Server Monitoring With munin And monit On Debian Lenny - Page 2

4 Install And Configure monit

To install monit, we do this:

aptitude install monit

Now we must edit /etc/monit/monitrc. The default /etc/monit/monitrc has lots of examples, and you can find more configuration examples on http://mmonit.com/monit/documentation/. However, in my case I want to monitor proftpd, sshd, mysql, apache, and postfix, I want to enable the monit web interface on port 2812, I want a https web interface, I want to log in to the web interface with the username admin and the password test, and I want monit to send email alerts to root@localhost, so my file looks like this:

cp /etc/monit/monitrc /etc/monit/monitrc_orig
cat /dev/null > /etc/monit/monitrc
vi /etc/monit/monitrc

set daemon  60
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format { from: monit@server1.example.com }
set alert root@localhost
set httpd port 2812 and
     SSL ENABLE
     PEMFILE  /var/certs/monit.pem
     allow admin:test

check process proftpd with pidfile /var/run/proftpd.pid
   start program = "/etc/init.d/proftpd start"
   stop program  = "/etc/init.d/proftpd stop"
   if failed port 21 protocol ftp then restart
   if 5 restarts within 5 cycles then timeout

check process sshd with pidfile /var/run/sshd.pid
   start program  "/etc/init.d/ssh start"
   stop program  "/etc/init.d/ssh stop"
   if failed port 22 protocol ssh then restart
   if 5 restarts within 5 cycles then timeout

check process mysql with pidfile /var/run/mysqld/mysqld.pid
   group database
   start program = "/etc/init.d/mysql start"
   stop program = "/etc/init.d/mysql stop"
   if failed host 127.0.0.1 port 3306 then restart
   if 5 restarts within 5 cycles then timeout

check process apache with pidfile /var/run/apache2.pid
   group www
   start program = "/etc/init.d/apache2 start"
   stop program  = "/etc/init.d/apache2 stop"
   if failed host www.example.com port 80 protocol http
      and request "/monit/token" then restart
   if cpu is greater than 60% for 2 cycles then alert
   if cpu > 80% for 5 cycles then restart
   if totalmem > 500 MB for 5 cycles then restart
   if children > 250 then restart
   if loadavg(5min) greater than 10 for 8 cycles then stop
   if 3 restarts within 5 cycles then timeout

check process postfix with pidfile /var/spool/postfix/pid/master.pid
   group mail
   start program = "/etc/init.d/postfix start"
   stop  program = "/etc/init.d/postfix stop"
   if failed port 25 protocol smtp then restart
   if 5 restarts within 5 cycles then timeout

(Please make sure that you check processes only that really exist on your server - otherwise monit won't start. I.e., if you tell monit to check Postfix, but Postfix isn't installed on the system, monit won't start.)

The configuration file is pretty self-explaining; if you are unsure about an option, take a look at the monit documentation: http://mmonit.com/monit/documentation/monit.html

In the apache part of the monit configuration you find this:

   if failed host www.example.com port 80 protocol http
      and request "/monit/token" then restart

which means that monit tries to connect to www.example.com on port 80 and tries to access the file /monit/token which is /var/www/www.example.com/web/monit/token because our web site's document root is /var/www/www.example.com/web. If monit doesn't succeed it means Apache isn't running, and monit is going to restart it. Now we must create the file /var/www/www.example.com/web/monit/token and write some random string into it:

mkdir /var/www/www.example.com/web/monit
echo "hello" > /var/www/www.example.com/web/monit/token

Next we create the pem cert (/var/certs/monit.pem) we need for the SSL-encrypted monit web interface:

mkdir /var/certs
cd /var/certs

We need an OpenSSL configuration file to create our certificate. It can look like this:

vi /var/certs/monit.cnf

# create RSA certs - Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = MO

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Monitoria

localityName                    = Locality Name (eg, city)
localityName_default            = Monittown

organizationName                = Organization Name (eg, company)
organizationName_default        = Monit Inc.

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Dept. of Monitoring Technologies

commonName                      = Common Name (FQDN of your server)
commonName_default              = server.monit.mo

emailAddress                    = Email Address
emailAddress_default            = root@monit.mo

[ cert_type ]
nsCertType = server

Now we create the certificate like this:

openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem

openssl gendh 512 >> /var/certs/monit.pem

openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem

chmod 700 /var/certs/monit.pem

Afterwards we edit /etc/default/monit to enable the monit daemon. Change startup to 1 and set CHECK_INTERVALS to the interval in seconds that you would like monit to check your system. I choose 60 (seconds) so my file looks like this:

vi /etc/default/monit

# Defaults for monit initscript
# sourced by /etc/init.d/monit
# installed at /etc/default/monit by maintainer scripts
# Fredrik Steen <stone@debian.org>

# You must set this variable to for monit to start
startup=1

# To change the intervals which monit should run uncomment
# and change this variable.
CHECK_INTERVALS=60

Finally, we can start monit:

/etc/init.d/monit start

Now point your browser to https://www.example.com:2812/ (make sure port 2812 isn't blocked by your firewall), log in with admin and test, and you should see the monit web interface. It should look like this:

(Main Screen)

(Apache Status Page)

Depending on your configuration in /etc/monit/monitrc monit will restart your services if they fail and send notification emails if process IDs of services change, etc.

Have fun!

 

5 Links

Share this page:

11 Comment(s)

Add comment

Comments

From: Andrei V. Toutoukine at: 2010-03-01 11:30:30

munin @ Debian/lenny

Symptoms:  no pictures on http://www.example.con/monitoring after /etc/init.d/munin-node restart

Specify a hostname in /etc/munin/munin.node.conf:

 host_name server1.example.com

Restart munin again.

From: at: 2010-02-25 19:13:09

It would be any problem to use this guide with ispconfig 3?  I like various graphical monitoring tools ... :-)

From: at: 2010-03-03 20:16:35

Hi Nikola

I used this howto on ISPConfig3 Yesterday on a debian setup having install ISPConfig3 using the perfect server guide. It all worked well with just a couple of points to note.

When I added the site to be used for munin through the control panel it hadn't added www in front of the domain name so I needed to remove that throughout;

eg:

/var/www/www.yourdomain.com/web

becomes

/var/www/yourdomain.com/web

Then on the second page setting up monit, you'll have to comment out the lines regarding proftpd as ISPConfig3 uses pureftpd. If you don't monit will not start.

 Hope this helps

David

 

From: Marlos at: 2010-03-10 22:29:43

Hi guys,

now I using http://www.bijk.com for server performance monitoring and Alerts and i'm happy.

Bijk.com is FREE web-service for monitoring group of servers online, with online show performance graphs.

Bijk.com is ready for Cloud servers, Debian Servers and Ubuntu servers.

From: Anonymous at: 2010-03-27 21:24:01

unfortunately giving away login for a monitoring service will not be accepted by most security aware linux admins. why not publish your root login at facebook and ask your "friends" to monitor your server 

however, one more really interesting target. 

From: Anonymous at: 2012-07-08 08:11:28

Suggest you don't know what  "free" means.

 http://www.bijk.com/pricing

 

From: shivlu jain at: 2010-02-26 05:40:25

The post is wonderful. Have you written a article for NMS in linux. If yes, please the same.

 regards

 shivlu jain

 http://www.mplsvpn.info

From: Klevo at: 2012-12-03 08:48:07

Great

From: Ben at: 2010-03-05 11:33:03

Why not use Cacti as an alternative ... it's much easier to set up (apt-get install cacti) and is managed through a web interface rather than editing conf files ... it has a massive community and a plugin architecture to make it monitor any device you want and configure alerts etc ...

From: Gunnar at: 2010-08-16 22:05:04

I strongly prefer Munin. First, it is way more versatile, it is very easy to create new plugins for it - As an example of all the things that can be graphed with a ~20 line script, take a look at DebConf's monitoring, i.e. the totals for our attendee database's requirements. Second, while Cacti is very strong on finding your network's topology and creating the needed graphs, it is IMO a bit more lacking for host-oriented graphs. Also, monitoring can involve some actions which require running with high privileges. It just is way safer to have all of your configuration in a root-controlled directory, not database-stored and modifiable through the Web interface.

From: Tobias B. at: 2013-08-22 11:27:19

Hi, as the attributes of /var/www/www.example.com/ directory changed to be not writable, the .htpasswd File must be created in /var/www/www.example.com/private/ So: vi /var/www/www.example.com/web/monitoring/.htaccess AuthUserFile /var/www/www.example.com/.htpasswd should be: AuthUserFile /var/www/www.example.com/private/.htpasswd and htpasswd -c /var/www/www.example.com/.htpasswd admin should be htpasswd -c /var/www/www.example.com/private/.htpasswd admin