Tags Archives: monit

LPIC3 DIPLOMA Linux Clustering – LAB NOTES: Lesson Monit

 

Monit is an open source utility for monitoring services on Linux systems and keeping them running.

 

If for any reason a monitored service shuts down, Monit will attempt to bring it back online.

 

Monit also comes with a web interface which can also be used to control and monitor services.

 

To install Monit

 

(instructions for Debian/Ubuntu systems):

 

apt-get install monit

 

systemctl enable –now monit

 

 

 

How To Configure Monit

 

Monit configuration files are located under /etc/monit/ directory.

 

The main configuration file is /etc/monit/monitrc.

 

All files in /etc/monit/conf.d/ and /etc/monit/conf-enabled/ are read by monit when started.

 

 

Monit has an embedded HTTP interface for viewing service status via a web interface.

 

By default monit HTTP interface is not enabled. To enable uncomment the following lines in /etc/monit/monitrc

 

nano /etc/monit/monitrc

 

set httpd port 2812 and
use address localhost # only accept connection from localhost
allow localhost # allow localhost to connect to the server and
allow admin:monit # require user ‘admin’ with password ‘monit’

 

# NOTE: make sure you change these to something else in online or production environments!

 

 

You can change admin:monit to use another username and password. To connect from a different IP, add:

 

allow <IP Address>

 

then restart:

 

systemctl restart monit

 

 

How To Use Monit

 

 

To display system status with monit:

 

monit status

 

root@intel:~# monit summary
Monit 5.26.0 uptime: 0m
┌─────────────────────────────────┬────────────────────────────┬───────────────┐
│ Service Name │ Status │ Type │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ intel │ OK │ System │
└─────────────────────────────────┴────────────────────────────┴───────────────┘
root@intel:~#

 

root@intel:~# monit status
Monit 5.26.0 uptime: 0m

 

System ‘intel’
status OK
monitoring status Monitored
monitoring mode active
on reboot start
load average [0.22] [0.48] [0.57]
cpu 0.0%us 0.0%sy 0.0%wa
memory usage 2.0 GB [26.3%]
swap usage 0 B [0.0%]
uptime 26m
boot time Mon, 17 May 2021 14:04:37
data collected Mon, 17 May 2021 14:31:10

 

root@intel:~#

 

 

 

To check config:

 

monit -t

 

root@intel:~# monit -t
Control file syntax OK
root@intel:~#

 

 

To reload config after changes:

 

monit reload

 

root@intel:~# monit reload
Reinitializing monit daemon
root@intel:~#

 

to start running all monitored programs:

 

monit start all

 

 

To access Monit Web Interface:

 

http://[ip-address|domain]:2812

Login with username “admin” and password “monit”.

 

To allow access to port from remote IPs through the firewall, run:

 

root@intel:~# ufw allow 2812
Rules updated
Rules updated (v6)
root@intel:~#

 

 

How to Configure Monit Web Interface to use SSL/TLS HTTPS

 

 

In directory  /etc/monit/  prepare the config file monit.cnf:

 

# create RSA certs – Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 2048
default_md = sha256
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = UK

stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = England

localityName = Locality Name (eg, city)
localityName_default = London

organizationName = Organization Name (eg, company)
organizationName_default = kevwells.com

organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = kevwells.com

commonName = Common Name (FQDN of your server)
commonName_default = kevwells.com

emailAddress = Email Address
emailAddress_default = mmonit@kevwells.com

[ cert_type ]
nsCertType = server

 

 

save above as monit.cnf

 

then still within the /etc/monit directory where you have just saved monit.cnf  run these commands to generate the pemfile :

 

 

# Generates the private key and the certificate
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /etc/ssl/certs/monit.pem \
-keyout /etc/ssl/certs/monit.pem

 

# Generates the Diffie-Hellman Parameters
openssl dhparam -2 2048 >> /etc/ssl/certs/monit.pem

 

# Set mode
chmod 600 /etc/ssl/certs/monit.pem

 

# Prints out the certificate information
openssl x509 -text -noout -in /etc/ssl/certs/monit.pem

 

 

root@gemini:/etc/monit# openssl dhparam -2 2048 >> /etc/ssl/certs/monit.pem
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
……………………………………………………………+.

 

 

then after doing

 

openssl x509 -text -noout -in /etc/ssl/certs/monit.pem

 

do:

 

root@gemini:/etc/monit# monit -t
Control file syntax OK

root@gemini:/etc/monit# systemctl restart monit
root@gemini:/etc/monit# systemctl status monit
● monit.service – LSB: service and resource monitoring daemon
Loaded: loaded (/etc/init.d/monit; generated)
Active: active (running) since Mon 2021-05-17 14:09:10 BST; 5s ago
Docs: man:systemd-sysv-generator(8)
Process: 13001 ExecStart=/etc/init.d/monit start (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 2280)
Memory: 1.2M
CGroup: /system.slice/monit.service
└─13018 /usr/bin/monit -c /etc/monit/monitrc

 

May 17 14:09:10 gemini systemd[1]: Starting LSB: service and resource monitoring daemon…
May 17 14:09:10 gemini monit[13001]: * Starting daemon monitor monit
May 17 14:09:10 gemini monit[13001]: …done.
May 17 14:09:10 gemini systemd[1]: Started LSB: service and resource monitoring daemon.
root@gemini:/etc/monit#

 

You can then access the monitoring web interface with:

 

https://kevwells.com:2812

 

(enter username and password when prompted – these have been changed from the standard)

 

Continue Reading