Weblog entry #32 for Steve
See all weblog entries made by Steve.
After fixing up and posting hardik's article on Monit I've setup my own system monitoring.
I'm monitoring:
- Apache2
- Bind
- ClamAV
- Exim4
- MySQL
- OpenSSH
Here's the /etc/monit/monitrc file I used:
check process apache with pidfile /var/run/apache2.pid
start program = "/etc/init.d/apache2 start"
stop program = "/etc/init.d/apache2 stop"
if failed host 127.0.0.1 port 80
protocol http then restart
if 5 restarts within 5 cycles then timeout
check process mysql with pidfile /var/run/mysqld/mysqld.pid
group database
start program = "/etc/init.d/mysql start"
stop program = "/etc/init.d/mysql stop"
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/ssh start"
stop program "/etc/init.d/ssh stop"
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeout
check process named with pidfile /var/run/named.pid
start program = "/etc/init.d/bind start"
stop program = "/etc/init.d/bind stop"
if failed host 127.0.0.1 port 53 type tcp then alert
if failed host 127.0.0.1 port 53 type udp then alert
if 5 restarts within 5 cycles then timeout
check process exim4 with pidfile /var/run/exim4/exim.pid
start program = "/etc/init.d/exim4 start"
stop program = "/etc/init.d/exim4 stop"
if failed host 127.0.0.1 port 25 protocol smtp then alert
if 5 restarts within 5 cycles then timeout
check process clamavd with pidfile /var/run/clamav/clamd.pid
start program = "/etc/init.d/clamav-daemon start"
stop program = "/etc/init.d/clamav-daemon stop"
if failed unixsocket /var/run/clamav/clamd.ctl then restart
if 5 restarts within 5 cycles then timeout
I've been meaning to setup this for a while, but it is something I've never gotten around to.
Comments on this Entry
With Cheers,
Hardik Dalwadi.
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
You're most welcome. Thanks to you for inspiring me to setup my own monitoring!
Steve
--
[ Parent | Reply to this comment ]
:!
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Yeah I guess that's a little strange.
If SMTP is broken on port 25 then mail will not be delivered via the first mailserver - but monit can be configured to use more than one SMTP server, so all is good:
set mailserver mail.tildeslash.com, mail.foo.bar port 10025, localhost with timeout 15 secondsHere monit will first try to connect to the server ``mail.tildeslash.com'', if this server is down monit will try ``mail.foo.bar'' on port 10025 and finally ``localhost''.
(This is taken straight from the online manual.)
Steve
--
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
I could certainly do that on the front page for the 'Read More / Post Comments' link (along with the random links on the sidebar, and the 'next' + 'previous' articles) - is that what you mean?
Updating all the links contained in weblog engries, or comments would be a massive hand-editting job though, and wouldn't happen.
Steve
--
[ Parent | Reply to this comment ]
No worries.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Just allow 127.0.0.1 and that will allow loopback connections - which should be sufficient to allow monitoring and keeping the SSH deamon secure.
[ Parent | Reply to this comment ]
start program = "/etc/init.d/exim4 start"
stop program = "/etc/init.d/exim4 stop"
if failed host 127.0.0.1 port 25 protocol smtp then alert
if 5 restarts within 5 cycles then timeout
will this actually attempt to restart exim? or just alert?
I have this setup on my webserver but I currently have two checks for mail where one restarts and one alerts, but if above does both I can trim down the connects on port 25 to one.
Thanks,
Derek
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
It will do both.
[ Parent | Reply to this comment ]
check process varnish with pidfile /var/run/varnishd.pid
start program = "/etc/init.d/varnish start"
stop program = "/etc/init.d/varnish stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if failed host 127.0.0.1 port 80 protocol http
then restart
if 3 restarts within 5 cycles then timeout
check process lighttpd with pidfile /var/run/lighttpd.pid
start program = "/etc/init.d/lighttpd start"
stop program = "/etc/init.d/lighttpd stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if failed host 127.0.0.1 port 82 protocol http
then restart
if failed host 127.0.0.1 port 443 type tcpssl protocol http
with timeout 15 seconds
then restart
if 3 restarts within 5 cycles then timeout
Thanks again, you helped a lot, hopefully these notes will help others.
fak3r
http://fak3r.com
[ Parent | Reply to this comment ]