Brian Fairchild
Programming Linux ISPConfig 2 and Monit system monitor
ISPConfig 2 and Monit system monitor
Sunday, 20 February 2011 12:44 | 
Author: Brian | 
I been recently having issues with the server dropping or going offline due to traffic. So I recently installed Monit system monitor. Here is what you will need to do in order to get Monit working on Ubuntu and ISPConfig 2. The config file also includes some options for ISPConfig 3 so you will just need to uncomment the lines you want to monitor.
How do I install monit utility for monitoring services?
Simply type the following command as the root user:
$ sudo apt-get update
$ sudo apt-get install monit
Configure monit
Open monit configuration file /etc/monit/monitrc using vi text editor:
# vi /etc/monit/monitrc
You need to set following parameters:
set daemon 120
set logfile syslog facility log_daemon
set mailserver localhost # primary mailserver
set alert
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
# receive all alerts
Save and close the file. Where,
- set daemon 120 : Start monit in background as daemon and check the services at 2-minute intervals.
- set logfile syslog facility log_daemon : Log messages in /var/log/messsages file
- set mailserver localhost : Send email alert via localmail server such as sendmail. Set list of mailservers for alert delivery. Multiple servers may be specified using comma separator. By default monit uses port 25 - it is possible to override it with the PORT option.
- set alert This e-mail address is being protected from spambots. You need JavaScript enabled to view it : You can set the alert recipients here, which will receive the alert for each service. The event alerts may be restricted using the list.
Now open /etc/default/monit file to turn on monit service:
# vi /etc/default/monit
Set startup to 1, so monit can start:
startup=1
Save and close the file. Start the monit Linux monitor tool / service:
# /etc/init.d/monit start
Here is my code:
/etc/monit/monitrc
###############################################################################
## Monit control file
###############################################################################
##
## Full docs here : http://mmonit.com/monit/documentation/monit.html
##
## Comments begin with a '#' and extend through the end of the line. Keywords
## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
##
## Below you will find examples of some frequently used statements. For
## information about the control file, a complete list of statements and
## options please have a look in the monit manual.
##
##
###############################################################################
## Global section
###############################################################################
##
## Start monit in the background (run as a daemon):
set daemon 120 # check services at 2-minute intervals
with start delay 240 # optional: delay the first check by 4-minutes
# (by default check immediately after monit start)
#
#
## Set syslog logging with the 'daemon' facility. If the FACILITY option is
## omitted, monit will use 'user' facility by default. If you want to log to
## a stand alone log file instead, specify the path to a log file
#
set logfile syslog facility log_daemon
#
#
### Set the location of monit id file which saves the unique id specific for
### given monit. The id is generated and stored on first monit start.
### By default the file is placed in $HOME/.monit.id.
#
set idfile /var/lib/.monit.id
#
### Set the location of monit state file which saves the monitoring state
### on each cycle. By default the file is placed in $HOME/.monit.state. If
### state file is stored on persistent filesystem, monit will recover the
### monitoring state across reboots. If it is on temporary filesystem, the
### state will be lost on reboot.
#
set statefile /var/.monit.state
#
## Set the list of mail servers for alert delivery. Multiple servers may be
## specified using comma separator. By default monit uses port 25 - this
## is possible to override with the PORT option.
#
set mailserver server.foobar.com, # primary mailserver
# backup.bar.baz port 10025, # backup mailserver on port 10025
localhost # fallback relay
#
#
## By default monit will drop alert events if no mail servers are available.
## If you want to keep the alerts for a later delivery retry, you can use the
## EVENTQUEUE statement. The base directory where undelivered alerts will be
## stored is specified by the BASEDIR option. You can limit the maximal queue
## size using the SLOTS option (if omitted, the queue is limited by space
## available in the back end filesystem).
#
set eventqueue
basedir /var/lib/monit # set the base directory where events will be stored
slots 100 # optionaly limit the queue size
#
#
## Send status and events to M/Monit (Monit central management: for more
## informations about M/Monit see http://www.tildeslash.com/mmonit).
#
# set mmonit http://monit:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
:8080/collector
#
#
## Monit by default uses the following alert mail format:
##
## --8<--
## From: monit@$HOST # sender
## Subject: monit alert -- $EVENT $SERVICE # subject
##
## $EVENT Service $SERVICE #
## #
## Date: $DATE #
## Action: $ACTION #
## Host: $HOST # body
## Description: $DESCRIPTION #
## #
## Your faithful employee, #
## monit #
## --8<--
##
## You can override this message format or parts of it, such as subject
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
## are expanded at runtime. For example, to override the sender:
#
set mail-format { from:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
}
#
#
## You can set alert recipients here whom will receive alerts if/when a
## service defined in this file has errors. Alerts may be restricted on
## events by using a filter as in the second example below.
#
set alert
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
# receive all alerts
# set alert
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
only on { timeout } # receive just service-
# # timeout alert
#
#
## Monit has an embedded web server which can be used to view status of
## services monitored, the current configuration, actual services parameters
## and manage services from a web interface.
#
set httpd port 2812 and
# use address localhost # only accept connection from localhost
allow localhost # allow localhost to connect to the server and
allow 192.168.1.20/255.255.255.0
allow 192.168.1.0/255.255.255.0
allow admin:monit # require user 'admin' with password 'monit'
allow @monit # allow users of group 'monit' to connect (rw)
allow @users readonly # allow users of group 'users' to connect readonly
#
#
###############################################################################
## Services
###############################################################################
##
## Check general system resources such as load average, cpu and memory
## usage. Each test specifies a resource, conditions and the action to be
## performed should a test fail.
#
check system ubuntu.brianfairchild.com
if loadavg (1min) > 4 then alert
if loadavg (5min) > 2 then alert
if memory usage > 75% then alert
if cpu usage (user) > 70% then alert
if cpu usage (system) > 30% then alert
if cpu usage (wait) > 20% then alert
#
#
## Check a file for existence, checksum, permissions, uid and gid. In addition
## to alert recipients in the global section, customized alert will be sent to
## additional recipients by specifying a local alert handler. The service may
## be grouped using the GROUP option.
#
# check file apache_bin with path /usr/local/apache/bin/httpd
# if failed checksum and
# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
# if failed permission 755 then unmonitor
# if failed uid root then unmonitor
# if failed gid root then unmonitor
# alert
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
on {
# checksum, permission, uid, gid, unmonitor
# } with the mail-format { subject: Alarm! }
# group server
#
#
## Check that a process is running, in this case Apache, and that it respond
## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
## and number of children. If the process is not running, monit will restart
## it by default. In case the service was restarted very often and the
## problem remains, it is possible to disable monitoring using the TIMEOUT
## statement. This service depends on another service (apache_bin) which
## is defined above.
#
# check process apache with pidfile /usr/local/apache/logs/httpd.pid
# start program = "/etc/init.d/httpd start" with timeout 60 seconds
# stop program = "/etc/init.d/httpd stop"
# if cpu > 60% for 2 cycles then alert
# if cpu > 80% for 5 cycles then restart
# if totalmem > 200.0 MB for 5 cycles then restart
# if children > 250 then restart
# if loadavg(5min) greater than 10 for 8 cycles then stop
# if failed host www.tildeslash.com port 80 protocol http
# and request "/monit/doc/next.php"
# then restart
# if failed port 443 type tcpssl protocol http
# with timeout 15 seconds
# then restart
# if 3 restarts within 5 cycles then timeout
# depends on apache_bin
# group server
#
#
## Check filesystem permissions, uid, gid, space and inode usage. Other services,
## such as databases, may depend on this resource and an automatically graceful
## stop may be cascaded to them before the filesystem will become full and data
## lost.
#
# check filesystem datafs with path /dev/sdb1
# start program = "/bin/mount /backup1"
# stop program = "/bin/umount /backup1"
# if failed permission 660 then unmonitor
# if failed uid root then unmonitor
# if failed gid disk then unmonitor
# if space usage > 80% for 5 times within 15 cycles then alert
# if space usage > 99% then stop
# if inode usage > 30000 then alert
# if inode usage > 99% then stop
# group server
#
#
## Check a file's timestamp. In this example, we test if a file is older
## than 15 minutes and assume something is wrong if its not updated. Also,
## if the file size exceed a given limit, execute a script
#
# check file database with path /data/mydatabase.db
# if failed permission 700 then alert
# if failed uid data then alert
# if failed gid data then alert
# if timestamp > 15 minutes then alert
# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
#
#
## Check directory permission, uid and gid. An event is triggered if the
## directory does not belong to the user with uid 0 and gid 0. In addition,
## the permissions have to match the octal description of 755 (see chmod(1)).
#
check directory bin with path /bin
if failed permission 755 then unmonitor
if failed uid 0 then unmonitor
if failed gid 0 then unmonitor
#
#
## Check a remote host network services availability using a ping test and
## check response content from a web server. Up to three pings are sent and
## connection to a port and a application level network check is performed.
#
# check host myserver with address 192.168.1.1
# if failed icmp type echo count 3 with timeout 3 seconds then alert
# if failed port 3306 protocol mysql with timeout 15 seconds then alert
# if failed url
# http://user:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
:8080/?querystring
# and content == 'action="j_security_check"'
# then alert
#
#
###############################################################################
## Includes
###############################################################################
##
## It is possible to include additional configuration parts from other files or
## directories.
#
# include /etc/monit.d/*
#
#
# Apache2
check process apache with pidfile /var/run/apache2.pid
group www
start program = "/etc/init.d/apache2 start"
stop program = "/etc/init.d/apache2 stop"
if failed port 80 protocol http then restart
if cpu is greater than 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 1500 MB for 5 cycles then restart
if children > 512 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if 3 restarts within 5 cycles then timeout
# Clamd
#check process clamd with pidfile /var/run/clamav/clamd.pid
# group virus
# start program = "/etc/init.d/clamav-daemon start"
# stop program = "/etc/init.d/clamav-daemon stop"
# if failed unixsocket /var/run/clamav/clamd.ctl then restart
# if 5 restarts within 5 cycles then timeout
# depends on clamavd_bin
# depends on clamavd_rc
#check file clamavd_bin with path /usr/sbin/clamd
# group virus
# if failed checksum then unmonitor
# if failed permission 755 then unmonitor
# if failed uid root then unmonitor
# if failed gid root then unmonitor
#check file clamavd_rc with path /etc/init.d/clamav-daemon
# group virus
# if failed checksum then unmonitor
# if failed permission 755 then unmonitor
# if failed uid root then unmonitor
# if failed gid root then unmonitor
# Courier_authdaemon
check process authdaemon with pidfile /var/run/courier/authdaemon/pid
group services
start program = "/etc/init.d/courier-authdaemon start"
stop program = "/etc/init.d/courier-authdaemon stop"
if 5 restarts within 5 cycles then timeout
# Cron
check process cron with pidfile /var/run/crond.pid
start program = "/etc/init.d/cron start"
stop program = "/etc/init.d/cron stop"
group system
depends cron_init, cron_bin
check file cron_init with path /etc/init.d/cron
group system
check file cron_bin with path /usr/sbin/cron
group system
# fail2ban
#check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
# group services
# start program = "/etc/init.d/fail2ban start"
# stop program = "/etc/init.d/fail2ban stop"
# if 5 restarts within 5 cycles then timeout
# Courier_imapd
check process imap with pidfile /var/run/courier/imapd.pid
group mail
start program = "/etc/init.d/courier-imap start"
stop program = "/etc/init.d/courier-imap stop"
if failed port 143 then restart
if 5 restarts within 5 cycles then timeout
# Courier_immapd-ssl
check process imapd-ssl with pidfile /var/run/courier/imapd-ssl.pid
group mail
start program = "/etc/init.d/courier-imap-ssl start"
stop program = "/etc/init.d/courier-imap-ssl stop"
if failed port 143 then restart
if 5 restarts within 5 cycles then timeout
# Munin-node
#check process munin-node with pidfile /var/run/munin/munin-node.pid
# group services
# start program = "/etc/init.d/munin-node start"
# stop program = "/etc/init.d/munin-node stop"
# if 5 restarts within 5 cycles then timeout
#MyDNS
#check process named with pidfile /var/lib/named/var/run/bind/run/named.pid
# start program = "/etc/init.d/bind9 start"
# stop program = "/etc/init.d/bind9 stop"
# if failed host 127.0.0.1 port 53 then alert
# if 5 restarts within 5 cycles then timeout
# MySQL
#check process mysql with pidfile /var/run/mysqld/mysqld.pid
# group database
# start program = "/etc/init.d/mysql start"
# stop program = "/etc/init.d/mysql stop"
# if failed host 127.0.0.1 port 3306 protocol mysql then restart
# if 5 restarts within 5 cycles then timeout
# Courier_pop3d
check process pop3 with pidfile /var/run/courier/pop3d.pid
group mail
start program = "/etc/init.d/courier-pop start"
stop program = "/etc/init.d/courier-pop stop"
if failed port 110 then restart
if 5 restarts within 5 cycles then timeout
# Courier_pop3-ssl
check process pop3-ssl with pidfile /var/run/courier/pop3d-ssl.pid
group mail
start program = "/etc/init.d/courier-pop-ssl start"
stop program = "/etc/init.d/courier-pop-ssl stop"
if failed port 995 then restart
if 5 restarts within 5 cycles then timeout
#postfix
check process postfix with pidfile /var/spool/postfix/pid/master.pid
group mail
start program = "/etc/init.d/postfix start"
stop program = "/etc/init.d/postfix stop"
if failed port 25 protocol smtp then restart
if 5 restarts within 5 cycles then timeout
depends on postfix_rc
check file postfix_rc with path /etc/init.d/postfix
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor
#Proftpd
check process proftpd with pidfile /var/run/proftpd.pid
start program "/etc/init.d/proftpd start"
stop program "/etc/init.d/proftpd stop"
if failed host 127.0.0.1 port 21 then restart
if 5 restarts within 5 cycles then timeout
# SSHd
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/ssh start"
stop program "/etc/init.d/ssh stop"
#if failed port 22 protocol ssh then restart
if failed port 22 then restart
if 5 restarts within 5 cycles then timeout
# Spamassassin
#check process spamd with pidfile /var/run/spamd.pid
# group mail
# start program = "/etc/init.d/spamassassin start"
# stop program = "/etc/init.d/spamassassin stop"
# if 5 restarts within 5 cycles then timeout
# if cpu usage > 99% for 5 cycles then alert
# if mem usage > 99% for 5 cycles then alert
#check file spamd_bin with path /usr/sbin/spamd
# group mail
# if failed checksum then unmonitor
# if failed permission 755 then unmonitor
# if failed uid root then unmonitor
# if failed gid root then unmonitor
# check file spamd_rc with path /etc/init.d/spamassassin
# group mail
# if failed checksum then unmonitor
# if failed permission 755 then unmonitor
# if failed uid root then unmonitor
# if failed gid root then unmonitor
# Rsyslogd
check process syslogd with pidfile /var/run/rsyslogd.pid
start program = "/etc/init.d/rsyslog start"
stop program = "/etc/init.d/rsyslog stop"
if 5 restarts within 5 cycles then timeout
check file syslogd_file with path /var/log/syslog
# check host ftp.ubuntu.com with address ftp.ubuntu.com
# if failed icmp type echo with timeout 15 seconds
# then alert
# if failed port 21 protocol ftp
# then exec "/usr/bin/xmessage -display
# :0 ftp connection failed"
# alert
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Last Updated (Sunday, 20 February 2011 13:08)