Modifying monit how-to for Deb 10

Hi there everyone!

I'm trying to follow the how-to for monit on Deb but the latest I can find in the articles is for 8. When trying to use for deb 10, it's stopped pretty quickly when found that monit has no installation candidate.

Is there a suggested method of getting monit on deb 10? What else in the how-to might need to be changed to suit the newer version?

Thanks for your time!

 

Ok, I've set up buster backports and installed monit. I continued on with the how-to but have run into an issue where port 2812 results in failed to connect. I followed the how-to except for the following:
Where the how-to states:
'openssl gendh 1024 >> /var/certs/monit.pem', I had to follow this reply in the topic where Till showed how to resolve the unknown command error.

On finishing the how-to, my normal sites are working, but monit's not picking up on that port.

How might I decipher where I went wrong?
Thanks!

 

Ever since LE SSL certs for ISPConfig server was introduced, I had never used a self-signed SSL certs for monit and I would suggest you do the same by symlinked the cert to ispserver.pem.

 

Thanks for the help!
I made the changes you suggested and now monit will not start:

Code:

set daemon 60
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format { from: [email protected] }
set alert [email protected]
set ssl options {
    version: auto
    verify: enable
    selfsigned: reject
}
set httpd port 8082 and
use address 0.0.0.0
SSL ENABLE
PEMFILE /etc/ssl/private/pure-ftpd.pem
allow admin:password

check process sshd with pidfile /var/run/sshd.pid
 start program "/usr/sbin/service ssh start"
 stop program "/usr/sbin/service ssh stop"
 if failed port 22 protocol ssh then restart
 if 5 restarts within 5 cycles then timeout

check process apache with pidfile /var/run/apache2/apache2.pid
 group www
 start program = "/usr/sbin/service apache2 start"
 stop program = "/usr/sbin/service apache2 stop"
 if failed host localhost port 80 protocol http
 and request "/monit/token" then restart
 if cpu is greater than 60% for 2 cycles then alert
 if cpu > 80% for 5 cycles then restart
 if totalmem > 500 MB for 5 cycles then restart
 if children > 250 then restart
 if loadavg(5min) greater than 10 for 8 cycles then stop
 if 3 restarts within 5 cycles then timeout

Any ideas on what has gone wrong?

 

As stated there, the permission 750 is wrong, where the right one should be 600. Plus this file must be symlinked to ispserver.pem. Try the following command:

Code:

rm /etc/ssl/private/pure-ftpd.pem
ln -s /usr/local/ispconfig/interface/ssl/ispserver.pem /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
service monit restart

 

The new errors on startup are as follows:

 

The admin:'password' must be real username and password created to access monit page and the ' ' is compulsory.

Edited: And maintain all the empty spaces in after set httpd port line.

 

that got me a running monit, thanks! I was wondering if you might be able to help me get my other services running.
For mysql(setup with the Deb 10 perfect server tutorial), I see that the monit conf file has 'example.pid' as it's process check. What should I change that to if I wanted to monitor that?

 

Perhaps this?

Code:

check process mysql with pidfile /var/run/mysqld/mysqld.pid
 group database
 start program = "/usr/sbin/service mysql start"
 stop program = "/usr/sbin/service mysql stop"
 if failed host 127.0.0.1 port 3306 then restart
 if 5 restarts within 5 cycles then timeout

 

Sorry but I just turn off my PC before I read this.

Anyway, in my experience the sample normally should work fine and you can verify this in monit page inside ISPConfig where it should say ok for mysql.

 

Thanks, I've got it monitoring my services. I need to ask though, what is the best way to actually be notified when an event occurs? I've set the contact email to an address not on the server([email protected]). Is there a better way to do this? Should I route the mail to root@localhost and set up my mail client to check that address?

Any thoughts and insight on the best way to get notified would be most welcome. Thanks for your time!

 

I've noticed that monit seems to be restarting my apache quite often(last restart seems to have occurred in under 2 hours from the one before). Since I'm not receiving any email concerning why this would happen and I'm not seeing anything on the monit webpage other than the time reset when it happens, I've changed the email in monitrc to root@localhost and will see if I get any mail the next time it resets.

EDIT: another restart after 7 minutes of uptime. This clearly isn't normal behavior. I really need to find some useful information as to why apache2 is restarting so often? I checked in the terminal and apache is indeed being restarted for some reason:

 

I am using outside (gmail) account as well and I set its relay in my server settings so that all system emails including from monit can be sent right to any outside email I set.

I guess you can use RC if you are running mail service in your server as well.

 

Ok, at 3 hours, I got this:

And apache restarted. The log file shows absolutely nothing about this:

My monitrc has this:

Code:

check process apache with pidfile /var/run/apache2/apache2.pid
 group www
 start program = "/usr/sbin/service apache2 start"
 stop program = "/usr/sbin/service apache2 stop"
 if failed host localhost port 80 protocol http
 and request "/monit/token" then restart
 if cpu is greater than 60% for 2 cycles then alert
 if cpu > 80% for 5 cycles then restart
 if totalmem > 500 MB for 5 cycles then restart
 if children > 250 then restart
 if loadavg(5min) greater than 10 for 8 cycles then stop
 if 3 restarts within 5 cycles then timeout

Is it the memory that's it thinks is being exceeded and why isn't the log showing any of this or root getting any mail about it? My apache is practically sitting at idle and seems to exceed 500mb which doesn't seem right.

 

You may add "set alert [email protected]" under each service you expect to be alerted. It is in its manual page: https://mmonit.com/monit/documentation/monit.html#Setting-an-alert-recipient

Otherwise set the email as we discussed earlier for whole monit services itself.

 

I set an alert intentionally low and it's being triggered, as can be seen in the image above. In spite of that, I'm not getting any mail and having wiped the contents of the /var/log/monit.log, I see that it remains completely empty. Have I inadvertently done something incorrectly in the config file? Here's the relevent portion:

Code:

set daemon 60
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format { from: [email protected] }
set alert root@localhost
set ssl options {
    version: auto
    verify: enable
    selfsigned: reject
}
set httpd port 8082 and
use address 0.0.0.0
SSL ENABLE
PEMFILE /etc/ssl/private/pure-ftpd.pem
allow admin:'password'

check process apache with pidfile /var/run/apache2/apache2.pid
 group www
 start program = "/usr/sbin/service apache2 start"
 stop program = "/usr/sbin/service apache2 stop"
 if failed host localhost port 80 protocol http
 and request "/monit/token" then restart
 if cpu is greater than 60% for 2 cycles then alert
 if cpu > 80% for 5 cycles then restart
 if totalmem > 400 MB for 5 cycles then alert
 if totalmem > 750 MB for 5 cycles then restart
 if children > 250 then restart
 if loadavg(5min) greater than 10 for 8 cycles then stop
 if 3 restarts within 5 cycles then timeout
 alert root@localhost

 

Ahh, I see! I set it to use monit.log and now it's working fantastically. I got an error for mail:

So I am guessing that I haven't set it up correctly in monitrc. Do I need to set up a mail server other than localhost or should that work for a new ISPC setup on Debian 10 using the perfect server tut?

Code:

set daemon 60
set log /var/log/monit.log
set mailserver localhost
set mail-format { from: [email protected] }
set alert root@localhost

So I set up an email address in ISPC and successfully logged into it via Roundcube but I'm having issues setting monit up to use it:

Code:

set mailserver adolf.schwimserver3.com port 465
    username "[email protected]" password "superPass"
    using tls
    with timeout 60 seconds

Which results in:

Any help would be most welcome!