Tags Archives: monit

LPIC3 DIPLOMA Linux Clustering – LAB NOTES: Lesson Monit


Monit is an open source utility for monitoring services on Linux systems and keeping them running.


If for any reason a monitored service shuts down, Monit will attempt to bring it back online.


Monit also comes with a web interface which can also be used to control and monitor services.


To install Monit


(instructions for Debian/Ubuntu systems):


apt-get install monit


systemctl enable –now monit




How To Configure Monit


Monit configuration files are located under /etc/monit/ directory.


The main configuration file is /etc/monit/monitrc.


All files in /etc/monit/conf.d/ and /etc/monit/conf-enabled/ are read by monit when started.



Monit has an embedded HTTP interface for viewing service status via a web interface.


By default monit HTTP interface is not enabled. To enable uncomment the following lines in /etc/monit/monitrc


nano /etc/monit/monitrc


set httpd port 2812 and
use address localhost # only accept connection from localhost
allow localhost # allow localhost to connect to the server and
allow admin:monit # require user ‘admin’ with password ‘monit’


# NOTE: make sure you change these to something else in online or production environments!



You can change admin:monit to use another username and password. To connect from a different IP, add:


allow <IP Address>


then restart:


systemctl restart monit



How To Use Monit



To display system status with monit:


monit status


root@intel:~# monit summary
Monit 5.26.0 uptime: 0m
│ Service Name │ Status │ Type │
│ intel │ OK │ System │


root@intel:~# monit status
Monit 5.26.0 uptime: 0m


System ‘intel’
status OK
monitoring status Monitored
monitoring mode active
on reboot start
load average [0.22] [0.48] [0.57]
cpu 0.0%us 0.0%sy 0.0%wa
memory usage 2.0 GB [26.3%]
swap usage 0 B [0.0%]
uptime 26m
boot time Mon, 17 May 2021 14:04:37
data collected Mon, 17 May 2021 14:31:10






To check config:


monit -t


root@intel:~# monit -t
Control file syntax OK



To reload config after changes:


monit reload


root@intel:~# monit reload
Reinitializing monit daemon


to start running all monitored programs:


monit start all



To access Monit Web Interface:



Login with username “admin” and password “monit”.


To allow access to port from remote IPs through the firewall, run:


root@intel:~# ufw allow 2812
Rules updated
Rules updated (v6)



How to Configure Monit Web Interface to use SSL/TLS HTTPS



In directory  /etc/monit/  prepare the config file monit.cnf:


# create RSA certs – Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 2048
default_md = sha256
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = UK

stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = England

localityName = Locality Name (eg, city)
localityName_default = London

organizationName = Organization Name (eg, company)
organizationName_default = kevwells.com

organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = kevwells.com

commonName = Common Name (FQDN of your server)
commonName_default = kevwells.com

emailAddress = Email Address
emailAddress_default = mmonit@kevwells.com

[ cert_type ]
nsCertType = server



save above as monit.cnf


then still within the /etc/monit directory where you have just saved monit.cnf  run these commands to generate the pemfile :



# Generates the private key and the certificate
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /etc/ssl/certs/monit.pem \
-keyout /etc/ssl/certs/monit.pem


# Generates the Diffie-Hellman Parameters
openssl dhparam -2 2048 >> /etc/ssl/certs/monit.pem


# Set mode
chmod 600 /etc/ssl/certs/monit.pem


# Prints out the certificate information
openssl x509 -text -noout -in /etc/ssl/certs/monit.pem



root@gemini:/etc/monit# openssl dhparam -2 2048 >> /etc/ssl/certs/monit.pem
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time



then after doing


openssl x509 -text -noout -in /etc/ssl/certs/monit.pem




root@gemini:/etc/monit# monit -t
Control file syntax OK

root@gemini:/etc/monit# systemctl restart monit
root@gemini:/etc/monit# systemctl status monit
● monit.service – LSB: service and resource monitoring daemon
Loaded: loaded (/etc/init.d/monit; generated)
Active: active (running) since Mon 2021-05-17 14:09:10 BST; 5s ago
Docs: man:systemd-sysv-generator(8)
Process: 13001 ExecStart=/etc/init.d/monit start (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 2280)
Memory: 1.2M
CGroup: /system.slice/monit.service
└─13018 /usr/bin/monit -c /etc/monit/monitrc


May 17 14:09:10 gemini systemd[1]: Starting LSB: service and resource monitoring daemon…
May 17 14:09:10 gemini monit[13001]: * Starting daemon monitor monit
May 17 14:09:10 gemini monit[13001]: …done.
May 17 14:09:10 gemini systemd[1]: Started LSB: service and resource monitoring daemon.


You can then access the monitoring web interface with:




(enter username and password when prompted – these have been changed from the standard)


Continue Reading