Server Monitoring With munin And monit On Debian Etch

Version 1.0
Author: Falko Timme
Last edited 04/24/2007

In this article I will describe how you can monitor your Debian Etch server with munin and monit. munin produces nifty little graphics about nearly every aspect of your server (load average, memory usage, CPU usage, MySQL throughput, eth0 traffic, etc.) without much configuration, whereas monit checks the availability of services like Apache, MySQL, Postfix and takes the appropriate action such as a restart if it finds a service is not behaving as expected. The combination of the two gives you full monitoring: graphics that let you recognize current or upcoming problems (like "We need a bigger server soon, our load average is increasing rapidly."), and a watchdog that ensures the availability of the monitored services.

Although munin lets you monitor more than one server, we will only discuss the monitoring of the system where it is installed here.

This tutorial was written for Debian Etch, but the configuration should apply to other distributions with little changes as well.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

Our system's hostname is server1.example.com, and we have a web site www.example.com on it with the document root /var/www/www.example.com/web.

 

2 Install And Configure munin

To install munin on Debian Etch, we do this:

apt-get install munin munin-node

Next, we must edit the munin configuration file /etc/munin/munin.conf. We want munin to put its output into the directory /var/www/www.example.com/web/monitoring, therefore we change the value of htmldir, and we want it to use the name server1.example.com instead of localhost.localdomain in the HTML output, therefore we replace localhost.localdomain with server1.example.com. Without the comments, the changed file looks like this:

vi /etc/munin/munin.conf

dbdir   /var/lib/munin
htmldir /var/www/www.example.com/web/monitoring
logdir  /var/log/munin
rundir  /var/run/munin

tmpldir /etc/munin/templates

[server1.example.com]
    address 127.0.0.1
    use_node_name yes

Next we create the directory /var/www/www.example.com/web/monitoring and change its ownership to the user and group munin, otherwise munin cannot place its output in that directory. Then we restart munin:

mkdir -p /var/www/www.example.com/web/monitoring
chown munin:munin /var/www/www.example.com/web/monitoring
/etc/init.d/munin-node restart

Now wait a few minutes so that munin can produce its first output, and then go to http://www.example.com/monitoring/ in your browser, and you see the first statistics. After a few days this could look like this:

(This is just a small excerpt of the many graphics that munin produces...)

 

3 Password-Protect The munin Output Directory (Optional)

Now it is a good idea to password-protect the directory /var/www/www.example.com/web/monitoring unless you want everybody to be able to see every little statistic about your server.

To do this, we create an .htaccess file in /var/www/www.example.com/web/monitoring:

vi /var/www/www.example.com/web/monitoring/.htaccess

AuthType Basic
AuthName "Members Only"
AuthUserFile /var/www/www.example.com/.htpasswd
<limit GET PUT POST>
require valid-user
</limit>

Then we must create the password file /var/www/www.example.com/.htpasswd. We want to log in with the username admin, so we do this:

htpasswd -c /var/www/www.example.com/.htpasswd admin

Enter a password for admin, and you're done!

Share this page:

5 Comment(s)

Add comment

Comments

From: at: 2007-10-10 02:39:42

Monit was not starting for me, and I found the error by looking at:

 tail /var/log/syslog

 which said "monit: /etc/monit/monitrc:123: Error: syntax error '"monit/token"'

 and I realized that the token file was actually at "/web/monit/token" and after making that change to /etc/monit/monitrc monit started properly. 

Others may set their root web directory to be /web and will not experience this problem, but for those who don't this is a fix.

From: at: 2008-02-29 19:41:06

I have munin and monit installed on my ISPConfi Servers and also Prelude/Prewikka - follwoing the HowTos on this site. Now, Prewikka gives web access to Prelude, OSSEC and Snort, but Munin, ISPConfig and Monit are still separate websites. So I thought why not use the generated Munin Overview screen as a linkscreen to all the different programs for all my servers?

As the Munin screens are generated, it is not a question of adjusting simple html. You need to edit /etc/munin/templates/munin-overview.tmpl. You will see some pseudo HTML code with many variables, which are obviously replaced at generation time. We will need to make adjustments in the middle:

 <TMPL_LOOP NAME="DOMAINS">
 <ul>
  <li><span class="domain"><a href="<TMPL_VAR NAME="DOMAIN">/index.html"><TMPL_VAR ESCAPE="HTML" NAME="DOMAIN"></a></span><TMPL_IF NAME="COMPARE"> :: [ <a href="<TMPL_VAR NAME="DOMAIN">/comparison-day.html">day</a> <a href="<TMPL_VAR NAME="DOMAIN">/comparison-week.html">week</a> <a href="<TMPL_VAR NAME="DOMAIN">/comparison-month.html">month</a> <a href="<TMPL_VAR NAME="DOMAIN">/comparison-year.html">year</a> ]</TMPL_IF>
      <ul>
        <TMPL_LOOP NAME="NODES">
        <li><span class="host"><a href="<TMPL_VAR NAME="DOMAIN">/<TMPL_VAR NAME="NODE">.html"><TMPL_VAR ESCAPE="HTML" NAME="NODE"></a></span> ::
        [ <TMPL_LOOP NAME="CATEGORIES"><a <TMPL_IF NAME="STATE_WARNING">class="warn"</TMPL_IF> <TMPL_IF NAME="STATE_CRITICAL">class="crit"</TMPL_IF> href="<TMPL_VAR NAME="DOMAIN">/<TMPL_VAR NAME="NODE">.html#<TMPL_VAR NAME="NAME">"><TMPL_VAR ESCAPE="HTML" NAME="NAME"></a> </TMPL_LOOP> <a target="_blank" href="https://<TMPL_VAR NAME="NODE">:2812/">Monit</a> <a target="_blank" href="https://<TMPL_VAR NAME="NODE">:81/">ISPConfig</a> ]</li>
        </TMPL_LOOP>
        <li><span class="host"><a target="_blank" href="https://prelude.<TMPL_VAR NAME="DOMAIN">">Prewikka Console</a></li>
 </ul>
   </li>
 </ul>
 </TMPL_LOOP>

The code in bold will generate the link to Monit and ISPConfig respective. The code in bold and italic will generate the link to prewikka/prelude, but assumes you created a subdomain (or a co-domain in ISPConfig) of the name prelude.yourdomain.com. The 'yourdomain.com' is replaced at runtime with the real name - in my case a .net domain actually - not .com.

From: Eder Gobbi at: 2008-10-17 12:34:24

But, if the process set "zombie", and do not runing? The pid are yet in the /var/run...

From: Anonymous coward at: 2008-12-06 04:42:44

dont forget to run "monit -t" to verify monit.conf syntax.

From: enderst at: 2008-12-24 18:04:42

how about instead of 'cat /dev/null > /etc/monit/monitrc'

use '>  /etc/monit/monitrc'