raven-ruby gem, that provides easy integration with their API.

Summing up, and I am speaking from a pleasant experience as I browse my Sentry dashboard daily, it is a great tool - very generous pricing, just enough of the free plan and intuitive UI.

#Poor Man's Choice: Exception Track

If you decide not to pay for error and exception monitoring in your Ruby on Rails application for whatever reason, you can still access them easily via exception-track gem.

Tracking exceptions for Rails application and storing them in the database. Exception Track README.md

In my experience, it is especially useful for the development process, for exactly the same reasons as the aforementioned Rails Performance gem.

My usual workflow with this gem hooked up in the development environment looks like this:

Before starting to work on the new feature, I delete all the exceptions from the table

I dive neck-deep into the feature implementation

During the process, I don't need to worry about fixing any collateral damage, as it's safely persisted in the dedicated database table

After finishing the feature, I review all the exceptions caused during the development process one by one and see if any of them still occurs

This simple workflow helps to keep the focus on the task at hand and still results in leaving the previously written code not broken.

I wouldn't recommend using the tool in production though, as it is very basic and not so easy to work with.

When we have our APM exceptions monitoring in Ruby on Rails application in place, it is time to go a little beyond Rails itself.

At some point in your career as a Ruby on Rails developer, you have probably heard about Rails not being performant and losing its popularity due to that fact.

StackOverflow Survey 2019

This rumor alone should be a reason enough for anybody who builds his or her business on the Ruby on Rails stack to thoroughly monitor the performance of a system that hosts it.

There are no excuses for not doing so, no matter if you use a dedicated cloud solution or your private VPS - and it is safe to say that you might end up saving yourself some money in the process by learning your limitations.

This part of your Ruby on Rails application is too important to be left unmonitored, and here are some tools that might help you get the job done.

#System monitoring

For a Ruby on Rails application so-called "system", in the simplest form, the monitoring breaks down to keeping track of the following:

CPU Usage

Memory Utilization

Disk I/O

Network Interface and Adapters

Hardware Health

Scheduled Tasks

Syslog Errors

Event logs

It should be monitored not only for your process running the Ruby on Rails application but also for anything that your app relies on, such as for example Nginx, Sidekiq, Redis, PostgreSQL - to name a few.

The market is full of ready-to-use solutions dedicated to doing just that - some of them were mentioned along with the APM products.

Here's some more, if you look for options:

I deliberately do not go into details about those tools, because they are way beyond the scope of Ruby on Rails application monitoring tutorial.

That said, every conscious maintainer should give it some thought in order to keep full control of his system.

#Availability monitoring

With the system monitoring in place and assuming that your Ruby on Rails application runs behind some public domain or even just a static IP address, it is time to set up an availability monitoring.

In the most simple form, it's a classic heartbeat check - your domain gets pinged by a dedicated service every second.

If it does not respond, you get notified.

Some options to consider:

Same as with system monitoring, I deliberately do not go into specifics, as it is far beyond the Ruby on Rails application monitoring scope.

One thing I can say is that personally I find UptimeRobot very nice to work with for small projects, as it has a reasonable free tier

Downtime Happens. Get Notified! 50 Monitors, Checked Every 5 Minutes, Totally Free! uptimerobot.com

This does not by any means suggest that you should use this tool instead of any others available. Always consider your options.

#Security monitoring

This one is tricky, yet very reassuring once you have it in place. It is also one of the least covered parts of the market Rails-wise.

Let's break our options into three categories.

The first category is a list of ready-to-use tools and services that we can purchase or subscribe to. Those are:

They're available in various plans, providing pretty much the same thing - a dedicated dashboard on which you can see your Ruby on Rails application vulnerabilities.

Same as before, I'll spare you the details - review them and adapt to your specific needs. This is not cheap stuff though.

The second category is my favorite combination of three CLI tools that are easy to set up on your Continuous Integration suite, and those are:

Brakeman

Bundler Audit

Dawnscanner

Both Brakeman and Dawnscanner check your Ruby on Rails application code against Common Vulnerabilities and Exposures (CVE) list.

CVE - Common Vulnerabilities and Exposures

Bunder Audit does pretty much the same, just not with your app's own code, but with its dependencies.

All of the tools come with an easily executable CLI command, which makes them easy to run in CI - just remember to set their exit code to a warning, not an error, as your checks can start crashing overnight.

With those three in place, you've got yourself a nice security-breach prevention system. Just remember, it's never enough in this domain.

The third category is especially important for monitoring Ruby on Rails applications that render HTML views.

There's a multitude of attacks executable via a web browser that loads your website served by Ruby on Rails application.

With help come those tools:

The first two tools audit your domains HTTP security headers, which are:

Strict-Transport-Security

X-Content-Type-Options

X-XSS-Protection

Content-Security-Policy

X-Frame-Options

Referrer-Policy

Feature-Policy

Expect-CT

Security Headers Report Summary

On top of that, Mozilla checks:

Cross-origin Resource Sharing

Cookies security

Subresource Integrity

All of those you're able to append to any HTML document you serve with your Ruby on Rails application in order to instruct the browser what actions it should execute.

The last of the tools above validates your domain's or IP's SSL certificate, which presence is pretty much standard nowadays.

Digicert SSL Report

Some of those headers are also applicable for the pure backend API versions of Ruby on Rails applications.

Along with the HTML documents you send, there is also a matter of assets, and one of many things worth keeping in check is the Content-Disposition header.

Take your time to read more about all of those and at least manually audit your website from time to time - as I have said before, it goes a long way.

#Pagespeed monitoring

Although applicable only for Ruby on Rails applications that provide both frontend and backend and not for API-only projects, page speed monitoring is crucial for the end-user experience.

Let's see what's available:

The first solution, Pagespeed Insights is a simple tool that allows us to audit a single URL at the time.

It gives a great overview, to begin with, but this does not scale well, which gets us to the next two.

Both GTmetrix and Pingdom Website Speed Test are services that anybody can subscribe to. Depending on the selected plan, they allow constant monitoring of a fixed number of URL addresses.

Pingdom Website Speed Test Results

After reviewing their plans you might think - wow, that's a little expensive for something that is not critical for the business to work.

A 100-millisecond delay in load time can cause conversion rates to drop by 7% Akamai research, spring 2017

This can turn out as a gamechanger for a lot of businesses and is definitely worth considering in the long run.

Bonus: if you're like the most in the world, you probably use Google Analytics.

One thing you might want to consider using completely for free is a drop-in solution, a Site Performance Dashboard.

Here's how it looks:

Google Analytics Site Performance Dashboard

In order to gather more data in the early stages of your website served by Ruby on Rails, you can simply configure the GA javascript client to send more reports by increasing the siteSpeedSampleRate parameter.

Where does might Google get this data from, you ask?

The answer is the Chrome User Experience Report.

You can also access this intel in the aforementioned Google Pagespeed Insights tool.

PageSpeed Insights Chrome User Experience Report

Yet still, it is nice to have a dedicated dashboard for it and glance at it once in a while, just in case.

One last thing worth mentioning is that the Lighthouse hosted at the web.dev is also available in the form of two NPM packages that suit perfectly into the Continuous Integration suite:

Using one of those you can probably hook it all up by yourself and avoid monthly expenses - the only cost it is going to take is your time for implementing it properly.

#SEO monitoring

The last, but by no means the least important metric that we will describe here is our website's SEO.

This again does not apply to API-only Ruby on Rails application monitoring but is still worth mentioning along with other aspects of the business lifecycle.

Here are some services that you can subscribe to:

Most of them let you drop your website's URL or domain and present a thorough overview of applicable improvements.

WooRank report on Google's on-page SEO

Again, for a small price, you can automate the process and have them constantly crawl multiple endpoints in order to tell you more frequently about the problems that arise during new features development.

Summing it all up, Rails Application monitoring is a very complex process.

As you could see, a lot of people made a living of it, and this is good - thanks to them, you don't have to break a sweat.

Just pick a toolset that works best for you and calmly sleep through the night, knowing that dedicated services keep an eye on your Ruby on Rails application.

What's your take on the Ruby on Rails application monitoring?

Did you find an answer to your questions, is your maintainer's need satisfied?

Please let me know in the comments!

Or maybe you would like to see any of those tools integrated into the Hix on Rails Application Template?

If so, you can vote on them on our product's roadmap - all it takes is a Trello account and you're good to go!

Thanks for reading!