Install Monit - be sure your services are running

T

his tutorial works for CentOS only. For your specific OS tutorial use the tags or serach function in the sidebar area.

 

Monit is using to monitor services on Linux. It will start the service automatically if it's down for any reason. Our version 5.5-1 comes from rpmforge repository if you don't have this repo configured visit earlier tutorial System update using 'yum'

 

Installation:

$ yum install monit

$ yum install monit
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: centos.mirror.constant.com
* epel: mirror.umd.edu
* extras: mirror.umd.edu
* remi: mirrors.mediatemple.net
* rpmforge: mirror.teklinks.com
* updates: mirror.symnds.com
1208 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package monit.i686 0:5.5-1.el6.rf will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================
Package Arch Version Repository Size
==============================================================================
Installing:
monit i686 5.5-1.el6.rf rpmforge 262 k

Transaction Summary
==============================================================================
Install 1 Package(s)

Total download size: 262 k
Installed size: 686 k
Is this ok [y/N]: y
Downloading Packages:
monit-5.5-1.el6.rf.i686.rpm | 262 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : monit-5.5-1.el6.rf.i686 1/1
Verifying : monit-5.5-1.el6.rf.i686 1/1

Installed:
monit.i686 0:5.5-1.el6.rf

Complete!
 

Check if monit will run on start

$ chkconfig monit --list

 
[root@server][/etc/monit.d]
$ chkconfig monit --list
monit 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 

it's OK. If it's not ----> $ chkconfig monit on

Now directly to configuration

$ nano /etc/monit.conf

uncomment logging (remove #)

# set logfile syslog facility log_daemon
 

uncomment and set mailserver

# set mailserver mail.yourdomain.com
 

uncomment and set an e-mail where alerts will be sent to

# set alert you@yourdomain.com
 

specify port, user and password to get into webgui

set httpd port 2812 and
allow myuser:mypassword
 

Now example checks:

instead xxx.xxx.xxx.xxx enter your VPS IP address

i.e.

check system xxx.xxx.xxx.xxx
if loadavg (1min) > 4 then alert
if loadavg (5min) > 2 then alert
if memory usage > 95% then alert
if cpu usage (user) > 70% then alert
if cpu usage (wait) > 20% then alert
 

Save and quit.

rest of the services configurations will be in /etc/monit.d/ directory

 

Open port in firewall

now, before we configure rest of the services we will need to open 2812 port for access web interface:

If you're using be.admin firewall script

$ nano /etc/init.d/firewall

simply add after #10 rule this rule

# 11) Monit - web access
for OURIP in ${SERVER_IPS}; do
${FWIN} -p tcp -d ${OURIP} --dport 2812 ${OK}
done
 

if you don't use our script :

iptables -A INPUT -p tcp --dport 2812 -j ACCEPT
 

Reload iptables rules or if you're using fail2ban and our firewall script

$ service firewall restart && service fail2ban restart

Start Monit

$ service monit start

$ service monit start
Starting monit: monit: generated unique Monit id 775d95333a8a26e4b836d5dd00ee73cc and stored to '/var/monit/id'
Starting monit daemon with http interface at [*:2812]
[ OK ]
 

And access web-gui in your browser typing http://_your_vps_ip_or_domain:2812

Voila, now it's time to configure other services.

 

We will take care of:

  1. Apache
  2. MySQL
  3. Fail2Ban
  4. SSH

the rest is up to you.

We have to create monit configs in /etc/monit.d/ to corresponding services

 

Apache service

$ nano /etc/monit.d/apache

Paste below code and make changes:

check process apache with pidfile /var/run/httpd/httpd.pid
group jtkirk
start program = "/etc/init.d/httpd start"
stop program = "/etc/init.d/httpd stop"
if failed host yourdomain.com port 80 protocol http and request "/vps_token" then restart
if cpu is greater than 60% for 2 cycles then alert
if cpu > 90% for 5 cycles then restart
if totalmem > 970 MB for 5 cycles then restart
if children > 350 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if 3 restarts within 5 cycles then timeout
 

Create under yourdomain.com file vps_token with text 'online_check' inside only.
This will be our file for fetching by uptime robots in the future - now we make use of it too
i.e.
$ echo "online_check" >> /var/www/html/domains/yourdomain.com/public_html/vps_token

- change jtkirk to your apache user
- change yourdomain.com to your domain or IP
- this set is more or less for 1024MB VPS

Save and exit.

 

MySQL service

$ nano /etc/monit.d/mysql

Paste below code:

check process mysql with pidfile /var/run/mysqld/mysqld.pid
group mysql
start program = "/sbin/service mysqld start"
stop program = "/sbin/service mysqld stop"
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout
 

Save and exit.

 

Fail2Ban service

$ nano /etc/monit.d/fail2ban

Paste below code:

check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
start program "/sbin/service fail2ban start"
stop program "/sbin/service fail2ban stop"
if 5 restarts within 5 cycles then timeout
 

Save and exit.

 

SSH Service

$ nano /etc/monit.d/ssh

Paste below code and make changes:

check process sshd with pidfile /var/run/sshd.pid
start program "/sbin/service sshd start"
stop program "/sbin/service sshd stop"
if failed host 127.0.0.1 port xxxx protocol ssh then restart
if 5 restarts within 5 cycles then timeout
 

- instead of xxxx enter your SSHD port number

Save and exit.

 

Restart monit.

$ service monit restart

[root@server][/etc/monit.d]
$ service monit restart
Stopping monit: [ OK ]
Starting monit: Starting monit daemon with http interface at [*:2812]
[ OK ]
 

And see by ourself in web-gui.