-
-
Notifications
You must be signed in to change notification settings - Fork 1
HOWTO coldsetup 09_monit
steveoro edited this page Apr 26, 2021
·
1 revision
References:
(@ remote server)
$> sudo apt update
$> sudo apt install monit# Check Configurations
$> sudo monit -t
# Output
$> Control file syntax OK
# Reload Monit - Use to reload monit after configuration changes
$> sudo monit reload
# Output
$> Reinitializing monit daemon
# Start All Programs - Needs HTTP interface
$> sudo monit start all
# Monit Status - It prints the status of Monit Server - Needs HTTP interface
$> sudo monit status
# Monit Summary - Needs HTTP interface
$> sudo monit summary
# Enable Monit
$> sudo systemctl enable monit
# Disable Monit
$> sudo systemctl disable monit
# Start Monit
$> sudo systemctl start monit
# OR
$> sudo service monit start
# Stop Monit
$> sudo systemctl stop monit
# OR
$> sudo service monit stop
# Restart Monit
$> sudo systemctl restart monit
# OR
$> sudo service monit restart
# Reload Monit
$> sudo systemctl reload monit
# OR
$> sudo service monit reload# Backup config file
sudo cp /etc/monit/monitrc /etc/monit/monitrc.bak
# Update config file
sudo vi /etc/monit/monitrcThe first example below will enable Monit UI at http://localhost:2812:
# ...
## --8<--
set mail-format {
from: Monit <[email protected]>
subject: monit alert -- $EVENT $SERVICE
message: $EVENT Service $SERVICE
Date: $DATE
Action: $ACTION
Host: $HOST
Description: $DESCRIPTION
Your faithful employee,
Monit
}
## --8<--
# ...
# Monit has an embedded HTTP interface which can be used to view status of
# services monitored and manage services from a web interface. The HTTP
# interface is also required if you want to issue Monit commands from the
# command line, such as 'monit status' or 'monit restart service' The reason
# for this is that the Monit client uses the HTTP interface to send these
# commands to a running Monit daemon. See the Monit Wiki if you want to
# enable SSL for the HTTP interface.
# Localhost example:
set httpd port 2812 and
use address localhost # only accept connection from localhost (drop if you use M/Monit)
allow localhost # allow localhost to connect to the server and
# allow admin:monit # require user 'admin' with password 'monit'
# #with ssl { # enable SSL/TLS and set path to server certificate
# # pemfile: /etc/ssl/certs/monit.pem
# #}
# ...OR...
# Production server example:
set httpd port 11000 and
# use address localhost # only accept connection from localhost (drop if you use M/Monit)
# use address master-goggles.org
allow localhost # allow localhost to connect to the server and
allow <REMOTE_IP_FOR_CONNECTION>
# allow 0.0.0.0/0.0.0.0 # allow any remote IP address
allow admin:monit # require user 'admin' with password 'monit'
with ssl { # enable SSL/TLS and set path to server certificate
pemfile: /path/to/secure/certs/server.pem
}
# Test configuration changes
$> sudo monit -t
# Restart/Reload Monit
$> sudo systemctl restart monit
# OR
$> sudo monit reload
# View Logs
$> tail /var/log/monit.logFor production usage, open the used port:
$> sudo ufw allow 11000
$> sudo ufw status
$> sudo ufw reloadEnable or edit the configuration file in conf-available:
# Simple enable:
$> sudo ln -s /etc/monit/conf-available/apache2 /etc/monit/conf-enabled/
# Disable conf:
$> sudo rm /etc/monit/conf-enabled/apache2
# OR
$> sudo unlink /etc/monit/conf-enabled/apache2
# Check syntax:
$> monit -tEnable or edit the configuration file in conf-available:
$> sudo vi /etc/monit/conf-available/myprocessUpdate the file:
check process myprocess
matching "myprocess"
start program = "/etc/init.d/myprocess start"
stop program = "/usr/bin/killall myprocess"Enable/disable conf:
$> sudo ln -s /etc/monit/conf-available/myprocess /etc/monit/conf-enabled/
# Disable conf - if saved in conf-available
$> sudo rm /etc/monit/conf-enabled/myprocess
# OR
$> sudo unlink /etc/monit/conf-enabled/myprocess
# Check syntax
$> monit -t
# Reload Monit
$> sudo /etc/init.d/monit reload
# OR
$> sudo systemctl reload monit
# OR
$> sudo service monit reloadJust the modified parts: (sudo vi /etc/monit/monitrc)
# ...
## Set global SSL options (just most common options showed, see manual for
## full list).
set ssl {
verify : enable # verify SSL certificates (disabled by default but STRONGLY RECOMMENDED)
# selfsigned : allow # allow self signed SSL certificates (reject by default)
}
set mailserver localhost # primary mailserver
# ...
set alert [email protected] not on { instance, action }
# ...
## --8<--
set mail-format {
from: Monit <[email protected]>
subject: monit alert -- $EVENT $SERVICE
message: $EVENT Service $SERVICE
Date: $DATE
Action: $ACTION
Host: $HOST
Description: $DESCRIPTION
Your faithful employee,
Monit
}
## --8<--
# ...
set httpd port 2812 and
use address localhost # only accept connection from localhost (drop if you use M/Monit)
allow localhost # allow localhost to connect to the server and
# Enabling anything from below will yield issues with a simple `monit status`:
# allow admin:monit # require user 'admin' with the password specified
# with ssl { # enable SSL/TLS and set path to server private key certificate
# pemfile: /etc/letsencrypt/live/master-goggles.org/privkey.pem
# }
# ...
##
## Services
##
check system $HOST
if loadavg (1min) per core > 2 for 5 cycles then alert
if loadavg (5min) per core > 1.5 for 10 cycles then alert
if cpu usage > 95% for 10 cycles then alert
if memory usage > 85% then alert
if swap usage > 50% then alert
Enabled configs:
- just Apache (enabling also Postfix monitoring is quite pointless in this case)
- no additional open ports
-
monit statusworks only from localhost (w/o PEMs or Auth)
Round up:
$> sudo ln -s /etc/monit/conf-available/apache2 /etc/monit/conf-enabled/
$> monit reload
$> monit status