Debianhelp.co.uk


Monitoring Services using Mon in Debian

What is mon ?

mon is a general-purpose scheduler and alert management tool used for monitoring service availability and triggering alerts upon failure detection. mon was designed to be open and extensible in the sense that it supports arbitrary monitoring facilities and alert methods via a common interface, all of which are easily implemented with programs in C, Perl, shell, etc., SNMP traps, and special mon traps.

Download Mon

ftp://ftp.kernel.org/pub/software/admin/mon/

Mon man pages

http://www.kernel.org/software/mon/man.html

Mon FAQ

http://www.kernel.org/software/mon/faq.html

Services Monitoring and Alerts scripts

http://ftp.kernel.org/pub/software/admin/mon/contrib/index.html

Installing MON in Debian

#apt-get install mon

Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
libconvert-ber-perl (1.3101-1)
libmon-perl (0.11-2)
libtime-period-perl (1.20-7)
Suggested packages:
libfilesys-diskspace-perl (0.05-7)
libnet-dns-perl (0.48-1)
libnet-ldap-perl (0.3202-3)
libstatistics-descriptive-perl (2.6-2)
The following NEW packages will be installed:
libconvert-ber-perl (1.3101-1)
libmon-perl (0.11-2)
libtime-period-perl (1.20-7)
mon (0.99.2-8)
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 255kB of archives.
After unpacking 1212kB of additional disk space will be used.
Do you want to continue? [Y/n]y

Configuring mon in Debian

We can configure Mon at /etc/mon/mon.cf. Begin by setting defining some global settings:

#
# global options
#
alertdir = /usr/lib/mon/alert.d
mondir = /usr/lib/mon/mon.d
logdir = /var/log/mon
histlength = 100
# authfile = /etc/mon/auth.cf


We are not currently using Mon's authentication system, so we have left the authfile directive commented out for now. You may want to make use of this feature.

Now we want to set Mon to log all outages to a central "downtime" log. Add the lines below to your config file to enable downtime logging, and to specify that these should be logged to a file called dtlog within the main Mon logging directory (/var/log/mon in the example above).

dtlogging = yes
dtlogfile = dtlog


Next we must define one or more host groups. As the name would suggest, these are groups of systems that we want to monitor.

In the example below I define a host group called pingableservers that I will attach a PING monitor to, and that will contain the hostnames of all our servers. Host groups for HTTP, SMTP and POP3 servers are also defined and will have appropriate monitors attached to them.

Note the blank lines seperating your host group definitions. These are important! Leave them out and you loose.

hostgroup pingableservers
www.domain.com
pop3.domain.com
smtp.domain.com


hostgroup httpservers
www.domain.com


hostgroup smtpservers
smtp.domain.com


hostgroup pop3servers
pop3.domain.com

Next we need to proceed to configure monitors and alerts for use with the host groups defined above:

watch pingableservers
service ping
interval 10m
monitor fping.monitor -T
period
numalerts 10
alert mail.alert test@domain.com
upalert mail.alert test@domain.com

The watch directive specifies the hostgroup the watch is assigned to, in this case pingableservers, and the service directive specifies a name by which we may refer to the monitored service.

The interval directive specifies that the monitors should be run at an interval of 10 minites. The monitor directive specifies the monitor to be used. You could specify several if you wanted to do so, but here we specify only the fping monitor, to be run with the -T attribute that causes the monitor to include a traceroute when sending an alert.

The period directive is used to define one or more periods, and how Mon should behave during that period. For instance you may want different people to be alerted during different times of the day. But where we just setup a single all encompassing period.

For this period, we use the numalerts directive to tell Mon to send no more than 10 alerts. And then we specify the alerts to be used for both the down event and up event, in this case mail.alert, specifying the email address the alert should be sent to as a parameter.

The watch definitions for our HTTP, SMTP and POP3 hostgroups might look something like the examples below:

watch httpservers
service http
interval 10m
monitor http.monitor
period
numalerts 10
alert mail.alert test@domain.com
upalert mail.alert test@domain.com

watch pop3servers
service pop3
interval 10m
monitor pop3.monitor
period
numalerts 10
alert mail.alert test@domain.com
upalert mail.alert test@domain.com

watch smtpservers
service smtp
interval 10m
monitor smtp.monitor -t 60
period
numalerts 10
alert mail.alert test@domain.com
upalert mail.alert test@domain.com

Note the -t 60 attribute on the SMTP monitor. This defines a timeout for the monitor of 60 seconds.

Note the blank lines separating your watch definitions. These are important! Leave them out and you loose.

If you have installed Mon from the Debian package then a script will have been installed to /etc/init.d which can be used to start and stop monitoring as shown below:

# /etc/init.d/mon start

# /etc/init.d/mon stopMon

should have been configured to start on boot for you.

If you are running a web server on the machine then you can use the monshow.cgi found in your /usr/share/cgi-bin directory to keep an eye on your monitoring status. Ie, point your web browser to http://localhost/cgi-bin/monshow.cgi.