Solved

Monit not sending any alerts

Posted on 2008-06-19
11
459 Views
Last Modified: 2013-11-30
I have configured monit to send alerts when smtp fails . But i could see any mails it is sending. When i start and stop the monitor.

Morover,
I dont know how to test whether alerts will come to my mail box.

Please see the configration file:

Morover i cannot access anything in webbrowser . Kindly assist me !
set daemon  120

#

#

## Set syslog logging with the 'daemon' facility. If the FACILITY option is

## omitted, monit will use 'user' facility by default. If you want to log to

## a stand alone log file instead, specify the path to a log file

#

 set logfile syslog facility log_daemon

#

#

  set mailserver localhost              # primary mailserver

#                backup.bar.baz port 10025,  # backup mailserver on port 10025

#                localhost                   # fallback relay

#

     set httpd port 2812 and

     use address localhost # accept connection from localhost
 

     allow XX.XX.78.99/255.255.255.0     # allow localhost to connect to the server and

     allow admin:monit      # require user 'admin' with password 'monit'
 
 

check process sendmail with pidfile /var/run/sendmail.pid

   group services

   start program = "/etc/init.d/sendmail start"

   stop  program = "/etc/init.d/sendmail stop"

   if failed port 25 protocol smtp then restart

   if 5 restarts within 5 cycles then timeout

   alert jaisonshereen@gmail.com
 

## Check a file for existence, checksum, permissions, uid and gid. In addition

## to alert recipients in the global section, customized alert will be sent to

## additional recipients by specifying a local alert handler. The service may

## be grouped using the GROUP option.

Open in new window

0
Comment
Question by:jaisonshereen
  • 6
  • 5
11 Comments
 
LVL 16

Expert Comment

by:Hanno Schröder
ID: 21829101
a) Open a shell window and enter
      # tail -f /var/log/maillog
    The location of your mail log file may differ, depending on your Linux
    variant. You may want to make this window wide to see the rather
    long lines nicely.
    Each time, an email gets processed (incoming or outgoing) an entry
    will be put into this file.
b) In another shell window try to create messages

You may have a general problem as you use email (SMTP) to alert you:
What will happen if you top the mail service (SMTP)? Monit should send
email -- but the mail system is not available :-(

Could you change the lines 24 and 25 to read something like
   start program = "echo STARTING-mail >>/var/log/test.log;/etc/init.d/sendmail start"

   stop  program = "echo STOPPING-mail >>/var/log/test.log;/etc/init.d/sendmail stop"

Open in new window

0
 

Author Comment

by:jaisonshereen
ID: 21829420
Please find the logs below:

As per the log it is sending mails.

"What will happen if you top the mail service (SMTP)? Monit should send
email -- but the mail system is not available :"

How to check this?
[root@Server01 monit-5.0-beta1]# tail -f /var/log/maillog

Jun 19 22:50:19 Server01 sendmail[2152]: alias database /etc/aliases rebuilt by root

Jun 19 22:50:19 Server01 sendmail[2152]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total

Jun 19 22:50:19 Server01 sendmail[2172]: starting daemon (8.13.8): SMTP+queueing@01:00:00

Jun 19 22:50:21 Server01 sm-msp-queue[2182]: starting daemon (8.13.8): queueing@01:00:00

Jun 20 00:05:15 Server01 sendmail[4384]: m5K45FFV004384: from=<tis_placement_service@trilogy.com>, size=163, class=0, nrcpts=1, msgid=<200806200405.m5K45FFV004384@Server01>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]

Jun 20 00:05:53 Server01 sendmail[4386]: m5K45FFV004384: to=<abc@gmail.com>, delay=00:00:38, xdelay=00:00:38, mailer=esmtp, pri=120163, relay=gmail-smtp-in.l.google.com. [74.125.47.114], dsn=2.0.0, stat=Sent (OK 1213924616 6si1407426ywn.0)

Jun 20 04:02:52 Server01 sendmail[11828]: m5K82LWH011828: from=root, size=10733, class=0, nrcpts=1, msgid=<200806200802.m5K82LWH011828@Server01>, relay=root@localhost

Jun 20 04:02:53 Server01 sendmail[12075]: m5K82q6K012075: from=<root@Server01>, size=10973, class=0, nrcpts=1, msgid=<200806200802.m5K82LWH011828@Server01>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]

Jun 20 04:02:53 Server01 sendmail[11828]: m5K82LWH011828: to=root, ctladdr=root (0/0), delay=00:00:32, xdelay=00:00:01, mailer=relay, pri=40733, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m5K82q6K012075 Message accepted for delivery)

Jun 20 04:02:54 Server01 sendmail[12076]: m5K82q6K012075: to=<root@Server01>, ctladdr=<root@Server01> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=41177, dsn=2.0.0, stat=Sent

Open in new window

0
 
LVL 16

Expert Comment

by:Hanno Schröder
ID: 21829646
Note: I had typed "top" but meant "stop" ...

To see if the mail service is active, use
     ps -ef | grep sendmail
You can also compar with entry in /var/run/sendmail.pid
     cat /var/run/sendmail.pid
or all in one:
     ps -fp `cat /var/run/sendmail.pid`

a) What can you see in maillog when stopping/starting monit?
b) What can you see in maillog when (manually) stopping/starting sendmail?
c) What happens when you kill the main sendmail process?
      kill -9 `cat /var/run/sendmail.pid`
    Does it get restarted by monit?
    It will get an new PID in this case:   cat /var/run/sendmail.pid
0
 

Author Comment

by:jaisonshereen
ID: 21829770
[root@Server01 ~]# ps -ef | grep sendmail
root      2172     1  0 Jun19 ?        00:00:00 sendmail: accepting connections
smmsp     2182     1  0 Jun19 ?        00:00:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
root     21763 21618  0 09:27 pts/3    00:00:00 grep sendmail
[root@Server01 ~]#



[root@Radartest01 ~]# cat /var/run/sendmail.pid
2172
/usr/sbin/sendmail -bd -q1h
[root@Radartest01 ~]#




This is what i got when i stop and start monit:( There is nothing especialy)

[root@Server01 monit-5.0-beta1]# tail -f /var/log/maillog
Jun 19 22:50:19 Server01 sendmail[2152]: alias database /etc/aliases rebuilt by root
Jun 19 22:50:19 Server01 sendmail[2152]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
Jun 19 22:50:19 Server01 sendmail[2172]: starting daemon (8.13.8): SMTP+queueing@01:00:00
Jun 19 22:50:21 Server01 sm-msp-queue[2182]: starting daemon (8.13.8): queueing@01:00:00
Jun 20 00:05:15 Server01 sendmail[4384]: m5K45FFV004384: from=<tis_placement_service@trilogy.com>, size=163, class=0, nrcpts=1, msgid=<200806200405.m5K45FFV004384@Server01>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Jun 20 00:05:53 Server01 sendmail[4386]: m5K45FFV004384: to=<abc@gmail.com>, delay=00:00:38, xdelay=00:00:38, mailer=esmtp, pri=120163, relay=gmail-smtp-in.l.google.com. [74.125.47.114], dsn=2.0.0, stat=Sent (OK 1213924616 6si1407426ywn.0)
Jun 20 04:02:52 Server01 sendmail[11828]: m5K82LWH011828: from=root, size=10733, class=0, nrcpts=1, msgid=<200806200802.m5K82LWH011828@Server01>, relay=root@localhost
Jun 20 04:02:53 Server01 sendmail[12075]: m5K82q6K012075: from=<root@Server01>, size=10973, class=0, nrcpts=1, msgid=<200806200802.m5K82LWH011828@Server01>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Jun 20 04:02:53 Server01 sendmail[11828]: m5K82LWH011828: to=root, ctladdr=root (0/0), delay=00:00:32, xdelay=00:00:01, mailer=relay, pri=40733, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m5K82q6K012075 Message accepted for delivery)
Jun 20 04:02:54 Server01 sendmail[12076]: m5K82q6K012075: to=<root@Server01>, ctladdr=<root@Server01> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=41177, dsn=2.0.0, stat=Sent

[root@Server01 monit-5.0-beta1]# date
Fri Jun 20 09:31:58 EDT 2008
[root@Server01 monit-5.0-beta1]#


And the same logs i got when i stop and start sendmail also ( no entries in logs )

Do i need to wait for more than 2 minutes after stopping sendmail to check the logs are entered because monit is checking only 2 minitues intervals.?

0
 
LVL 16

Expert Comment

by:Hanno Schröder
ID: 21830043
You should wait longer, to make sure monit will see that sendmail is gone !
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:jaisonshereen
ID: 21830282
i checked by more than 5 minites by stoping send mail service. But logs seems to be same.
0
 

Author Comment

by:jaisonshereen
ID: 21830299
FYI:

[root@Server01 monit-5.0-beta1]# ps -ef | grep monit
root     22141     1  0 Jun18 ?        00:00:09 monit
root     24293 21618  0 10:53 pts/3    00:00:00 grep monit
[root@Server01 monit-5.0-beta1]#
0
 
LVL 16

Expert Comment

by:Hanno Schröder
ID: 21830360
got sendmail restarted by monit now?

or will it get restarted when the pidfile gets deleted?


maybe you should try with some other process and not
sendmail itself (like a simple shell script that does nothing).

Put the following in a file called mytest.sh and run with
  ./mytest.sh &

#!/bin/sh
 

# shell script that runs forever and does nothing (but sleeping)
 

while : ; do

  sleep 60

done

Open in new window

0
 

Author Comment

by:jaisonshereen
ID: 21830502
got sendmail restarted by monit now?
No it is not restarted by monit.i restarted manually.

will it get restarted when the pidfile gets deleted?
i didnt do this because i am afraid my production server will crash.


maybe you should try with some other process and not:

i have created shell script and it is running in background now.

But can you tell me what should i need to edit it monitrc?
0
 

Author Comment

by:jaisonshereen
ID: 21830511
What i need to replace in the below text?
check process sendmail with pidfile /var/run/sendmail.pid

   group services

   start program = "/etc/init.d/sendmail start"

   stop  program = "/etc/init.d/sendmail stop"

   if failed port 25 protocol smtp then restart

   if 5 restarts within 5 cycles then timeout

   alert jaisonshereen@gmail.com

Open in new window

0
 
LVL 16

Accepted Solution

by:
Hanno Schröder earned 500 total points
ID: 21831145
I don't know about monit, but it looks like you will have to put something in your config file like below

Please, check your documentation for monit.
check process myscript

   start program = "/path/to/myscript"

   stop  program = "kill -9 `ps -ef|grep /path/to/myscript`"

   if 5 restarts within 5 cycles then timeout

   alert jaisonshereen@gmail.com

Open in new window

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now