The state of the network services offered by a company is the business card with which it presents itself to the world. Thanks to constant monitoring, it is possible to understand how and where to improve the infrastructure of the network in real time and detect any abnormalities.
Monit is software that should not be missing in the kit of a network administrator as it automatically controls and manages the applications on the server side in order to ensure that they are consistently active, for example, by testing the size of the files and permissions. In particular, Monit provides system administrators with an excellent control tool also equipped with a web interface. This allows you to manage the state of the system and processes using either a standard web browser or from the command line.
In this article, we will carry out the monitoring of a web server like Apache or Nginx with MySQL, SSH, and cron.
Installing a FAMP Environment: the easy way
This section describes how to set up Apache, MySQL, PHP and phpMyAdmin on a server running FreeBSD. The article was written for the software versions below but is likely to work on newer versions without too much difficulty. Installing MySQL:
cd /usr/ports/databases/mysql55-server
make BUILD_OPTIMIZED=yes BUILD_STATIC=yes
make install clean
Open /etc/rc.conf with your favourite text editor and add the line shown below. This will ensure mysql is enabled and starts on boot.
mysql_enable=”YES”
Start mysql manually to avoid having to reboot now by
typing:
/usr/local/etc/rc.d/mysql-server start
Set a password for the MySQL root user by executing
the command, substituting your own password in place
of new-password:
/usr/local/bin/mysqladmin -uroot
password ‘new-password’
And now MySQL is installed. Let’s start to install Apache.
cd /usr/ports/www/apache22
make install clean
It’s a good idea to disable the two DAV options, if you don’t need them, when prompted. Open /etc/rc.conf with your favourite text editor and add this line shown below to start Apache on boot.
apache22_enable=”YES”
Installing PHP
cd /usr/ports/lang/php5
make install clean
It’s very important to verify that the APACHE (Build Apache module) option is ticked and leave all other options as default before selecting OK.
cd /usr/ports/lang/php5-extentions
make install clean
Install the php.ini file:
cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
Edit the Apache configuration file /usr/local/etc/apache22/httpd.conf by adding the following lines:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Change the line: DirectoryIndex index.html …to DirectoryIndex index.php index.html …
Enable language settings by searching for the line:
#Include etc/apache22/extra/httpd-languages.conf
and removing the # comment mark so it reads:
Include etc/apache22/extra/httpd-languages.conf
Edit the language settings file (/usr/local/etc/apache22/extra/httpd-languages.conf) and add the following line at the end of the file:
AddDefaultCharset On
Start Apache using the startup script:
/usr/local/etc/rc.d/apache22 start
And you’re done! Apache with PHP and MySQL are installed.
After the FAMP environment, let’s install Monit
Installing Monit is really very simple. On Free / Open BSD, just log on to the terminal with administrator rights and type:
# pkg_add -r -v monit
To verify that the installation is successful, at the terminal simply, run the command:
# monit status
which should return the statistics for general use of the system.
A simple configuration
It’s really easy to create effective monitoring systems with the use of Monit. By default, it checks every two minutes if a service is active and stores the information in the log file /var/log/monit.log.
However, it is possible to change any of the settings by going to correctly fill in the fields in the main configuration file, respectively /etc/monit/monitrc in Debian based distributions and /usr/local/etc/monitrc on FreeBSD.
Monit natively provides a web server that responds on port 2812. To enable it properly, just edit the configuration file and restart the service with a “monit reload” from a terminal as root. Below is a simple example that allows access to the server from the local network 192.168.200.50 192.168.200.0/24 with username “admin” and password “monit”.
set httpd port 2812
use address 192.168.200.50
allow 0.0.0.0/0.0.0.0
allow admin:monit
allow @monit
allow @users readonly
The last two lines indicate that the users of the group “monit” have full read/write access to the system, while users of the “users” group have read-only access.
Now, with the browser on the IP or domain name of the server and logging in with the credentials created before, you will see a screen like this (If one wants to enable SSL access, one must create an ad hoc certificate).
The simplest configuration that can be set relates to the monitoring of the services running on the server itself. In fact, by properly editing the /usr/local/etc/monitrc, one can be sure to keep them always “up”. If the services active are Apache, MySQL and Nginx, they would be automatically tracked and restarted in case of block, and it would be possible to check the status from both the web interface and text-based interface.
To check the correct syntax of the configuration file simply run the command:
monit -t
Once the output of the command returns “Control file syntax OK”, the system is set up and ready to manage network services. To enable all tracking systems, simply run:
monit start all
In the heart of Monit configuration file
An entry for the control of a generic process in the file /usr/local/etc/monitrc has the following syntax:
check process PROCESSNAME
with pidfile PIDFILENAME-WITHABSOLUTE-PATH
start = STARTUP-SCRIPT
stop = STOP-SCRIPT
This item, in particular, checks the status of the local server cron daemon:
check process crond
with pidfile /var/run/crond.pid
start = “/etc/init.d/cron start”
stop = “/etc/init.d/cron stop”
However, it is always possible to refer to the monit man page to get the complete set of instructions and options to best configure the control system. There are two options you should activate in any case, and that is the logging system in the file /usr/local/etc/monitrc (In this case, everything is branded on the general system log file):
set logfile syslog facility log_daemon
and automatically start monit as a system daemon, which is accomplished by editing the file /etc/rc.conf and adding the item:
monit_enable=”YES”
Enabling monit as a system service (with updates every minute):
set daemon 60
A further change to the configuration of the logging via syslog lets you use a dedicated file for easier management of alerts:
set logfile syslog facility log_daemon
set logfile /var/log/monit.log
Configure your email server to send email notification:
set mailserver mail.yourmailserver.tld
Set email format such as from email
set mail-format { from: monit@yourmailserver.tld
subject: $SERVICE $EVENT at $DATE
message: Monit $ACTION $SE
VICE at $DATE on $HOST: $DESCRIPTION.
}
Example of Apache service management.
Entries in a control call are:
• check process httpd with pidfile /var/run/httpd.pid: You specify the pid file httpd.pid and its “daemon name”
• group www: We specify the www group, with permissions for startup / shutdown of the service.
• start program = “/usr/local/etc/rc.d/apache22 start”: Startup script.
• stop program = “/usr/local/etc/rc.d/apache22 stop”: Shutdown script.
• if failed host 127.0.0.1 port 80: Server IP address and listening port (80).
• protocol http then restart: The web server restarts if it is not possible to reach the IP and port specified.
• if 5 restarts within 5 cycles then timeout: Five attempts to restart have been made. If monit can not run, it takes the timeout condition.
To start and test monit, the easiest method is to “kill a process”; the daemon will restart and the system log will store the event. Monit will trace the status of cron as “inactive” and will start the next operation without requiring intervention by a system administrator.
The whole server room in a click
The web server integrated in Monit provides different levels of access: simple (no control over the LAN IP and no request for username / password), and standard (requested username / password and a block of IP addresses from which you can access). You can optionally integrate an SSL certificate.
Once logged in, we see a summary screen with the status of the servers and services running on it. Clicking on the individual links will access details of all the data of interest.
From this screen, you can see the detail of the data to the server, enable and disable the monitoring real time, discover in addition to the system load average, even the CPU, RAM and SWAP, and get to know when the data was collected, perhaps for statistical purposes.
This screen allows you to check, in one fell swoop, all the details of each service user group by pid to the process owner. You can also start / stop / restart the service itself and enable / disable the monitoring in addition to the usual data, including pid and CPU and RAM usage.
Administer Vsftpd with Monit – an example of missing pidfile
Some services, such as the well-known server Vsftpd, do not lean against the “pidfile” to interact with the system, and it is then complex to manage them with monit. Moreover, services are so widespread that a solution, even if partial, can be very convenient. The following link may provide cues suitable to solve the problem which is beyond the scope of this article (http://serverfault.com/questions/270316/monit-check-process-without-pidfile).
check process vsftpd
matching vsftpd
start program = “/etc/init.d/vsftpd start”
stop program = “/etc/init.d/vsftpd stop”
Finally we must add the library of pre-configured vsftpd to the monit control file and then restart the service for the changes to take effect.
Advanced Configurations from the heart of the server rooms
Below here is a small library of configurations to be added to your monitoring system. In particular, they refer to the location of the pidfile and the methods to start / stop the services.
Of course, there are many other services that can be monitored with this tool, but this base should be sufficient to take the first steps. From this point on, you’re only limited by your imagination.
About the Author
Antonio Francesco Gentile lives in Italy, Calabria and is a software and network engineer. He works for the National Research Institute ICAR as network manager, with the Culture Lab (http://culture.deis.unical.it) in the Department of Telematics at the University of Calabria, the computer science associations, Hacklab Cosenza (http://hacklab.cosenzainrete.it/) and Verde Binario (http://www.verdebinario.org/), and is a freelance columnist for Italian magazines, Linux&C (http://www.oltrelinux.com/) and Linux Magazine (http://www.linuxmagazine.it/).
This article was re-published with the permission of BSD Magazine. To Learn More about iXsystem’s commitment to open source check us out here: https://www.ixsystems.com/about-ix/
