OSOCO, profile picture
Uploaded byOSOCO
PDF, PPTX2,889 views

Proactive monitoring with Monit

Monit is an open source tool that monitors systems and applications and automatically restarts services if they fail or exceed configurable resource limits. It can monitor files, directories, processes, hosts, and custom scripts/programs. Monit is configured via a global configuration file and additional files for specific checks. It can monitor system resources, file integrity, network interfaces, remote hosts, and check for service dependencies. Monit also includes a web interface for monitoring and management.

Embed presentation

Download as PDF, PPTX
Proactive monitoring with Monit Developer Toolbox SeriesRafael Luque (OSOCO) September 2015
Barking at daemons An small open source utility to monitor Unix systems with automatic error recovery capabilities.
What Monit can monitor Files, Dirs and Filesystems Monitor these items for changes, such as timestamps changes, checksum changes or size changes. Hosts Monitor network connections to various servers, either on localhost or on remote hosts. TCP, UDP and Unix Domain Sockets are supported. Network tests can be performed on a protocol level. System General system resources on localhost such as overall CPU usage, Memory and Load Average. Processes Daemon processes or similar programs running on localhost, such as those started at system boot time from /etc/init.d/ Programs and scripts Test programs or scripts at certain times, much like cron, but in addition, you can test the exit value of a program and perform an action or send an alert if the exit value indicates an error.
Global configuration1
Configuration (i) ◉ Global configuration file at /etc/monitrc. ◉ Sample global configuration: ○ Check services at 30 seconds intervals: set daemon 30 # with start delay 240 # optional: delay the first check by 4-minutes (by # # default Monit check immediately after Monit start)
Configuration (ii) ◉ Set Monit’s logfile: ◉ Mail configuration: set logfile /var/log/monit.log set mailserver localhost # By default Monit will drop alert events if no mail servers are available. # If you want to keep the alerts for later delivery retry, you can use the # EVENTQUEUE statement. set eventqueue basedir /var/monit # set the base directory where events will be stored slots 100 # optionally limit the queue size
Configuration (iii) ## Alert email recipient: set alert sysadm@foo.bar ## Alert email format: set mail-format { from: monit@$HOST subject: monit alert -- $EVENT $SERVICE message: $EVENT Service $SERVICE Date: $DATE Action: $ACTION Host: $HOST Description: $DESCRIPTION Your faithful employee, Monit }
Configuration (iv) ◉ HTTP interface: ◉ Additional configuration files: set httpd port 2812 and allow admin:monit # require user 'admin' with password 'monit' include /etc/monit.d/*
Basic usage2
Basic commands (i) Controlled from command line with the command monit: ◉ Start Monit daemon: $ monit ◉ Exit Monit: $ monit quit ◉ Status summary: $ monit summary ◉ Disable monitoring of a named service or all services: $ monit unmonitor name $ monit unmonitor all ◉ Enable monitoring: $ monit monitor name $ monit monitor all
Basic commands (ii) ◉ Start named service or all services: $ monit start name $ monit start all ◉ Stop named service or all services: $ monit stop name $ monit stop all ◉ Restart named service or all services: $ monit restart name $ monit restart all
Monitoring examples3
Simple process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid
Proactive process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop”
Restart process if it has stopped accepting connections check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http then restart
Restart process if it has stopped accepting connections avoiding false positives check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http for 2 cycles then restart
Check process response to requests check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart
Avoid noisy alarms check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
Check resources used by process (e.g. DoS attacks) check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" with timeout 60 seconds stop program = "/etc/init.d/httpd stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if totalmem > 200.0 MB for 5 cycles then restart if children > 250 then restart if loadavg(5min) greater than 10 for 8 cycles then stop if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
Monitor filesystem space and inode usage check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data" if space usage > 80% for 5 times within 15 cycles then alert if space usage > 99% then stop if inode usage > 30000 then alert if inode usage > 99% then stop
Monitor file checksum (e.g. rootkits) check file apache with path /usr/sbin/httpd if failed checksum then alert if failed uid root then alert if failed gid root then alert if failed permission 755 then alert
Monitor a directory that should change check directory incomming with path /var/data/ftp if timestamp > 1 hour then alert
Check network interface status check network eth0 with interface eth0 start program = '/etc/init.d/net.eth0 start' stop program = '/etc/init.d/net.eth0 stop' if failed link then restart
Check network link capacity changes check network eth0 with interface eth0 if changed link capacity then alert
Check network link usage (saturation, bandwidth) check network eth0 with interface eth0 if saturation > 90% then alert if upload > 500 kB/s then alert if total download > 1 GB in last 2 hours then alert if total download > 10 GB in last day then alert
Check remote host availability by issuing a ping test check host osoco.es with address osoco.es if failed ping then alert
Check the content of a response from a web server check host myserver with address 192.168.1.1 if failed port 80 protocol http and request /some/path with content = "a string" then alert
Check connection with custom protocol (MySQL) check host databaserver with address 192.168.1.1 if failed ping then alert if failed port 3306 protocol mysql username foo password bar then alert
Check custom program status output check program myscript with path /usr/local/bin/myscript.sh if status != 0 then alert
Check custom program every workday at 8AM check program checkOracleDatabase with path /var/monit/programs/checkoracle.pl every "* 8 * * 1-5"
Check service dependencies before start/stop/monitor/unmonitor check process apache with pidfile "/usr/local/apache/logs/httpd.pid" ... depends on httpd check file httpd with path /usr/local/apache/bin/httpd if failed checksum then unmonitor
Hierarchy of dependencies check process apache ... depends on tomcat check process tomcat ... depends on mysql check process mysql ... depends on datafs check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data"
Web interface4
Monit web interface
One interface to rule them all ◉ M/Monit: ○ Monitoring and management of all your Monit hosts. ○ Also works on mobile devices. ○ A one-time payment and the license is perpetual.
One interface to rule them all ◉ Monittr: ○ https://github.com/karmi/monittr ○ Free and very basic option.
Demo time
Thanks! This work is licensed under a Creative Commons Attribution 4.0 International License. You can find me at ◉ @rafael_luque ◉ rafael.luque@osoco.es Cover photo licensed by Edward Conte under a Creative Commond by-nc license: https: //www.flickr.com/photos/edwardconde/11447139646/

More Related Content

PDF
Monit
byAbhishek Singh
 
PPT
Module 3 Scanning
byleminhvuong
 
PDF
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
byBishop Fox
 
PDF
SSH Tunneling Recipes
byOSOCO
 
PPTX
Using metasploit
byCyberRad
 
PPT
Nmap(network mapping)
bySSASIT
 
PDF
Linux internet server security and configuration tutorial
byannik147
 
PDF
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
byRedspin, Inc.
 
Monit
byAbhishek Singh
 
Module 3 Scanning
byleminhvuong
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
byBishop Fox
 
SSH Tunneling Recipes
byOSOCO
 
Using metasploit
byCyberRad
 
Nmap(network mapping)
bySSASIT
 
Linux internet server security and configuration tutorial
byannik147
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
byRedspin, Inc.
 

What's hot

PDF
Hacking the swisscom modem
byCyber Security Alliance
 
PPT
Sockets in unix
byswtjerin4u
 
PPTX
Understanding NMAP
byPhannarith Ou, G-CISO
 
PDF
Nmap scripting engine
byn|u - The Open Security Community
 
PDF
Hacking With Nmap - Scanning Techniques
byamiable_indian
 
PDF
Ch 5: Port Scanning
bySam Bowne
 
PPT
Port Scanning
byamiable_indian
 
PPT
Cisco Router Security
bykktamang
 
PPTX
Nmap
byMegha Sahu
 
PDF
Developing MIPS Exploits to Hack Routers
byBGA Cyber Security
 
PPTX
Nmap and metasploitable
byMohammed Akbar Shariff
 
PDF
Nmap Hacking Guide
byAryan G
 
PPTX
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
byRavi Rajput
 
PDF
Network Mapper (NMAP)
byKHNOG
 
PPTX
N map presentation
byulirraptor
 
PDF
Meeting 5.2 : ssh
bySyaiful Ahdan
 
PDF
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
byHanaysha
 
PPTX
Client side exploits
bynickyt8
 
PDF
Sistemas operacionais 8
byNauber Gois
 
PPT
Dynamic Port Scanning
byamiable_indian
 
Hacking the swisscom modem
byCyber Security Alliance
 
Sockets in unix
byswtjerin4u
 
Understanding NMAP
byPhannarith Ou, G-CISO
 
Nmap scripting engine
byn|u - The Open Security Community
 
Hacking With Nmap - Scanning Techniques
byamiable_indian
 
Ch 5: Port Scanning
bySam Bowne
 
Port Scanning
byamiable_indian
 
Cisco Router Security
bykktamang
 
Nmap
byMegha Sahu
 
Developing MIPS Exploits to Hack Routers
byBGA Cyber Security
 
Nmap and metasploitable
byMohammed Akbar Shariff
 
Nmap Hacking Guide
byAryan G
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
byRavi Rajput
 
Network Mapper (NMAP)
byKHNOG
 
N map presentation
byulirraptor
 
Meeting 5.2 : ssh
bySyaiful Ahdan
 
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
byHanaysha
 
Client side exploits
bynickyt8
 
Sistemas operacionais 8
byNauber Gois
 
Dynamic Port Scanning
byamiable_indian
 

Viewers also liked

PDF
LMS Presentation & Bi-annual report 2012-2013
byLaboratory of Soils Mechanics - LMS
 
PDF
Dozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
bykalaidos-gesundheit
 
PDF
Therapeutic Garden Design
bySchool Vegetable Gardening - Victory Gardens
 
PDF
Iglesias revista
bypauljerezgato
 
PDF
Mkt frutiger lanzamiento de agencia
byJuan Velásquez Salvador
 
PPTX
Acepta el gran desafío
byconectadoconjesus
 
PDF
Spring Annotations: Proxy
byOSOCO
 
PDF
NSCoder Keynote - Multipeer Connectivity Framework
byAlex Rupérez
 
DOCX
Ada 3 informatica
byDaaraCuellar
 
PDF
AWS CloudFormation en 5 Minutos
byOSOCO
 
PDF
Polyglot JVM
byArturo Herrero
 
KEY
Polyglot Grails
byMarcin Gryszko
 
PDF
Gigigo Keynote - Geofences & iBeacons
byAlex Rupérez
 
PDF
Understanding Java Dynamic Proxies
byOSOCO
 
PDF
Ledrise presentation 2015
byVictor Adrian Floroiu
 
PDF
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
byAlex Rupérez
 
PDF
Np radio me
byTelefonica Catalunya
 
PPTX
Ejemplos de Tiggres de M i Banco & Telecompra
byJimmy Castañeda Rodriguez
 
PPTX
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
byDiocesis Tlaxcala
 
PDF
KURTÁG_Pages de 116
byImre Szab
 
LMS Presentation & Bi-annual report 2012-2013
byLaboratory of Soils Mechanics - LMS
 
Dozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
bykalaidos-gesundheit
 
Therapeutic Garden Design
bySchool Vegetable Gardening - Victory Gardens
 
Iglesias revista
bypauljerezgato
 
Mkt frutiger lanzamiento de agencia
byJuan Velásquez Salvador
 
Acepta el gran desafío
byconectadoconjesus
 
Spring Annotations: Proxy
byOSOCO
 
NSCoder Keynote - Multipeer Connectivity Framework
byAlex Rupérez
 
Ada 3 informatica
byDaaraCuellar
 
AWS CloudFormation en 5 Minutos
byOSOCO
 
Polyglot JVM
byArturo Herrero
 
Polyglot Grails
byMarcin Gryszko
 
Gigigo Keynote - Geofences & iBeacons
byAlex Rupérez
 
Understanding Java Dynamic Proxies
byOSOCO
 
Ledrise presentation 2015
byVictor Adrian Floroiu
 
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
byAlex Rupérez
 
Np radio me
byTelefonica Catalunya
 
Ejemplos de Tiggres de M i Banco & Telecompra
byJimmy Castañeda Rodriguez
 
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
byDiocesis Tlaxcala
 
KURTÁG_Pages de 116
byImre Szab
 

Similar to Proactive monitoring with Monit

PDF
xxxx
byTinouTest
 
PDF
yyyyxxx
byTinouTest
 
PDF
yyyyxxx
byTinouTest
 
PDF
yyyyxxx
byTinouTest
 
PDF
yyyyxxx
byTinouTest
 
PDF
yyyyxxx
byTinouTest
 
PDF
yyyyxxx
byTinouTest
 
PDF
monitoring linux system
byPawan Kumar
 
PDF
Monit a2
byTinou Bao
 
PDF
Tinoub1
byTinouTest
 
PDF
yyyyxxxdd
byTinouTest
 
PDF
toby
byTinouTest
 
PDF
new title
byTinouTest
 
PDF
Monit a1
byTinouTest
 
PDF
Tinoub1
byTinouTest
 
PDF
Toby2
byTinouTest
 
PDF
Tinoub1
byTinouTest
 
PDF
Toby4
byTinouTest
 
PDF
Toby10
byTinouTest
 
PDF
Toby3
byTinouTest
 
xxxx
byTinouTest
 
yyyyxxx
byTinouTest
 
yyyyxxx
byTinouTest
 
yyyyxxx
byTinouTest
 
yyyyxxx
byTinouTest
 
yyyyxxx
byTinouTest
 
yyyyxxx
byTinouTest
 
monitoring linux system
byPawan Kumar
 
Monit a2
byTinou Bao
 
Tinoub1
byTinouTest
 
yyyyxxxdd
byTinouTest
 
toby
byTinouTest
 
new title
byTinouTest
 
Monit a1
byTinouTest
 
Tinoub1
byTinouTest
 
Toby2
byTinouTest
 
Tinoub1
byTinouTest
 
Toby4
byTinouTest
 
Toby10
byTinouTest
 
Toby3
byTinouTest
 

Recently uploaded

PPTX
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
PPTX
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PDF
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
PPTX
Python-Functions-A-Comprehensive-Overview.pptx
byMuhammad Fahad Bashir
 
PDF
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
PDF
Solved First Semester B.C.A. C Programming Question Paper – Jan/Feb 2025
byKuvempu University
 
PDF
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
PDF
TNG_Architecting Green Software - An Introduction_Nils-Oliver Linden&Alexande...
byQAware GmbH
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
PDF
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
PPTX
AI Agent Overview - Why we need AI Agent
byAlokGope
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PPTX
Custom chat gpt integration services.pptx
byChetu
 
PDF
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
PPTX
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
PDF
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
PDF
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
PDF
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
application security presentation 2 by harman
byharmanideapad
 
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
Python-Functions-A-Comprehensive-Overview.pptx
byMuhammad Fahad Bashir
 
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
Solved First Semester B.C.A. C Programming Question Paper – Jan/Feb 2025
byKuvempu University
 
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
TNG_Architecting Green Software - An Introduction_Nils-Oliver Linden&Alexande...
byQAware GmbH
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
AI Agent Overview - Why we need AI Agent
byAlokGope
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
Custom chat gpt integration services.pptx
byChetu
 
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 

Proactive monitoring with Monit

  • 1.
    Proactive monitoring withMonit Developer Toolbox SeriesRafael Luque (OSOCO) September 2015
  • 2.
    Barking at daemons Ansmall open source utility to monitor Unix systems with automatic error recovery capabilities.
  • 3.
    What Monit canmonitor Files, Dirs and Filesystems Monitor these items for changes, such as timestamps changes, checksum changes or size changes. Hosts Monitor network connections to various servers, either on localhost or on remote hosts. TCP, UDP and Unix Domain Sockets are supported. Network tests can be performed on a protocol level. System General system resources on localhost such as overall CPU usage, Memory and Load Average. Processes Daemon processes or similar programs running on localhost, such as those started at system boot time from /etc/init.d/ Programs and scripts Test programs or scripts at certain times, much like cron, but in addition, you can test the exit value of a program and perform an action or send an alert if the exit value indicates an error.
  • 4.
  • 5.
    Configuration (i) ◉ Globalconfiguration file at /etc/monitrc. ◉ Sample global configuration: ○ Check services at 30 seconds intervals: set daemon 30 # with start delay 240 # optional: delay the first check by 4-minutes (by # # default Monit check immediately after Monit start)
  • 6.
    Configuration (ii) ◉ SetMonit’s logfile: ◉ Mail configuration: set logfile /var/log/monit.log set mailserver localhost # By default Monit will drop alert events if no mail servers are available. # If you want to keep the alerts for later delivery retry, you can use the # EVENTQUEUE statement. set eventqueue basedir /var/monit # set the base directory where events will be stored slots 100 # optionally limit the queue size
  • 7.
    Configuration (iii) ## Alertemail recipient: set alert sysadm@foo.bar ## Alert email format: set mail-format { from: monit@$HOST subject: monit alert -- $EVENT $SERVICE message: $EVENT Service $SERVICE Date: $DATE Action: $ACTION Host: $HOST Description: $DESCRIPTION Your faithful employee, Monit }
  • 8.
    Configuration (iv) ◉ HTTPinterface: ◉ Additional configuration files: set httpd port 2812 and allow admin:monit # require user 'admin' with password 'monit' include /etc/monit.d/*
  • 9.
  • 10.
    Basic commands (i) Controlledfrom command line with the command monit: ◉ Start Monit daemon: $ monit ◉ Exit Monit: $ monit quit ◉ Status summary: $ monit summary ◉ Disable monitoring of a named service or all services: $ monit unmonitor name $ monit unmonitor all ◉ Enable monitoring: $ monit monitor name $ monit monitor all
  • 11.
    Basic commands (ii) ◉Start named service or all services: $ monit start name $ monit start all ◉ Stop named service or all services: $ monit stop name $ monit stop all ◉ Restart named service or all services: $ monit restart name $ monit restart all
  • 12.
  • 13.
    Simple process monitoring checkprocess tomcat-8 with pidfile /var/run/tomcat-8.pid
  • 14.
    Proactive process monitoring checkprocess tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop”
  • 15.
    Restart process ifit has stopped accepting connections check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http then restart
  • 16.
    Restart process ifit has stopped accepting connections avoiding false positives check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http for 2 cycles then restart
  • 17.
    Check process responseto requests check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart
  • 18.
    Avoid noisy alarms checkprocess apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
  • 19.
    Check resources usedby process (e.g. DoS attacks) check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" with timeout 60 seconds stop program = "/etc/init.d/httpd stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if totalmem > 200.0 MB for 5 cycles then restart if children > 250 then restart if loadavg(5min) greater than 10 for 8 cycles then stop if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
  • 20.
    Monitor filesystem spaceand inode usage check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data" if space usage > 80% for 5 times within 15 cycles then alert if space usage > 99% then stop if inode usage > 30000 then alert if inode usage > 99% then stop
  • 21.
    Monitor file checksum(e.g. rootkits) check file apache with path /usr/sbin/httpd if failed checksum then alert if failed uid root then alert if failed gid root then alert if failed permission 755 then alert
  • 22.
    Monitor a directorythat should change check directory incomming with path /var/data/ftp if timestamp > 1 hour then alert
  • 23.
    Check network interfacestatus check network eth0 with interface eth0 start program = '/etc/init.d/net.eth0 start' stop program = '/etc/init.d/net.eth0 stop' if failed link then restart
  • 24.
    Check network linkcapacity changes check network eth0 with interface eth0 if changed link capacity then alert
  • 25.
    Check network linkusage (saturation, bandwidth) check network eth0 with interface eth0 if saturation > 90% then alert if upload > 500 kB/s then alert if total download > 1 GB in last 2 hours then alert if total download > 10 GB in last day then alert
  • 26.
    Check remote hostavailability by issuing a ping test check host osoco.es with address osoco.es if failed ping then alert
  • 27.
    Check the contentof a response from a web server check host myserver with address 192.168.1.1 if failed port 80 protocol http and request /some/path with content = "a string" then alert
  • 28.
    Check connection withcustom protocol (MySQL) check host databaserver with address 192.168.1.1 if failed ping then alert if failed port 3306 protocol mysql username foo password bar then alert
  • 29.
    Check custom programstatus output check program myscript with path /usr/local/bin/myscript.sh if status != 0 then alert
  • 30.
    Check custom programevery workday at 8AM check program checkOracleDatabase with path /var/monit/programs/checkoracle.pl every "* 8 * * 1-5"
  • 31.
    Check service dependenciesbefore start/stop/monitor/unmonitor check process apache with pidfile "/usr/local/apache/logs/httpd.pid" ... depends on httpd check file httpd with path /usr/local/apache/bin/httpd if failed checksum then unmonitor
  • 32.
    Hierarchy of dependencies checkprocess apache ... depends on tomcat check process tomcat ... depends on mysql check process mysql ... depends on datafs check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data"
  • 33.
  • 34.
  • 35.
    One interface torule them all ◉ M/Monit: ○ Monitoring and management of all your Monit hosts. ○ Also works on mobile devices. ○ A one-time payment and the license is perpetual.
  • 36.
    One interface torule them all ◉ Monittr: ○ https://github.com/karmi/monittr ○ Free and very basic option.
  • 37.
  • 38.
    Thanks! This work islicensed under a Creative Commons Attribution 4.0 International License. You can find me at ◉ @rafael_luque ◉ rafael.luque@osoco.es Cover photo licensed by Edward Conte under a Creative Commond by-nc license: https: //www.flickr.com/photos/edwardconde/11447139646/