SlideShare una empresa de Scribd logo

Proactive monitoring with Monit

OSOCO
OSOCO

Lightning talk at OSOCO about the proactive monitoring of Unix systems and processes using Monit.

Software
1 de 38
Descargar para leer sin conexión
Proactive monitoring with Monit Developer Toolbox SeriesRafael Luque (OSOCO) September 2015
Barking at daemons An small open source utility to monitor Unix systems with automatic error recovery capabilities.
What Monit can monitor Files, Dirs and Filesystems Monitor these items for changes, such as timestamps changes, checksum changes or size changes. Hosts Monitor network connections to various servers, either on localhost or on remote hosts. TCP, UDP and Unix Domain Sockets are supported. Network tests can be performed on a protocol level. System General system resources on localhost such as overall CPU usage, Memory and Load Average. Processes Daemon processes or similar programs running on localhost, such as those started at system boot time from /etc/init.d/ Programs and scripts Test programs or scripts at certain times, much like cron, but in addition, you can test the exit value of a program and perform an action or send an alert if the exit value indicates an error.
Global configuration1
Configuration (i) ◉ Global configuration file at /etc/monitrc. ◉ Sample global configuration: ○ Check services at 30 seconds intervals: set daemon 30 # with start delay 240 # optional: delay the first check by 4-minutes (by # # default Monit check immediately after Monit start)
Configuration (ii) ◉ Set Monit’s logfile: ◉ Mail configuration: set logfile /var/log/monit.log set mailserver localhost # By default Monit will drop alert events if no mail servers are available. # If you want to keep the alerts for later delivery retry, you can use the # EVENTQUEUE statement. set eventqueue basedir /var/monit # set the base directory where events will be stored slots 100 # optionally limit the queue size
Configuration (iii) ## Alert email recipient: set alert sysadm@foo.bar ## Alert email format: set mail-format { from: monit@$HOST subject: monit alert -- $EVENT $SERVICE message: $EVENT Service $SERVICE Date: $DATE Action: $ACTION Host: $HOST Description: $DESCRIPTION Your faithful employee, Monit }
Configuration (iv) ◉ HTTP interface: ◉ Additional configuration files: set httpd port 2812 and allow admin:monit # require user 'admin' with password 'monit' include /etc/monit.d/*
Basic usage2
Basic commands (i) Controlled from command line with the command monit: ◉ Start Monit daemon: $ monit ◉ Exit Monit: $ monit quit ◉ Status summary: $ monit summary ◉ Disable monitoring of a named service or all services: $ monit unmonitor name $ monit unmonitor all ◉ Enable monitoring: $ monit monitor name $ monit monitor all
Basic commands (ii) ◉ Start named service or all services: $ monit start name $ monit start all ◉ Stop named service or all services: $ monit stop name $ monit stop all ◉ Restart named service or all services: $ monit restart name $ monit restart all
Monitoring examples3
Simple process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid
Proactive process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop”
Restart process if it has stopped accepting connections check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http then restart
Restart process if it has stopped accepting connections avoiding false positives check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http for 2 cycles then restart
Check process response to requests check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart
Avoid noisy alarms check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
Check resources used by process (e.g. DoS attacks) check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" with timeout 60 seconds stop program = "/etc/init.d/httpd stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if totalmem > 200.0 MB for 5 cycles then restart if children > 250 then restart if loadavg(5min) greater than 10 for 8 cycles then stop if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
Monitor filesystem space and inode usage check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data" if space usage > 80% for 5 times within 15 cycles then alert if space usage > 99% then stop if inode usage > 30000 then alert if inode usage > 99% then stop
Monitor file checksum (e.g. rootkits) check file apache with path /usr/sbin/httpd if failed checksum then alert if failed uid root then alert if failed gid root then alert if failed permission 755 then alert
Monitor a directory that should change check directory incomming with path /var/data/ftp if timestamp > 1 hour then alert
Check network interface status check network eth0 with interface eth0 start program = '/etc/init.d/net.eth0 start' stop program = '/etc/init.d/net.eth0 stop' if failed link then restart
Check network link capacity changes check network eth0 with interface eth0 if changed link capacity then alert
Check network link usage (saturation, bandwidth) check network eth0 with interface eth0 if saturation > 90% then alert if upload > 500 kB/s then alert if total download > 1 GB in last 2 hours then alert if total download > 10 GB in last day then alert
Check remote host availability by issuing a ping test check host osoco.es with address osoco.es if failed ping then alert
Check the content of a response from a web server check host myserver with address 192.168.1.1 if failed port 80 protocol http and request /some/path with content = "a string" then alert
Check connection with custom protocol (MySQL) check host databaserver with address 192.168.1.1 if failed ping then alert if failed port 3306 protocol mysql username foo password bar then alert
Check custom program status output check program myscript with path /usr/local/bin/myscript.sh if status != 0 then alert
Check custom program every workday at 8AM check program checkOracleDatabase with path /var/monit/programs/checkoracle.pl every "* 8 * * 1-5"
Check service dependencies before start/stop/monitor/unmonitor check process apache with pidfile "/usr/local/apache/logs/httpd.pid" ... depends on httpd check file httpd with path /usr/local/apache/bin/httpd if failed checksum then unmonitor
Hierarchy of dependencies check process apache ... depends on tomcat check process tomcat ... depends on mysql check process mysql ... depends on datafs check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data"
Web interface4
Monit web interface
One interface to rule them all ◉ M/Monit: ○ Monitoring and management of all your Monit hosts. ○ Also works on mobile devices. ○ A one-time payment and the license is perpetual.
One interface to rule them all ◉ Monittr: ○ https://github.com/karmi/monittr ○ Free and very basic option.
Demo time
Thanks! This work is licensed under a Creative Commons Attribution 4.0 International License. You can find me at ◉ @rafael_luque ◉ rafael.luque@osoco.es Cover photo licensed by Edward Conte under a Creative Commond by-nc license: https: //www.flickr.com/photos/edwardconde/11447139646/

Recomendados

Monit
MonitMonit
MonitAbhishek Singh
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Using metasploit
Using metasploitUsing metasploit
Using metasploitCyberRad
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 

Recomendados

Monit
MonitMonit
MonitAbhishek Singh
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Using metasploit
Using metasploitUsing metasploit
Using metasploitCyberRad
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanningamiable_indian
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : sshSyaiful Ahdan
 
Sistemas operacionais 8
Sistemas operacionais 8Sistemas operacionais 8
Sistemas operacionais 8Nauber Gois
 
Nmap
NmapNmap
NmapMegha Sahu
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Securitykktamang
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modemCyber Security Alliance
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Developing MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersBGA Cyber Security
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
Sockets in unix
Sockets in unixSockets in unix
Sockets in unixswtjerin4u
 
Client side exploits
Client side exploitsClient side exploits
Client side exploitsnickyt8
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaNessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaHanaysha
 
Polyglot Grails
Polyglot GrailsPolyglot Grails
Polyglot GrailsMarcin Gryszko
 
Spring Annotations: Proxy
Spring Annotations: ProxySpring Annotations: Proxy
Spring Annotations: ProxyOSOCO
 

Más contenido relacionado

La actualidad más candente

Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Sistemas operacionais 8
Sistemas operacionais 8Sistemas operacionais 8
Sistemas operacionais 8Nauber Gois
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Securitykktamang
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Developing MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersBGA Cyber Security
 
Sockets in unix
Sockets in unixSockets in unix
Sockets in unixswtjerin4u
 
Client side exploits
Client side exploitsClient side exploits
Client side exploitsnickyt8
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaNessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaHanaysha
 

La actualidad más candente (20)

Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanning
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Sistemas operacionais 8
Sistemas operacionais 8Sistemas operacionais 8
Sistemas operacionais 8
 
Nmap
NmapNmap
Nmap
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Security
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
Developing MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack Routers
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
Sockets in unix
Sockets in unixSockets in unix
Sockets in unix
 
Client side exploits
Client side exploitsClient side exploits
Client side exploits
 
N map presentation
N map presentationN map presentation
N map presentation
 
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaNessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
 

Destacado

Spring Annotations: Proxy
Spring Annotations: ProxySpring Annotations: Proxy
Spring Annotations: ProxyOSOCO
 
AWS CloudFormation en 5 Minutos
AWS CloudFormation en 5 MinutosAWS CloudFormation en 5 Minutos
AWS CloudFormation en 5 MinutosOSOCO
 
Understanding Java Dynamic Proxies
Understanding Java Dynamic ProxiesUnderstanding Java Dynamic Proxies
Understanding Java Dynamic ProxiesOSOCO
 
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)Alex Rupérez
 
Gigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeaconsGigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeaconsAlex Rupérez
 
NSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity FrameworkNSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity FrameworkAlex Rupérez
 
KURTÁG_Pages de 116
KURTÁG_Pages de 116KURTÁG_Pages de 116
KURTÁG_Pages de 116Imre Szab
 
Dozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
Dozierendentreffen 2015 – Interprofessionelles ZusammenarbeitenDozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
Dozierendentreffen 2015 – Interprofessionelles Zusammenarbeitenkalaidos-gesundheit
 
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo Diocesis Tlaxcala
 

Destacado (20)

Polyglot Grails
Polyglot GrailsPolyglot Grails
Polyglot Grails
 
Spring Annotations: Proxy
Spring Annotations: ProxySpring Annotations: Proxy
Spring Annotations: Proxy
 
Polyglot JVM
Polyglot JVMPolyglot JVM
Polyglot JVM
 
AWS CloudFormation en 5 Minutos
AWS CloudFormation en 5 MinutosAWS CloudFormation en 5 Minutos
AWS CloudFormation en 5 Minutos
 
Understanding Java Dynamic Proxies
Understanding Java Dynamic ProxiesUnderstanding Java Dynamic Proxies
Understanding Java Dynamic Proxies
 
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
MADBike – Destapando la seguridad de BiciMAD (T3chFest 2017)
 
Gigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeaconsGigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeacons
 
NSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity FrameworkNSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity Framework
 
Ledrise presentation 2015
Ledrise presentation 2015Ledrise presentation 2015
Ledrise presentation 2015
 
KURTÁG_Pages de 116
KURTÁG_Pages de 116KURTÁG_Pages de 116
KURTÁG_Pages de 116
 
Ejemplos de Tiggres de M i Banco & Telecompra
Ejemplos de Tiggres de M i Banco & TelecompraEjemplos de Tiggres de M i Banco & Telecompra
Ejemplos de Tiggres de M i Banco & Telecompra
 
LMS Presentation & Bi-annual report 2012-2013
LMS Presentation & Bi-annual report 2012-2013LMS Presentation & Bi-annual report 2012-2013
LMS Presentation & Bi-annual report 2012-2013
 
Mkt frutiger lanzamiento de agencia
Mkt frutiger lanzamiento de agencia Mkt frutiger lanzamiento de agencia
Mkt frutiger lanzamiento de agencia
 
Dozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
Dozierendentreffen 2015 – Interprofessionelles ZusammenarbeitenDozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
Dozierendentreffen 2015 – Interprofessionelles Zusammenarbeiten
 
Acepta el gran desafío
Acepta el gran desafíoAcepta el gran desafío
Acepta el gran desafío
 
Ada 3 informatica
Ada 3 informaticaAda 3 informatica
Ada 3 informatica
 
Therapeutic Garden Design
Therapeutic Garden DesignTherapeutic Garden Design
Therapeutic Garden Design
 
Iglesias revista
Iglesias revistaIglesias revista
Iglesias revista
 
Np radio me
Np radio meNp radio me
Np radio me
 
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
Covenio ITEA y la Diócesis de Tlaxcala para abatir rezago educativo
 

Similar a Proactive monitoring with Monit

Similar a Proactive monitoring with Monit (20)

Toby3
Toby3Toby3
Toby3
 
xxxx
xxxxxxxx
xxxx
 
yyyyxxxdd
yyyyxxxddyyyyxxxdd
yyyyxxxdd
 
new title
new titlenew title
new title
 
yyyyxxx
yyyyxxxyyyyxxx
yyyyxxx
 
Tinoub1
Tinoub1Tinoub1
Tinoub1
 
yyyyxxxdd
yyyyxxxddyyyyxxxdd
yyyyxxxdd
 
Tinoub1
Tinoub1Tinoub1
Tinoub1
 
Toby5
Toby5Toby5
Toby5
 
Monit a2
Monit a2Monit a2
Monit a2
 
yyyyxxx
yyyyxxxyyyyxxx
yyyyxxx
 
Toby7
Toby7Toby7
Toby7
 
Tinoub1
Tinoub1Tinoub1
Tinoub1
 
Toby10
Toby10Toby10
Toby10
 
Toby7
Toby7Toby7
Toby7
 
Toby
Toby Toby
Toby
 
yyyyxxx
yyyyxxxyyyyxxx
yyyyxxx
 
toby
tobytoby
toby
 
Tinoub1
Tinoub1Tinoub1
Tinoub1
 
yyyyxxx
yyyyxxxyyyyxxx
yyyyxxx
 

Último

CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 

Último (20)

CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 

Proactive monitoring with Monit

  • 1. Proactive monitoring with Monit Developer Toolbox SeriesRafael Luque (OSOCO) September 2015
  • 2. Barking at daemons An small open source utility to monitor Unix systems with automatic error recovery capabilities.
  • 3. What Monit can monitor Files, Dirs and Filesystems Monitor these items for changes, such as timestamps changes, checksum changes or size changes. Hosts Monitor network connections to various servers, either on localhost or on remote hosts. TCP, UDP and Unix Domain Sockets are supported. Network tests can be performed on a protocol level. System General system resources on localhost such as overall CPU usage, Memory and Load Average. Processes Daemon processes or similar programs running on localhost, such as those started at system boot time from /etc/init.d/ Programs and scripts Test programs or scripts at certain times, much like cron, but in addition, you can test the exit value of a program and perform an action or send an alert if the exit value indicates an error.
  • 5. Configuration (i) ◉ Global configuration file at /etc/monitrc. ◉ Sample global configuration: ○ Check services at 30 seconds intervals: set daemon 30 # with start delay 240 # optional: delay the first check by 4-minutes (by # # default Monit check immediately after Monit start)
  • 6. Configuration (ii) ◉ Set Monit’s logfile: ◉ Mail configuration: set logfile /var/log/monit.log set mailserver localhost # By default Monit will drop alert events if no mail servers are available. # If you want to keep the alerts for later delivery retry, you can use the # EVENTQUEUE statement. set eventqueue basedir /var/monit # set the base directory where events will be stored slots 100 # optionally limit the queue size
  • 7. Configuration (iii) ## Alert email recipient: set alert sysadm@foo.bar ## Alert email format: set mail-format { from: monit@$HOST subject: monit alert -- $EVENT $SERVICE message: $EVENT Service $SERVICE Date: $DATE Action: $ACTION Host: $HOST Description: $DESCRIPTION Your faithful employee, Monit }
  • 8. Configuration (iv) ◉ HTTP interface: ◉ Additional configuration files: set httpd port 2812 and allow admin:monit # require user 'admin' with password 'monit' include /etc/monit.d/*
  • 10. Basic commands (i) Controlled from command line with the command monit: ◉ Start Monit daemon: $ monit ◉ Exit Monit: $ monit quit ◉ Status summary: $ monit summary ◉ Disable monitoring of a named service or all services: $ monit unmonitor name $ monit unmonitor all ◉ Enable monitoring: $ monit monitor name $ monit monitor all
  • 11. Basic commands (ii) ◉ Start named service or all services: $ monit start name $ monit start all ◉ Stop named service or all services: $ monit stop name $ monit stop all ◉ Restart named service or all services: $ monit restart name $ monit restart all
  • 13. Simple process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid
  • 14. Proactive process monitoring check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop”
  • 15. Restart process if it has stopped accepting connections check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http then restart
  • 16. Restart process if it has stopped accepting connections avoiding false positives check process tomcat-8 with pidfile /var/run/tomcat-8.pid start program = “/etc/init.d/tomcat-8 start” stop program = “/etc/init.d/tomcat-8 stop” restart program = “/etc/init.d/tomcat-8 restart” if failed port 8080 protocol http for 2 cycles then restart
  • 17. Check process response to requests check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart
  • 18. Avoid noisy alarms check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" stop program = "/etc/init.d/httpd stop" if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
  • 19. Check resources used by process (e.g. DoS attacks) check process apache with pidfile /usr/local/apache/logs/httpd.pid start program = "/etc/init.d/httpd start" with timeout 60 seconds stop program = "/etc/init.d/httpd stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if totalmem > 200.0 MB for 5 cycles then restart if children > 250 then restart if loadavg(5min) greater than 10 for 8 cycles then stop if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart if failed port 443 type tcpssl protocol http with timeout 15 seconds then restart if 3 restarts within 5 cycles then unmonitor
  • 20. Monitor filesystem space and inode usage check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data" if space usage > 80% for 5 times within 15 cycles then alert if space usage > 99% then stop if inode usage > 30000 then alert if inode usage > 99% then stop
  • 21. Monitor file checksum (e.g. rootkits) check file apache with path /usr/sbin/httpd if failed checksum then alert if failed uid root then alert if failed gid root then alert if failed permission 755 then alert
  • 22. Monitor a directory that should change check directory incomming with path /var/data/ftp if timestamp > 1 hour then alert
  • 23. Check network interface status check network eth0 with interface eth0 start program = '/etc/init.d/net.eth0 start' stop program = '/etc/init.d/net.eth0 stop' if failed link then restart
  • 24. Check network link capacity changes check network eth0 with interface eth0 if changed link capacity then alert
  • 25. Check network link usage (saturation, bandwidth) check network eth0 with interface eth0 if saturation > 90% then alert if upload > 500 kB/s then alert if total download > 1 GB in last 2 hours then alert if total download > 10 GB in last day then alert
  • 26. Check remote host availability by issuing a ping test check host osoco.es with address osoco.es if failed ping then alert
  • 27. Check the content of a response from a web server check host myserver with address 192.168.1.1 if failed port 80 protocol http and request /some/path with content = "a string" then alert
  • 28. Check connection with custom protocol (MySQL) check host databaserver with address 192.168.1.1 if failed ping then alert if failed port 3306 protocol mysql username foo password bar then alert
  • 29. Check custom program status output check program myscript with path /usr/local/bin/myscript.sh if status != 0 then alert
  • 30. Check custom program every workday at 8AM check program checkOracleDatabase with path /var/monit/programs/checkoracle.pl every "* 8 * * 1-5"
  • 31. Check service dependencies before start/stop/monitor/unmonitor check process apache with pidfile "/usr/local/apache/logs/httpd.pid" ... depends on httpd check file httpd with path /usr/local/apache/bin/httpd if failed checksum then unmonitor
  • 32. Hierarchy of dependencies check process apache ... depends on tomcat check process tomcat ... depends on mysql check process mysql ... depends on datafs check filesystem datafs with path /dev/sdb1 start program = "/bin/mount /data" stop program = "/bin/umount /data"
  • 35. One interface to rule them all ◉ M/Monit: ○ Monitoring and management of all your Monit hosts. ○ Also works on mobile devices. ○ A one-time payment and the license is perpetual.
  • 36. One interface to rule them all ◉ Monittr: ○ https://github.com/karmi/monittr ○ Free and very basic option.
  • 38. Thanks! This work is licensed under a Creative Commons Attribution 4.0 International License. You can find me at ◉ @rafael_luque ◉ rafael.luque@osoco.es Cover photo licensed by Edward Conte under a Creative Commond by-nc license: https: //www.flickr.com/photos/edwardconde/11447139646/