Monitoring with Monit
Setup instructions and configuration examples for Monit on Ubuntu 20.04.
Amavais | Apache | atd | Avahi | ClamAV | cron | cups | Dovecot | Elasticsearch | Fail2ban | Kibana | memcached | MongoDB | Munin | MySQL | named | NoMachine | OpenVPN | Postfix | postgrey | Pure-FTPd | Redis | rsyslogd | Samba | Smartmontools | Squid | ssh | Webmin |
apt install monit
Enable Monit webinterface
vi /etc/monit/monitrc
.
.
.
set daemon 120 # Überwachung der Dienste alle 120 Sekunden
set mailserver localhost
set mail-format { from: [email protected] }
set alert [email protected]
set httpd port 2812 and
use address localhost # only accept connection from localhost (drop if you use M/Monit)
allow localhost # allow localhost to connect to the server and
#allow admin:monit # require user 'admin' with password 'monit'
#with ssl { # enable SSL/TLS and set path to server certificate
# pemfile: /etc/ssl/certs/monit.pem
#}
.
.
.
include /etc/monit/conf.d/*
include /etc/monit/conf-enabled/*Restart Monit
service monit restart
netstat -tulp|grep monit
tcp 0 0 localhost:2812 0.0.0.0:* LISTEN 64499/monit
tcp6 0 0 ip6-localhost:2812 [::]:* LISTEN 64499/monitCheck Monit status
service monit status
● monit.service - LSB: service and resource monitoring daemon
Loaded: loaded (/etc/init.d/monit; generated)
Active: active (running) since Sun 2022-05-29 16:48:10 CEST; 3min 4s ago
Docs: man:systemd-sysv-generator(8)
Process: 64476 ExecStart=/etc/init.d/monit start (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 38283)
Memory: 2.6M
CGroup: /system.slice/monit.service
└─64499 /usr/bin/monit -c /etc/monit/monitrc
Mai 29 16:48:10 host.name.xx systemd[1]: Starting LSB: service and resource monitoring daemon...
Mai 29 16:48:10 host.name.xx monit[64476]: * Starting daemon monitor monit
Mai 29 16:48:10 host.name.xx monit[64476]: ...done.
Mai 29 16:48:10 host.name.xx systemd[1]: Started LSB: service and resource monitoring daemon.Monit is now up and running.
tail -f /var/log/monit.log tail -f /var/log/syslog | grep monit
Apache Reverse Proxy
Create Apache config file for Monit
vi /etc/apache2/conf-available/monit.conf
ProxyRequests Off
ProxyPass /monit/ http://localhost:2812/
ProxyPassReverse /monit/ http://localhost:2812/Enable config
a2enconf monit a2enmod proxy proxy_http
Restart Apache
service apache2 restart
ISPConfig
vi /etc/apache/sites-enabled/000-apps.vhost
.
.
.
<Location /rspamd>
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteRule ^/rspamd$ /rspamd/ [R,L]
RewriteRule ^/rspamd/(.*) http://127.0.0.1:11334/$1 [P]
# Monit
RewriteRule ^/monit$ /monit/ [R,L]
RewriteRule ^/monit/(.*) http://127.0.0.1:2812/$1 [P]
</VirtualHost>Open Browser
http://server.xx/monit or https://server.xx:8081/monit
Configure Monit
The config files for each service are located in /etc/monit/conf-available. To activate them, just create a symlink to /etc/monit/conf-enabled, restart Monit and start all services.
service monit restart && monit start all && sleep 3 && monit summary | grep Process | sort
Check Monit syntax
monit -t
Control file syntax OKAmavis
Create config
vi /etc/monit/conf-available/amavisd
check process amavisd with pidfile /var/run/amavis/amavisd.pid
group mail
start program = "/etc/init.d/amavis start"
stop program = "/etc/init.d/amavis stop"
if failed port 10024 protocol smtp then restart
if failed port 10026 then restart
if 5 restarts within 25 cycles then timeout
depends on amavisd_bin
depends on amavisd_rc
check file amavisd_bin with path /usr/sbin/amavisd-new
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor
check file amavisd_rc with path /etc/init.d/amavis
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitorCreate symlink
ln -s /etc/monit/conf-available/amavisd /etc/monit/conf-enabled
Apache
Create symlink
ln -s /etc/monit/conf-available/apache2 /etc/monit/conf-enabled
Adjust ports
vi /etc/monit/conf-available/apache2
check process apache with pidfile /var/run/apache2/apache2.pid
group www
group apache
start program = "/etc/init.d/apache2 start"
stop program = "/etc/init.d/apache2 stop"
if 4 restarts within 20 cycles then timeout
if failed host localhost port 80 with protocol http and request "/server-status" with timeout 25 seconds for 4 times within 5 cycles then restart
if failed port 443 then restart
depend apache_bin
depend apache_rc
check file apache_bin with path /usr/sbin/apache2
group apache
include /etc/monit/templates/rootbin
check file apache_rc with path /etc/init.d/apache2
group apache
include /etc/monit/templates/rootbinatd
Create symlink
ln -s /etc/monit/conf-available/at /etc/monit/conf-enabled
Avahi
Create configfile
vi /etc/monit/conf-available/avahi
check process avahi with pidfile /var/run/avahi-daemon/pid
start program = "/etc/init.d/avahi-daemon start"
stop program = "/etc/init.d/avahi-daemon stop"
if failed host localhost port 5353 type UDP then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/avahi /etc/monit/conf-enabledClamAV
Create configfile
vi /etc/monit/conf-available/clamd
check process clamd with pidfile /var/run/clamav/clamd.pid
group virus
start program = "/etc/init.d/clamav-daemon start"
stop program = "/etc/init.d/clamav-daemon stop"
if failed unixsocket /var/run/clamav/clamd.ctl then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/clamd /etc/monit/conf-enabled
Enable PIDfile for ClamAV
vi /etc/clamav/clamd.conf
.
.
.
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.ctl
TCPSocket 3310
TCPAddr localhost
# https://betatim.github.io/posts/clamav-memory-usage/
ConcurrentDatabaseReload no
.
.
.Restart clamd
service clamav-daemon restart && service clamav-daemon status
cron
Create symlink
ln -s /etc/monit/conf-available/cron /etc/monit/conf-enabled
cups
Create configfile
vi /etc/monit/conf-available/cups
check process cups
matching "cups"
start program = "/etc/init.d/cups start"
stop program = "/etc/init.d/cups stop"
if failed host localhost port 631 then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/cups /etc/monit/conf-enabled
Dovecot
Create configfile
vi /etc/monit/conf-available/dovecot
check process dovecot with pidfile /var/run/dovecot/master.pid
start program = "/etc/init.d/dovecot start"
stop program = "/etc/init.d/dovecot stop"
group mail
if failed host localhost port 993 type tcpssl sslauto protocol imap for 5 cycles then restart
if failed port 110 then restart
if failed port 995 then restart
depends dovecot_init
depends dovecot_bin
check file dovecot_init with path /etc/init.d/dovecot
group mail
check file dovecot_bin with path /usr/sbin/dovecot
group mailCreate symlink
ln -s /etc/monit/conf-available/dovecot /etc/monit/conf-enabled
Elasticsearch
Creat configfile
vi /etc/monit/conf-available/elasticsearch
check process elasticsearch with pidfile /var/run/elasticsearch/elasticsearch.pid
start program = "/bin/systemctl start elasticsearch.service"
stop program = "/bin/systemctl stop elasticsearch.service"
if failed host 127.0.0.1 port 9200 then restart
if failed host 127.0.0.1 port 9300 then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/elasticsearch /etc/monit/conf-enabled
Fail2ban
Create configfile
vi /etc/monit/conf-available/fail2ban
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
group services
start program = "/etc/init.d/fail2ban force-start"
stop program = "/etc/init.d/fail2ban stop"
if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart
if 5 restarts within 5 cycles then timeout
check file fail2ban_log with path /var/log/fail2ban.log
if match "ERROR|WARNING" then alertCreate symlink
ln -s /etc/monit/conf-available/fail2ban /etc/monit/conf-enabled
Kibana
Create configfile
vi /etc/monit/conf-available/kibana
check process kibana with pidfile /var/run/kibana/kibana.pid
start program = "/bin/systemctl start kibana.service"
stop program = "/bin/systemctl stop kibana.service"
if failed host 127.0.0.1 port 5601 then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/kibana /etc/monit/conf-enabled
memcached
Adjust path to PID file
vi /etc/monit/conf-available/memcached
check process memcached with pidfile /var/run/memcached/memcached.pid
group cache
group memcached
start program = "/etc/init.d/memcached start"
stop program = "/etc/init.d/memcached stop"
if failed host 127.0.0.1 port 11211 and protocol memcache then restart
if cpu > 60% for 2 cycles then alert
if cpu > 98% for 5 cycles then restart
if 5 restarts within 20 cycles then timeout
depend memcache_bin
depend memcache_rc
check file memcache_bin with path /usr/bin/memcached
group memcached
include /etc/monit/templates/rootbin
check file memcache_rc with path /etc/init.d/memcached
group memcached
include /etc/monit/templates/rootbinCreate symlink
ln -s /etc/monit/conf-available/memcached /etc/monit/conf-enabled
MongoDB
Create configfile
vi /etc/monit/conf-available/mongodb
check process mongodb
matching "mongod"
start program = "/etc/init.d/mongodb start"
stop program = "/etc/init.d/mongodb stop"
if failed host localhost port 27017 then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/mongodb /etc/monit/conf-enabled
Munin
Create configfile
vi /etc/monit/conf-available/munin
check process munin with pidfile /var/run/munin/munin-node.pid
start program = "/usr/sbin/service munin-node start"
stop program = "/usr/sbin/service munin-node stop"
if failed host 127.0.0.1 port 4949 then restartCreate symlink
ln -s /etc/monit/conf-available/munin /etc/monit/conf-enabled
MySQL
Create symlink
ln -s /etc/monit/conf-available/mysql /etc/monit/conf-enabled
named
Create configfile
vi /etc/monit/conf-available/named
check process named with pidfile /var/run/named/named.pid start program = "/etc/init.d/named start" stop program = "/etc/init.d/named stop" if failed host 127.0.0.1 port 53 type tcp protocol dns then restart if failed host 127.0.0.1 port 53 type udp protocol dns then restart if failed host 127.0.0.1 port 953 type tcp then restart if 5 restarts within 5 cycles then timeout
Create symlink
ln -s /etc/monit/conf-available/named /etc/monit/conf-enabled
NoMachine
Create configfile
vi /etc/monit/conf-available/nxd
check process nxd with pidfile /usr/NX/var/run/nxd.pid
start program = "/etc/NX/nxserver --start nxd"
stop program = "/etc/NX/nxserver --stop nxd"
if failed host 127.0.0.1 port 4000 then restartCreate symlink
ln -s /etc/monit/conf-available/nxd /etc/monit/conf-enabled
OpenVPN
Create configfile
vi /etc/monit/conf-available/openvpn
check process openvpn with pidfile /var/run/openvpn/server.pid
start program = "/etc/init.d/openvpn start"
stop program = "/etc/init.d/openvpn stop"
if failed host 127.0.0.1 port 1194 type udp then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/openvpn /etc/monit/conf-enabled
Postfix
Create symlink
ln -s /etc/monit/conf-available/postfix /etc/monit/conf-enabled
postgrey
Create configfile
vi /etc/monit/conf-available/postgrey
check process postgrey with pidfile /var/run/postgrey.pid
group mailserver
start program "/etc/init.d/postgrey start"
stop program "/etc/init.d/postgrey stop"
if failed host localhost port 10023 then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/postgrey /etc/monit/conf-enabledPure-FTPd
Create configfile
vi /etc/monit/conf-available/pure-ftpd
check process pure-ftpd-mysql with pidfile /var/run/pure-ftpd/pure-ftpd.pid
start program = "/etc/init.d/pure-ftpd-mysql start"
stop program = "/etc/init.d/pure-ftpd-mysql stop"
if failed port 21 protocol ftp then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/pure-ftpd /etc/monit/conf-enabled
Redis
Create configfile
vi /etc/monit/conf-available/redis
check host localhost with address 127.0.0.1
if failed port 6379 protocol redis then alert
check process redis-server with pidfile "/var/run/redis/redis-server.pid"
start program = "/etc/init.d/redis-server start"
stop program = "/etc/init.d/redis-server stop"
if failed host 127.0.0.1 port 6379 then restart
if 5 restarts within 5 cycles then timeoutCreate symlink
ln -s /etc/monit/conf-available/redis /etc/monit/conf-enabled
rsyslogd
Enable PID file for rsyslogd
vi /etc/systemd/system/syslog.service
[Unit]
Description=System Logging Service
Requires=syslog.socket
Documentation=man:rsyslogd(8)
Documentation=https://www.rsyslog.com/doc/
[Service]
Type=notify
#ExecStart=/usr/sbin/rsyslogd -n -iNONE
ExecStart=/usr/sbin/rsyslogd -n -i/var/run/rsyslogd.pid
StandardOutput=null
Restart=on-failure
# Increase the default a bit in order to allow many simultaneous
# files to be monitored, we might need a lot of fds.
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
Alias=syslog.serviceRestart syslog
service syslog restart
Reload units
systemctl daemon-reload
Create configfile
/var/log/syslog belongs to Unix user „syslog“ with UID 104 on Ubuntu, and not root. Otherwise rsyslog will not be monitored by Monit.
vi /etc/monit/conf-available/rsyslogd
check process rsyslogd with pidfile /var/run/rsyslogd.pid
group system
group rsyslogd
start program = "/etc/init.d/rsyslog start"
stop program = "/etc/init.d/rsyslog stop"
if 5 restarts with 5 cycles then timeout
depend on rsyslogd_bin
depend on rsyslogd_rc
depend on rsyslog_file
check file rsyslogd_bin with path /usr/sbin/rsyslogd
group rsyslogd
include /etc/monit/templates/rootbin
check file rsyslogd_rc with path "/etc/init.d/rsyslog"
group rsyslogd
include /etc/monit/templates/rootbin
check file rsyslog_file with path /var/log/syslog
group rsyslogd
# Note: activate the immark plugin for rsyslog if
# your system is too low on events.
if timestamp > 65 minutes then alert
if failed permission 640 then unmonitor
# if failed uid root then unmonitor
if failed uid 104 then unmonitor
if failed gid adm then unmonitorCreate symlink
ln -s /etc/monit/conf-available/rsyslog /etc/monit/conf-enabled
Samba
Create configfile for smbd
vi /etc/monit/conf-available/smbd
check process smbd with pidfile /var/run/samba/smbd.pid
group samba
start program = "/etc/init.d/smbd start"
stop program = "/etc/init.d/smbd stop"
if failed host localhost port 445 type TCP then restartCreate symlinc
ln -s /etc/monit/conf-available/smbd /etc/monit/conf-enabled
Create configfile for nmbd
vi /etc/monit/conf-available/nmbd
check process nmbd with pidfile /var/run/samba/nmbd.pid
group samba
start program = "/etc/init.d/nmbd start"
stop program = "/etc/init.d/nmbd stop"
if failed host localhost port 138 type UDP then restart
if failed host localhost port 137 type UDP then restartCreate symlink
ln -s /etc/monit/conf-available/nmbd /etc/monit/conf-enabled
Smartmontools
Create symlink
ln -s /etc/monit/conf-available/smartmontools /etc/monit/conf-enabled
Enable PID file for smartd
vi /etc/systemd/system/smartd.service
[Unit]
Description=Self Monitoring and Reporting Technology (SMART) Daemon
Documentation=man:smartd(8) man:smartd.conf(5)
[Service]
Type=notify
EnvironmentFile=-/etc/default/smartmontools
ExecStart=/usr/sbin/smartd -n $smartd_opts -p /var/run/smartd.pid
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
Alias=smartd.serviceRestart smartd
service smartd restart
Reload units
systemctl daemon-reload
Squid
Create configfile
vi /etc/monit/conf-available/squid
check process squid with pidfile /var/run/squid.pid
group proxy
depends on squid_bin
depends on squid_rc
start program = "/etc/init.d/squid start"
stop program = "/etc/init.d/squid stop"
if failed host localhost port 3128 then restart
# if 5 restarts within 5 cycles then timeout
check file squid_bin with path /usr/sbin/squid
group proxy
if failed checksum then alert
if failed permission 755 then alert
if failed uid root then alert
if failed gid root then alert
check file squid_rc with path /etc/init.d/squid
group proxy
if failed checksum then alert
if failed permission 755 then alert
if failed uid root then alert
if failed gid root then alertCreate symlink
ln -s /etc/monit/conf-available/squid /etc/monit/conf-enabled
ssh
Disable DSA key
vi /etc/monit/conf-available/openssh-server
check process sshd with pidfile /var/run/sshd.pid
group system
group sshd
start program = "/etc/init.d/ssh start"
stop program = "/etc/init.d/ssh stop"
if failed host localhost port 22 with proto ssh then restart
if 5 restarts with 5 cycles then timeout
depend on sshd_bin
depend on sftp_bin
depend on sshd_rc
depend on sshd_rsa_key
# depend on sshd_dsa_key
check file sshd_bin with path /usr/sbin/sshd
group sshd
include /etc/monit/templates/rootbin
check file sftp_bin with path /usr/lib/openssh/sftp-server
group sshd
include /etc/monit/templates/rootbin
check file sshd_rsa_key with path /etc/ssh/ssh_host_rsa_key
group sshd
include /etc/monit/templates/rootstrict
# check file sshd_dsa_key with path /etc/ssh/ssh_host_dsa_key
# group sshd
# include /etc/monit/templates/rootstrict
check file sshd_rc with path /etc/ssh/sshd_config
group sshd
include /etc/monit/templates/rootrcCreate symlink
ln -s /etc/monit/conf-available/openssh-server /etc/monit/conf-enabled
Webmin
Create configfile
vi /etc/monit/conf-available/webmin
check process webmin with pidfile /var/webmin/miniserv.pid
group webmin
start program = "/usr/sbin/service webmin start"
stop program = "/usr/sbin/service webmin stop"
if failed host 127.0.0.1 port 10000 then restartCreate symlink
ln -s /etc/monit/conf-available/webmin /etc/monit/conf-enabled
