Setting up "monit" to monitor services, but can't get it to load

Question

I'm trying to get this going on my new server:

I've installed it, but when I try and run any commands, it times out:

root@mail:~# monit status
/etc/monit/monitrc:298: Include failed -- Success '/etc/monit/conf.d/*'
/etc/monit/monitrc:299: Include failed -- Success '/etc/monit/conf-enabled/*'
Cannot create socket to [192.168.1.34]:2812 -- Connection timed out

my config in /etc/monit/monitrc has:

set httpd port 2812 and
    use address 192.168.1.34 # only accept connection from localhost
#     allow localhost        # allow localhost to connect to the server and
#     allow admin:monit      # require user 'admin' with password 'monit'

... and when I reload, it looks fine:

root@mail:~# monit reload
/etc/monit/monitrc:298: Include failed -- Success '/etc/monit/conf.d/*'
/etc/monit/monitrc:299: Include failed -- Success '/etc/monit/conf-enabled/*'
Reinitializing monit daemon

Yet when I look at the status, I get the connection error. I have also tried doing it with 127.0.0.1, as that is what I get when doing ping localhost from SSH

I'm using Ubuntu 16 BTW. I install Monit using:

 sudo apt-get install monit

Any suggestions as to what I can check? I'm drawing a blank.

As requested, here is the output from netstat -tulpen:

root@mail:~# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      5001       16892       3763/python
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      109        178201      20577/mysqld
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      118        617295      24128/memcached
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      0          623080      26101/dovecot
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          625168      26188/nginx -g daem
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          15430       3624/sshd
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      115        16232       3696/postgres
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      0          625170      26188/nginx -g daem
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN      0          623016      26101/dovecot
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      0          623082      26101/dovecot
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      0          16201       3739/slapd
tcp6       0      0 :::143                  :::*                    LISTEN      0          623081      26101/dovecot
tcp6       0      0 :::80                   :::*                    LISTEN      0          625169      26188/nginx -g daem
tcp6       0      0 :::8181                 :::*                    LISTEN      0          16585       4284/apache2
tcp6       0      0 :::22                   :::*                    LISTEN      0          15439       3624/sshd
tcp6       0      0 ::1:5432                :::*                    LISTEN      115        16233       3696/postgres
tcp6       0      0 :::443                  :::*                    LISTEN      0          625171      26188/nginx -g daem
tcp6       0      0 :::4190                 :::*                    LISTEN      0          623017      26101/dovecot
tcp6       0      0 :::993                  :::*                    LISTEN      0          623083      26101/dovecot
tcp6       0      0 :::389                  :::*                    LISTEN      0          16202       3739/slapd
udp        0      0 127.0.0.1:11211         0.0.0.0:*                           118        617296      24128/memcached
udp        0      0 0.0.0.0:45852           0.0.0.0:*                           5002       627092      25708/uwsgi

I also just tried a full server reboot, to see if that helped, but no difference. If I try and start monit again, I get:

root@mail:~# monit
Monit daemon with PID 3609 awakened

Here is the output from ufw status:

root@mail:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
Nginx Full                 ALLOW       Anywhere
Nginx HTTP                 ALLOW       Anywhere
115/tcp                    ALLOW       Anywhere
22                         ALLOW       Anywhere
8181                       ALLOW       Anywhere
2812                       ALLOW       Anywhere
Nginx Full (v6)            ALLOW       Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)
115/tcp (v6)               ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
8181 (v6)                  ALLOW       Anywhere (v6)
2812 (v6)                  ALLOW       Anywhere (v6)

Below is what I get in the monit.log:

[BST Mar 31 09:33:22] info     : Reinitializing monit daemon
[BST Mar 31 09:33:22] info     : Awakened by the SIGHUP signal
Reinitializing Monit - Control file '/etc/monit/monitrc'
[BST Mar 31 09:33:22] info     : Shutting down Monit HTTP server
[BST Mar 31 09:33:22] info     : Monit HTTP server stopped
[BST Mar 31 09:33:23] info     : Starting Monit HTTP server at [localhost]:2812
[BST Mar 31 09:33:23] info     : Monit HTTP server started
[BST Mar 31 09:33:23] info     : 'mail.etrust.pro' Monit reloaded

Then when doing a monit status, I get:

[BST Mar 31 09:34:09] error    : Denied connection from non-authorized client [127.0.0.1]
[BST Mar 31 09:34:09] error    : Error receiving data -- Connection reset by peer

Could be something is blocking you 2812 port. Please provide the output of `netstat -tulpen`, or change the port and try again. — Lenniey, Mar 31 '17 at 07:51
@Lenniey - thanks, I've added the output of that. I did already check that, and I couldn't see anything relating to it (I was expecting to), so its almost like its not booting up the service properly. — Andrew Newby, Mar 31 '17 at 08:03
Any iptables rules or another firewall of some sort? edit: of course check the monit logs (you already tried that, I presume) and the output of `ps fax | grep -i monit` — Lenniey, Mar 31 '17 at 08:07
@Lenniey It has **ufw** enabled as well, but I've whitelisted the port on that (please see my updated question) — Andrew Newby, Mar 31 '17 at 08:08
Ah, I just realized you didn't set `allow xxxx` in your config. You need to adjust this setting for anything to connect (e.g. `localhost`) — Lenniey, Mar 31 '17 at 08:16
@Lenniey - so I need `set httpd port 2812 and` , and `allow 192.168.1.34` and `use address localhost` ? — Andrew Newby, Mar 31 '17 at 08:17
You can set the `allow` parameter to any IP / subnet you like, e.g. `0.0.0.0/0.0.0.0`, or a DNS entry like `localhost`. Well you don't _need_ to set this, but I'd try nonetheless. What's the ouput of you monit logs? — Lenniey, Mar 31 '17 at 08:18
@Lenniey Interestingly, I've now got this after a reload: `root@mail:~# monit status Error receiving data -- Connection reset by peer`. That is after adding in `use address localhost`. Where do you find the monit error logs? — Andrew Newby, Mar 31 '17 at 08:26
See the [documentation](https://mmonit.com/monit/documentation/monit.html#LOGGING), you only have monit installed on this one server, right? Please check the client entries in you monitrc, maybe there's something wrong. — Lenniey, Mar 31 '17 at 08:32
@Lenniey - ah, you beauty! I was looking for that log file for ages. That led me on to work out I needed: `allow localhost use address 127.0.0.1`. Maybe you want to put the answer about the log file, and then the expected value for the "allow" section, so I can accept? :) — Andrew Newby, Mar 31 '17 at 08:36
Yeah :) Well, the basics are - I still need to configure up the services I want to check, but I now get a result back with `monit status` — Andrew Newby, Mar 31 '17 at 08:37
Great! Just please answer your own question with the result and mark it as answered, or I can do it, whatever you like. — Lenniey, Mar 31 '17 at 08:43
I was going to let you do it, so you could get some points for your help :) — Andrew Newby, Mar 31 '17 at 08:48

score 1 · Accepted Answer · answered Mar 31 '17 at 08:57

1

Problem were the missing allow and use address directives in /etc/monit/monitrc. After being configured @AndrewNewby could connect to his monit-httpd.

answered Mar 31 '17 at 08:57

Lenniey

5,090
2
17
28

You're welcome. Yeah, I like it a lot, have fun! :) – Lenniey Mar 31 '17 at 09:01

score 0 · Answer 2 · answered May 19 '18 at 00:11

In order for commands such as monit status or monit restart service to work the Monit embedded HTTP server must be enabled. This is because the Monit client uses the HTTP interface to send these commands to the Monit daemon.

You can enable the HTTP server by uncommenting the set httpd port 2812 and, use address localhost, and allow localhost lines in /etc/monit/monitrc. You may need to restart Monit (service monit restart) for these changes to take effect.

The Include failed -- Success messages on Ubuntu 16.04 are caused by https://bitbucket.org/tildeslash/monit/issues/438/include-optional-empty-directory-will

Setting up "monit" to monitor services, but can't get it to load

2 Answers2