RIDING BYTES
← All insights

April 15, 2026 · 7 min read

Why your SENAITE LIMS needs proactive monitoring

A real case: a single corrupted ZODB record blocked nightly garbage collection for months. The lab never knew. This is what HealthWatch is for.

Why your SENAITE LIMS needs proactive monitoring

A laboratory recently contacted us because their nightly database optimisation had stopped working. SENAITE LIMS was running fine on the surface. Users logged in, registered samples, entered results, published reports. Nothing in the user interface gave anything away.

Under the hood, the database had been growing unchecked for months. The scheduled pack operation was silently failing every night. The cause turned out to be a single corrupted database record. One truncated object, likely produced when a server restart interrupted an active write operation. That one bad record blocked the entire garbage collection process, causing the pack to abort with an EOFError every time it ran.

The lab found out by accident, three months in, when the disk hit 80% and an unrelated alert fired.

This is the kind of failure proactive monitoring exists to catch.

What proactive monitoring actually means

The temptation with monitoring is to watch the surface: is the HTTP endpoint up, is the disk under 90%. That tells you very little about a LIMS.

A LIMS holds operational data inside a ZODB (Zope Object Database) that grows over time, compacts on schedule, and depends on a few quiet operations that nobody sees succeed because nobody looks. Proactive monitoring watches those operations:

  1. Did last night’s pack run? Did it complete?
  2. Did last night’s backup run? Did the restore verification pass?
  3. Are there ConflictErrors in the log that the user did not see?
  4. Is any object in the database broken?
  5. Is the response time degrading? Disk growth accelerating? Worker count saturating?

If you only check whether SENAITE answers HTTP, you find out about problems the day they cause an outage. If you check the five questions above, you find out the night they start.

HealthWatch

We built HealthWatch because we needed exactly this for the labs we support. It runs on your SENAITE server as a small Python service, queries the ZODB and the SENAITE catalogs directly, and emits structured metrics to our central Zabbix monitoring instance.

It watches six areas.

Database consistency

Full ZODB integrity scans on a schedule. ConflictError detection in the event log. Truncated-object detection by walking the object tree and looking for ones that fail to deserialise. The exact failure mode that broke the case above is the first thing it checks.

Instance health

Response times to the Plone front controller. Worker availability. Memory ceiling per worker. Background-task queue depth. The kind of thing that goes wrong gradually, where the lab does not notice the response time creeping up from 200 ms to 4 s until users start emailing the IT manager.

The HTTP-logs view tails both the haproxy access log and the nginx error log, classifies every request by status family, and plots the seven-day trend so a sudden spike in 5xx responses shows up as a green bar that everyone can see. Sources, top paths, and the most recent error responses are listed alongside so you can drill into a regression without leaving the dashboard.

SENAITE HealthWatch HTTP-logs tab — seven-day request volume, top sources, top paths, and recent error responses

Storage

Data.fs growth rate. Disk-free margin. Backup target size. Pack ratio (how much storage one pack actually reclaims, which tells you whether the pack is doing its job).

Scheduled tasks

ZODB pack, automated backup, cron jobs the lab depends on. Each one reports success or failure on completion. If a scheduled task silently stops running, HealthWatch notices on the next expected window.

Anomalies

Behaviour that is technically valid but statistically unusual: endpoints whose response time has drifted, a worker that retries the same task to exhaustion, kernel events that suddenly appear on a node that never used to log them, novel error signatures that have not been seen in this codebase before. The Anomalies tab buckets each one into a category (Novel, Exhausted retries, Slow endpoints, Kernel events) and rolls them up over the configured window so you can compare today against the last seven days at a glance.

SENAITE HealthWatch Anomalies tab — buckets for novel signatures, exhausted retries, slow endpoints, and kernel events

Security

Failed-login throttling, suspicious request patterns, status-code storms hammering paths that should not exist. HealthWatch’s Security tab aggregates the live HTTP log on a five-minute window, classifies each anomaly by category (sensitive paths, injection attempts, scanners, method abuse, status storms), and surfaces the top attackers as soon as a threshold trips.

SENAITE HealthWatch Security tab — auto-detected attackers and status-code storms

What happens when something fires

HealthWatch alerts forward to our central Zabbix instance. Out-of- hours alerts go to our on-call rotation. In working hours, they go to the team handling that lab’s contract.

For Professional and Enterprise customers, a customer-facing web dashboard surfaces the same data, so the lab’s IT team sees what we see. Enterprise customers get a weekly health report by email.

Clicking any event opens a side drawer with the full context: the class, the affected OID, the endpoint, the instance that emitted it, the path of the source log file, the message, and the full Python traceback. Both the message and the traceback are one click away from the clipboard, so the on-call engineer can drop a faithful record into the ticket without grepping through any log files.

SENAITE HealthWatch event drawer — full context for one ViewNotCallableError, message and traceback ready to copy

Back to the case

For the lab in the story above, the fix was straightforward once we knew what we were looking at. We identified the truncated object via a ZODB walk, repaired the reference, and the next pack ran cleanly. The Data.fs dropped from 8.4 GB back to 2.1 GB overnight. No data loss.

What was less acceptable was the months of growth before anyone noticed. If HealthWatch had been on that server, we would have caught the first failed pack the morning after it failed. That is the whole point.

What this costs

Every SENAITE Care plan includes HealthWatch. The Essential tier starts at EUR 300 per month and covers monitoring, scheduled maintenance, and email support. For most labs running SENAITE in production, this is the right floor.

If you would like to know what we would see on your installation, get in touch. We can run a one-time health audit without committing you to a plan.

What you should do this week

Whether you use HealthWatch or not, three checks worth running on your SENAITE this week:

  1. Tail the event log for the string EOFError. If you see it, your pack is probably failing.
  2. Compare du -sh on your Data.fs today with what it was three months ago. A pack that runs reduces it. If the number only grows, your pack is not running.
  3. Try a restore on a recent backup. Find out now whether the backup is restorable, not the day you need it.

The first two take a minute each. The third takes an hour and is the difference between a recoverable lab and a lost one.

Keep reading

More from the team

Article 01
SENAITE speaks HL7: senaite.astm 2.0

senaite.astm 2.0 ships an HL7 v2 over MLLP server alongside ASTM, feeds both into SENAITE through a single push consumer, and adds capture-only mode, PHI scrubbing, /stats, and production hardening.
Article 02
Introducing SENAITY: anomaly QA for SENAITE LIMS

SENAITY catches bad lab results before they leave your lab. ML-based anomaly detection, on-premise Docker, free OSS tier or Lab plan from EUR 490 per month.
Article 03
SENAITE LIMS vs commercial LIMS: what to know before choosing

Open source versus proprietary: cost, vendor lock-in, customisation, compliance, and the cases where each option is the right answer.

Bring this to your lab

Whether you are evaluating SENAITE, scaling it across sites, or wiring up instruments and monitoring, the team that wrote the platform is the team you talk to.

Start a conversation

Imprint

Responsible for the content

RIDING BYTES GmbH
Würzburger Straße 81
90766 Fürth
Germany

Tel.: +49 911 974 930 90
Email: rb@ridingbytes.com
Web: https://www.ridingbytes.com

Management

Ramon Bartl, Dipl.-Inform. (FH), MBA
Geschäftsleitung | Managing Director

Commercial register

RegistergerichtAmtsgericht Fürth
RegisternummerHRB 17318
USt-IdDE301668607

EU dispute resolution

The European Commission provides an online dispute-resolution platform at https://ec.europa.eu/consumers/odr. We are not obliged and not willing to participate in dispute-resolution proceedings before a consumer-arbitration body.

Privacy Policy

Last updated: 2026-06-04.

This is a plain static website. It runs no analytics, no advertising, no tracking pixels, no third-party tracking, no session cookies, and no remarketing. The only personal data we ever receive from this site is what you voluntarily type into our contact form.

Data controller

RIDING BYTES GmbH, Würzburger Straße 81, 90766 Fürth, Germany. Managing Director: Ramon Bartl. Contact: rb@ridingbytes.com, +49 911 974 930 90. Full details in the imprint.

What we collect

When you submit the contact form on /contact/, we receive:

That is the entire set. We do not collect your IP address, browser type, referrer, location, or any other metadata about your visit.

We process the data you submit to answer your enquiry. The legal basis is Art. 6(1)(b) GDPR (steps prior to entering a contract at your request) and, where the message is unrelated to a contract, Art. 6(1)(f) GDPR (legitimate interest in answering business correspondence).

How long we keep it

Contact-form messages live in our business inbox like any other business email. We retain them as long as the conversation may plausibly require a follow-up, and at most for the German tax / commercial-law retention periods for business correspondence (typically 6 to 10 years under §§ 257 HGB, 147 AO when the message forms part of a contractual relationship). When neither applies, we delete on request.

Processors

The contact form is delivered via Formspree (Formspree Inc., 2261 Market Street #4067, San Francisco, CA 94114, USA), which receives the form contents from your browser and forwards them to our inbox. A Data Processing Agreement is in place. Formspree’s privacy policy: https://formspree.io/legal/privacy-policy/

The website is hosted in the EU on infrastructure operated by Hostinger (Hostinger International Ltd.). Hostinger only sees the traffic required to serve the static files; we do not keep logs that identify individual visitors.

What we do not do

Webfont

We load the Nunito Sans webfont from Google Fonts. Google receives your IP address when the font is loaded. If you’d rather avoid that, any browser extension that blocks third-party requests (uBlock Origin, NoScript, etc.) prevents it; the site renders fine with a system fallback font.

Map on the contact page

The contact page embeds a map tile served by OpenStreetMap Foundation (St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom). When the page loads, your browser fetches the map tiles directly from openstreetmap.org. The foundation receives your IP address in the standard web-server log. No cookies are set, no tracking pixels are loaded.

Embedded YouTube videos

A few blog posts include a YouTube video. We do not load the video automatically. You see a static preview image hosted on our own server, and the YouTube player only loads after you click the play button.

When you click play, your browser connects to YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google receives your IP address, the URL you came from, and may set cookies. We use the privacy-enhanced youtube-nocookie.com domain, which suppresses tracking cookies until you interact with the player, but the IP transfer cannot be avoided.

You can revoke consent at any time by reloading the page; no YouTube connection will be made again until you click play.

Your rights

Under the GDPR you have the right to:

To exercise any of these rights, email rb@ridingbytes.com. We respond within one month, free of charge.

Changes to this policy

If we change this policy materially, we update the “Last updated” date at the top. Past versions are not archived publicly; ask if you need one.

Terms of Use

Last updated: 2026-06-04.

These Terms of Use (“Terms”) apply to your access of, and use of, the ridingbytes.com website. Services purchased separately (consulting, development, training, hosting, SENAITE Care, SENAITY) are governed by individual written contracts, not by these Terms.

1. Operator

RIDING BYTES GmbH, Würzburger Straße 81, 90766 Fürth, Germany. Managing Director: Ramon Bartl. Contact: rb@ridingbytes.com, +49 911 974 930 90. Registergericht Amtsgericht Fürth, HRB 17318. USt-Id DE301668607.

2. Scope

This website is informational. It describes our services, our work on the open-source SENAITE LIMS project, and provides a contact form. No sales, contracts, or payment transactions occur through this website. Engagements are entered into via separate written agreement.

3. Use of the website

You agree to use this website only for lawful purposes. You must not:

4. SENAITE LIMS

References to SENAITE LIMS on this site point to the upstream open-source project at https://github.com/senaite, which is licensed under the GNU General Public License v2 (GPLv2). Nothing on this site grants you a licence beyond what GPLv2 already provides. Our own contributions to SENAITE are released under the same licence.

5. Intellectual property

The text and visual design of this website, the brand mark, and the logo are property of RIDING BYTES GmbH. The four lab background clips used in the hero are property of their respective owners and used under our licence. Do not reproduce or redistribute the contents of this site without prior written permission.

The Nunito Sans webfont (loaded from Google Fonts) is licensed under the SIL Open Font License.

The site may link to third-party websites (GitHub, SENAITE, senaity.com, partner pages). We are not responsible for the content, privacy practices, or availability of any third-party site.

7. No warranty

The website is provided “as is” without warranty of any kind, express or implied. We do not warrant that the site will be uninterrupted, error-free, or free of viruses or other harmful components. To the maximum extent permitted by law, we disclaim all implied warranties, including merchantability and fitness for a particular purpose.

8. Limitation of liability

We are liable for intent and gross negligence without limitation. For slight negligence, we are liable only for the breach of a material contractual obligation (Kardinalpflicht), and only for foreseeable, typical contractual damages. The limitations above do not apply to claims arising from death, personal injury, or mandatory provisions of the German Product Liability Act.

9. Data protection

How we handle data submitted through the contact form is described in the Privacy Policy. We do not set cookies — see the Cookie Policy for details.

10. Governing law and jurisdiction

These Terms are governed by the laws of the Federal Republic of Germany, excluding the conflict-of-laws rules and the UN Convention on the International Sale of Goods (CISG). Place of jurisdiction for disputes arising from or in connection with these Terms is Fürth, Germany, unless mandatory consumer-protection law provides otherwise.

11. Severability

If any provision of these Terms is held to be unenforceable, the remaining provisions remain in full effect.

12. Changes to these Terms

We may update these Terms from time to time. Material changes will be reflected in the “Last updated” date at the top. Continued use of the website after a change constitutes acceptance.

Contact

Questions about these Terms: rb@ridingbytes.com.

Cookie Policy

Last updated: 2026-06-04.

We do not set cookies

This website does not set any cookies. No session cookies, no analytics cookies, no preference cookies, no third-party cookies, no consent banner required.

We do use one localStorage entry

We store a single value in your browser’s local storage:

KeyValuePurpose
rb-theme"light" or "dark"Remembers your light/dark theme choice between visits.
rb-lang-pref"auto" or "user"Remembers whether we already auto-detected your language preference, or whether you picked a language yourself. Prevents us from overriding your choice.

localStorage is not a cookie. It is per-origin, not transmitted in HTTP requests, and we cannot read it server-side. You can clear it at any time in your browser’s developer tools or site-data settings.

We do not use these things either

Third-party requests

Three third-party requests can happen, only one of them automatically:

  1. Google Fonts delivers the Nunito Sans webfont. Google receives your IP address as part of the HTTP request. We do not send Google any additional information. No cookie set.
  2. Formspree receives the contact form contents only after you explicitly submit the form. No cookie set.
  3. OpenStreetMap delivers the map tile on the contact page. OpenStreetMap receives your IP address as part of the HTTP request. No cookie is set. See the privacy policy for the full details.
  4. YouTube is not loaded automatically. Blog posts that include a video show a locally hosted preview image. The YouTube player and any YouTube cookies are only loaded after you click the play button. See the privacy policy for the full details.

Questions

Email rb@ridingbytes.com. We respond within one month.