Weblog entry #32 for Steve
See all weblog entries made by Steve.
After fixing up and posting hardik's article on Monit I've setup my own system monitoring.
I'm monitoring:
- Apache2
- Bind
- ClamAV
- Exim4
- MySQL
- OpenSSH
Here's the /etc/monit/monitrc file I used:
check process apache with pidfile /var/run/apache2.pid
start program = "/etc/init.d/apache2 start"
stop program = "/etc/init.d/apache2 stop"
if failed host 127.0.0.1 port 80
protocol http then restart
if 5 restarts within 5 cycles then timeout
check process mysql with pidfile /var/run/mysqld/mysqld.pid
group database
start program = "/etc/init.d/mysql start"
stop program = "/etc/init.d/mysql stop"
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/ssh start"
stop program "/etc/init.d/ssh stop"
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeout
check process named with pidfile /var/run/named.pid
start program = "/etc/init.d/bind start"
stop program = "/etc/init.d/bind stop"
if failed host 127.0.0.1 port 53 type tcp then alert
if failed host 127.0.0.1 port 53 type udp then alert
if 5 restarts within 5 cycles then timeout
check process exim4 with pidfile /var/run/exim4/exim.pid
start program = "/etc/init.d/exim4 start"
stop program = "/etc/init.d/exim4 stop"
if failed host 127.0.0.1 port 25 protocol smtp then alert
if 5 restarts within 5 cycles then timeout
check process clamavd with pidfile /var/run/clamav/clamd.pid
start program = "/etc/init.d/clamav-daemon start"
stop program = "/etc/init.d/clamav-daemon stop"
if failed unixsocket /var/run/clamav/clamd.ctl then restart
if 5 restarts within 5 cycles then timeout
I've been meaning to setup this for a while, but it is something I've never gotten around to.
Comments on this Entry
With Cheers,
Hardik Dalwadi.
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
You're most welcome. Thanks to you for inspiring me to setup my own monitoring!
Steve
--
[ Parent | Reply to this comment ]
:!
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Yeah I guess that's a little strange.
If SMTP is broken on port 25 then mail will not be delivered via the first mailserver - but monit can be configured to use more than one SMTP server, so all is good:
set mailserver mail.tildeslash.com, mail.foo.bar port 10025, localhost with timeout 15 secondsHere monit will first try to connect to the server ``mail.tildeslash.com'', if this server is down monit will try ``mail.foo.bar'' on port 10025 and finally ``localhost''.
(This is taken straight from the online manual.)
Steve
--
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
I could certainly do that on the front page for the 'Read More / Post Comments' link (along with the random links on the sidebar, and the 'next' + 'previous' articles) - is that what you mean?
Updating all the links contained in weblog engries, or comments would be a massive hand-editting job though, and wouldn't happen.
Steve
--
[ Parent | Reply to this comment ]
No worries.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Just allow 127.0.0.1 and that will allow loopback connections - which should be sufficient to allow monitoring and keeping the SSH deamon secure.
[ Parent | Reply to this comment ]
start program = "/etc/init.d/exim4 start"
stop program = "/etc/init.d/exim4 stop"
if failed host 127.0.0.1 port 25 protocol smtp then alert
if 5 restarts within 5 cycles then timeout
will this actually attempt to restart exim? or just alert?
I have this setup on my webserver but I currently have two checks for mail where one restarts and one alerts, but if above does both I can trim down the connects on port 25 to one.
Thanks,
Derek
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
It will do both.
[ Parent | Reply to this comment ]
check process varnish with pidfile /var/run/varnishd.pid
start program = "/etc/init.d/varnish start"
stop program = "/etc/init.d/varnish stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if failed host 127.0.0.1 port 80 protocol http
then restart
if 3 restarts within 5 cycles then timeout
check process lighttpd with pidfile /var/run/lighttpd.pid
start program = "/etc/init.d/lighttpd start"
stop program = "/etc/init.d/lighttpd stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if failed host 127.0.0.1 port 82 protocol http
then restart
if failed host 127.0.0.1 port 443 type tcpssl protocol http
with timeout 15 seconds
then restart
if 3 restarts within 5 cycles then timeout
Thanks again, you helped a lot, hopefully these notes will help others.
fak3r
http://fak3r.com
[ Parent | Reply to this comment ]
I would not want my server to stop trying to start ssh, its so mutch easyer to get to your shell with ssh then to drive to the serverlocation in the middle of the night with a keyboard and monitor in your backpack.
[ Parent | Reply to this comment ]