Monitoring with Monit

Setup instructions and configuration examples for Monit on Ubuntu 20.04.

Amavais | Apache | atd | Avahi | ClamAV | cron | cups | Dovecot | Elasticsearch | Fail2ban | Kibana | memcached | MongoDB | Munin | MySQL | named | NoMachine | OpenVPN | Postfix | postgrey | Pure-FTPd | Redis | rsyslogd | Samba | Smartmontools | Squid | ssh | Webmin |

apt install monit

Enable Monit webinterface

vi /etc/monit/monitrc
.
.
.
set daemon 120             # Überwachung der Dienste alle 120 Sekunden

set mailserver localhost

set mail-format { from: [email protected] }

set alert [email protected]

set httpd port 2812 and
    use address localhost  # only accept connection from localhost (drop if you use M/Monit)
    allow localhost        # allow localhost to connect to the server and
    #allow admin:monit     # require user 'admin' with password 'monit'
    #with ssl {            # enable SSL/TLS and set path to server certificate
    #    pemfile: /etc/ssl/certs/monit.pem
    #}
.
.
.
include /etc/monit/conf.d/*
include /etc/monit/conf-enabled/*

Restart Monit

service monit restart
netstat -tulp|grep monit
tcp        0      0 localhost:2812          0.0.0.0:*               LISTEN      64499/monit         
tcp6       0      0 ip6-localhost:2812      [::]:*                  LISTEN      64499/monit

Check Monit status

service monit status
● monit.service - LSB: service and resource monitoring daemon
     Loaded: loaded (/etc/init.d/monit; generated)
     Active: active (running) since Sun 2022-05-29 16:48:10 CEST; 3min 4s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 64476 ExecStart=/etc/init.d/monit start (code=exited, status=0/SUCCESS)
      Tasks: 2 (limit: 38283)
     Memory: 2.6M
     CGroup: /system.slice/monit.service
             └─64499 /usr/bin/monit -c /etc/monit/monitrc

Mai 29 16:48:10 host.name.xx systemd[1]: Starting LSB: service and resource monitoring daemon...
Mai 29 16:48:10 host.name.xx monit[64476]:  * Starting daemon monitor monit
Mai 29 16:48:10 host.name.xx monit[64476]:    ...done.
Mai 29 16:48:10 host.name.xx systemd[1]: Started LSB: service and resource monitoring daemon.

Monit is now up and running.

tail -f /var/log/monit.log

tail -f /var/log/syslog | grep monit

Configure Monit

The config files for each service are located in /etc/monit/conf-available. To activate them, just create a symlink to /etc/monit/conf-enabled, restart Monit and start all services.

service monit restart && monit start all && sleep 3 && monit summary | grep Process | sort

Check Monit syntax

monit -t
Control file syntax OK

Amavis

Create config

vi /etc/monit/conf-available/amavisd
check process amavisd with pidfile /var/run/amavis/amavisd.pid
   group mail
   start program = "/etc/init.d/amavis start"
   stop  program = "/etc/init.d/amavis stop"
   if failed port 10024 protocol smtp then restart
   if failed port 10026 then restart
   if 5 restarts within 25 cycles then timeout
   depends on amavisd_bin
   depends on amavisd_rc

check file amavisd_bin with path /usr/sbin/amavisd-new
   group mail
   if failed checksum then unmonitor
   if failed permission 755 then unmonitor
   if failed uid root then unmonitor
   if failed gid root then unmonitor

check file amavisd_rc with path /etc/init.d/amavis
   group mail
   if failed checksum then unmonitor
   if failed permission 755 then unmonitor
   if failed uid root then unmonitor
   if failed gid root then unmonitor

Create symlink

ln -s /etc/monit/conf-available/amavisd /etc/monit/conf-enabled

Apache

Create symlink

ln -s /etc/monit/conf-available/apache2 /etc/monit/conf-enabled

Adjust ports

vi /etc/monit/conf-available/apache2
check process apache with pidfile /var/run/apache2/apache2.pid
   group www
   group apache
   start program = "/etc/init.d/apache2 start"
   stop program  = "/etc/init.d/apache2 stop"
   if 4 restarts within 20 cycles then timeout
   if failed host localhost port 80 with protocol http and request "/server-status" with timeout 25 seconds for 4 times within 5 cycles then restart
   if failed port 443 then restart
   depend apache_bin
   depend apache_rc

check file apache_bin with path /usr/sbin/apache2
   group apache
   include /etc/monit/templates/rootbin

check file apache_rc with path /etc/init.d/apache2
   group apache
   include /etc/monit/templates/rootbin

atd

Create symlink

ln -s /etc/monit/conf-available/at /etc/monit/conf-enabled

Avahi

Create configfile

vi /etc/monit/conf-available/avahi
check process avahi with pidfile /var/run/avahi-daemon/pid
  start program = "/etc/init.d/avahi-daemon start"
  stop program = "/etc/init.d/avahi-daemon stop"
  if failed host localhost port 5353 type UDP then restart
  if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/avahi /etc/monit/conf-enabled

ClamAV

Create configfile

vi /etc/monit/conf-available/clamd
check process clamd with pidfile /var/run/clamav/clamd.pid
  group virus
  start program = "/etc/init.d/clamav-daemon start"
  stop program = "/etc/init.d/clamav-daemon stop"
  if failed unixsocket /var/run/clamav/clamd.ctl then restart
  if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/clamd /etc/monit/conf-enabled

Enable PIDfile for ClamAV

vi /etc/clamav/clamd.conf
.
.
.
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.ctl
TCPSocket 3310
TCPAddr localhost

# https://betatim.github.io/posts/clamav-memory-usage/
ConcurrentDatabaseReload no
.
.
.

Restart clamd

service clamav-daemon restart && service clamav-daemon status

cron

Create symlink

ln -s /etc/monit/conf-available/cron /etc/monit/conf-enabled

cups

Create configfile

vi /etc/monit/conf-available/cups
check process cups
        matching "cups"
        start program = "/etc/init.d/cups start"
        stop program = "/etc/init.d/cups stop"
        if failed host localhost port 631 then restart
        if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/cups /etc/monit/conf-enabled

Dovecot

Create configfile

vi /etc/monit/conf-available/dovecot
check process dovecot with pidfile /var/run/dovecot/master.pid
   start program = "/etc/init.d/dovecot start"
   stop program = "/etc/init.d/dovecot stop"
   group mail
   if failed host localhost port 993 type tcpssl sslauto protocol imap for 5 cycles then restart
   if failed port 110 then restart
   if failed port 995 then restart
   depends dovecot_init
   depends dovecot_bin
check file dovecot_init with path /etc/init.d/dovecot
   group mail
check file dovecot_bin with path /usr/sbin/dovecot
   group mail

Create symlink

ln -s /etc/monit/conf-available/dovecot /etc/monit/conf-enabled

Elasticsearch

Creat configfile

vi /etc/monit/conf-available/elasticsearch
check process elasticsearch with pidfile /var/run/elasticsearch/elasticsearch.pid
  start program = "/bin/systemctl start elasticsearch.service"
  stop program = "/bin/systemctl stop elasticsearch.service"
  if failed host 127.0.0.1 port 9200 then restart
  if failed host 127.0.0.1 port 9300 then restart
  if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/elasticsearch /etc/monit/conf-enabled

Fail2ban

Create configfile

vi /etc/monit/conf-available/fail2ban
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
    group services
    start program = "/etc/init.d/fail2ban force-start"
    stop  program = "/etc/init.d/fail2ban stop"
    if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart
    if 5 restarts within 5 cycles then timeout

check file fail2ban_log with path /var/log/fail2ban.log
    if match "ERROR|WARNING" then alert

Create symlink

ln -s /etc/monit/conf-available/fail2ban /etc/monit/conf-enabled

Kibana

Create configfile

vi /etc/monit/conf-available/kibana
check process kibana with pidfile /var/run/kibana/kibana.pid
  start program = "/bin/systemctl start kibana.service"
  stop program = "/bin/systemctl stop kibana.service"
  if failed host 127.0.0.1 port 5601 then restart
  if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/kibana /etc/monit/conf-enabled

memcached

Adjust path to PID file

vi /etc/monit/conf-available/memcached
 check process memcached with pidfile /var/run/memcached/memcached.pid
   group cache
   group memcached
   start program = "/etc/init.d/memcached start"
   stop program  = "/etc/init.d/memcached stop"
   if failed host 127.0.0.1 port 11211 and protocol memcache then restart
   if cpu > 60% for 2 cycles then alert
   if cpu > 98% for 5 cycles then restart
   if 5 restarts within 20 cycles then timeout
   depend memcache_bin
   depend memcache_rc

 check file memcache_bin with path /usr/bin/memcached
   group memcached
   include /etc/monit/templates/rootbin

 check file memcache_rc with path /etc/init.d/memcached
   group memcached
   include /etc/monit/templates/rootbin

Create symlink

ln -s /etc/monit/conf-available/memcached /etc/monit/conf-enabled

MongoDB

Create configfile

vi /etc/monit/conf-available/mongodb
check process mongodb
   matching "mongod"
   start program = "/etc/init.d/mongodb start"
   stop program  = "/etc/init.d/mongodb stop"
   if failed host localhost port 27017 then restart
   if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/mongodb /etc/monit/conf-enabled

Munin

Create configfile

vi /etc/monit/conf-available/munin
check process munin with pidfile /var/run/munin/munin-node.pid
   start program = "/usr/sbin/service munin-node start"
   stop  program = "/usr/sbin/service munin-node stop"
   if failed host 127.0.0.1 port 4949 then restart

Create symlink

ln -s /etc/monit/conf-available/munin /etc/monit/conf-enabled

MySQL

Create symlink

ln -s /etc/monit/conf-available/mysql /etc/monit/conf-enabled

named

Create configfile

vi /etc/monit/conf-available/named
check process named with pidfile /var/run/named/named.pid
  start program = "/etc/init.d/named start"
  stop program = "/etc/init.d/named stop"
  if failed host 127.0.0.1 port 53 type tcp protocol dns then restart
  if failed host 127.0.0.1 port 53 type udp protocol dns then restart
  if failed host 127.0.0.1 port 953 type tcp then restart
  if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/named /etc/monit/conf-enabled

NoMachine

Create configfile

vi /etc/monit/conf-available/nxd
check process nxd with pidfile /usr/NX/var/run/nxd.pid
   start program = "/etc/NX/nxserver --start nxd"
   stop  program = "/etc/NX/nxserver --stop nxd"
   if failed host 127.0.0.1 port 4000 then restart

Create symlink

ln -s /etc/monit/conf-available/nxd /etc/monit/conf-enabled

OpenVPN

Create configfile

vi /etc/monit/conf-available/openvpn
check process openvpn with pidfile /var/run/openvpn/server.pid
  start program = "/etc/init.d/openvpn start"
  stop program = "/etc/init.d/openvpn stop"
  if failed host 127.0.0.1 port 1194 type udp then restart
  if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/openvpn /etc/monit/conf-enabled

Postfix

Create symlink

ln -s /etc/monit/conf-available/postfix /etc/monit/conf-enabled

postgrey

Create configfile

vi /etc/monit/conf-available/postgrey
check process postgrey with pidfile /var/run/postgrey.pid
  group mailserver
  start program  "/etc/init.d/postgrey start"
  stop program  "/etc/init.d/postgrey stop"
  if failed host localhost port 10023 then restart
  if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/postgrey /etc/monit/conf-enabled

Pure-FTPd

Create configfile

vi /etc/monit/conf-available/pure-ftpd
check process pure-ftpd-mysql with pidfile /var/run/pure-ftpd/pure-ftpd.pid
  start program = "/etc/init.d/pure-ftpd-mysql start"
  stop program  = "/etc/init.d/pure-ftpd-mysql stop"
  if failed port 21 protocol ftp then restart
  if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/pure-ftpd /etc/monit/conf-enabled

Redis

Create configfile

vi /etc/monit/conf-available/redis
check host localhost with address 127.0.0.1
    if failed port 6379 protocol redis then alert

check process redis-server with pidfile "/var/run/redis/redis-server.pid"
    start program = "/etc/init.d/redis-server start"
    stop program = "/etc/init.d/redis-server stop"
    if failed host 127.0.0.1 port 6379 then restart
    if 5 restarts within 5 cycles then timeout

Create symlink

ln -s /etc/monit/conf-available/redis /etc/monit/conf-enabled

rsyslogd

Enable PID file for rsyslogd

vi /etc/systemd/system/syslog.service
[Unit]
Description=System Logging Service
Requires=syslog.socket
Documentation=man:rsyslogd(8)
Documentation=https://www.rsyslog.com/doc/

[Service]
Type=notify
#ExecStart=/usr/sbin/rsyslogd -n -iNONE
ExecStart=/usr/sbin/rsyslogd -n -i/var/run/rsyslogd.pid
StandardOutput=null
Restart=on-failure

# Increase the default a bit in order to allow many simultaneous
# files to be monitored, we might need a lot of fds.
LimitNOFILE=16384

[Install]
WantedBy=multi-user.target
Alias=syslog.service

Restart syslog

service syslog restart

Reload units

systemctl daemon-reload

Create configfile

/var/log/syslog belongs to Unix user “syslog” with UID 104 on Ubuntu, and not root. Otherwise rsyslog will not be monitored by Monit.

vi /etc/monit/conf-available/rsyslogd
 check process rsyslogd with pidfile /var/run/rsyslogd.pid
   group system
   group rsyslogd
   start program = "/etc/init.d/rsyslog start"
   stop  program = "/etc/init.d/rsyslog stop"
   if 5 restarts with 5 cycles then timeout
   depend on rsyslogd_bin
   depend on rsyslogd_rc
   depend on rsyslog_file

 check file rsyslogd_bin with path /usr/sbin/rsyslogd
   group rsyslogd
   include /etc/monit/templates/rootbin

 check file rsyslogd_rc with path "/etc/init.d/rsyslog"
   group rsyslogd
   include /etc/monit/templates/rootbin

 check file rsyslog_file with path /var/log/syslog
   group rsyslogd
   # Note: activate the immark plugin for rsyslog if
   # your system is too low on events.
   if timestamp > 65 minutes then alert
   if failed permission 640  then unmonitor
#  if failed uid root        then unmonitor
   if failed uid 104         then unmonitor
   if failed gid adm         then unmonitor

Create symlink

ln -s /etc/monit/conf-available/rsyslog /etc/monit/conf-enabled

Samba

Create configfile for smbd

vi /etc/monit/conf-available/smbd
check process smbd with pidfile /var/run/samba/smbd.pid
   group samba
   start program = "/etc/init.d/smbd start"
   stop  program = "/etc/init.d/smbd stop"
   if failed host localhost port 445 type TCP then restart

Create symlinc

ln -s /etc/monit/conf-available/smbd /etc/monit/conf-enabled

Create configfile for nmbd

vi /etc/monit/conf-available/nmbd
check process nmbd with pidfile /var/run/samba/nmbd.pid
   group samba
   start program = "/etc/init.d/nmbd start"
   stop  program = "/etc/init.d/nmbd stop"
   if failed host localhost port 138 type UDP then restart
   if failed host localhost port 137 type UDP then restart

Create symlink

ln -s /etc/monit/conf-available/nmbd /etc/monit/conf-enabled

Smartmontools

Create symlink

ln -s /etc/monit/conf-available/smartmontools /etc/monit/conf-enabled

Enable PID file for smartd

vi /etc/systemd/system/smartd.service
[Unit]
Description=Self Monitoring and Reporting Technology (SMART) Daemon
Documentation=man:smartd(8) man:smartd.conf(5)

[Service]
Type=notify
EnvironmentFile=-/etc/default/smartmontools
ExecStart=/usr/sbin/smartd -n $smartd_opts -p /var/run/smartd.pid
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=syslog

[Install]
WantedBy=multi-user.target
Alias=smartd.service

Restart smartd

service smartd restart

Reload units

systemctl daemon-reload

Squid

Create configfile

vi /etc/monit/conf-available/squid
check process squid with pidfile /var/run/squid.pid
    group proxy
    depends on squid_bin
    depends on squid_rc
    start program = "/etc/init.d/squid start"
    stop  program = "/etc/init.d/squid stop"
    if failed host localhost port 3128  then restart
    # if 5 restarts within 5 cycles then timeout
 
 
check file squid_bin with path /usr/sbin/squid
    group proxy
    if failed checksum then alert
    if failed permission 755 then alert
    if failed uid root then alert
    if failed gid root then alert
 
check file squid_rc with path /etc/init.d/squid
    group proxy
    if failed checksum then alert
    if failed permission 755 then alert
    if failed uid root then alert
    if failed gid root then alert

Create symlink

ln -s /etc/monit/conf-available/squid /etc/monit/conf-enabled

ssh

Disable DSA key

vi /etc/monit/conf-available/openssh-server
 check process sshd with pidfile /var/run/sshd.pid
   group system
   group sshd
   start program = "/etc/init.d/ssh start"
   stop  program = "/etc/init.d/ssh stop"
   if failed host localhost port 22 with proto ssh then restart
   if 5 restarts with 5 cycles then timeout
   depend on sshd_bin
   depend on sftp_bin
   depend on sshd_rc
   depend on sshd_rsa_key
#   depend on sshd_dsa_key

 check file sshd_bin with path /usr/sbin/sshd
   group sshd
   include /etc/monit/templates/rootbin

 check file sftp_bin with path /usr/lib/openssh/sftp-server
   group sshd
   include /etc/monit/templates/rootbin

 check file sshd_rsa_key with path /etc/ssh/ssh_host_rsa_key
   group sshd
   include /etc/monit/templates/rootstrict

# check file sshd_dsa_key with path /etc/ssh/ssh_host_dsa_key
#   group sshd
#   include /etc/monit/templates/rootstrict

 check file sshd_rc with path /etc/ssh/sshd_config
   group sshd
   include /etc/monit/templates/rootrc

Create symlink

ln -s /etc/monit/conf-available/openssh-server /etc/monit/conf-enabled

Webmin

Create configfile

vi /etc/monit/conf-available/webmin
check process webmin with pidfile /var/webmin/miniserv.pid
   group webmin
   start program = "/usr/sbin/service webmin start"
   stop  program = "/usr/sbin/service webmin stop"
   if failed host 127.0.0.1 port 10000 then restart

Create symlink

ln -s /etc/monit/conf-available/webmin /etc/monit/conf-enabled

See also