Todo: ISPConfig - Checking of services

Discussion in 'Feature Requests' started by glohmann, May 8, 2009.

  1. glohmann

    glohmann New Member

    The ISPConfig checks the status of the services only on localhost. This way all services running on specific IPs or even running without any IP at all could not be monitored. One example is for shoutcast which uses a connection less datagram protocol. Also some daemons may behave badly on portscans.

    - call for configured daemons '/etc/init.d/mydeamon status' (and if it really not return a status number as it should parse the output via a RegEx)
    or maybe
    - use a check for the daemon lock file (/var/lock/subsys/mydaemon.lock)
    or use
    - or maybe check the pid file (/var/run/ with checkproc

    [checkproc can be found in killproc.rpm (PLD) or sysvinit.rpm (Suse)]

    Remark: maybe it is a Feature Request but one can even think about it as a Bug ... so feel free to move it to the good forum if needed ;)
    Last edited: May 8, 2009
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The monitor works as intended, so thats definately not a bug. if you configure your system differently so that it does not comply with a default installation of ispconfig and you then need a different monitoring, feel free to post a feture request or write your own monitoring plugin.
  3. glohmann

    glohmann New Member

    There are already several core functions in to check if a service is up and running ... following I will try to provide additional methods:

    --- 2009-05-08 18:21:22.000000000 +0200
    +++ 2009-05-08 19:09:10.000000000 +0200
    @@ -1290,6 +1290,21 @@ class monitor_core_module {

    + /**
    + * check if the named daemon is up and running
    + * daemon: name of daemon
    + */
    + function _checkDaemon ($daemon) {
    + $out = @exec("/etc/init.d/$daemon status", $outarr, $retval);
    + if ($retval == 0) {
    + return true;
    + } else {
    + return false;
    + }
    + }
    function _checkFtp ($host,$port){

    $conn_id = @ftp_connect($host, $port);

    badly I not found a good integrated functionality in PHP itself to look for running services (well there is only a 'win32_query_service_status') ... I guess I have to provide some PECL package here to fill that gap ... as I would prefer to not use functions like 'exec' if I can avoid them in any way ...
  4. glohmann

    glohmann New Member

    Ok here is another approach looking for the lock and pid file:


    $ret = _checkDaemon2("/var/lock/subsys/httpd", "/var/run/");
    printf("\n check on daemon returned '%s' \n\n", (($ret==true)?"true":"false") );

    * check if the named daemon is up and running
    * daemon_lock: path of daemon lock file (see /var/lock/subsys/)
    * daemon_pid : path of daemon pid file (see /var/run/)
    function _checkDaemon2 ($daemon_lock, $daemon_pid) {
    $retval = file_exists($daemon_lock);
    if ($retval == true) {
    // subsystem is locked, but maybe daemon crashed, check pid is alive
    $pid = file_get_contents($daemon_pid, 0, null, -1, 20); // it is unlikely a pid is longer then 20 characters
    if($pid != false) {
    $pid = intval($pid); // as we call 'exec' we want to be sure this is an integer!
    // we found a pid file, now chek if process is alive
    exec("ps -p $pid", $retarr, $retval);
    if(count($retarr)>1) {
    // we have at least two lines looking like so daemon is alive
    // [0] => PID TTY TIME CMD
    // [1] => 15375 ? 00:00:01 httpd
    return true;
    return false;


    We again use exec but this time the only modifiable parameter is the pid which we check before is an integer so no chance to exploit that. All other methods only doing reading attempts to the file system.
  5. glohmann

    glohmann New Member

    - you not flood you log file with million of lines like:
    May 8 22:55:01 neptun imapd: Connection, ip=[::ffff:]
    May 8 22:55:01 neptun imapd: Disconnected, ip=[::ffff:], time=0
    May 8 23:00:02 neptun pop3d: Connection, ip=[::ffff:]
    May 8 23:00:02 neptun pop3d: Disconnected, ip=[::ffff:]
    - You can be sure your daemon is running even if he serve a different port
    - it is fast (e.g. no need to wait for timeouts)
    - you can use it even for daemons not serving on a ip/port (e.g. amavisd)

    - you may see a specific daemon running but still not know if one can connect
    - some daemons serve several protocols (pop3, po3-ssl, ...) but you only know if the daemon itself is up

    well ... maybe we could add both ... having the default 5 min polling just if the daemon itself is running ... and in the monitor GUI an additional button to check if specific services could be connected or not ... and if it fails then directly return a meaningfull error message if possible. ;)

Share This Page