Monit configuration checks for common services running in CentOS 7

The following are Monit configuration that are created specifically for CentOS 7 system. If you have not installed Monit yet, please check this guide: Installing Monit to monitor your server running CentOS 7 with nginx.

Apache

Create the file /etc/monit.d/httpd and add the following to it:

      
## Apache monitoring.

## Test the httpd service.
check process apache with pidfile /run/httpd/httpd.pid
  group apache
  start program = "/usr/bin/systemctl start httpd"
  stop  program = "/usr/bin/systemctl stop httpd"
  restart program  = "/usr/bin/systemctl restart httpd"
  ## Test port 80. Restart if the server is down.
  if failed host localhost port 80 protocol http then restart
  ## If the restarts attempts fail then alert.   
  if 3 restarts within 5 cycles then timeout
  depends on apache_bin
  depends on apache_init
  alert root@localhost only on {timeout}    

## Test the process binary.
check file apache_bin with path /usr/sbin/httpd
  group apache
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost  

## Test the init scripts.
check file apache_init with path /usr/lib/systemd/system/httpd.service
  group apache
  if failed checksum then unmonitor
  if failed permission 644 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    
Nginx

Create the file /etc/monit.d/nginx and add the following to it:

      
## Nginx monitoring.

## Test the nginx service.
check process nginx with pidfile /run/nginx.pid
  group nginx
  start program = "/usr/bin/systemctl start nginx"
  stop  program = "/usr/bin/systemctl stop nginx"
  restart program  = "/usr/bin/systemctl restart nginx"
  ## Test port 80. Restart if the server is down.
  if failed host localhost port 80 protocol http then restart
  ## If the restarts attempts fail then alert.   
  if 3 restarts within 5 cycles then timeout
  depends on nginx_bin
  depends on nginx_init
  alert root@localhost only on {timeout}    

## Test the process binary.
check file nginx_bin with path /usr/sbin/nginx
  group nginx
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost  

## Test the init scripts.
check file nginx_init with path /usr/lib/systemd/system/nginx.service
  group nginx
  if failed checksum then unmonitor
  if failed permission 644 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    
Mariadb

Create the file /etc/monit.d/mariadb and add the following to it:

      
## Mariadb monitoring.

## Test the mariadb service.
check process mariadb with pidfile /run/mariadb/mariadb.pid
  group database
  start program = "/usr/bin/systemctl start mariadb"
  stop  program = "/usr/bin/systemctl stop mariadb"
  restart program  = "/usr/bin/systemctl restart mariadb"
  if failed port 3306 protocol mysql then restart
  if 3 restarts within 5 cycles then timeout
  # This process check depends on checking the binary if the mariadb
  # daemon and the init script.
  depends on mariadb_bin
  depends on mariadb_init
  alert root@localhost only on {timeout}

## Test the process binary.
check file mariadb_bin with path /usr/bin/mysqld_safe
  group database
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost

## Test the init scripts.
check file mariadb_init with path /usr/lib/systemd/system/mariadb.service
  group database
  if failed checksum then unmonitor
  if failed permission 644 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    
PHP-FPM

Create the file /etc/monit.d/php-fpm and add the following to it:

      
## PHP-FPM monitoring.
  
## Test the php-fpm service.
check process php-fpm-tcp with pidfile /run/php-fpm/php-fpm.pid
  group phpcgi-tcp
  start program = "/usr/bin/systemctl start php-fpm"
  stop  program = "/usr/bin/systemctl stop php-fpm"
  restart program  = "/usr/bin/systemctl restart php-fpm"
  ## Test the FCGI protocol with an empty FCGI request.
  if failed port 9000
  ## This was based from here:
  ## http://richard.wallman.org.uk/2010/03/monitor-a-fastcgi-server-using-monit/
  ## and here:
  ## http://stackoverflow.com/questions/1302209/how-do-i-ping-a-fastcgi-server.
  ## Send FastCGI packet: version 1 (0x01), cmd FCGI_GET_VALUES (0x09)
  ## padding 8 bytes (0x08), followed by 8xNULLs padding.
  ## This follows the FCGI spec at http://www.fastcgi.com/devkit/doc/fcgi-spec.html#S3.
  ## 1. Version - 1 byte (version 1).
  ## 2. Type - 1 byte (FCGI_GET_VALUES = 9).
  ## 3. Request ID - 2 bytes (set to 0 - null request ID).
  ## 4. Content length - 2 bytes (set to 0).
  ## 5. Padding length - 1 byte (set to 8).
  ## 6. Reserved - 1 byte (set to 0).
  ## 7. Content data - variable size set to NULL.
  ## 8. Padding data - variable size set to 8 bytes (all NULL).
  send "\0x01\0x09\0x00\0x00\0x00\0x00\0x08\0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00"
  ## Expect FastCGI packet: version 1 (0x01), resp FCGI_GET_VALUES_RESULT (0x0A).
  ## 1. Version - 1 byte (version 1).
  ## 2. Type - 1 byte (FCGI_GET_VALUES_RESULT = 10).
  expect "\0x01\0x0A"
  ## Timeout because we don't care about anything else then the two initial bytes. 
  timeout 5 seconds
  then restart
  ## If the restarts attempts fail then alert.
  if 3 restarts within 5 cycles then timeout
  depends on php-fpm-tcp_bin
  depends on php-fpm-tcp_init
  alert root@localhost only on {timeout}

## Test the php-fpm binary.
check file php-fpm-tcp_bin with path /usr/sbin/php-fpm
   group phpcgi-tcp
   if failed checksum then unmonitor
   if failed permission 755 then unmonitor
   if failed uid root then unmonitor
   if failed gid root then unmonitor
   alert root@localhost

## Test the init scripts.
check file php-fpm-tcp_init with path /usr/lib/systemd/system/php-fpm.service
   group phpcgi-tcp
   if failed checksum then unmonitor
   if failed permission 644 then unmonitor
   if failed uid root then unmonitor
   if failed gid root then unmonitor
   alert root@localhost
      
    
SSH

Create the file /etc/monit.d/sshd and add the following to it:

      
## SSH monitoring.

## Test the sshd service.
check process sshd with pidfile /run/sshd.pid
  group ssh
  start program = "/usr/bin/systemctl start sshd"
  stop  program = "/usr/bin/systemctl stop sshd"
  restart program  = "/usr/bin/systemctl restart sshd"
  if failed port 22 protocol ssh then restart
  if 3 restarts within 5 cycles then timeout
  depends on sshd_bin   
  depends on sshd_init
  alert root@localhost only on {timeout}

## Test the process binary.
check file sshd_bin with path /usr/sbin/sshd
  group ssh
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost

## Test the init scripts.
check file sshd_init with path /usr/lib/systemd/system/sshd.service
  group ssh
  if failed checksum then unmonitor
  if failed permission 644 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    
Cron

Create the file /etc/monit.d/crond and add the following to it:

      
## Cron monitoring.

## Test the crond service.
check process crond with pidfile /run/crond.pid
  group cron
  start program = "/usr/bin/systemctl start crond"
  stop  program = "/usr/bin/systemctl stop crond"
  restart program  = "/usr/bin/systemctl restart crond"
  depends on crond_bin   
  depends on crond_init
  alert root@localhost

## Test the process binary.
check file crond_bin with path /usr/sbin/crond
  group cron
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost

## Test the init scripts.
check file crond_init with path /usr/lib/systemd/system/crond.service
  group cron
  if failed checksum then unmonitor
  if failed permission 644 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    
Postfix

Create the file /etc/monit.d/postfix and add the following to it:

      
## Postfix monitoring.

## Test the postfix service.
check process postfix with pidfile /var/spool/postfix/pid/master.pid
  group mailserver
  start program = "/usr/bin/systemctl start postfix"
  stop  program = "/usr/bin/systemctl stop postfix"
  restart program  = "/usr/bin/systemctl restart postfix"
  if failed port 25 protocol smtp then restart
  if 3 restarts within 5 cycles then timeout
  depends on postfix_bin   
  depends on postfix_init
  alert root@localhost only on {timeout}

## Test the process binary.
check file postfix_bin with path /usr/sbin/postfix
  group mailserver
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost

## Test the init scripts.
check file postfix_init with path /usr/lib/systemd/system/postfix.service
  group mailserver
  if failed checksum then unmonitor
  if failed permission 644 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    
Memcache
      
## Memcache monitoring.

## Test the memcached service.
check process memcached matching "memcache"
  group memcache
  start program = "/usr/bin/systemctl start memcached"
  stop  program = "/usr/bin/systemctl stop memcached"
  restart program  = "/usr/bin/systemctl restart memcached"
  if failed port 11211 protocol memcache then restart
  if 3 restarts within 5 cycles then timeout
  depends on memcached_bin   
  depends on memcached_init
  alert root@localhost only on {timeout}

## Test the process binary.
check file memcached_bin with path /usr/bin/memcached
  group memcache
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost

## Test the init scripts.
check file memcached_init with path /usr/lib/systemd/system/memcached.service
  group memcache
  if failed checksum then unmonitor
  if failed permission 644 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    
Solr

Create the file /etc/monit.d/solr and add the following to it:

      
## Solr monitoring.

## Test the solr service.
check process solr with pidfile /var/solr/solr-8983.pid
  group solr
  start program = "/usr/bin/systemctl start solr"
  stop  program = "/usr/bin/systemctl stop solr"
  restart program  = "/usr/bin/systemctl restart solr"
  if failed port 8983 then restart
  if 3 restarts within 5 cycles then timeout
  depends on solr_bin   
  depends on solr_init
  alert root@localhost only on {timeout}

## Test the process binary.
check file solr_bin with path /opt/solr/bin/solr
  group solr
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid solr then unmonitor
  if failed gid solr then unmonitor
  alert root@localhost

## Test the init scripts.
check file solr_init with path /etc/init.d/solr
  group solr
  if failed checksum then unmonitor
  if failed permission 744 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    
MongoDB

Create the file /etc/monit.d/mongod and add the following to it:

      
## Mongodb monitoring.

## Test the mongodb service.
check process mongodb with pidfile /run/mongodb/mongod.pid
  group mongodb
  start program = "/etc/init.d/mongod start"
  stop  program = "/etc/init.d/mongod stop"
  restart program  = "/etc/init.d/mongod restart"
  if failed port 27017 then restart
  if 3 restarts within 5 cycles then timeout
  # This process check depends on checking the binary if the mariadb
  # daemon and the init script.
  depends on mongodb_bin
  depends on mongodb_init
  alert root@localhost only on {timeout}

## Test the process binary.
check file mongodb_bin with path /usr/bin/mongod
  group mongodb
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost

## Test the init scripts.
check file mongodb_init with path /etc/init.d/mongod
  group mongodb
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor
  alert root@localhost
      
    

For more examples of Monit configuration checks, please go here.

Comments

In the "if failed host" is it the sane if we write the IP address of the server?

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.