|
MONITをインストールして基本的な設定を行う
MONITをインストールして基本的な設定を行う
0.改訂履歴
1.はじめに
このドキュメントでは,運用監視ツールのMONIT 5.0 beta1をRedHat ES3にインストールして,Apacheのプロセス監視を設定する手順までを説明する.
MONITは,サブタイトルにBarking at daemonsとあるとおり,デーモンプロセスの支援システムで,監視対象のプロセスがダウンした時に再起動を行うコマンドを発行したり,CPUやメモリ使用に関してしきい値を超えたというイベントによってコマンドを実行する事できる.
現在の所,大量のサーバを運用管理する為の機能は備えてないが,逆に台数の少ない小規模システムを運用する時にセルフリカバリを実現する仕組みを入れる事ができるので,重宝すると考えられる.
2.インストール
- monitの公式サイトは,以下のURL.
- 今回は,monit 5.0 beta1を対象とする.
- アーカイブをダウンロードする.
[root@mars Download]# curl -O http://www.tildeslash.com/monit/dist/beta/monit-
5.0-beta1.tar.gz
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 600k 100 600k 0 0 15225 0 0:00:40 0:00:40 0:00:00 47633
[root@mars Download]#
|
[root@mars Download]# ls -la monit-5.0-beta1.tar.gz
-rw-r--r-- 1 root root 614595 Jun 13 15:55 monit-5.0-beta1.tar.gz
[root@mars Download]#
|
[root@mars Download]# tar xfz monit-5.0-beta1.tar.gz
[root@mars Download]#
|
[root@mars Download]# cd monit-5.0-beta1
[root@mars monit-5.0-beta1]#
|
[root@mars monit-5.0-beta1]# ls -la
total 1408
drwxr-xr-x 10 root root 4096 Apr 15 07:53 .
drwxr-xr-x 11 root root 4096 Jun 13 15:56 ..
-rw-r--r-- 1 root root 66611 Apr 15 07:46 CHANGES.txt
-rw-r--r-- 1 root root 1965 Apr 1 06:13 CONTRIBUTORS
-rw-r--r-- 1 root root 35892 Apr 1 06:13 COPYING
-rw-r--r-- 1 root root 18921 Apr 1 06:13 FAQ.txt
-rw-r--r-- 1 root root 1484 Apr 1 06:13 LICENSE
-rw-r--r-- 1 root root 4779 Apr 1 06:23 Makefile.in
-rw-r--r-- 1 root root 3311 Apr 1 06:13 PACKAGES
-rw-r--r-- 1 root root 3735 Apr 1 06:13 PLATFORMS
-rw-r--r-- 1 root root 2473 Apr 1 06:13 README
-rw-r--r-- 1 root root 4669 Apr 1 06:13 README.DEVELOPER
-rw-r--r-- 1 root root 8020 Apr 1 06:13 README.SSL
-rw-r--r-- 1 root root 162 Apr 1 06:13 STATUS
-rw-r--r-- 1 root root 5341 Apr 11 04:06 UPGRADE.txt
-rw-r--r-- 1 root root 609 Apr 15 07:53 aclocal.m4
-rw-r--r-- 1 root root 6751 Apr 8 03:28 alert.c
-rw-r--r-- 1 root root 2095 Apr 1 06:23 alert.h
-rw-r--r-- 1 root root 4634 Apr 7 04:00 collector.c
-rw-r--r-- 1 root root 12614 Apr 15 07:53 config.h.in
-rwxr-xr-x 1 root root 334579 Apr 15 07:53 configure
-rw-r--r-- 1 root root 19525 Apr 15 07:49 configure.ac
drwxr-xr-x 2 root root 4096 Apr 11 04:06 contrib
-rw-r--r-- 1 root root 11284 Apr 1 06:23 control.c
-rw-r--r-- 1 root root 3478 Apr 1 06:23 daemonize.c
drwxr-xr-x 2 root root 4096 Apr 15 07:49 device
drwxr-xr-x 3 root root 4096 Apr 1 06:19 doc
-rw-r--r-- 1 root root 4858 Apr 7 04:00 env.c
-rw-r--r-- 1 root root 22046 Apr 7 04:00 event.c
-rw-r--r-- 1 root root 5548 Apr 1 06:23 event.h
drwxr-xr-x 2 root root 4096 Apr 1 06:13 external
-rw-r--r-- 1 root root 11538 Apr 1 06:23 file.c
-rw-r--r-- 1 root root 4438 Apr 1 06:23 file.h
-rw-r--r-- 1 root root 9634 Apr 11 04:06 gc.c
-rw-r--r-- 1 root root 26707 Apr 1 06:13 getloadavg.c
drwxr-xr-x 2 root root 4096 Apr 15 07:49 http
-rw-r--r-- 1 root root 3671 Apr 1 06:23 http.c
-rwxr-xr-x 1 root root 5585 Apr 1 06:13 install-sh
-rw-r--r-- 1 root root 21707 Apr 11 04:06 l.l
-rw-r--r-- 1 root root 7393 Apr 1 06:23 log.c
drwxr-xr-x 2 root root 4096 Apr 1 06:13 m4
-rw-r--r-- 1 root root 19304 Apr 1 06:13 md5.c
-rw-r--r-- 1 root root 5398 Apr 1 06:13 md5.h
-rw-r--r-- 1 root root 160335 Apr 15 07:53 monit.1
-rw-r--r-- 1 root root 2830 Apr 15 07:53 monit.spec
-rw-r--r-- 1 root root 15651 Apr 2 04:36 monitor.c
-rw-r--r-- 1 root root 37874 Apr 11 04:06 monitor.h
-rw------- 1 root root 8963 Apr 11 04:06 monitrc
-rw-r--r-- 1 root root 18539 Apr 1 06:23 net.c
-rw-r--r-- 1 root root 6615 Apr 1 06:23 net.h
-rw-r--r-- 1 root root 94602 Apr 11 04:06 p.y
drwxr-xr-x 2 root root 4096 Apr 15 07:49 process
-rw-r--r-- 1 root root 10684 Apr 15 07:00 process.c
-rw-r--r-- 1 root root 1635 Apr 1 06:13 process.h
drwxr-xr-x 2 root root 4096 Apr 15 07:49 protocols
-rw-r--r-- 1 root root 6715 Apr 1 06:23 sendmail.c
-rw-r--r-- 1 root root 13210 Apr 1 06:13 sha.c
-rw-r--r-- 1 root root 2948 Apr 1 06:13 sha.h
-rw-r--r-- 1 root root 2412 Apr 1 06:23 signal.c
-rw-r--r-- 1 root root 9620 Apr 8 03:28 socket.c
-rw-r--r-- 1 root root 7237 Apr 1 06:23 socket.h
-rw-r--r-- 1 root root 7472 Apr 1 06:23 spawn.c
-rw-r--r-- 1 root root 24228 Apr 1 06:23 ssl.c
-rw-r--r-- 1 root root 3796 Apr 1 06:13 ssl.h
-rw-r--r-- 1 root root 6865 Apr 1 06:23 state.c
-rw-r--r-- 1 root root 2844 Apr 1 06:23 state.h
-rw-r--r-- 1 root root 2700 Apr 1 06:23 status.c
-rw-r--r-- 1 root root 48012 Apr 11 04:06 util.c
-rw-r--r-- 1 root root 10833 Apr 1 06:23 util.h
-rw-r--r-- 1 root root 42539 Apr 11 04:06 validate.c
-rw-r--r-- 1 root root 2896 Apr 7 22:24 xmalloc.c
-rw-r--r-- 1 root root 11901 Apr 11 04:06 xml.c
[root@mars monit-5.0-beta1]#
|
- configureタイプなのが確認できたので,configureを実行する.
[root@mars monit-5.0-beta1]# ./configure
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking whether gcc needs -traditional... no
checking for a BSD-compatible install... /usr/bin/install -c
checking whether make sets $(MAKE)... yes
checking for flex... flex
checking lex output file root... lex.yy
checking lex library... -lfl
checking whether yytext is a pointer... yes
checking for bison... bison -y
checking for socket in -lsocket... no
checking for socket in -linet... no
checking for inet_addr in -lnsl... yes
checking for inet_aton in -lresolv... yes
checking for crypt in -lcrypt... yes
checking for pthread_create in -lpthread... yes
checking for pthread_create in -lc_r... no
checking for ANSI C header files... yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking whether stat file-mode macros are broken... no
checking whether time.h and sys/time.h may both be included... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking alloca.h usability... yes
checking alloca.h presence... yes
checking for alloca.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking asm/page.h usability... yes
checking asm/page.h presence... yes
checking for asm/page.h... yes
checking asm/param.h usability... yes
checking asm/param.h presence... yes
checking for asm/param.h... yes
checking cf.h usability... no
checking cf.h presence... no
checking for cf.h... no
checking crt_externs.h usability... no
checking crt_externs.h presence... no
checking for crt_externs.h... no
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking dirent.h usability... yes
checking dirent.h presence... yes
checking for dirent.h... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking glob.h usability... yes
checking glob.h presence... yes
checking for glob.h... yes
checking grp.h usability... yes
checking grp.h presence... yes
checking for grp.h... yes
checking kvm.h usability... no
checking kvm.h presence... no
checking for kvm.h... no
checking kstat.h usability... no
checking kstat.h presence... no
checking for kstat.h... no
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking loadavg.h usability... no
checking loadavg.h presence... no
checking for loadavg.h... no
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking mach/host_info.h usability... no
checking mach/host_info.h presence... no
checking for mach/host_info.h... no
checking mach/mach.h usability... no
checking mach/mach.h presence... no
checking for mach/mach.h... no
checking mach/mach_host.h usability... no
checking mach/mach_host.h presence... no
checking for mach/mach_host.h... no
checking for memory.h... (cached) yes
checking mntent.h usability... yes
checking mntent.h presence... yes
checking for mntent.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking netinet/in_systm.h usability... yes
checking netinet/in_systm.h presence... yes
checking for netinet/in_systm.h... yes
checking procfs.h usability... no
checking procfs.h presence... no
checking for procfs.h... no
checking procinfo.h usability... no
checking procinfo.h presence... no
checking for procinfo.h... no
checking pthread.h usability... yes
checking pthread.h presence... yes
checking for pthread.h... yes
checking pwd.h usability... yes
checking pwd.h presence... yes
checking for pwd.h... yes
checking regex.h usability... yes
checking regex.h presence... yes
checking for regex.h... yes
checking setjmp.h usability... yes
checking setjmp.h presence... yes
checking for setjmp.h... yes
checking signal.h usability... yes
checking signal.h presence... yes
checking for signal.h... yes
checking stdarg.h usability... yes
checking stdarg.h presence... yes
checking for stdarg.h... yes
checking stdio.h usability... yes
checking stdio.h presence... yes
checking for stdio.h... yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking stropts.h usability... yes
checking stropts.h presence... yes
checking for stropts.h... yes
checking sys/cfgodm.h usability... no
checking sys/cfgodm.h presence... no
checking for sys/cfgodm.h... no
checking sys/cfgdb.h usability... no
checking sys/cfgdb.h presence... no
checking for sys/cfgdb.h... no
checking sys/dkstat.h usability... no
checking sys/dkstat.h presence... no
checking for sys/dkstat.h... no
checking sys/filio.h usability... no
checking sys/filio.h presence... no
checking for sys/filio.h... no
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/loadavg.h usability... no
checking sys/loadavg.h presence... no
checking for sys/loadavg.h... no
checking sys/lock.h usability... no
checking sys/lock.h presence... no
checking for sys/lock.h... no
checking sys/mnttab.h usability... no
checking sys/mnttab.h presence... no
checking for sys/mnttab.h... no
checking sys/mutex.h usability... no
checking sys/mutex.h presence... no
checking for sys/mutex.h... no
checking sys/nlist.h usability... no
checking sys/nlist.h presence... no
checking for sys/nlist.h... no
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking sys/pstat.h usability... no
checking sys/pstat.h presence... no
checking for sys/pstat.h... no
checking sys/queue.h usability... yes
checking sys/queue.h presence... yes
checking for sys/queue.h... yes
checking sys/resource.h usability... yes
checking sys/resource.h presence... yes
checking for sys/resource.h... yes
checking sys/statvfs.h usability... yes
checking sys/statvfs.h presence... yes
checking for sys/statvfs.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking sys/tree.h usability... no
checking sys/tree.h presence... no
checking for sys/tree.h... no
checking for sys/types.h... (cached) yes
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking sys/utsname.h usability... yes
checking sys/utsname.h presence... yes
checking for sys/utsname.h... yes
checking sys/vmmeter.h usability... no
checking sys/vmmeter.h presence... no
checking for sys/vmmeter.h... no
checking sys/vfs.h usability... yes
checking sys/vfs.h presence... yes
checking for sys/vfs.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking uvm/uvm.h usability... no
checking uvm/uvm.h presence... no
checking for uvm/uvm.h... no
checking uvm/uvm_extern.h usability... no
checking uvm/uvm_extern.h presence... no
checking for uvm/uvm_extern.h... no
checking vm/vm.h usability... no
checking vm/vm.h presence... no
checking for vm/vm.h... no
checking for netinet/ip.h... yes
checking for net/if.h... yes
checking for netinet/ip_icmp.h... yes
checking for sys/sysctl.h... yes
checking for sys/mount.h... yes
checking for sys/proc.h... no
checking for sys/user.h... yes
checking for machine/vmparam.h... no
checking for vm/pmap.h... no
checking for machine/pmap.h... no
checking for vm/vm_map.h... no
checking for vm/vm_object.h... no
checking for sys/resourcevar.h... no
checking for uvm/uvm_map.h... no
checking for uvm/uvm_pmap.h... no
checking for uvm/uvm_object.h... no
checking for mode_t... yes
checking for pid_t... yes
checking for size_t... yes
checking for pid_t... (cached) yes
checking return type of signal handlers... void
checking whether struct tm is in sys/time.h or time.h... time.h
checking for struct tm.tm_gmtoff... no
checking for an ANSI C-conforming const... yes
checking whether byte ordering is bigendian... no
checking for error_at_line... yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking whether lstat dereferences a symlink specified with a trailing slash... yes
checking whether stat accepts an empty string... no
checking for strftime... yes
checking for statfs... yes
checking for statvfs... yes
checking for setlocale... yes
checking for getaddrinfo... yes
checking for getloadavg... yes
checking for pstat_getdynamic... no
checking for kstat_open in -lkstat... no
checking for getloadavg... yes
checking whether getloadavg requires setgid... no
checking for localtime_r... yes
checking for sys/time.h... (cached) yes
checking for working GNU strftime... yes
checking for SOL_IP... yes
checking for va_copy... yes
checking pid file location... /var/run
checking for resource support... enabled
checking for large files support... enabled
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... 64
checking for SSL support... enabled
checking for SSL include directory... /usr/include
checking for SSL library directory... /usr/lib
configure: creating ./config.status
config.status: creating Makefile
config.status: WARNING: Makefile.in seems to ignore the --datarootdir setting
config.status: creating config.h
monit has been configured with the following options:
Architecture: LINUX
SSL support: enabled
SSL include directory: /usr/include
SSL library directory: /usr/lib
resource monitoring: enabled
resource code: sysdep_LINUX.c
large files support: enabled
Compiler flags: -g -O2 -Wall -D _REENTRANT -I/usr/include -I/usr/kerberos/include
Linker flags: -lpthread -lcrypt -lresolv -lnsl -L/usr/lib -lssl -lcrypto
pid file location: /var/run
[root@mars monit-5.0-beta1]#
|
- 問題なく終了できている.
- 特に指定していないが,SSL等もライブラリを自動的に認識しているようである.
- makeを行う.
[root@mars monit-5.0-beta1]# make
bison -y -dt p.y
echo "#include <config.h>" > .y.tab.c
cat y.tab.c >> .y.tab.c
/bin/mv -f .y.tab.c y.tab.c
/bin/mv -f y.tab.h tokens.h
flex -i l.l
gcc -c -DLINUX -DSYSCONFDIR="¥"/usr/local/etc¥"" -I. -I./device -I./http -I./
process -I./protocols -g -O2 -Wall -D _REENTRANT -I/usr/include -I/usr/
kerberos/include alert.c -o alert.o
gcc -c -DLINUX -DSYSCONFDIR="¥"/usr/local/etc¥"" -I. -I./device -I./http -I./
process -I./protocols -g -O2 -Wall -D _REENTRANT -I/usr/include -I/usr/
kerberos/include collector.c -o collector.o
gcc -c -DLINUX -DSYSCONFDIR="¥"/usr/local/etc¥"" -I. -I./device -I./http -I./
process -I./protocols -g -O2 -Wall -D _REENTRANT -I/usr/include -I/usr/
〜略〜
gcc -c -DLINUX -DSYSCONFDIR="¥"/usr/local/etc¥"" -I. -I./device -I./http -I./
process -I./protocols -g -O2 -Wall -D _REENTRANT -I/usr/include -I/usr/
kerberos/include device/sysdep_LINUX.c -o device/sysdep_LINUX.o
gcc -c -DLINUX -DSYSCONFDIR="¥"/usr/local/etc¥"" -I. -I./device -I./http -I./
process -I./protocols -g -O2 -Wall -D _REENTRANT -I/usr/include -I/usr/
kerberos/include process/sysdep_LINUX.c -o process/sysdep_LINUX.o
gcc -c -DLINUX -DSYSCONFDIR="¥"/usr/local/etc¥"" -I. -I./device -I./http -I./
process -I./protocols -g -O2 -Wall -D _REENTRANT -I/usr/include -I/usr/
kerberos/include y.tab.c -o y.tab.o
gcc -c -DLINUX -DSYSCONFDIR="¥"/usr/local/etc¥"" -I. -I./device -I./http -I./
process -I./protocols -g -O2 -Wall -D _REENTRANT -I/usr/include -I/usr/
kerberos/include lex.yy.c -o lex.yy.o
lex.yy.c:4434: warning: `yy_flex_realloc' defined but not used
gcc alert.o collector.o control.o daemonize.o env.o event.o file.o gc.o
getloadavg.o http.o log.o md5.o monitor.o net.o process.o sendmail.o sha.o
signal.o socket.o spawn.o ssl.o state.o status.o util.o validate.o xmalloc.o
xml.o device/device_common.o http/base64.o http/cervlet.o http/engine.o http/
processor.o process/process_common.o protocols/apache_status.o protocols/
clamav.o protocols/default.o protocols/dns.o protocols/dwp.o protocols/ftp.o
protocols/generic.o protocols/http.o protocols/imap.o protocols/ldap2.o
protocols/ldap3.o protocols/mysql.o protocols/nntp.o protocols/ntp3.o
protocols/pgsql.o protocols/pop.o protocols/postfix_policy.o protocols/
protocol.o protocols/rdate.o protocols/rsync.o protocols/sip.o protocols/smtp.
o protocols/ssh.o protocols/tns.o device/sysdep_LINUX.o process/sysdep_LINUX.o
y.tab.o lex.yy.o -lfl -lpthread -lcrypt -lresolv -lnsl -L/usr/lib -lssl -
lcrypto -o monit
[root@mars monit-5.0-beta1]#
|
[root@mars monit-5.0-beta1]# make install
/usr/bin/install -c -m 755 -d /usr/local/bin || exit 1
/usr/bin/install -c -m 755 -d /usr/local/share/man/man1 || exit 1
/usr/bin/install -c -m 555 -s monit /usr/local/bin || exit 1
/usr/bin/install -c -m 444 monit.1 /usr/local/share/man/man1/monit.1 || exit 1
[root@mars monit-5.0-beta1]#
|
[root@mars monit-5.0-beta1]# ls -la /usr/local/bin/monit
-r-xr-xr-x 1 root root 292176 Jun 13 16:19 /usr/local/bin/monit
[root@mars monit-5.0-beta1]#
|
[root@mars monit-5.0-beta1]# ls -la monitrc
-rw------- 1 root root 8963 Apr 11 04:06 monitrc
[root@mars monit-5.0-beta1]#
|
[root@mars monit-5.0-beta1]# cp monitrc /etc/.
[root@mars monit-5.0-beta1]# ls -la /etc/monitrc
-rw------- 1 root root 8963 Jun 13 16:30 /etc/monitrc
[root@mars monit-5.0-beta1]#
|
- ここまででインストール完了となる.
- 使い方等の詳細は,man monitで参照する事ができる.
2.セットアップファイルの確認
[root@mars monit-5.0-beta1]# cat /etc/monitrc
##############################################################################
#
## Monit control file
##############################################################################
#
##
## Comments begin with a '#' and extend through the end of the line. Keywords
## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
##
## Below you will find examples of some frequently used statements. For
## information about the control file, a complete list of statements and
## options please have a look in the monit manual.
##
##
##############################################################################
#
## Global section
##############################################################################
#
##
## Start monit in the background (run as a daemon) and check services at
## 2-minute intervals.
#
# set daemon 120
#
#
## Set syslog logging with the 'daemon' facility. If the FACILITY option is
## omitted, monit will use 'user' facility by default. If you want to log to
## a stand alone log file instead, specify the path to a log file
#
# set logfile syslog facility log_daemon
#
#
## Set the list of mail servers for alert delivery. Multiple servers may be
## specified using comma separator. By default monit uses port 25 - this
## is possible to override with the PORT option.
#
# set mailserver mail.bar.baz, # primary mailserver
# backup.bar.baz port 10025, # backup mailserver on port 10025
# localhost # fallback relay
#
#
## By default monit will drop alert events if no mail servers are available.
## If you want to keep the alerts for a later delivery retry, you can use the
## EVENTQUEUE statement. The base directory where undelivered alerts will be
## stored is specified by the BASEDIR option. You can limit the maximal queue
## size using the SLOTS option (if omitted, the queue is limited by space
## available in the back end filesystem).
#
# set eventqueue
# basedir /var/monit # set the base directory where events will be stored
# slots 100 # optionaly limit the queue size
#
#
## Monit by default uses the following alert mail format:
##
## --8<--
## From: monit@$HOST # sender
## Subject: monit alert -- $EVENT $SERVICE # subject
##
## $EVENT Service $SERVICE #
## #
## Date: $DATE #
## Action: $ACTION #
## Host: $HOST # body
## Description: $DESCRIPTION #
## #
## Your faithful employee, #
## monit #
## --8<--
##
## You can override this message format or parts of it, such as subject
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
## are expanded at runtime. For example, to override the sender:
#
# set mail-format { from: monit@foo.bar }
#
#
## You can set alert recipients here whom will receive alerts if/when a
## service defined in this file has errors. Alerts may be restricted on
## events by using a filter as in the second example below.
#
# set alert sysadm@foo.bar # receive all alerts
# set alert manager@foo.bar only on { timeout } # receive just service-
# # timeout alert
#
#
## Monit has an embedded web server which can be used to view status of
## services monitored, the current configuration, actual services parameters
## and manage services from a web interface.
#
# set httpd port 2812 and
# use address localhost # only accept connection from localhost
# allow localhost # allow localhost to connect to the server and
# allow admin:monit # require user 'admin' with password 'monit'
#
#
##############################################################################
#
## Services
##############################################################################
#
##
## Check general system resources such as load average, cpu and memory
## usage. Each test specifies a resource, conditions and the action to be
## performed should a test fail.
#
# check system myhost.mydomain.tld
# if loadavg (1min) > 4 then alert
# if loadavg (5min) > 2 then alert
# if memory usage > 75% then alert
# if cpu usage (user) > 70% then alert
# if cpu usage (system) > 30% then alert
# if cpu usage (wait) > 20% then alert
#
#
## Check a file for existence, checksum, permissions, uid and gid. In addition
## to alert recipients in the global section, customized alert will be sent to
## additional recipients by specifying a local alert handler. The service may
## be grouped using the GROUP option.
#
# check file apache_bin with path /usr/local/apache/bin/httpd
# if failed checksum and
# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
# if failed permission 755 then unmonitor
# if failed uid root then unmonitor
# if failed gid root then unmonitor
# alert security@foo.bar on {
# checksum, permission, uid, gid, unmonitor
# } with the mail-format { subject: Alarm! }
# group server
#
#
## Check that a process is running, in this case Apache, and that it respond
## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
## and number of children. If the process is not running, monit will restart
## it by default. In case the service was restarted very often and the
## problem remains, it is possible to disable monitoring using the TIMEOUT
## statement. This service depends on another service (apache_bin) which
## is defined above.
#
# check process apache with pidfile /usr/local/apache/logs/httpd.pid
# start program = "/etc/init.d/httpd start" with timeout 60 seconds
# stop program = "/etc/init.d/httpd stop"
# if cpu > 60% for 2 cycles then alert
# if cpu > 80% for 5 cycles then restart
# if totalmem > 200.0 MB for 5 cycles then restart
# if children > 250 then restart
# if loadavg(5min) greater than 10 for 8 cycles then stop
# if failed host www.tildeslash.com port 80 protocol http
# and request "/monit/doc/next.php"
# then restart
# if failed port 443 type tcpssl protocol http
# with timeout 15 seconds
# then restart
# if 3 restarts within 5 cycles then timeout
# depends on apache_bin
# group server
#
#
## Check filesystem permissions, uid, gid, space and inode usage. Other
services,
## such as databases, may depend on this resource and an automatically
graceful
## stop may be cascaded to them before the filesystem will become full and
data
## lost.
#
# check filesystem datafs with path /dev/sdb1
# start program = "/bin/mount /data"
# stop program = "/bin/umount /data"
# if failed permission 660 then unmonitor
# if failed uid root then unmonitor
# if failed gid disk then unmonitor
# if space usage > 80% for 5 times within 15 cycles then alert
# if space usage > 99% then stop
# if inode usage > 30000 then alert
# if inode usage > 99% then stop
# group server
#
#
## Check a file's timestamp. In this example, we test if a file is older
## than 15 minutes and assume something is wrong if its not updated. Also,
## if the file size exceed a given limit, execute a script
#
# check file database with path /data/mydatabase.db
# if failed permission 700 then alert
# if failed uid data then alert
# if failed gid data then alert
# if timestamp > 15 minutes then alert
# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
#
#
## Check directory permission, uid and gid. An event is triggered if the
## directory does not belong to the user with uid 0 and gid 0. In addition,
## the permissions have to match the octal description of 755 (see chmod(1)).
#
# check directory bin with path /bin
# if failed permission 755 then unmonitor
# if failed uid 0 then unmonitor
# if failed gid 0 then unmonitor
#
#
## Check a remote host network services availability using a ping test and
## check response content from a web server. Up to three pings are sent and
## connection to a port and a application level network check is performed.
#
# check host myserver with address 192.168.1.1
# if failed icmp type echo count 3 with timeout 3 seconds then alert
# if failed port 3306 protocol mysql with timeout 15 seconds then alert
# if failed url
# http://user:password@www.foo.bar:8080/?querystring
# and content == 'action="j_security_check"'
# then alert
#
#
##############################################################################
#
## Includes
##############################################################################
#
##
## It is possible to include additional configuration parts from other files
or
## directories.
#
# include /etc/monit.d/*
#
#
[root@mars monit-5.0-beta1]#
|
- 基本的に,現段階では全てコメントアウトされていて何も設定されていない.
- 設定は全体に関わるGlobal Sectionと,監視対象毎に設定するServiceの大きく2つがある.
2.1.Global Section
- Global Sectionの設定内容を確認して行く.
監視インターバルの設定
| 設定前 |
## Start monit in the background (run as a daemon) and check services at
## 2-minute intervals.
#
# set daemon 120
#
#
|
| 設定後 |
## Start monit in the background (run as a daemon) and check services at
## 2-minute intervals.
#
# set daemon 120
set daemon 60
#
#
|
- 監視インターバルを秒で指定する. 例では120秒なので2分となっている.
- ここではもう少し頻度をあげたいので,60秒としている.
ログ出力設定
| 設定前 |
## Set syslog logging with the 'daemon' facility. If the FACILITY option is
## omitted, monit will use 'user' facility by default. If you want to log to
## a stand alone log file instead, specify the path to a log file
#
# set logfile syslog facility log_daemon
#
#
|
| 設定後 |
## Set syslog logging with the 'daemon' facility. If the FACILITY option is
## omitted, monit will use 'user' facility by default. If you want to log to
## a stand alone log file instead, specify the path to a log file
#
# set logfile syslog facility log_daemon
set logfile /var/log/monit.log
#
|
- monitの動作ログを設定する.
- コメントになっている例では,syslogに出力する様になっているが,今回の設定では,専用のログファイルを指定している.
メールサーバ
| 設定前 |
#
# set mailserver mail.bar.baz, # primary mailserver
# backup.bar.baz port 10025, # backup mailserver on port 10025
# localhost # fallback relay
#
|
| 設定後 |
#
# set mailserver mail.bar.baz, # primary mailserver
# backup.bar.baz port 10025, # backup mailserver on port 10025
# localhost # fallback relay
#
set mailserver smtp.ujp.jp port 25
#
|
- 送信するメールサーバ(FQDN)を指定する.
- サーバ名の後に,ポート番号を指定する事ができ,OP25B等でポート番号が異なるような場合に便利.
- また,カンマで続ける事によって,セカンダリのメールサーバを指定する事もできる.
メールサーバ障害時の一時スプール領域の設定
| 設定前 |
#
# set eventqueue
# basedir /var/monit # set the base directory where events will be stored
# slots 100 # optionaly limit the queue size
#
#
|
| 設定後 |
#
# set eventqueue
# basedir /var/monit # set the base directory where events will be stored
# slots 100 # optionaly limit the queue size
set eventqueue
basedir /var/log/monit_mail
slots 1440
#
#
|
- アラートメールの送信を行う際に,メールサーバがダウンしていると,送れなかったメールは廃棄されてしまう.
- よって,これをSLOTSパラメータで指定した数だけ,BASIDIRで指定したディレクトリに退避して置く事ができる.
- この例では,1分間に1回アラートがでても24時間持つ様に1440通としてみた.
- 次は,アラートメールの内容の設定の説明が書かれている.
- デフォルトでは,次のような設定となっている.
アラートメールの書式設定
## Monit by default uses the following alert mail format:
##
## --8<--
## From: monit@$HOST # sender
## Subject: monit alert -- $EVENT $SERVICE # subject
##
## $EVENT Service $SERVICE #
## #
## Date: $DATE #
## Action: $ACTION #
## Host: $HOST # body
## Description: $DESCRIPTION #
## #
## Your faithful employee, #
## monit #
## --8<--
##
|
- これらには,環境変数があり,それぞれ以下のような意味がある.
| 環境変数 |
説明 |
|
$HOST
|
monitが動作しているホスト名. |
|
$EVENT
|
発生したイベント名.イベントには,Changed, Checksum failed, Connection failed, Data access error, Execution failed, GID failed, ICMP failed, Monit instance changed, Invalid type, Regex match, Dose not exist, Permission failed, Resource limit matched, Size failed , Timeout, Timestamp failed, UID failed, Action done, No Event等がある. |
|
$SERVICE
|
この設定ファイル内で定義したサービス名.
|
|
$DATE
|
イベントの発生日時. |
|
$ACTION
|
イベントが発生した事で実行した動作. alert, monitor, unmonitor, start, stop, restart, execのどれかが設定される. |
|
$DESCRIPTION
|
どのような状態. |
- サブジェクトとSender(Fromアドレス)は,別のフォーマットに優先的に設定する事ができる.
サブジェクトの名前を変更する例
| 設定前 |
## You can override this message format or parts of it, such as subject
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
## are expanded at runtime. For example, to override the sender:
#
# set mail-format { from: monit@foo.bar }
#
#
|
| 設定後 |
#
# set mail-format { from: monit@foo.bar }
#
set mail-format {
subject: $HOST $SERVICE $EVENT
}
#
|
- この例では,サブジェクトにホスト名,サービス名,イベント名が設定されたメールが届く.
- 最後に,アラートメールの送信先を設定する.
| 設定前 |
## You can set alert recipients here whom will receive alerts if/when a
## service defined in this file has errors. Alerts may be restricted on
## events by using a filter as in the second example below.
#
# set alert sysadm@foo.bar # receive all alerts
# set alert manager@foo.bar only on { timeout } # receive just service-
# # timeout alert
#
|
| 設定後 |
## You can set alert recipients here whom will receive alerts if/when a
## service defined in this file has errors. Alerts may be restricted on
## events by using a filter as in the second example below.
#
# set alert sysadm@foo.bar # receive all alerts
# set alert manager@foo.bar only on { timeout } # receive just service-
# # timeout alert
set alert alert@smtp.ujp.jp
#
#
|
- メールアドレスを指定する.
- monitでは,簡易的なWebサーバ機能を持っており,ブラウザで状態の確認やプロセスの再起動等を実行する事ができる.
- まずは,Webサーバの設定を行う.
Webサーバ機能
| 設定前 |
# set httpd port 2812 and
# use address localhost # only accept connection from localhost
# allow localhost # allow localhost to connect to the server and
# allow admin:monit # require user 'admin' with password 'monit'
#
|
| 設定後 |
# set httpd port 2812 and
# use address localhost # only accept connection from localhost
# allow localhost # allow localhost to connect to the server and
# allow admin:monit # require user 'admin' with password 'monit'
#
set httpd port 2812 and
allow localhost
allow 192.168.20.0/24
allow monit:password9876
#
|
- httpdサーバを起動する為の設定を行う.
- まずはどの待ち受けポートで接続を受け付けるかを設定する.この例では2812ポートとなっており,特に問題なければこのままでよい.
- use address localhostは,このHTTPDはローカルホスト以外からの接続が行えなくなるので,削除する.
- allow 句で,許可するネットワークを指定したり,基本認証でのユーザ&パスワード設定を行う.
- パスワードについては,この状態では平文の基本認証であるが,別途パスワードファイルを使う等の高度なユーザ&パスワード設定も可能である.
- ここまでの設定で,サーバ全体で必要な設定は完了した.
- 設定した内容を,コメントを外してみると,次の様になる.
/etc/mointrcのグローバルセクションのみを設定した例
set daemon 60
set logfile /var/log/monit.log
set mailserver MAILSERVER port 25
set eventqueue
basedir /var/log/monit_mail
slots 1440
set mail-format {
subject: $HOST $SERVICE $EVENT
}
set alert ADMIN@DOMAIN.CO.JP
set httpd port 2812 and
allow localhost
allow 192.168.20.0/24
allow monit:password9876
|
- メールサーバの内容やIPアドレス等を設定し直す事でコピペで応用できる.
2.2 監視項目の設定サービス
- まずは,基本的なパフォーマンスの監視項目から設定する.
| 設定前 |
###############################################################################
## Services
###############################################################################
##
## Check general system resources such as load average, cpu and memory
## usage. Each test specifies a resource, conditions and the action to be
## performed should a test fail.
#
# check system myhost.mydomain.tld
# if loadavg (1min) > 4 then alert
# if loadavg (5min) > 2 then alert
# if memory usage > 75% then alert
# if cpu usage (user) > 70% then alert
# if cpu usage (system) > 30% then alert
# if cpu usage (wait) > 20% then alert
#
#
|
| 設定後 |
# check system myhost.mydomain.tld
# if loadavg (1min) > 4 then alert
# if loadavg (5min) > 2 then alert
# if memory usage > 75% then alert
# if cpu usage (user) > 70% then alert
# if cpu usage (system) > 30% then alert
# if cpu usage (wait) > 20% then alert
check system monit.ujp.jp
if loadavg (1min) > 4 then alert
if loadavg (5min) > 2 then alert
if memory usage > 75% then alert
if cpu usage (user) > 70% then alert
if cpu usage (system) > 30% then alert
if cpu usage (wait) > 20% then alert
#
|
- ここではコメントアウトを外しているだけだが,ロードアベレージ,メモリ,CPUで各項目の上限を設定する.
- この辺りのパラメータは,実運用で値を加減して行く必要がある.
2.3.プロセスの監視
- ここではプロセス監視として,Apacheを対象としてみる.
| 設定前 |
## Check that a process is running, in this case Apache, and that it respond
## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
## and number of children. If the process is not running, monit will restart
## it by default. In case the service was restarted very often and the
## problem remains, it is possible to disable monitoring using the TIMEOUT
## statement. This service depends on another service (apache_bin) which
## is defined above.
#
# check process apache with pidfile /usr/local/apache/logs/httpd.pid
# start program = "/etc/init.d/httpd start" with timeout 60 seconds
# stop program = "/etc/init.d/httpd stop"
# if cpu > 60% for 2 cycles then alert
# if cpu > 80% for 5 cycles then restart
# if totalmem > 200.0 MB for 5 cycles then restart
# if children > 250 then restart
# if loadavg(5min) greater than 10 for 8 cycles then stop
# if failed host www.tildeslash.com port 80 protocol http
# and request "/monit/doc/next.php"
# then restart
# if failed port 443 type tcpssl protocol http
# with timeout 15 seconds
# then restart
# if 3 restarts within 5 cycles then timeout
# depends on apache_bin
# group server
#
#
|
| 設定後 |
if 3 restarts within 5 cycles then timeout
# depends on apache_bin
# group server
check process apache with pidfile /usr/local/apache/logs/httpd.pid
start program ="/usr/local/apache/bin/apachectl start"
stop program ="/usr/local/apache/bin/apachectl stop"
if failed port 80 protocol http then alert
if failed port 80 protocol http then restart
every 2 cycles
#
|
- この設定では,次の様に定義している.
- Apacheのpidファイルを監視する.
- apacheが正常に起動していたらpidファイルがある.
- この例では,Apache1.3.xをソースからコンパイルしてインストールしたデフォルトのディレクトリである.
- Apacheの開始と終了スクリプトの定義.
- 80番ポートが反応が無かったら,アラートメールを出す.
- 80番ポートが反応が無かったら,Apacheのリスタートを行う.
- この監視は2サイクル毎に行う.
- このドキュメントでは,Global環境設定daemonをset daemon 60(60秒)で設定しているので,場合,2サイクルは120秒を示す.
- 特定のサーバの特定のページのリクエストからの反応を監視する場合には,次のような条件分を書く事ができる.
if failed host 192.168.20.1 port 80
protocol http request /index.html
then restart
|
- もともとのファイルに書かれているサンプルを参考にすれば,できる事がだいたいわかる.
- ここまでに設定した内容を確認する.
/etc/monitrc
set daemon 60
set logfile /var/log/monit.log
set mailserver MAILSERVER port 25
set eventqueue
basedir /var/log/monit_mail
slots 1440
set mail-format {
subject: $HOST $SERVICE $EVENT
}
set alert ADMIN@MAILSERVER.JP
set httpd port 2812 and
allow localhost
allow 192.168.20.0/24
allow monit:password9876
check system monit.ujp.jp
if loadavg (1min) > 4 then alert
if loadavg (5min) > 2 then alert
if memory usage > 75% then alert
if cpu usage (user) > 70% then alert
if cpu usage (system) > 30% then alert
if cpu usage (wait) > 20% then alert
check process apache with pidfile /usr/local/apache/logs/httpd.pid
start program "/usr/local/apache/bin/apachectl start"
stop program "/usr/local/apache/bin/apachectl stop"
if failed port 80 protocol http then alert
if failed port 80 protocol http then restart
every 2 cycles
|
3.monitデーモンを起動し,動作確認をする
[root@mars ujpadmin]# /usr/local/bin/monit
monit: The control file '/etc/monitrc' must have permissions no more than -rwx
------ (0700); right now permissions are -rw-r--r-- (0644).
[root@mars ujpadmin]#
|
- monitrcファイルのパーミッションが700になっている必要があると警告が出ている.
- よって,設定する.
[root@mars ujpadmin]# chmod 700 /etc/monitrc
[root@mars ujpadmin]#
|
[root@mars ujpadmin]# /usr/local/bin/monit
Starting monit daemon with http interface at [*:2812]
[root@mars ujpadmin]#
|
[root@mars ujpadmin]# ps -ef | grep monit
root 11445 1 0 21:53 ? 00:00:00 /usr/local/bin/monit
root 11454 10931 0 21:54 pts/0 00:00:00 grep monit
[root@mars ujpadmin]#
|
- 動作している模様.
- では,監視対象としているApacheを停止して,自動的に再起動されるか確認する.
[root@mars ujpadmin]# ps -ef | grep httpd
root 3700 1 0 Mar23 ? 00:00:00 /usr/local/apache/bin/httpd
k2mobile 3701 3700 0 Mar23 ? 00:02:37 /usr/local/apache/bin/httpd
k2mobile 4809 3700 0 Mar23 ? 00:02:37 /usr/local/apache/bin/httpd
k2mobile 2902 3700 0 Mar26 ? 00:02:25 /usr/local/apache/bin/httpd
k2mobile 10836 3700 0 Mar29 ? 00:02:17 /usr/local/apache/bin/httpd
k2mobile 11139 3700 0 Mar29 ? 00:02:17 /usr/local/apache/bin/httpd
root 11496 10931 0 21:57 pts/0 00:00:00 grep httpd
[root@mars ujpadmin]#
|
[root@mars ujpadmin]# /usr/local/apache/bin/apachectl stop
/usr/local/apache/bin/apachectl stop: httpd stopped
[root@mars ujpadmin]#
|
[root@mars ujpadmin]# ps -ef | grep httpd
root 11500 10931 0 21:57 pts/0 00:00:00 grep httpd
[root@mars ujpadmin]#
|
- インターバルが1分になっているので,数分経過した後にプロセスを確認してみる.
[root@mars ujpadmin]# ps -ef | grep httpd
root 11510 1 0 21:58 ? 00:00:00 /usr/local/apache/bin/httpd
k2mobile 11511 11510 0 21:58 ? 00:00:00 /usr/local/apache/bin/httpd
root 11572 10931 0 22:04 pts/0 00:00:00 grep httpd
[root@mars ujpadmin]#
|
- 1分後にApacheが再起動している事がわかる.
- 動作ログを確認してみる.
[root@mars ujpadmin]# cat /var/log/monit.log
[JST Jun 13 21:53:12] info : Starting monit daemon with http interface at [*:2812]
[JST Jun 13 21:53:12] info : Starting monit HTTP server at [*:2812]
[JST Jun 13 21:53:12] info : monit HTTP server started
[JST Jun 13 21:53:12] info : 'monit.ujp.jp' Monit started
[JST Jun 13 21:54:12] info : 'monit.ujp.jp' Monit has not changed
[JST Jun 13 21:58:13] error : 'apache' process is not running
[JST Jun 13 21:58:13] info : 'apache' trying to restart
[JST Jun 13 21:58:13] info : 'apache' start: /usr/local/apache/bin/apachectl
[JST Jun 13 22:00:16] info : 'apache' process is running with pid 11510
[root@mars ujpadmin]#
|
|
|
