Thursday, September 1, 2011

Installing and Configuring Monit Step by Step

install and configure monit

apt-get install monit

Monit Configuration file is  /etc/monit/monitrc

Now make the list of services you want to monitor 

for example sshd,apache,Mysql 

Now for monit web interface the default port number is 2812

Now let us configure the monit 

vi /etc/monit/monitrc
set daemon  60    // time interval of the daemon
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format { from: }
set alert root@localhost // mail id to send email alerts
set httpd port 2812 and  // If you want to chang port number change here better leave it default
     SSL ENABLE          // for SSL
     PEMFILE  /var/certs/monit.pem   // SSL certificate location
     allow admin:test                // user name and password Basic Auth

// monitoring sshd

check process sshd with pidfile /var/run/
   start program  "/etc/init.d/ssh start"
   stop program  "/etc/init.d/ssh stop"
   if failed port 22 protocol ssh then restart
   if 5 restarts within 5 cycles then timeout
// monitoring mysql

check process mysql with pidfile /var/run/mysqld/
   group database
   start program = "/etc/init.d/mysql start"
   stop program = "/etc/init.d/mysql stop"
   if failed host port 3306 then restart
   if 5 restarts within 5 cycles then timeout
// monitoring apache

check process apache with pidfile /var/run/
   group www
   start program = "/etc/init.d/apache2 start"
   stop program  = "/etc/init.d/apache2 stop"

   if failed host port 80 protocol http
      and request "/monit/token" then restart
here monit tries to connect on port 80 and tries to access a file
the actual location of /monit/token is 
as our website document root is   
if monit cannot access this file it means apache is not runnig so it will
restart apache.
Creation of token is given below  
   if cpu is greater than 60% for 2 cycles then alert
   if cpu > 80% for 5 cycles then restart
   if totalmem > 500 MB for 5 cycles then restart
   if children > 250 then restart
   if loadavg(5min) greater than 10 for 8 cycles then stop
   if 3 restarts within 5 cycles then timeout

you can add your custom process for 
monitoring here


Creation of token

mkdir /var/www/

echo "hello" > /var/www/ 

Creation of SSL-encrypted monit web interface

(  /var/certs/monit.pem  )

openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
openssl gendh 512 >> /var/certs/monit.pem
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
chmod 700 /var/certs/monit.pem 

then we need to configure OpenSSL configuration file to create our certificate 
vi /var/certs/monit.cnf

example file is  
# create RSA certs - Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = MO

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Monitoria

localityName                    = Locality Name (eg, city)
localityName_default            = Monittown

organizationName                = Organization Name (eg, company)
organizationName_default        = Monit Inc.

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Dept. of Monitoring Technologies

commonName                      = Common Name (FQDN of your server)
commonName_default              =

emailAddress                    = Email Address
emailAddress_default            =

[ cert_type ]
nsCertType = server
enable monit daemon now
in this file set startup =1 and interval for running the monit daemon
example file is below 
# Defaults for monit initscript
# sourced by /etc/init.d/monit
# installed at /etc/default/monit by maintainer scripts
# Fredrik Steen 

# You must set this variable to for monit to start

# To change the intervals which monit should run uncomment
# and change this variable.
now let us start monit
/etc/init.d/monit start  
Now point your browser to
 (make sure port 2812 is not blocked by your firewall), log in with admin and test 
as specified in /etc/monit/monitrc