I use Monit for some monitoring Kallobombus. This page lists the important stuff I changed. Don’t forget to `sudo service monit restart` after making changes. See 2014-12-20 Monit for more.
set alert alex@gnu.org
Right. I want to get my email.
set httpd port 2812 and
SSL ENABLE
PEMFILE /etc/ssl/localcerts/monit.pem
allow admin:*secret*
Set password. Install a certificate. This makes sure that you can connect to your server via HTTPS, eg. https://alexschroeder.ch:2812/ and log in using the username and password given.
https://alexschroeder.ch:2812/
In `/etc/ssl/localcerts` I have a *README*:
https://wiki.debian.org/Self-Signed_Certificate https://www.howtoforge.com/server-monitoring-with-munin-and-monit-on-debian-wheezy-p2 openssl req -new -x509 -days 365 -nodes -config monit.cnf -out monit.pem -keyout monit.pem sudo chown root.root monit.pem sudo chmod 0700 monit.pem sudo service monit restart
The content of *monit.cnf*:
1. http://www.howtoforge.com/server-monitoring-with-munin-and-monit-on-debian-wheezy-p2 1. create RSA certs - Server RANDFILE = ./openssl.rnd [ req ] default_bits = 2048 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type [ req_dn ] countryName = Country Name (2 letter code) countryName_default = CH stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Zürich localityName = Locality Name (eg, city) localityName_default = Zürich organizationName = Organization Name (eg, company) organizationName_default = Alex Schroeder organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Head Desk commonName = Common Name (FQDN of your server) commonName_default = alexschroeder.ch emailAddress = Email Address emailAddress_default = alex@gnu.org [ cert_type ] nsCertType = server
Result:
+----------------------+-------------------------+------------------+-----------------+ | Load | CPU | Memory | Swap | +----------------------+-------------------------+------------------+-----------------+ | [0.49] [0.46] [0.46] | 34.6%us, 0.9%sy, 0.0%wa | 15.0% [78680 kB] | 99.8% [2044 kB] | +----------------------+-------------------------+------------------+-----------------+
Getting Chrome to accept self-signed localhost certificate
What I did on OSX was copy the `monit.pem` file to my local filesystem, opened it using Keychain added is to “System”, edited it, and set the Trust to “Always Trust”. Restart Chrome and now it seems to work.
check system Kallobombus if loadavg (1min) > 4 then alert if loadavg (5min) > 2 then alert if memory usage > 75% then alert 1. if swap usage > 25% then alert if cpu usage (user) > 90% then alert if cpu usage (system) > 30% then alert if cpu usage (wait) > 20% then alert
On the host I’m on, swap seems to be hover around 98% at all times. That’s why I commented the swap line. I also increased user cpu usage from 70% to 90% because I was getting too many alerts.
I also created `/etc/monit/conf.d/sendmail` as follows:
check process sendmail with pidfile /var/run/sendmail/mta/sendmail.pid group mail start program = "/etc/init.d/sendmail start" stop program = "/etc/init.d/sendmail stop" 1. if failed port 25 protocol smtp then restart if 5 restarts within 5 cycles then timeout depends on sendmail_bin depends on sendmail_rc 1. /usr/lib/sendmail points to /etc/alternatives/lib.sendmail which in 1. turn points to the file tested: check file sendmail_bin with path /usr/lib/sm.bin/sendmail group mail if failed checksum then unmonitor if failed permission 2755 then unmonitor if failed uid root then unmonitor if failed gid smmsp then unmonitor check file sendmail_rc with path /etc/init.d/sendmail group mail include /etc/monit/templates/rootbin
I just used pid location, permission 2755 and group smmsp from the setup as it is right now, which is what Debian Wheezy uses by default, I guess. I commented testing of port 25 because I was getting a lot of “[127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4” lines from logcheck via mail and I think this is Monit testing port 25.