Friday, January 6, 2012

Installing Monit to monitor ntop

For some reason when I started using Network Security Toolkit v2.13.0 (NST) [Fedora 13] for its NTop 4.0.3 installation the service would crash due to apparent "kernel: device eth0 entered promiscuous mode". I am guessing this is due to my virtualization environment an the host hardware/configuration more than NTop application. However, I have heard others on the Ntop mailing list speak of the same error.
So a light bulb went off and I decided to look into service monitoring tools or scripts that would restart a service if it crashed. I found Monit (GNU General Public License v3).

I have had it installed for only a day so far but ntop has stayed alive for me. So far so good. below are the steps I did to install it. Some might find the ntop config for the Services section useful. I am not an expert in Monit so I am sure there may better configurations for ntop then the one I have below. Feel free to share yours so we can see.




1) Install Monit
fedora: # yum monit
debian: # sudo apt-get install monit

2) Next, edit the config file
/etc/monit/monitrc
on Fedora
/etc/monit.conf

--------------------------------
### Monit control file /etc/monit.conf
set daemon 120                                   # Poll in 2-minute intervals
set logfile syslog facility LOG_daemon  # Default facility is LOG_USER
set mailserver mail.foo.bar                    # Default smtp server is localhost
set alert sysadm@foo.bar                    # Alert system admin on any event
set httpd port 2812 address localhost
    allow localhost
    allow admin:monit

## Services
### NTOP on NST 2.13.0 ###
check process ntop with pidfile /var/run/ntop.pid
    start program = "/etc/init.d/ntop start" with timeout 60 seconds
    stop program  = "/etc/init.d/ntop stop"
    if failed port 3000
       with timeout 15 seconds
       then restart
    if 3 restarts within 5 cycles then timeout
    group server
--------------------------------
3) Save the monit.conf file

4) Now check the syntax with:
moint -t
(fix the syntax if you need to)
http://mmonit.com/monit/documentation/monit.html

5) Make sure Ntop is running (ports 3000 and 3001 for my installation); I use
# nmap localhost

6) Start Monit
# /etc/init.d/monit start

7) Login into the web admin http://localhost:2812
with u:admin p:monit as configured in the monit.conf

8) Enable monitoring of ntp by clicking on 'ntop' or navigate to
http://localhost:2812/ntop
on the bottom of the page click the "Enable monitoring" button.
It will take some time but the "Monitoring status" go into "monitored" mode.
Posted by at

2 comments:

  1. MstaaravinJanuary 10, 2012 at 7:10 AM

    You don't need access to monit web interface for start service monitoring.
    With monit start ntop is enough

    ReplyDelete
  2. TAZUL ISLAMDecember 22, 2020 at 7:23 AM

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)