document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

[Translated] 20150326 How to set up server monitoring system with Monit.md

Browse Source
This commit is contained in:
Gore Liu 2015-05-21 22:00:35 +08:00
parent dbd3a3a019
commit 1fa7073ae6
2 changed files with 250 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

254
sources/tech/20150326 How to set up server monitoring system with Monit.md
View File

@ -1,254 +0,0 @@
Translating by goreliu ...
How to set up server monitoring system with Monit
================================================================================
Many Linux admins rely on a centralized remote monitoring system (e.g., [Nagios][1] or [Cacti][2]) to check the health of their network infrastructure. While centralized monitoring makes an admin's life easy when dealing with many hosts and devices, a dedicated monitoring box obviously becomes a single point of failure; if the monitoring box goes down or becomes unreachable for whatever reason (e.g., bad hardware or network outage), you will lose visibility on your entire infrastructure.
One way to add redundancy to your monitoring system is to install standalone monitoring software (as a fallback) at least on any critical/core servers on your network. In case a centralized monitor is down, you will still be able to maintain visibility on your core servers from their backup monitor.
### What is Monit? ###
[Monit][3] is a cross-platform open-source tool for monitoring Unix/Linux systems (e.g., Linux, BSD, OSX, Solaris). Monit is extremely easy to install and reasonably lightweight (with only 500KB in size), and does not require any third-party programs, plugins or libraries. Yet, Monit lends itself to full-blown monitoring, capable of process status monitoring, filesystem change monitoring, email notification, customizable actions for core services, and so on. The combination of ease of setup, lightweight implementation and powerful features makes Monit an ideal candidate for a backup monitoring tool.
I have been using Monit for several years on multiple hosts, and I am very pleased how reliable it has been. Even as a full-blown monitoring system, Monit is very useful and powerful for any Linux admin. In this tutorial, let me demonstrate how to set up Monit on a local server (as a backup monitor) to monitor common services. With this setup, I will only scrach the surface of what Monit can do for us.
### Installation of Monit on Linux ###
Most Linux distributions already include Monit in their repositories.
Debian, Ubuntu or Linux Mint:
$ sudo aptitude install monit
Fedora or CentOS/RHEL:
On CentOS/RHEL, you must enable either [EPEL][4] or [Repoforge][5] repository first.
# yum install monit
Monit comes with a very well documented configuration file with a lots of examples. The main configuration file is located in /etc/monit.conf in Fedora/CentOS/RHEL, or /etc/monit/monitrc in Debian/Ubuntu/Mint. Monit configuration has two parts: "Global" and "Services" sections.
Gl### ###obal Configuration: Web Status Page
Monit can use several mail servers for notifications, and/or an HTTP/HTTPS status page. Let's start with the web status page with the following requirements.
- Monit listens on port 1966.
- Access to the web status page is encrypted with SSL.
- Login requires monituser/romania as user/password.
- Login is permitted from localhost, myhost.mydomain.ro, and internal LAN (192.168.0.0/16) only.
- Monit stores an SSL certificate in a pem format.
For subsequent steps, I will use a Red Hat based system. Similar steps will be applicable on a Debian based system.
First, generate and store a self-signed certificate (monit.pem) in /var/cert.
# mkdir /var/certs
# cd /etc/pki/tls/certs
# ./make-dummy-cert monit.pem
# cp monit.pem /var/certs
# chmod 0400 /var/certs/monit.pem
Now put the following snippet in the Monit's main configuration file. You can start with an empty configuration file or make a copy of the original file.
set httpd port 1966 and
SSL ENABLE
PEMFILE /var/certs/monit.pem
allow monituser:romania
allow localhost
allow 192.168.0.0/16
allow myhost.mydomain.ro
### Global Configuration: Email Notification ###
Next, let's set up email notification in Monit. We need at least one active [SMTP server][6] which can send mails from the Monit host. Something like the following will do (adjust it for your case):
- Mail server hostname: smtp.monit.ro
- Sender email address used by monit (from): monit@monit.ro
- Who will receive mail from monit daemon: guletz@monit.ro
- SMTP port used by mail server: 587 (default is 25)
With the above information, email notification would be configured like this:
set mailserver smtp.monit.ro port 587
set mail-format {
from: monit@monit.ro
subject: $SERVICE $EVENT at $DATE on $HOST
message: Monit $ACTION $SERVICE $EVENT at $DATE on $HOST : $DESCRIPTION.
Yours sincerely,
Monit
}
set alert guletz@monit.ro
As you can see, Monit offers several built-in variables ($DATE, $EVENT, $HOST, etc.), and you can customize your email message for your needs. If you want to send mails from the Monit host itself, you need a sendmail-compatible program (e.g., postfix or ssmtp) already installed.
### Global Configuration: Monit Daemon ###
The next part is setting up monit daemon. We will set it up as follows.
- Performs the first check after 120 seconds.
- Checks services once every 3 minutes.
- Use syslog for logging.
Place the following snippet to achieve the above setting.
set daemon 120
with start delay 240
set logfile syslog facility log_daemon
We must also define "idfile", a unique ID used by monit demon, and "eventqueue", a path where mails sent by monit but undelivered due to SMTP/network errors. Verifiy that path (/var/monit) already exists. The following configuration will do.
set idfile /var/monit/id
set eventqueue
basedir /var/monit
### Test Global Configuration ###
Now the "Global" section is finished. The Monit configuration file will look like this:
# Global Section
# status webpage and acl's
set httpd port 1966 and
SSL ENABLE
PEMFILE /var/certs/monit.pem
allow monituser:romania
allow localhost
allow 192.168.0.0/16
allow myhost.mydomain.ro
# mail-server
set mailserver smtp.monit.ro port 587
# email-format
set mail-format {
from: monit@monit.ro
subject: $SERVICE $EVENT at $DATE on $HOST
message: Monit $ACTION $SERVICE $EVENT at $DATE on $HOST : $DESCRIPTION.
Yours sincerely,
Monit
}
set alert guletz@monit.ro
# delay checks
set daemon 120
with start delay 240
set logfile syslog facility log_daemon
# idfile and mail queue path
set idfile /var/monit/id
set eventqueue
basedir /var/monit
Now it is time to check what we have done. You can test an existing configuration file (/etc/monit.conf) by running:
# monit -t
----------
Control file syntax OK
If Monit complains about any error, please review the configuration file again. Fortunately, error/warnings messages are informative. For example:
monit: Cannot stat the SSL server PEM file '/var/certs/monit.pem' -- No such file or directory
/etc/monit/monitrc:10: Warning: hostname did not resolve 'smtp.monit.ro'
Once you verify the syntax of configuration, start monit daemon, and wait 2 to 3 minutes:
# service monit start
If you are using systemd, run:
# systemctl start monit
Now open a browser window, and go to https://<monit_host>:1966. Replace &<monit_host> with your Monit hostname or IP address.
Note that if you have a self-signed SSL certificate, you will see a warning message in your browser.
![](https://farm8.staticflickr.com/7596/16737206479_96b9f7dfdb_c.jpg)
After you have completed login, you must see the following page.
![](https://farm8.staticflickr.com/7594/16303369973_6019482dea_c.jpg)
In the rest of the tutorial, let me show how we can monitor a local server and common services. You will see a lot of useful examples on the [official wiki page][7]. Most of them are copy-and-pastable!
### Service Configuration: CPU/Memory Monitoring ###
Let start with monitoring a local server's CPU/memory usage. Copy the following snippet in the configuration file.
check system localhost
if loadavg (1min) > 10 then alert
if loadavg (5min) > 6 then alert
if memory usage > 75% then alert
if cpu usage (user) > 70% then alert
if cpu usage (system) > 60% then alert
if cpu usage (wait) > 75% then alert
You can easily interpret the above configuration. The above checks are performed on local host for every monitoring cycle (which is set to 120 seconds in the Global section). If any condition is met, monit daemon will send an alert with an email.
If certain properties do not need to be monitored for every cycle, you can use the following format. For example, this will monitor average load every other cycle (i.e., every 240 seconds).
if loadavg (1min) > 10 for 2 cycles then alert
### Service Configuration: SSH Service Monitoring ###
Let's check if we have sshd binary installed in /usr/sbin/sshd:
check file sshd_bin with path /usr/sbin/sshd
We also want to check if the init script for sshd exist:
check file sshd_init with path /etc/init.d/sshd
Finally, we want to check if sshd daemon is up an running, and listens on port 22:
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/sshd start"
stop program "/etc/init.d/sshd stop"
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeout
More specifically, we can interpret the above configuration as follows. We check if a process named sshd and a pidfile (/var/run/sshd.pid) exist. If either one does not exist, we restart sshd demon using init script. We check if a process listening on port 22 can speak SSH protocol. If not, we restart sshd daemon. If there are at least 5 restarts within the last 5 monitoring cycles (i.e., 5x120 seconds), sshd daemon is declared non-functional, and we do not try to check again.
![](https://farm9.staticflickr.com/8685/16735725998_62c26a24bc_c.jpg)
### Service Configuration: SMTP Service Monitoring ###
Now let's set up a check on a remote SMTP mail server (e.g., 192.168.111.102). Let's assume that the SMTP server is running SMTP, IMAP and SSH on its LAN interface.
check host MAIL with address 192.168.111.102
if failed icmp type echo within 10 cycles then alert
if failed port 25 protocol smtp then alert
else if recovered then exec "/scripts/mail-script"
if failed port 22 protocol ssh then alert
if failed port 143 protocol imap then alert
We check if the remote host responds to ICMP. If we haven't received ICMP response within 10 cycles, we send out an alert. If testing for SMTP protocol on port 25 fails, we send out an alert. If testing succeeds again after a failed test, we run a script (/scripts/mail-script). If testing for SSH and IMAP protocols fail on port 22 and 143, respectively, we send out an alert.
### Conclusion ###
In this tutorial, I demonstrate how to set up Monit on a local server. What I showed here is just the tip of the iceberg, as far as Monit's capabilities are concerned. Take your time and read the man page about Monit (a very good one). Monit can do a lot for any Linux admin with a very nice and easy to understand syntax. If you put together a centralized remote monitor and Monit to work for you, you will have a more reliable monitoring system. What is your thought on Monit?
--------------------------------------------------------------------------------
via: http://xmodulo.com/server-monitoring-system-monit.html
作者:[Iulian Murgulet][a]
译者:[goreliu](https://github.com/goreliu)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/iulian
[1]:http://xmodulo.com/monitor-common-services-nagios.html
[2]:http://xmodulo.com/monitor-linux-servers-snmp-cacti.html
[3]:http://mmonit.com/monit/
[4]:http://xmodulo.com/how-to-set-up-epel-repository-on-centos.html
[5]:http://xmodulo.com/how-to-set-up-rpmforge-repoforge-repository-on-centos.html
[6]:http://xmodulo.com/mail-server-ubuntu-debian.html
[7]:http://mmonit.com/wiki/Monit/ConfigurationExamples

250
translated/tech/20150326 How to set up server monitoring system with Monit.md Executable file
View File

@ -0,0 +1,250 @@
如何使用Monit部署服务器监控系统
================================================================================
很多Linux系统管理员依赖一个集中式的远程监控系统比如[Nagios][1]或者[Cacti][2])来检查他们网络基础设备的健康状况。虽然集中式监控让管理员的生活更简单了,然而处理很多机器和服务时,专用的监控中心显然成为了一个单点故障,如果监控中心挂了或者因为什么原因(比如硬件或者网络故障)不可访问了,你就会失去整个网络基础设备情况的任何信息。
一个给你的监控系统增加冗余度的方法是安装独立的监控软件(作为后备),至少在网络中的关键/核心服务器上。这样在集中式监控系统挂掉的情况,你还有能力通过后备的监控方式来获取核心服务器的运行状况。
### Monit是什么 ###
[Monit][3]是一个跨平台的用来监控Unix/linux系统比如Linux、BSD、OSX、Solaris的工具。Monit特别易于安装而且非常轻量级只有500KB大小并且不依赖任何第三方程序、插件或者库。然而Monit可以胜任全面监控、进程状态监控、文件系统变动监控、邮件通知和对核心服务的自定义回调等场景。易于安装、轻量级的实现以及强大的功能让Monit成为一个理想的后备监控工具。
我已经在一些机器使用Monit几年了而且我对它的可靠性非常满意。甚至作为全面的监控系统对任何Linux系统管理员来说Monit也是非常有用和强大的。在这篇教程中我会展示如何在一个本地服务器部署Monit作为后备监控系统来监控常见的服务。在部署过程中我只会展示我们用到的部分。
### 在Linux安装Monit ###
Monit已经被包含在多数Linux发行版的软件仓库中了。
Debian、Ubuntu或者Linux Mint
$ sudo aptitude install monit
Fedora或者CentOS/RHEL
在CentOS/RHEL中你必须首先启用[EPEL][4]或者[Repoforge][5]软件仓库.
# yum install monit
Monit自带一个文档完善的配置文件其中包含了很多例子。主配置文件在/etc/monit.confFedora/CentOS/RHEL或者/etc/monit/monitrcDebian/Ubuntu/Mint。Monit配置文件有两部分“Global”全局和“Services”服务
### Global Configuration: Web Status Page 全局配置Web状态页面。LCTT 译注:保留原文是因为和配置文件中的字段对应) ###
Monit可以使用邮件服务来发送通知也可以使用HTTP/HTTPS页面来展示。我们先使用符合以下要求的web状态页面吧
- Monit监听1966端口。
- 对web状态页面的访问是通过SSL加密的。
- 使用monituser/romania作为用户名/口令登录。
- 只允许使用localhost、myhost.mydomain.ro和在局域网内部192.168.0.0/16访问。
- Monit使用pem格式的SSL证书。
之后的步骤我会使用一个基于Red Hat的系统。在基于Debian的系统中的步骤也是类似的。
首先,在/var/cert生成一个自签名的证书monit.pem
# mkdir /var/certs
# cd /etc/pki/tls/certs
# ./make-dummy-cert monit.pem
# cp monit.pem /var/certs
# chmod 0400 /var/certs/monit.pem
现在将下列代码片段放到Monit的主配置文件中。你可以创建一个空配置文件或者基于自带的配置文件修改。
set httpd port 1966 and
SSL ENABLE
PEMFILE /var/certs/monit.pem
allow monituser:romania
allow localhost
allow 192.168.0.0/16
allow myhost.mydomain.ro
### Global Configuration: Email Notification (全局配置:邮件通知) ###
然后我们来设置Monit的邮件通知。我们至少需要一个可用的[SMTP服务器][6]来让Monit发送邮件。这样就可以按照你的实际情况修改
- 邮件服务器的机器名smtp.monit.ro
- Monit使用的发件人monit@monit.ro
- 邮件的收件人guletz@monit.ro
- 邮件服务器使用的SMTP端口587默认是25
有了以上信息,邮件通知就可以这样配置:
set mailserver smtp.monit.ro port 587
set mail-format {
from: monit@monit.ro
subject: $SERVICE $EVENT at $DATE on $HOST
message: Monit $ACTION $SERVICE $EVENT at $DATE on $HOST : $DESCRIPTION.
Yours sincerely,
Monit
}
set alert guletz@monit.ro
就像你看到的Monit会提供几个内部变量`$DATE`、`$EVENT`、`$HOST`等你可以按照你的需求自定义邮件内容。如果你想要从Monit所在机器发送邮件就需要一个已经安装的与sendmail兼容的程序如postfix或者ssmtp
### Global Configuration: Monit Daemon 全局配置Monit守护进程###
接下来就该配置Monit守护进程了。可以将其设置成这样
- 在120秒后进行第一次检测。
- 每3分钟检测一次服务。
- 使用syslog来记录日志。
如下代码段可以满足上述需求。
set daemon 120
with start delay 240
set logfile syslog facility log_daemon
我们必须定义“idfile”Monit守护进程的一个独一无二的ID文件以及“eventqueue”当monit的邮件因为SMTP或者网络故障发不出去邮件会暂存在这里以及确保/var/monit路径是存在的。然后使用下边的配置就可以了。
set idfile /var/monit/id
set eventqueue
basedir /var/monit
### 测试Global Configuration全局配置 ###
现在“Global”部分就完成了。Monit配置文件看起来像这样
# Global Section
# status webpage and acl's
set httpd port 1966 and
SSL ENABLE
PEMFILE /var/certs/monit.pem
allow monituser:romania
allow localhost
allow 192.168.0.0/16
allow myhost.mydomain.ro
# mail-server
set mailserver smtp.monit.ro port 587
# email-format
set mail-format {
from: monit@monit.ro
subject: $SERVICE $EVENT at $DATE on $HOST
message: Monit $ACTION $SERVICE $EVENT at $DATE on $HOST : $DESCRIPTION.
Yours sincerely,
Monit
}
set alert guletz@monit.ro
# delay checks
set daemon 120
with start delay 240
set logfile syslog facility log_daemon
# idfile and mail queue path
set idfile /var/monit/id
set eventqueue
basedir /var/monit
现在是时候验证我们的工作了,你可以通过运行如下命令来验证存在的配置文件(/etc/monit.conf
# monit -t
Control file syntax OK
如果monit提示任何错误请再检查下配置文件。幸运的是错误/警告信息是可以帮助你发现问题的,比如:
monit: Cannot stat the SSL server PEM file '/var/certs/monit.pem' -- No such file or directory
/etc/monit/monitrc:10: Warning: hostname did not resolve 'smtp.monit.ro'
一旦你确认配置文件没问题了可以启动monit守护进程然后等2到3分钟
# service monit start
如果你使用的是systemd运行
# systemctl start monit
现在打开一个浏览器窗口,然后访问`https://<monit_host>:1966`。将`<monit_host>`替换成Monit所在机器的机器名或者IP地址。
如果你使用的是自签名的SSL证书你会在浏览器中看到一个警告信息。
![](https://farm8.staticflickr.com/7596/16737206479_96b9f7dfdb_c.jpg)
你完成登录后,一定要看这个页面。
![](https://farm8.staticflickr.com/7594/16303369973_6019482dea_c.jpg)
在这个教程的其余部分,我们演示监控一个本地服务器和常见服务的方法。你会在[官方wiki页面][7]看到很多有用的例子。其中的多数是可以直接复制粘贴的!
### Service Configuration: CPU/Memory Monitoring 服务配置CPU、内存监控 ###
我们先来监控本地服务器的CPU、内存占用。复制如下代码段到配置文件中。
check system localhost
if loadavg (1min) > 10 then alert
if loadavg (5min) > 6 then alert
if memory usage > 75% then alert
if cpu usage (user) > 70% then alert
if cpu usage (system) > 60% then alert
if cpu usage (wait) > 75% then alert
你可以很容易理解上边的配置。最上边的check是指每个监控周期全局配置里设置的120秒都对本机进行下面的操作。如果满足了任何条件monit守护进程就会使用邮件发送一条报警。
如果某个监控项不需要每个周期都检查可以使用如下格式它会每240秒检查一次平均负载。
if loadavg (1min) > 10 for 2 cycles then alert
### Service Configuration: SSH Service Monitoring 服务配置SSH服务监控 ###
先检查我们的sshd是否安装在/usr/sbin/sshd
check file sshd_bin with path /usr/sbin/sshd
我们还想检查sshd的启动脚本是否存在
check file sshd_init with path /etc/init.d/sshd
最后我们还想检查sshd守护进程是否存活并且在监听22端口
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/sshd start"
stop program "/etc/init.d/sshd stop"
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeout
我们可以这样解释上述配置。我们检查是否存在名为sshd的进程并且有一个保存pid的文件存在/var/run/sshd.pid。如果任何一个不存在我们就使用启动脚本重启sshd。我们检查是否有进程在监听22端口并且使用的是SSH协议。如果没有我们还是重启sshd。如果在最近的5个监控周期5x120秒至少重启5次了sshd就被认为是不能用的我们就不再检查了。
![](https://farm9.staticflickr.com/8685/16735725998_62c26a24bc_c.jpg)
### Service Configuration: SMTP Service Monitoring 服务配置SMTP服务监控 ###
现在我们来设置一个检查远程SMTP服务器如192.168.111.102的监控。假定SMTP服务器运行着SMTP、IMAP、SSH服务。
check host MAIL with address 192.168.111.102
if failed icmp type echo within 10 cycles then alert
if failed port 25 protocol smtp then alert
else if recovered then exec "/scripts/mail-script"
if failed port 22 protocol ssh then alert
if failed port 143 protocol imap then alert
我们检查远程主机是否响应ICMP协议。如果我们在10个周期内没有收到ICMP回应就发送一条报警。如果监测到25端口上的SMTP协议是异常的就发送一条报警。如果在一次监测失败后又监测成功了就运行一个脚本/scripts/mail-script。如果检查22端口上的SSH或者143端口上的IMAP协议不正常同样发送报警。
### 总结 ###
在这个教程我演示了如何在本地服务器设置Monit当然这只是Monit功能的冰山一角。你可以花些时间阅读Monit的man手册写得很好。Monit可以为任何Linux系统管理员做很多事情并且具有非常优美和易于理解的语法。如果你将一个集中式的远程监控系统和Monit一同使用你会得到一个更可靠的监控系统。你感觉Monit怎么样
--------------------------------------------------------------------------------
via: http://xmodulo.com/server-monitoring-system-monit.html
作者:[Iulian Murgulet][a]
译者:[goreliu](https://github.com/goreliu)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/iulian
[1]:http://xmodulo.com/monitor-common-services-nagios.html
[2]:http://xmodulo.com/monitor-linux-servers-snmp-cacti.html
[3]:http://mmonit.com/monit/
[4]:http://xmodulo.com/how-to-set-up-epel-repository-on-centos.html
[5]:http://xmodulo.com/how-to-set-up-rpmforge-repoforge-repository-on-centos.html
[6]:http://xmodulo.com/mail-server-ubuntu-debian.html
[7]:http://mmonit.com/wiki/Monit/ConfigurationExamples