Hello, Please check my attachment. It is my monit rsyslog. I have not changed anything: Code: check process rsyslogd with pidfile /var/run/rsyslogd.pid group system group rsyslogd start program = "/etc/init.d/rsyslog start" stop program = "/etc/init.d/rsyslog stop" if 5 restarts with 5 cycles then timeout depend on rsyslogd_bin depend on rsyslogd_rc depend on rsyslog_file check file rsyslogd_bin with path /usr/sbin/rsyslogd group rsyslogd include /etc/monit/templates/rootbin check file rsyslogd_rc with path "/etc/init.d/rsyslog" group rsyslogd include /etc/monit/templates/rootbin check file rsyslog_file with path /var/log/syslog group rsyslogd # Note: activate the immark plugin for rsyslog if # your system is too low on events. if timestamp > 65 minutes then alert if failed permission 640 then unmonitor if failed uid root then unmonitor if failed gid adm then unmonitor Then, I edit file /lib/systemd/system/rsyslog.service and remove -iNONE option from ExecStart line. Then, run: systemctl daemon-reload systemctl restart rsyslog Now, /var/run/rsyslogd.pid is created. Then, I run: monit monitor rsyslogd However, Monit still ignores rsyslogd as shown. How do we correct it? My system is Ubuntu 20.04.2, ISPConfig v3.2.5.
I find the cause. It is this line: if failed uid root then unmonitor Ubuntu 20.04, /var/log/syslog belongs to Unix user syslog. Correct it as: if failed uid 104 then unmonitor
