Monit is an open-source utility used to supervise the processes and restart the services which are configured for it and have failed. Monit supervises the processes and restarts them on failure detection. Apart from the processes, Monit can also be used to monitor CPU, RAM, Disk, File Size and trigger alerts on out-of-bound values. It also shows how to trigger alert emails using custom templates. This tutorial provides the steps required to install Monit on the popular Linux distribution Ubuntu. It provides all the steps required to install and use Monit on Ubuntu 20.04 LTS. The steps should be similar on other versions of Ubuntu and Linux systems.
Official Definition
Monit is a small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.
Install Monit
Use the below-mentioned command to install Monit on Ubuntu.
# Refresh Packages
sudo apt update
# Install Monit sudo apt install monit
# Sample output Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: default-mta | postfix | mail-transport-agent sysvinit-core The following NEW packages will be installed: monit .... .... Unpacking monit (1:5.26.0-4) ... Setting up monit (1:5.26.0-4) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.1) ...
It installed Monit version 5.26.0 while writing this tutorial.
Important Commands
The important commands provided by Monit are shown below. Some of the monit specific commands including monit status and monit restart service will work only after enabling the HTTP interface as shown in the next section.
# Check Configurations sudo monit -t
# Output Control file syntax OK
# Reload Monit - Use to reload monit after configuration changes sudo monit reload
# Output Reinitializing monit daemon
# Start All Programs - Needs HTTP interface sudo monit start all
# Monit Status - It prints the status of Monit Server - Needs HTTP interface sudo monit status
# Output Monit 5.26.0 uptime: 13h 4m System 'servera.mydomain.com' status OK monitoring status Monitored monitoring mode active on reboot start load average [0.00] [0.00] [0.00] cpu 0.0%us 0.0%sy 0.0%wa memory usage 225.3 MB [5.8%] swap usage 0 B [0.0%] uptime 5d 18h 48m boot time Thu, 04 Jun 2020 08:18:53 data collected Wed, 10 Jun 2020 03:06:51
# Monit Summary - Needs HTTP interface sudo monit summary
# Output Monit 5.26.0 uptime: 13h 20m ┌─────────────────────────────────┬────────────────────────────┬───────────────┐ │ Service Name │ Status │ Type │ ├─────────────────────────────────┼────────────────────────────┼───────────────┤ │ servera.mydomain.com │ OK │ System │ └─────────────────────────────────┴────────────────────────────┴───────────────┘
I have replaced my server hostname with servera.mydomain.com for demonstration purposes. It should reflect the hostname assigned to your server.
We can also use the below-mentioned standard commands to enable/disable, stop, start, and restart Monit. These commands do not require to enable the web interface of Monit.
# Enable Monit sudo systemctl enable monit
# Disable Monit sudo systemctl disable monit
# Start Monit sudo systemctl start monit # OR sudo service monit start
# Stop Monit sudo systemctl stop monit # OR sudo service monit stop
# Restart Monit sudo systemctl restart monit # OR sudo service monit restart
# Reload Monit
sudo systemctl reload monit # OR sudo service monit reload
Configure Monit - Enable Web Interface and Monit Commands
We can configure and enable the HTTP interface of Monit by updating the configuration file /etc/monit/monitrc. I have updated the default configuration of Monit to allow connections from the localhost as shown below.
# Backup config file sudo cp /etc/monit/monitrc /etc/monit/monitrc.bck
# Update config file - using nano editor
sudo nano /etc/monit/monitrc
# Default config ... ... ## Monit has an embedded HTTP interface which can be used to view status of ## services monitored and manage services from a web interface. The HTTP ## interface is also required if you want to issue Monit commands from the ## command line, such as 'monit status' or 'monit restart service' The reason ## for this is that the Monit client uses the HTTP interface to send these ## commands to a running Monit daemon. See the Monit Wiki if you want to ## enable SSL for the HTTP interface. #
set httpd port 2812 and use address localhost # only accept connection from localhost (drop if you use M/Monit) allow localhost # allow localhost to connect to the server and # allow admin:monit # require user 'admin' with password 'monit' # #with ssl { # enable SSL/TLS and set path to server certificate # # pemfile: /etc/ssl/certs/monit.pem # #} ... ...
Save and close the editor. Now restart Monit using the command as mentioned in the previous section.
# Test configuration changes sudo monit -t
# Output Control file syntax OK
# Restart/Reload Monit sudo systemctl restart monit # OR sudo monit reload
It will enable the HTTP interface of Monit. Now we can execute all the monit commands from the command line and also access the HTTP interface on the local system at http://localhost:2812 using the preferred browser. The port 2812 is the standard port used by Monit.
In case Monit is installed on the local system, we can directly access the Web Interface of Monit on the localhost since we have disabled the admin access as shown above. The default HTTP interface of Monit on the localhost should be similar to Fig 1.
Fig 1
Configure Monit - Production Usage
This section provides the configurations required to remotely access the Monit HTTP interface. Since the localhost is not accessible on production servers, we must provide our system IP address to access monit from the browser. Monit only accepts connections from the allowed IP addresses as shown below. We can provide multiple IP addresses, one on a line as shown below. Make sure to change the port for production usage and also enable admin access as shown below.
# Update config file - using nano editor sudo nano /etc/monit/monitrc
# Default config ... ... ## Monit has an embedded HTTP interface which can be used to view status of ## services monitored and manage services from a web interface. The HTTP ## interface is also required if you want to issue Monit commands from the ## command line, such as 'monit status' or 'monit restart service' The reason ## for this is that the Monit client uses the HTTP interface to send these ## commands to a running Monit daemon. See the Monit Wiki if you want to ## enable SSL for the HTTP interface. # set httpd port 11000 and #use address localhost # only accept connection from localhost (drop if you use M/Monit) #use address servera.mydomain.com allow localhost # allow localhost to connect to the server and allow 115.84.71.121 allow admin:monit # require user 'admin' with password 'monit' # #with ssl { # enable SSL/TLS and set path to server certificate # # pemfile: /etc/ssl/certs/monit.pem # #} ... ...
# Test configuration changes sudo monit -t
# Output Control file syntax OK
# Restart/Reload Monit sudo systemctl restart monit # OR sudo monit reload
I have replaced my hostname with servera.mydomain.com and remote IP address with 115.84.71.121 for demonstration purposes. It should reflect the hostname assigned to your server and the IP address of your remote system. Also, test the Monit logs as shown below.
# View Logs tail /var/log/monit.log
# Output ---- ---- [UTC Jun 10 06:22:54] info : Starting Monit 5.26.0 daemon with http interface at [*]:11000 [UTC Jun 10 06:22:54] info : 'servera.mydomain.com' Monit 5.26.0 started
I have disabled the configuration - use address due to the IPv6 issue faced on the server. On enabling the configuration - use address using hostname, the error should be similar as shown below.
# View Logs tail /var/log/monit.log
# Output ---- ---- [UTC Jun 10 07:49:52] error : HTTP server -- Cannot bind: Cannot assign requested address [UTC Jun 10 07:49:52] error : HTTP server -- Cannot translate IPv6 socket [servera.mydomain.com]:11000 -- No address associated with hostname
On enabling the configuration - use address using IP address, the error should be similar as shown below.
# View Logs tail /var/log/monit.log
# Output ---- ---- [UTC Jun 10 08:03:49] error : HTTP server -- Cannot bind: Cannot assign requested address [UTC Jun 10 08:03:49] error : HTTP server -- Cannot translate IPv6 socket [33.120.200.126]:11000 -- Address family for hostname not supported
Now enable the port 11000 for public access by updating your firewall. On the AWS EC2 servers, it can be done by updating the security group. On most of the cloud platforms, we can open the port by using UFW as shown below.
# Open Port 11000 sudo ufw allow 11000
# Output Rule added Rule added (v6)
This completes the configuration of Monit to access the HTTP/admin interface from the remote system. Now access Monit using your server hostname e.g. http://servera.mydomain.com:11000 or IP address and preferred browser. It will ask to login using the Basic Authentication as shown in Fig 2.
Fig 2
The default username is admin and password is monit. Now provide the username and password and click the Sign in Button. It will log in to the web interface using the admin credentials and shows the dashboard as shown in Fig 3.
Fig 3
Configure Monit - Production Usage - SSL
We can further secure the Monit HTTP interface by enabling the SSL as shown below.
# Update config file - using nano editor sudo nano /etc/monit/monitrc
# Default config ... ... ## Monit has an embedded HTTP interface which can be used to view status of ## services monitored and manage services from a web interface. The HTTP ## interface is also required if you want to issue Monit commands from the ## command line, such as 'monit status' or 'monit restart service' The reason ## for this is that the Monit client uses the HTTP interface to send these ## commands to a running Monit daemon. See the Monit Wiki if you want to ## enable SSL for the HTTP interface. # set httpd port 11000 and #use address localhost # only accept connection from localhost (drop if you use M/Monit) allow localhost # allow localhost to connect to the server and allow 115.84.71.121 allow admin:monit # require user 'admin' with password 'monit' with ssl { # enable SSL/TLS and set path to server certificate pemfile: /mydata/secure/certs/server.pem } ... ...
# Test configuration changes sudo monit -t
# Output Control file syntax OK
# Restart/Reload Monit sudo systemctl restart monit # OR sudo monit reload
We can also open Monit to accept connections from any IP address by updating the configurations as shown below.
---
# allow localhost # allow localhost to connect to the server and
allow 0.0.0.0/0.0.0.0
---Now, if we try to access Monit using the HTTP protocol i.e. http://servera.mydomain.com:11000, it should show the error as shown in Fig 4.
Fig 4
Also, it should again ask to login by using the https protocol i.e. https://servera.mydomain.com:11000, and shows the web interface as shown in Fig 3.
Configure Monit - Enable Email Alerts
You may also configure Monit to trigger alert emails by updating the configuration file as shown below. It expects that an email server is already installed on the system. The next section explains how to configure Monit to trigger emails via SMTP.
# Update config file - using nano editor sudo nano /etc/monit/monitrc
# Set Alert Email set alert <email> # OR # Set Alert Email only for Security set alert <email> on { checksum, permission, uid, gid }
# Example set alert admin@mydomain.com # OR set alert admin@mydomain.com on { checksum, permission, uid, gid }
We can also configure the alerts to be triggered only for specific failed cycles as shown below.
# Set Alert Email for specific cycle alert <email> with reminder on 5 cycles
Configure Monit - SMTP
This section explains how to configure Monit to use the custom email template and trigger the mail using SMTP using Gmail. We can use a similar setup to trigger the emails via any other mail service.
#Mail Template
set mail-format {
from: <from email>
subject: Monit Alert - $EVENT
message: $EVENT Service $SERVICE
Date: $DATE
Action: $ACTION
Host: $HOST
Description: $DESCRIPTION
Yours,
Monit }
# Configure Mail Server
set mailserver smtp.gmail.com port 587
username "<email>" password "<password>"
using tlsv1 with timeout 30 seconds
# Configure Alert Receiver
set alert <receiver email>An example of the above-mentioned configuration is as shown below.
#Mail Template
set mail-format {
from: admin@mydomain.com
subject: Monit Alert - $EVENT
message: $EVENT Service $SERVICE
Date: $DATE
Action: $ACTION
Host: $HOST
Description: $DESCRIPTION
Yours,
Monit }
# Configure Mail Server
set mailserver smtp.gmail.com port 587
username "admin@mydomain.com" password "adminpwd"
using tlsv1 with timeout 30 seconds
# Configure Alert Receiver
set alert notify@mydomain.comThis is how we can configure the email template and SMTP to trigger the alert emails.
Configure Services
We can configure the standard services including MySQL, Apache, and NGINX to be monitored by Monit by following Configure Monit For MySQL, Apache, NGINX On Ubuntu 20.04 LTS.
Summary
This tutorial provided the steps to install and configure Monit on Ubuntu 20.04 LTS. It also provided the commonly used commands to start, stop, or restart the Monit service. The last sections explained the steps required to configure Monit and to trigger the emails via SMTP using the customized template.
