Install MUNIN to Centos 7 + MONIT
yum install munin munin-node
nano /etc/httpd/conf.d/munin.conf
Alias /munin /var/www/html/munin
<Directory /var/www/html/munin>
Require all granted
Options FollowSymLinks SymLinksIfOwnerMatch
</Directory>
ScriptAlias /cgi/munin-cgi-graph /var/www/cgi-bin/munin-cgi-graph
ScriptAlias /cgi/munin-cgi-html /var/www/cgi-bin/munin-cgi-html
<directory /var/www/html/munin>
AuthUserFile /etc/munin/munin-htpasswd
AuthName "MUNIN"
AuthType Basic
require valid-user
ExpiresActive On
ExpiresDefault M310
</directory>
<Location /cgi/munin-cgi-graph>
# Require local
Require all granted
Options FollowSymLinks SymLinksIfOwnerMatch
<IfModule mod_fastcgi.c>
SetHandler php-fastcgi
</IfModule>
<IfModule !mod_fastcgi.c>
SetHandler cgi-script
</IfModule>
</Location>
<Location /cgi/munin-cgi-html>
# Require local
Require all granted
Options FollowSymLinks SymLinksIfOwnerMatch
<IfModule mod_fastcgi.c>
SetHandler php-fastcgi
</IfModule>
<IfModule !mod_fastcgi.c>
SetHandler cgi-script
</IfModule>
</Location>
nano /etc/munin/munin.conf
dbdir /var/lib/munin
htmldir /var/www/html/munin
logdir /var/log/munin
rundir /var/run/munin
#
# A simple host tree
#
# [localhost]
# address 127.0.0.1
# use_node_name yes
[my_vps_server]
address 127.0.0.1
use_node_name yes
nano /etc/munin/munin-node.conf
user munin
group munin
allow ^127\.0\.0\.1$
allow ^::1$
allow ^your\.ip\.address\.here$
chmod 755 /var/www/html/munin/
chown -R munin:munin /var/www/html/munin/
systemctl restart httpd
httpd -t
systemctl restart munin
service munin status
systemctl restart munin-node
service munin-node status
MONIT
https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-mon...
we will install Monit:
yum -y install monit
Then we create the system startup links for Monit:
systemctl enable monit systemctl start monit
Monit's default configuration file is /etc/monitrc where you can find some configuration examples (you can find more configuration examples on http://mmonit.com/wiki/Monit/ConfigurationExamples) that are all commented out, but it tells Monit to also look in the directory /etc/monit.d for configuration files.
In this case, I will monitor:
- proftpd
- sshd
- MariaDB
- apache
- postfix
Furthermore, I will configure these settings for Monit:
- Enable the Monit web interface on port 2812.
- Use HTTPS for the web interface instead of HTTP.
- Configure a password protected Login for the web interface.
- Monit shall send email alerts to root@localhost.
First, I will configure the authentification settings. Open the file /etc/monitrc
nano /etc/monitrc
And scroll down until you find this section:
set httpd port 2812 and use address localhost # only accept connection from localhost allow localhost # allow localhost to connect to the server and allow admin:monit # require user 'admin' with password 'monit' allow @monit # allow users of group 'monit' to connect (rw) allow @users readonly # allow users of group 'users' to connect readonly
Replace it with the following settings:
set httpd port 2812 and use address 0.0.0.0 SSL ENABLE PEMFILE /var/certs/monit.pem allow admin:test
The word "test" is the password, please replace that with a secure password and you might also want to change the username "admin" to a name that can not be guessed easily.
Now we add the configuration for the monitored services. Instead of modifying /etc/monitrc, we create a new configuration file /etc/monit.d/monitrc.
My file looks like this:
nano /etc/monit.d/monitrc
set logfile syslog facility log_daemon
# Send emails trough this mailserver
set mailserver localhost
# Set the From address of the alert emails
set mail-format { from: monit@server1.example.com }
# Send alerts to this address
set alert root@localhost
# Monitor the Proftpd service
check process proftpd with pidfile /var/run/proftpd/proftpd.pid
start program = "/usr/bin/systemctl start proftpd"
stop program = "/usr/bin/systemctl stop proftpd"
if failed port 21 protocol ftp then restart
if 5 restarts within 5 cycles then timeout
# Monitor the SSH service
check process sshd with pidfile /var/run/sshd.pid
start program "/usr/bin/systemctl start sshd"
stop program "/usr/bin/systemctl stop sshd"
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeout
# Monitor MariaDB
check process mysql with pidfile /var/run/mariadb/mariadb.pid
group database
start program = "/usr/bin/systemctl start mariadb"
stop program = "/usr/bin/systemctl stop mariadb"
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout
# Monitor the apache webserver
check process apache with pidfile /var/run/httpd/httpd.pid
group www
start program = "/usr/bin/systemctl start httpd"
stop program = "/usr/bin/systemctl stop httpd"
if failed host localhost port 80 protocol http
and request "/monit_token" then restart
if cpu is greater than 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 500 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if 3 restarts within 5 cycles then timeout
# Monitor postfix mailserver
check process postfix with pidfile /var/spool/postfix/pid/master.pid
group mail
start program = "/usr/bin/systemctl start postfix"
stop program = "/usr/bin/systemctl stop postfix"
if failed port 25 protocol smtp then restart
if 5 restarts within 5 cycles then timeout
(Please make sure that you check processes only that really exist on your server - otherwise monit won't start. I.e., if you tell monit to check Postfix, but Postfix isn't installed on the system, monit won't start.)
The configuration file is pretty self-explaining; if you are unsure about an option, take a look at the Monit documentation: http://mmonit.com/monit/documentation/monit.html
In the apache part of the Monit configuration you find this:
if failed host localhost port 80 protocol http
and request "/monit_token" then restart
which means that Monit tries to connect to localhost on port 80 and tries to access the file /monit_token which is /var/www/html/monit_token because our web site's document root is /var/www/html. If Monit doesn't succeed it means Apache isn't running, and Monit is going to restart it. Now we must create the file /var/www/html/monit_token and write some random string into it:
touch /var/www/html/monit_token
Next, we create the SSL (pem) certificate (/var/certs/monit.pem) we need for the SSL-encrypted Monit web interface:
mkdir /var/certs cd /var/certs
We need an OpenSSL configuration file to create our certificate. It can look like this:
nano /var/certs/monit.cnf
# create RSA certs - Server RANDFILE = ./openssl.rnd [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type [ req_dn ] countryName = Country Name (2 letter code) countryName_default = MO stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Monitoria localityName = Locality Name (eg, city) localityName_default = Monittown organizationName = Organization Name (eg, company) organizationName_default = Monit Inc. organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Dept. of Monitoring Technologies commonName = Common Name (FQDN of your server) commonName_default = server.monit.mo emailAddress = Email Address emailAddress_default = root@monit.mo [ cert_type ] nsCertType = server
Now we create the certificate like this:
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
openssl gendh 512 >> /var/certs/monit.pem
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
chmod 700 /var/certs/monit.pem
Finally, we can start Monit:
systemctl restart monit
Now point your browser to https://www.example.com:2812/ (make sure port 2812 isn't blocked by your firewall), log in with admin and test, and you should see the Monit web interface. It should look like this:
(Main Screen)
(Apache Status Page)
Depending on your configuration in /etc/monit.d/monitrc Monit will restart your services if they fail and send notification emails if process IDs of services change, etc.