Shashikant shah

Friday, 25 October 2013

Install Monit Tool on rhel-5.5


                                    MONIT TOOL

Monit is a free open source utility for managing and monitoring, processes, files, directories and filesystems on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

E.g. Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. You can use Monit to monitor files, directories and filesystems for changes, such as timestamps changes, checksum changes or size changes.

Monit is controlled via an easy to configure control file based on a free-format, token-oriented syntax. Monit logs to syslog or to its own log file and notifies you about error conditions via customizable alert messages. Monit can perform various TCP/IP network checks, protocol checks and can utilize SSL for such checks.

Install monit tool on rhel-5.5 (32bit) :-


Here we are going to see the some example configuration file
# vim /etc/monit.conf 
##### Global options #####
## Logging options ##

# Poll every minute
set daemon  60

set logfile syslog facility log_daemon  # Set syslog logging.

set mail-format { 
      from: monit@$HOST 
     subject: monit alert --  $EVENT $SERVICE 
     message: $EVENT Service $SERVICE 
                 Date:        $DATE 
                 Action:      $ACTION 
                  Host:        $HOST 
                 Description: $DESCRIPTION 

            Your faithful employee, 
            shashikant shah 
      }

# Here you can setup your own mailserver
set mailserver “smtp.gmail.com” port “587”
username shashi.brain11@gmail.com password “password”
using tlsv1
with timeout 30 seconds
set alert
shashi11.linux@gmail.com

set httpd port 2812 and
use address 0.0.0.0
allow localhost
allow 192.168.0.0/255.255.255.0
allow admin:monit
SSL ENABLE          // for SSL
PEMFILE  /var/certs/monit.pem   // SSL certificate location
 path ssl (/var/certs/monit.pem)
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
openssl gendh 512 >> /var/certs/monit.pem
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
chmod 700 /var/certs/monit.pem 
Then we need to configure OpenSSL configuration file to create our certificate
vi /var/certs/monit.cnf

example file is 
-------------------------------------------------------------------------------------------
# create RSA certs - Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = MO

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Monitoria

localityName                    = Locality Name (eg, city)
localityName_default            = Monittown

organizationName                = Organization Name (eg, company)
organizationName_default        = Monit Inc.

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Dept. of Monitoring Technologies

commonName                      = Common Name (FQDN of your server)
commonName_default              = server.monit.mo

emailAddress                    = Email Address
emailAddress_default            = root@monit.mo

[ cert_type ]
nsCertType = server

To check your configuration.
#monit –t



check system shashi
group server
if loadavg (1min) > 4 then alert
if loadavg (5min) > 2 then alert
if memory usage > 75% then alert
if swap usage > 25% then alert
if cpu usage (user) > 70% then alert
if cpu usage (system) > 30% then alert
if cpu usage (wait) > 20% then alert

##########
check process httpd with pidfile /var/run/httpd.pid
group apache
start program = "/etc/init.d/httpd start"
stop program = "/etc/init.d/httpd stop"
if failed host 127.0.0.1 port 80
protocol http then restart
if 5 restarts within 5 cycles then timeout
#########

#check ping
check host shashi-ping and address 10.30.139.124
group server
if failed icmp type echo count 3
with timeout 5 seconds then alert

#check space
check device shashi-/ with path /dev/sda6
group server
if space usage > 99% then alert

#check port
check host shine-port with address 115.112.0.5
group server
if failed port 80 type tcp with timeout 15 seconds then alert

#check WebSite
check host www.shine.com with address 115.112.0.7 # 115.112.0.5
if failed url http://www.shine.com/ and content == "ok"
then alert

#check www.hindustantimes.com
check host www.hindustantimes.com with address 115.112.0.6 #115.112.0.4
if failed url http://www.hindustantimes.com/ and content == "ok"
then alert

#check port
check host All-Port with address 10.1.0.222
if failed icmp type echo with timeout 4 seconds then alert
if failed port 8181 with timeout 9 seconds then alert
if failed port 8282 with timeout 10 seconds then alert
if failed port 9292 with timeout 14 seconds then alert


#check directory

check directory bin with path /bin
if failed permission 755 then unmonitor
if failed uid 0 then unmonitor

#check LAN
check host shashi-eth0 with address 10.30.139.124
group server
start program = "/sbin/ifup eth0"
stop program = "/sbin/ifdown eth0"
if failed icmp type echo with timeout 15 seconds then restart

check program script with path "/usr/local/bin/script.sh"

if status > 0 then alert {script is run then send a alert}

if status = 9 for 2 cycles then exec "/etc/init.d/some_service restart"
{if script is not run then exec this command or if script is not run then exec other script }

Access the web via http://localhost:2812

No comments:

Post a Comment