Server Monitoring With munin And monit On CentOS 5.2 - Page 2

5 Install And Configure monit

Next we install monit:

yum install monit

Then we create the system startup links for monit:

chkconfig --levels 235 monit on

monit's default configuration file is /etc/monit.conf where you can find some configuration examples (you can find more configuration examples on http://mmonit.com/wiki/Monit/ConfigurationExamples) that are all commented out, but it tells monit to also look in the directory /etc/monit.d for configuration files, therefore instead of modifying /etc/monit.conf, we create a new configuration file /etc/monit.d/monitrc. In my case I want to monitor proftpd, sshd, mysql, apache, and postfix, I want to enable the monit web interface on port 2812, I want a https web interface, I want to log in to the web interface with the username admin and the password test, and I want monit to send email alerts to root@localhost, so my file looks like this:

vi /etc/monit.d/monitrc

set daemon  60
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format { from: monit@server1.example.com }
set alert root@localhost
set httpd port 2812 and
     SSL ENABLE
     PEMFILE  /var/certs/monit.pem
     allow admin:test

check process proftpd with pidfile /var/run/proftpd.pid
   start program = "/etc/init.d/proftpd start"
   stop program  = "/etc/init.d/proftpd stop"
   if failed port 21 protocol ftp then restart
   if 5 restarts within 5 cycles then timeout

check process sshd with pidfile /var/run/sshd.pid
   start program  "/etc/init.d/sshd start"
   stop program  "/etc/init.d/sshd stop"
   if failed port 22 protocol ssh then restart
   if 5 restarts within 5 cycles then timeout

check process mysql with pidfile /var/run/mysqld/mysqld.pid
   group database
   start program = "/etc/init.d/mysqld start"
   stop program = "/etc/init.d/mysqld stop"
   if failed host 127.0.0.1 port 3306 then restart
   if 5 restarts within 5 cycles then timeout

check process apache with pidfile /var/run/httpd.pid
   group www
   start program = "/etc/init.d/httpd start"
   stop program  = "/etc/init.d/httpd stop"
   if failed host www.example.com port 80 protocol http
      and request "/monit/token" then restart
   if cpu is greater than 60% for 2 cycles then alert
   if cpu > 80% for 5 cycles then restart
   if totalmem > 500 MB for 5 cycles then restart
   if children > 250 then restart
   if loadavg(5min) greater than 10 for 8 cycles then stop
   if 3 restarts within 5 cycles then timeout

check process postfix with pidfile /var/spool/postfix/pid/master.pid
   group mail
   start program = "/etc/init.d/postfix start"
   stop  program = "/etc/init.d/postfix stop"
   if failed port 25 protocol smtp then restart
   if 5 restarts within 5 cycles then timeout

(Please make sure that you check processes only that really exist on your server - otherwise monit won't start. I.e., if you tell monit to check Postfix, but Postfix isn't installed on the system, monit won't start.)

The configuration file is pretty self-explaining; if you are unsure about an option, take a look at the monit documentation: http://mmonit.com/monit/documentation/monit.html

In the apache part of the monit configuration you find this:

   if failed host www.example.com port 80 protocol http
      and request "/monit/token" then restart

which means that monit tries to connect to www.example.com on port 80 and tries to access the file /monit/token which is /var/www/www.example.com/web/monit/token because our web site's document root is /var/www/www.example.com/web. If monit doesn't succeed it means Apache isn't running, and monit is going to restart it. Now we must create the file /var/www/www.example.com/web/monit/token and write some random string into it:

mkdir /var/www/www.example.com/web/monit
echo "hello" > /var/www/www.example.com/web/monit/token

Next we create the pem cert (/var/certs/monit.pem) we need for the SSL-encrypted monit web interface:

mkdir /var/certs
cd /var/certs

We need an OpenSSL configuration file to create our certificate. It can look like this:

vi /var/certs/monit.cnf

# create RSA certs - Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = MO

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Monitoria

localityName                    = Locality Name (eg, city)
localityName_default            = Monittown

organizationName                = Organization Name (eg, company)
organizationName_default        = Monit Inc.

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Dept. of Monitoring Technologies

commonName                      = Common Name (FQDN of your server)
commonName_default              = server.monit.mo

emailAddress                    = Email Address
emailAddress_default            = root@monit.mo

[ cert_type ]
nsCertType = server

Now we create the certificate like this:

openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem

openssl gendh 512 >> /var/certs/monit.pem

openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem

chmod 700 /var/certs/monit.pem

Finally, we can start monit:

/etc/init.d/monit start

Now point your browser to https://www.example.com:2812/ (make sure port 2812 isn't blocked by your firewall), log in with admin and test, and you should see the monit web interface. It should look like this:

(Main Screen)

(Apache Status Page)

Depending on your configuration in /etc/monit.d/monitrc monit will restart your services if they fail and send notification emails if process IDs of services change, etc.

Have fun!

 

6 Links

Share this page:

11 Comment(s)

Add comment

Comments

From: Matthew at: 2009-05-11 13:07:53

Latest packages of munin place html to /var/www/html/munin

nano /etc/httpd/conf.d/munin.conf    and paste the following (change *  to the ip of your pc)

 Alias /monitoring /var/www/html/munin

<Location /usage>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    Allow from *.*.*.*
</Location>

 

 +After restart Apache deamon

service httpd restart

From: Anonymous at: 2010-05-29 02:56:21

These steps are not solving problem with the munin install on centos. I tried and go through each step but same result. Its giving me the same error as mention aboved. So it means these steps are not worth it. Dont follow these steps.

From: Anonymous at: 2010-06-03 07:40:01

I don't mean to be rude, but if you can't figure this out I don't know if you will have any luck using the stats this produces.

 Let's pretend you have a Vhost in apache called mycoolsite.com with a docroot of /www/mycoosite.com/docs

 Ok... all you do is create a directory called /www/mycoolsite.com/docs/monitoring

Change ownership and group to munin or just do chmod 777 monitoring

 Munin will put html/image files inside whatever directory you tell it to in the config, and you access it by putting in the web address to that directory (in this case www.mycoolsite.com/monitoring)

 Bottom line, create a new directory inside of a website you already have setup and running, then set the munin conf to use that directory, then access the stats by accessing that website/directory.

From: tracepath at: 2010-10-19 15:35:24

I followed all steps but i have i problem. The output folder is /var/www/html/egw/web/monitoring and when i put "hostname.server.com/egw/web/monitoring" is empty. No charts.

 What can i do ?

Thanks

From: jindowin at: 2009-05-03 08:07:02

can u help me clearly?

i get error the same..but i dont know where i have to "include /html"

From: jindowin at: 2009-05-03 08:14:29

i get error when i type to my browser:

Not Found

The requested URL /monitoring/ was not found on this server.


Apache/2.2.3 (CentOS) Server at www.example.com Port 80
 
 
can u help me? do i need install apache before install munin?

 

From: Anonymous at: 2009-02-01 16:46:50

By changing the ownership to munin you are unable to see the content. Also you need to include /html

From: Haider at: 2009-02-27 16:27:30

Hello 

 

I'd installed munin monitoring tool in centos 5.2

I'd completed all the step, but when i open my web browser and try to access 

www.example.com 

i get error 

NOT Found

The Request URL/ monitoring/ was not found on this server

Can u please help me out 

 

From: royalcharlie at: 2011-02-18 12:25:39

Followed instructions and encountered a problem that just got solved due to comments from an anonymous. Many thanks to you!

Am using centos 5.5 64-bit.
and only changed htmldir to /var/www/html/munin

Waited for a while and checked via browser only to get a link to localhost and that's it. Nothing else is displayed. Checked the logs and the munin directory itself and there are files being created. Tried rebooting but no effect.

Read through the steps again and this time including the comments and read about editing /etc/httpd/conf.d/munin.conf and noticed that the alias is pointing to /var/www/munin rather than /var/www/html/munin.

After changing this and restarting apache daemon... the munin site is working. Cheers.

From: ahmet at: 2011-08-30 19:38:33

This is my working way if you have more then one web site
Centos 6.0

vim /etc/munin/munin.conf

 dbdir  /var/lib/munin
 htmldir /var/www/html/munin
 logdir /var/log/munin
 rundir  /var/run/munin
#
# Where to look for the HTML templates
 tmpldir    /etc/munin/templates

# (Exactly one) directory to include all files from.
#
includedir /etc/munin/munin-conf.d

# a simple host tree
#[x86-10.phx2.fedoraproject.org]
#    address 127.0.0.1
#    use_node_name yes

[www.example.com]
    address 127.0.0.1
    use_node_name yes



vim /etc/httpd/conf/httpd.conf


DocumentRoot "/var/www/html/munin"
ServerName monin.example.com
<Directory "/var/www/html/munin">
allow from all
Options +Indexes
</Directory>



Enter http://monin.example.com/

 

From: Anonymous at: 2009-04-14 11:17:18

Small Correction;

for a centos 5.2 box, the logfile setting should be;

set logfile /var/log/monit.log

 This is because there is no var/log/syslog log in centos 5.2. The messages do appear in

/var/log/messages ( not all ) but its just better to log to a separate file to make troubleshooting easier.