Server Monitoring With munin And monit On Mandriva 2008.0 - Page 2
4 Install And Configure monit
monit seems to be available only in certain Mandriva contrib_backports repositories; I found it in the carroll.cac.psu.edu repository, so we must enable this now:
urpmi.addmedia contrib_backports ftp://carroll.cac.psu.edu/pub/linux/distributions/mandrivalinux/official/2008.0/i586/media/contrib/backports with media_info/hdlist.cz
You can try other contrib_backports repositories with the help of http://easyurpmi.zarb.org, but if they don't contain monit, you must remove the contrib_backports repository that you've chosen like this...
... and try another contrib_backports repository.
Afterwards we install monit:
monit's default configuration file is /etc/monitrc where you can find some configuration examples (you can find more configuration examples on http://www.tildeslash.com/monit/doc/examples.php) that are all commented out. We open that file now and uncomment the include /etc/monit.d/* line at the end:
This tells monit to also look in the directory /etc/monit.d for configuration files, therefore instead of modifying /etc/monitrc, we create a new configuration file /etc/monit.d/monitrc. In my case I want to monitor proftpd, sshd, mysql, apache, and postfix, I want to enable the monit web interface on port 2812, I want a https web interface, I want to log in to the web interface with the username admin and the password test, and I want monit to send email alerts to root@localhost, so my file looks like this:
(Please make sure that you check processes only that really exist on your server - otherwise monit won't start. I.e., if you tell monit to check Postfix, but Postfix isn't installed on the system, monit won't start.)
The configuration file is pretty self-explaining; if you are unsure about an option, take a look at the monit documentation: http://www.tildeslash.com/monit/doc/manual.php
In the apache part of the monit configuration you find this:
which means that monit tries to connect to www.example.com on port 80 and tries to access the file /monit/token which is /var/www/www.example.com/web/monit/token because our web site's document root is /var/www/www.example.com/web. If monit doesn't succeed it means Apache isn't running, and monit is going to restart it. Now we must create the file /var/www/www.example.com/web/monit/token and write some random string into it:
Next we create the pem cert (/var/certs/monit.pem) we need for the SSL-encrypted monit web interface:
We need an OpenSSL configuration file to create our certificate. It can look like this:
Now we create the certificate like this:
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
openssl gendh 512 >> /var/certs/monit.pem
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
chmod 700 /var/certs/monit.pem
Finally, we can start monit:
Now point your browser to https://www.example.com:2812/ (make sure port 2812 isn't blocked by your firewall), log in with admin and test, and you should see the monit web interface. It should look like this:
(Apache Status Page)
Depending on your configuration in /etc/monit.d/monitrc monit will restart your services if they fail and send notification emails if process IDs of services change, etc.