Topic: [FAQ] How to monitor mail related service with monit
Credits
Thanks to dasher for his sharing.
What monit is
Monit is a free open source utility for managing and monitoring, processes, files, directories and filesystems on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.
Homepage: http://mmonit.com/monit/
What Monit can do
Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. You can use Monit to monitor files, directories and filesystems for changes, such as timestamp changes, checksum changes or size changes. You can also monitor remote hosts; Monit can ping a remote host and can check TCP/IP port connections and server protocols. Monit is controlled via an easy to use control file based on a free-format, token-oriented syntax. Monit logs to syslog or to its own log file and notifies you about error conditions and recovery status via customizable alert.
How to install it
- On RHEL/CentOS, you can download monit from EPEL repository, and then install it manually:
+ i386: http://download.fedora.redhat.com/pub/e … rver/i386/
+ x86_64: http://download.fedora.redhat.com/pub/e … er/x86_64/
- On Debian/Ubuntu, you can install monit with apt-get directly:
# apt-get install monit- On FreeBSD, you can install it with port tree:
# cd /usr/ports/sysutils/monit/
# make install cleanHow to configure it
We use RHEL/CentOS as example here.
On RHEL/CentOS, the main config is /etc/monit.conf, and all files under /etc/monit.d/ will be included as config files too.
Monit is configured by default, we just need to add service monitors. You can save and place below files under /etc/monit.d/, and then start monit service.
Reference:
# File: /etc/monit.d/buildinhttp
# Auth user with basic HTTP auth, use plain text as password here.
#
# ---- NOTE: Do NOT forget to open this port in your iptables rules ----
#
set httpd port 2812 and
#SSL ENABLE # <- Enable SSL
#PEMFILE /var/certs/monit.pem
allow username:password# File: /etc/monit.d/amavisd
# amavis
check process amavisd with pidfile /var/amavis/amavisd.pid
group services
start program = "/etc/init.d/amavisd start"
stop program = "/etc/init.d/amavisd stop"
if failed port 10024 then restart
if 5 restarts within 5 cycles then timeout# File: /etc/monit.d/httpd
check process apache with pidfile /var/run/httpd.pid
group www
start program = "/etc/init.d/httpd start"
stop program = "/etc/init.d/httpd stop"
if failed port 80 then restart
if 5 restarts within 5 cycles then timeout
depends on apache_bin
depends on apache_rc
check file apache_bin with path /usr/sbin/httpd
group www
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor
check file apache_rc with path /etc/init.d/httpd
group www
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor# File: /etc/monit.d/clamd
check process clamd with pidfile /var/run/clamav/clamd.pid
group virus
start program = "/etc/init.d/clamd start"
stop program = "/etc/init.d/clamd stop"
if 5 restarts within 5 cycles then timeout
depends on clamavd_bin
depends on clamavd_rc
check file clamavd_bin with path /usr/sbin/clamd
group virus
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor
check file clamavd_rc with path /etc/init.d/clamd
group virus
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor# File: /etc/monit.d/crond
check process cron with pidfile /var/run/crond.pid
group system
start program = "/etc/init.d/crond start"
stop program = "/etc/init.d/crond stop"
if 5 restarts within 5 cycles then timeout
depends on cron_rc
check file cron_rc with path /etc/init.d/crond
group system
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor# File: /etc/monit.d/dovecot
check process dovecot with pidfile /var/run/dovecot/master.pid
start program = "/etc/init.d/dovecot start"
stop program = "/etc/init.d/dovecot stop"
group mail
if failed host localhost port 993 type tcpssl sslauto protocol imap then restart
if failed host localhost port 143 protocol imap then restart
if 5 restarts within 5 cycles then timeout
depends dovecot_init
depends dovecot_bin
check file dovecot_init with path /etc/init.d/dovecot
group mail
check file dovecot_bin with path /usr/sbin/dovecot
group mail# File: /etc/monit.d/logging
# log to monit.log
set logfile /var/log/monit.log# File: /etc/monit.d/mysqld
check process mysql with pidfile /var/run/mysqld/mysqld.pid
group database
start program = "/etc/init.d/mysqld start"
stop program = "/etc/init.d/mysqld stop"
if failed host 127.0.0.1 port 3306 protocol mysql then restart
if 5 restarts within 5 cycles then timeout
depends on mysql_bin
depends on mysql_rc
check file mysql_bin with path /usr/bin/mysqld_safe
group database
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor
check file mysql_rc with path /etc/init.d/mysqld
group database
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor# File: /etc/monit.d/openldap
check process slapd with pidfile /var/run/openldap/slapd.pid
group database
start program = "/etc/init.d/ldap start"
stop program = "/etc/init.d/ldap stop"
if 5 restarts within 5 cycles then timeout
depends on slapd_bin
depends on slapd_rc
check file slapd_bin with path /usr/sbin/slapd
group database
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor
check file slapd_rc with path /etc/init.d/ldap
group database
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor# File: /etc/monit.d/policyd
check process policyd with pidfile /var/run/policyd.pid
group mail
start program = "/etc/init.d/policyd start"
stop program = "/etc/init.d/policyd stop"
if failed port 10031 protocol postfix-policy then restart
if 5 restarts within 5 cycles then timeout
depends on postfix-policyd
check file postfix-policyd with path /usr/sbin/policyd
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor# File: /etc/monit.d/postfix
check process postfix with pidfile /var/spool/postfix/pid/master.pid
group mail
start program = "/etc/init.d/postfix start"
stop program = "/etc/init.d/postfix stop"
if failed port 25 protocol smtp then restart
if 5 restarts within 5 cycles then timeout
depends on postfix_rc
check file postfix_rc with path /etc/init.d/postfix
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor# File: /etc/monit.d/syslog
check process syslogd with pidfile /var/run/syslogd.pid
start program = "/etc/init.d/syslog start"
stop program = "/etc/init.d/syslog stop"
if 5 restarts within 5 cycles then timeout# File: /etc/monit.d/sshd
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/sshd start"
stop program "/etc/init.d/sshd stop"
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeoutStart monit service:
# /etc/init.d/monit restartAccess port 2812 of your server address (http://x.x.x.x:2812/) to view the service status. Below are screenshots from monit web site:
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.