Proactive monitoring with Monit

OSOCO
OSOCOOSOCO
Proactive monitoring with Monit Developer Toolbox SeriesRafael Luque (OSOCO) September 2015
Barking at daemons An small open source utility to monitor Unix systems with automatic error recovery capabilities.
What Monit can monitor Files, Dirs and Filesystems Monitor these items for changes, such as timestamps changes, checksum changes or size changes. Hosts Monitor network connections to various servers, either on localhost or on remote hosts. TCP, UDP and Unix Domain Sockets are supported. Network tests can be performed on a protocol level. System General system resources on localhost such as overall CPU usage, Memory and Load Average. Processes Daemon processes or similar programs running on localhost, such as those started at system boot time from /etc/init.d/ Programs and scripts Test programs or scripts at certain times, much like cron, but in addition, you can test the exit value of a program and perform an action or send an alert if the exit value indicates an error.
Global configuration1
Configuration (i) ◉ Global configuration file at /etc/monitrc. ◉ Sample global configuration: ○ Check services at 30 seconds intervals: set daemon 30 # with start delay 240 # optional: delay the first check by 4-minutes (by # # default Monit check immediately after Monit start)
Configuration (ii) ◉ Set Monit’s logfile: ◉ Mail configuration: set logfile /var/log/monit.log set mailserver localhost # By default Monit will drop alert events if no mail servers are available. # If you want to keep the alerts for later delivery retry, you can use the # EVENTQUEUE statement. set eventqueue basedir /var/monit # set the base directory where events will be stored slots 100 # optionally limit the queue size
Configuration (iii) ## Alert email recipient: set alert sysadm@foo.bar ## Alert email format: set mail-format { from: monit@$HOST subject: monit alert -- $EVENT $SERVICE message: $EVENT Service $SERVICE Date: $DATE Action: $ACTION Host: $HOST Description: $DESCRIPTION Your faithful employee, Monit }
Configuration (iv) ◉ HTTP interface: ◉ Additional configuration files: set httpd port 2812 and allow admin:monit # require user 'admin' with password 'monit' include /etc/monit.d/*
Basic usage2
Basic commands (i) Controlled from command line with the command monit: ◉ Start Monit daemon: $ monit ◉ Exit Monit: $ monit quit ◉ Status summary: $ monit summary ◉ Disable monitoring of a named service or all services: $ monit unmonitor name $ monit unmonitor all ◉ Enable monitoring: $ monit monitor name $ monit monitor all
Basic commands (ii) ◉ Start named service or all services: $ monit start name $ monit start all ◉ Stop named service or all services: $ monit stop name $ monit stop all ◉ Restart named service or all services: $ monit restart name $ monit restart all
Monitoring examples3
Simple process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid
Proactive process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop”
Restart process if it has stopped accepting connections check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http then restart
Restart process if it has stopped accepting connections avoiding false positives check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http for 2 cycles then restart
Check process response to requests check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart
Avoid noisy alarms check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
Check resources used by process (e.g. DoS attacks) check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" with timeout 60 seconds stop program = "/etc/init.d/httpd stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if totalmem > 200.0 MB for 5 cycles then restart if children > 250 then restart if loadavg(5min) greater than 10 for 8 cycles then stop if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
Monitor filesystem space and inode usage check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data" if space usage > 80% for 5 times within 15 cycles then alert if space usage > 99% then stop if inode usage > 30000 then alert if inode usage > 99% then stop
Monitor file checksum (e.g. rootkits) check file apache with path /usr/sbin/httpd if failed checksum then alert if failed uid root then alert if failed gid root then alert if failed permission 755 then alert
Monitor a directory that should change check directory incomming with path /var/data/ftp if timestamp > 1 hour then alert
Check network interface status check network eth0 with interface eth0 start program = '/etc/init.d/net.eth0 start' stop program = '/etc/init.d/net.eth0 stop' if failed link then restart
Check network link capacity changes check network eth0 with interface eth0 if changed link capacity then alert
Check network link usage (saturation, bandwidth) check network eth0 with interface eth0 if saturation > 90% then alert if upload > 500 kB/s then alert if total download > 1 GB in last 2 hours then alert if total download > 10 GB in last day then alert
Check remote host availability by issuing a ping test check host osoco.es with address osoco.es if failed ping then alert
Check the content of a response from a web server check host myserver with address 192.168.1.1 if failed port 80 protocol http and request /some/path with content = "a string" then alert
Check connection with custom protocol (MySQL) check host databaserver with address 192.168.1.1 if failed ping then alert if failed port 3306 protocol mysql username foo password bar then alert
Check custom program status output check program myscript with path /usr/local/bin/myscript.sh if status != 0 then alert
Check custom program every workday at 8AM check program checkOracleDatabase with path /var/monit/programs/checkoracle.pl every "* 8 * * 1-5"
Check service dependencies before start/stop/monitor/unmonitor check process apache with pidfile "/usr/local/apache/logs/httpd.pid" ... depends on httpd check file httpd with path /usr/local/apache/bin/httpd if failed checksum then unmonitor
Hierarchy of dependencies check process apache ... depends on tomcat check process tomcat ... depends on mysql check process mysql ... depends on datafs check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data"
Web interface4
Monit web interface
One interface to rule them all ◉ M/Monit: ○ Monitoring and management of all your Monit hosts. ○ Also works on mobile devices. ○ A one-time payment and the license is perpetual.
One interface to rule them all ◉ Monittr: ○ https://github.com/karmi/monittr ○ Free and very basic option.
Demo time
Thanks! This work is licensed under a Creative Commons Attribution 4.0 International License. You can find me at ◉ @rafael_luque ◉ rafael.luque@osoco.es Cover photo licensed by Edward Conte under a Creative Commond by-nc license: https: //www.flickr.com/photos/edwardconde/11447139646/
1 of 38

Proactive monitoring with Monit

Download to read offline
Software

Lightning talk at OSOCO about the proactive monitoring of Unix systems and processes using Monit.

OSOCO
OSOCOOSOCO

Recommended

Monit by
MonitMonit
MonitAbhishek Singh
1.9K views23 slides
SSH Tunneling Recipes by
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
6.8K views56 slides
Module 3 Scanning by
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
3.1K views55 slides
Nmap(network mapping) by
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
361 views22 slides
Using metasploit by
Using metasploitUsing metasploit
Using metasploitCyberRad
2.5K views23 slides
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw by
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
1.1K views34 slides

More Related Content

What's hot

Dynamic Port Scanning by
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanningamiable_indian
1.9K views40 slides
Ch 5: Port Scanning by
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
4K views50 slides
Nmap Hacking Guide by
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
1.8K views12 slides
Network Mapper (NMAP) by
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
685 views19 slides
Nmap scripting engine by
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
5K views26 slides
Understanding NMAP by
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
8.2K views23 slides

What's hot(20)

Dynamic Port Scanning by amiable_indian
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanning
amiable_indian1.9K views
Ch 5: Port Scanning by Sam Bowne
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
Sam Bowne4K views
Nmap Hacking Guide by Aryan G
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G1.8K views
Network Mapper (NMAP) by KHNOG
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
KHNOG685 views
Nmap scripting engine by n|u - The Open Security Community
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community5K views
Understanding NMAP by Phannarith Ou, G-CISO
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO8.2K views
Meeting 5.2 : ssh by Syaiful Ahdan
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
Syaiful Ahdan2.9K views
Sistemas operacionais 8 by Nauber Gois
Sistemas operacionais 8Sistemas operacionais 8
Sistemas operacionais 8
Nauber Gois167 views
Nmap by Megha Sahu
NmapNmap
Nmap
Megha Sahu323 views
Cisco Router Security by kktamang
Cisco Router SecurityCisco Router Security
Cisco Router Security
kktamang1.2K views
Nmap not only a port scanner by ravi rajput comexpo security awareness meet by Ravi Rajput
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput1.9K views
Hacking the swisscom modem by Cyber Security Alliance
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
Cyber Security Alliance17.4K views
Hacking With Nmap - Scanning Techniques by amiable_indian
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian34.3K views
Developing MIPS Exploits to Hack Routers by BGA Cyber Security
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack Routers
BGA Cyber Security5.2K views
Port Scanning by amiable_indian
Port ScanningPort Scanning
Port Scanning
amiable_indian4.1K views
Nmap and metasploitable by Mohammed Akbar Shariff
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff2.5K views
Sockets in unix by swtjerin4u
Sockets in unixSockets in unix
Sockets in unix
swtjerin4u4.8K views
Client side exploits by nickyt8
Client side exploitsClient side exploits
Client side exploits
nickyt82.1K views
N map presentation by ulirraptor
N map presentationN map presentation
N map presentation
ulirraptor2K views
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha by Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaNessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Hanaysha519 views

Viewers also liked

Polyglot Grails by
Polyglot GrailsPolyglot Grails
Polyglot GrailsMarcin Gryszko
3.5K views71 slides
Spring Annotations: Proxy by
Spring Annotations: ProxySpring Annotations: Proxy
Spring Annotations: ProxyOSOCO
1.5K views12 slides
Polyglot JVM by
Polyglot JVMPolyglot JVM
Polyglot JVMArturo Herrero
10.4K views70 slides
AWS CloudFormation en 5 Minutos by
AWS CloudFormation en 5 MinutosAWS CloudFormation en 5 Minutos
AWS CloudFormation en 5 MinutosOSOCO
3.2K views17 slides
Understanding Java Dynamic Proxies by
Understanding Java Dynamic ProxiesUnderstanding Java Dynamic Proxies
Understanding Java Dynamic ProxiesOSOCO
9.6K views29 slides
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017) by
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)Alex Rupérez
19.9K views28 slides

Viewers also liked(20)

Polyglot Grails by Marcin Gryszko
Polyglot GrailsPolyglot Grails
Polyglot Grails
Marcin Gryszko3.5K views
Spring Annotations: Proxy by OSOCO
Spring Annotations: ProxySpring Annotations: Proxy
Spring Annotations: Proxy
OSOCO1.5K views
Polyglot JVM by Arturo Herrero
Polyglot JVMPolyglot JVM
Polyglot JVM
Arturo Herrero10.4K views
AWS CloudFormation en 5 Minutos by OSOCO
AWS CloudFormation en 5 MinutosAWS CloudFormation en 5 Minutos
AWS CloudFormation en 5 Minutos
OSOCO3.2K views
Understanding Java Dynamic Proxies by OSOCO
Understanding Java Dynamic ProxiesUnderstanding Java Dynamic Proxies
Understanding Java Dynamic Proxies
OSOCO9.6K views
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017) by Alex Rupérez
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
Alex Rupérez19.9K views
Gigigo Keynote - Geofences & iBeacons by Alex Rupérez
Gigigo Keynote - Geofences & iBeaconsGigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeacons
Alex Rupérez127.3K views
NSCoder Keynote - Multipeer Connectivity Framework by Alex Rupérez
NSCoder Keynote - Multipeer Connectivity FrameworkNSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity Framework
Alex Rupérez78.2K views
Ledrise presentation 2015 by Victor Adrian Floroiu
Ledrise presentation 2015Ledrise presentation 2015
Ledrise presentation 2015
Victor Adrian Floroiu263 views
KURTÁG_Pages de 116 by Imre Szab
KURTÁG_Pages de 116KURTÁG_Pages de 116
KURTÁG_Pages de 116
Imre Szab833 views
Ejemplos de Tiggres de M i Banco & Telecompra by Jimmy Castañeda Rodriguez
Ejemplos de Tiggres de M i Banco & TelecompraEjemplos de Tiggres de M i Banco & Telecompra
Ejemplos de Tiggres de M i Banco & Telecompra
Jimmy Castañeda Rodriguez512 views
LMS Presentation & Bi-annual report 2012-2013 by Laboratory of Soils Mechanics - LMS
LMS Presentation & Bi-annual report 2012-2013LMS Presentation & Bi-annual report 2012-2013
LMS Presentation & Bi-annual report 2012-2013
Laboratory of Soils Mechanics - LMS1.1K views
Mkt frutiger lanzamiento de agencia by Juan Velásquez Salvador
Mkt frutiger lanzamiento de agencia Mkt frutiger lanzamiento de agencia
Mkt frutiger lanzamiento de agencia
Juan Velásquez Salvador541 views
Dozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten by kalaidos-gesundheit
Dozierendentreffen 2015 – Interprofessionelles ZusammenarbeitenDozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
Dozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
kalaidos-gesundheit1K views
Acepta el gran desafío by conectadoconjesus
Acepta el gran desafíoAcepta el gran desafío
Acepta el gran desafío
conectadoconjesus552 views
Ada 3 informatica by DaaraCuellar
Ada 3 informaticaAda 3 informatica
Ada 3 informatica
DaaraCuellar256 views
Therapeutic Garden Design by School Vegetable Gardening - Victory Gardens
Therapeutic Garden DesignTherapeutic Garden Design
Therapeutic Garden Design
School Vegetable Gardening - Victory Gardens1.3K views
Iglesias revista by pauljerezgato
Iglesias revistaIglesias revista
Iglesias revista
pauljerezgato917 views
Np radio me by Telefonica Catalunya
Np radio meNp radio me
Np radio me
Telefonica Catalunya308 views
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo by Diocesis Tlaxcala
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
Diocesis Tlaxcala1K views

Similar to Proactive monitoring with Monit

new title by
new titlenew title
new titleTinouTest
244 views23 slides
yyyyxxx by
yyyyxxxyyyyxxx
yyyyxxxTinouTest
971 views23 slides
Tinoub1 by
Tinoub1Tinoub1
Tinoub1TinouTest
240 views23 slides
yyyyxxxdd by
yyyyxxxddyyyyxxxdd
yyyyxxxddTinouTest
157 views23 slides
Toby by
Toby Toby
Toby TinouTest
193 views23 slides
Tinoub1 by
Tinoub1Tinoub1
Tinoub1TinouTest
131 views23 slides

Similar to Proactive monitoring with Monit(20)

new title by TinouTest
new titlenew title
new title
TinouTest244 views
yyyyxxx by TinouTest
yyyyxxxyyyyxxx
yyyyxxx
TinouTest971 views
Tinoub1 by TinouTest
Tinoub1Tinoub1
Tinoub1
TinouTest240 views
yyyyxxxdd by TinouTest
yyyyxxxddyyyyxxxdd
yyyyxxxdd
TinouTest157 views
Toby by TinouTest
Toby Toby
Toby
TinouTest193 views
Tinoub1 by TinouTest
Tinoub1Tinoub1
Tinoub1
TinouTest131 views
Toby2 by TinouTest
Toby2Toby2
Toby2
TinouTest288 views
yyyyxxx by TinouTest
yyyyxxxyyyyxxx
yyyyxxx
TinouTest157 views
Toby by TinouTest
TobyToby
Toby
TinouTest179 views
toby by TinouTest
tobytoby
toby
TinouTest181 views
Tinoub1 by TinouTest
Tinoub1Tinoub1
Tinoub1
TinouTest148 views
Toby10 by TinouTest
Toby10Toby10
Toby10
TinouTest317 views
Monit by guest4e4710
MonitMonit
Monit
guest4e47101.7K views
Toby6 by TinouTest
Toby6Toby6
Toby6
TinouTest1 view
Tinoub1 by TinouTest
Tinoub1Tinoub1
Tinoub1
TinouTest208 views
Toby6 by TinouTest
Toby6Toby6
Toby6
TinouTest196 views
Toby5 by TinouTest
Toby5Toby5
Toby5
TinouTest204 views
Tinou uniq 1 by TinouTest
Tinou uniq 1Tinou uniq 1
Tinou uniq 1
TinouTest315 views
xxxx by TinouTest
xxxxxxxx
xxxx
TinouTest641 views
yyyyxxxdd by TinouTest
yyyyxxxddyyyyxxxdd
yyyyxxxdd
TinouTest183 views

Recently uploaded

Flask-Python.pptx by
Flask-Python.pptxFlask-Python.pptx
Flask-Python.pptxTriloki Gupta
7 views12 slides
Airline Booking Software by
Airline Booking SoftwareAirline Booking Software
Airline Booking SoftwareSharmiMehta
7 views26 slides
Navigating container technology for enhanced security by Niklas Saari by
Navigating container technology for enhanced security by Niklas SaariNavigating container technology for enhanced security by Niklas Saari
Navigating container technology for enhanced security by Niklas SaariMetosin Oy
14 views34 slides
Using Qt under LGPL-3.0 by
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Burkhard Stubert
13 views11 slides
Programming Field by
Programming FieldProgramming Field
Programming Fieldthehardtechnology
6 views9 slides
Page Object Model by
Page Object ModelPage Object Model
Page Object Modelartembondar5
6 views5 slides

Recently uploaded(20)

Flask-Python.pptx by Triloki Gupta
Flask-Python.pptxFlask-Python.pptx
Flask-Python.pptx
Triloki Gupta7 views
Airline Booking Software by SharmiMehta
Airline Booking SoftwareAirline Booking Software
Airline Booking Software
SharmiMehta7 views
Navigating container technology for enhanced security by Niklas Saari by Metosin Oy
Navigating container technology for enhanced security by Niklas SaariNavigating container technology for enhanced security by Niklas Saari
Navigating container technology for enhanced security by Niklas Saari
Metosin Oy14 views
Using Qt under LGPL-3.0 by Burkhard Stubert
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0
Burkhard Stubert13 views
Programming Field by thehardtechnology
Programming FieldProgramming Field
Programming Field
thehardtechnology6 views
Page Object Model by artembondar5
Page Object ModelPage Object Model
Page Object Model
artembondar56 views
360 graden fabriek by info33492
360 graden fabriek360 graden fabriek
360 graden fabriek
info33492143 views
tecnologia18.docx by nosi6702
tecnologia18.docxtecnologia18.docx
tecnologia18.docx
nosi67025 views
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with... by sparkfabrik
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
sparkfabrik8 views
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated... by TomHalpin9
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
TomHalpin96 views
How Workforce Management Software Empowers SMEs | TraQSuite by TraQSuite
How Workforce Management Software Empowers SMEs | TraQSuiteHow Workforce Management Software Empowers SMEs | TraQSuite
How Workforce Management Software Empowers SMEs | TraQSuite
TraQSuite5 views
predicting-m3-devopsconMunich-2023.pptx by Tier1 app
predicting-m3-devopsconMunich-2023.pptxpredicting-m3-devopsconMunich-2023.pptx
predicting-m3-devopsconMunich-2023.pptx
Tier1 app7 views
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation by HCLSoftware
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook AutomationDRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
HCLSoftware6 views
EV Charging App Case by iCoderz Solutions
EV Charging App Case EV Charging App Case
EV Charging App Case
iCoderz Solutions9 views
The Path to DevOps by John Valentino
The Path to DevOpsThe Path to DevOps
The Path to DevOps
John Valentino5 views
What is API by artembondar5
What is APIWhat is API
What is API
artembondar510 views
Electronic AWB - Electronic Air Waybill by Freightoscope
Electronic AWB - Electronic Air Waybill Electronic AWB - Electronic Air Waybill
Electronic AWB - Electronic Air Waybill
Freightoscope 5 views
AI and Ml presentation .pptx by FayazAli87
AI and Ml presentation .pptxAI and Ml presentation .pptx
AI and Ml presentation .pptx
FayazAli8713 views
Benefits in Software Development by John Valentino
Benefits in Software DevelopmentBenefits in Software Development
Benefits in Software Development
John Valentino5 views
Top-5-production-devconMunich-2023-v2.pptx by Tier1 app
Top-5-production-devconMunich-2023-v2.pptxTop-5-production-devconMunich-2023-v2.pptx
Top-5-production-devconMunich-2023-v2.pptx
Tier1 app6 views

Proactive monitoring with Monit

  • 1. Proactive monitoring with Monit Developer Toolbox SeriesRafael Luque (OSOCO) September 2015
  • 2. Barking at daemons An small open source utility to monitor Unix systems with automatic error recovery capabilities.
  • 3. What Monit can monitor Files, Dirs and Filesystems Monitor these items for changes, such as timestamps changes, checksum changes or size changes. Hosts Monitor network connections to various servers, either on localhost or on remote hosts. TCP, UDP and Unix Domain Sockets are supported. Network tests can be performed on a protocol level. System General system resources on localhost such as overall CPU usage, Memory and Load Average. Processes Daemon processes or similar programs running on localhost, such as those started at system boot time from /etc/init.d/ Programs and scripts Test programs or scripts at certain times, much like cron, but in addition, you can test the exit value of a program and perform an action or send an alert if the exit value indicates an error.
  • 5. Configuration (i) ◉ Global configuration file at /etc/monitrc. ◉ Sample global configuration: ○ Check services at 30 seconds intervals: set daemon 30 # with start delay 240 # optional: delay the first check by 4-minutes (by # # default Monit check immediately after Monit start)
  • 6. Configuration (ii) ◉ Set Monit’s logfile: ◉ Mail configuration: set logfile /var/log/monit.log set mailserver localhost # By default Monit will drop alert events if no mail servers are available. # If you want to keep the alerts for later delivery retry, you can use the # EVENTQUEUE statement. set eventqueue basedir /var/monit # set the base directory where events will be stored slots 100 # optionally limit the queue size
  • 7. Configuration (iii) ## Alert email recipient: set alert sysadm@foo.bar ## Alert email format: set mail-format { from: monit@$HOST subject: monit alert -- $EVENT $SERVICE message: $EVENT Service $SERVICE Date: $DATE Action: $ACTION Host: $HOST Description: $DESCRIPTION Your faithful employee, Monit }
  • 8. Configuration (iv) ◉ HTTP interface: ◉ Additional configuration files: set httpd port 2812 and allow admin:monit # require user 'admin' with password 'monit' include /etc/monit.d/*
  • 10. Basic commands (i) Controlled from command line with the command monit: ◉ Start Monit daemon: $ monit ◉ Exit Monit: $ monit quit ◉ Status summary: $ monit summary ◉ Disable monitoring of a named service or all services: $ monit unmonitor name $ monit unmonitor all ◉ Enable monitoring: $ monit monitor name $ monit monitor all
  • 11. Basic commands (ii) ◉ Start named service or all services: $ monit start name $ monit start all ◉ Stop named service or all services: $ monit stop name $ monit stop all ◉ Restart named service or all services: $ monit restart name $ monit restart all
  • 13. Simple process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid
  • 14. Proactive process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop”
  • 15. Restart process if it has stopped accepting connections check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http then restart
  • 16. Restart process if it has stopped accepting connections avoiding false positives check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http for 2 cycles then restart
  • 17. Check process response to requests check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart
  • 18. Avoid noisy alarms check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
  • 19. Check resources used by process (e.g. DoS attacks) check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" with timeout 60 seconds stop program = "/etc/init.d/httpd stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if totalmem > 200.0 MB for 5 cycles then restart if children > 250 then restart if loadavg(5min) greater than 10 for 8 cycles then stop if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
  • 20. Monitor filesystem space and inode usage check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data" if space usage > 80% for 5 times within 15 cycles then alert if space usage > 99% then stop if inode usage > 30000 then alert if inode usage > 99% then stop
  • 21. Monitor file checksum (e.g. rootkits) check file apache with path /usr/sbin/httpd if failed checksum then alert if failed uid root then alert if failed gid root then alert if failed permission 755 then alert
  • 22. Monitor a directory that should change check directory incomming with path /var/data/ftp if timestamp > 1 hour then alert
  • 23. Check network interface status check network eth0 with interface eth0 start program = '/etc/init.d/net.eth0 start' stop program = '/etc/init.d/net.eth0 stop' if failed link then restart
  • 24. Check network link capacity changes check network eth0 with interface eth0 if changed link capacity then alert
  • 25. Check network link usage (saturation, bandwidth) check network eth0 with interface eth0 if saturation > 90% then alert if upload > 500 kB/s then alert if total download > 1 GB in last 2 hours then alert if total download > 10 GB in last day then alert
  • 26. Check remote host availability by issuing a ping test check host osoco.es with address osoco.es if failed ping then alert
  • 27. Check the content of a response from a web server check host myserver with address 192.168.1.1 if failed port 80 protocol http and request /some/path with content = "a string" then alert
  • 28. Check connection with custom protocol (MySQL) check host databaserver with address 192.168.1.1 if failed ping then alert if failed port 3306 protocol mysql username foo password bar then alert
  • 29. Check custom program status output check program myscript with path /usr/local/bin/myscript.sh if status != 0 then alert
  • 30. Check custom program every workday at 8AM check program checkOracleDatabase with path /var/monit/programs/checkoracle.pl every "* 8 * * 1-5"
  • 31. Check service dependencies before start/stop/monitor/unmonitor check process apache with pidfile "/usr/local/apache/logs/httpd.pid" ... depends on httpd check file httpd with path /usr/local/apache/bin/httpd if failed checksum then unmonitor
  • 32. Hierarchy of dependencies check process apache ... depends on tomcat check process tomcat ... depends on mysql check process mysql ... depends on datafs check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data"
  • 35. One interface to rule them all ◉ M/Monit: ○ Monitoring and management of all your Monit hosts. ○ Also works on mobile devices. ○ A one-time payment and the license is perpetual.
  • 36. One interface to rule them all ◉ Monittr: ○ https://github.com/karmi/monittr ○ Free and very basic option.
  • 38. Thanks! This work is licensed under a Creative Commons Attribution 4.0 International License. You can find me at ◉ @rafael_luque ◉ rafael.luque@osoco.es Cover photo licensed by Edward Conte under a Creative Commond by-nc license: https: //www.flickr.com/photos/edwardconde/11447139646/