我似乎无法让monit status其他 CLI 命令发挥作用。
我已经构建了monitv5.8 以在 Raspberry Pi 上运行。我可以添加要监控的服务,并且可以正常访问 Web 界面,因为我已将其设置为公共只读访问权限(这是测试服务器,而不是我的最终生产设置,因此目前没什么大不了的)。
问题是,当我跑步时monit status 登录为root我得到:
# monit status
monit: cannot read status from the monit daemon
我也已通过此文件条目monit在启动时启动:/etc/inittab
mo:2345:respawn:/usr/local/bin/monit -Ic /etc/monitrc
我已经验证了 monit 正在运行,并且每当我手动终止 monit 进程或重新启动 raspberry pi 时,我都会收到电子邮件警报。因此,接下来我检查文件monitrc权限以查看哪个组被允许访问。
# ls -al /etc/monitrc
-rw------- 1 root root 2359 Aug 24 14:48 /etc/monitrc
这是我的控制文件的相关允许部分。
set httpd port 80
allow [omitted] readonly
allow @root
allow localhost
allow 0.0.0.0/0.0.0.0
还尝试将此文件的权限设置为640允许组读取权限,但无论我如何尝试,我都会收到与上述相同的错误,或者当权限设置为时,640我得到:
# monit status
monit: The control file '/etc/monitrc' must have permissions no more than -rwx------ (0700); right now permissions are -rw-r----- (0640).
我这里漏掉了什么?我知道必须httpd启用,因为这是 CLI 用来获取信息的接口(至少我读过),所以我这样做了。就monit执行监控工作和发送电子邮件警报而言,这一切都运行良好。
这是我的整个monitrc文件 - 再次强调,这是版本 v5.8,并且同时支持这两个版本PAM。SSL该进程在root用户下运行:
# Global settings
set daemon 300
with start delay 5
set logfile /var/log/monit.log
set pidfile /var/run/monit.pid
set idfile /var/run/.monit.id
set statefile /var/run/.monit.state
# Mail alerts
## Set the list of mail servers for alert delivery. Multiple servers may be
## specified using a comma separator. If the first mail server fails, Monit
# will use the second mail server in the list and so on. By default Monit uses
# port 25 - it is possible to override this with the PORT option.
#
set mailserver smtp.gmail.com port 587
username [omitted] password [omitted]
using tlsv1
## Send status and events to M/Monit (for more informations about M/Monit
## see http://mmonit.com/). By default Monit registers credentials with
## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
## have to register Monit credentials manually in M/Monit. It is possible to
## disable credential registration using the commented out option below.
## Though, if safety is a concern we recommend instead using https when
## communicating with M/Monit and send credentials encrypted.
#
# set mmonit http://monit:[email protected]:8080/collector
# # and register without credentials # Don't register credentials
#
#
## Monit by default uses the following format for alerts if the the mail-format
## statement is missing::
set mail-format {
from: [email protected]
subject: $SERVICE $DESCRIPTION
message: $EVENT
Service: $SERVICE
Date: $DATE
Action: $ACTION
Host: $HOST
Description: $DESCRIPTION
Monit instance provided by chicagomeshnet.com
}
# Web status page
set httpd port 80
allow [omitted] readonly
allow @root
allow localhost
allow 0.0.0.0/0.0.0.0
## You can set alert recipients whom will receive alerts if/when a
## service defined in this file has errors. Alerts may be restricted on
## events by using a filter as in the second example below.
答案1
尝试-v和-vv标志来增加状态命令的详细程度。调试此类问题的下一个好工具是strace。安装并运行:
strace -efile -o trace.log monit status
您很可能会在日志末尾找到原因。如果这没有帮助,请运行:
strace -f -o trace.log monit status
查看程序及其子程序进行的所有系统调用。搜索未找到,连接被拒绝,以及诸如此类的错误。
答案2
为了让它发挥作用,我必须制定一个allow admin:monit规则。
set httpd port 2812 and
use address 0.0.0.0
allow 0.0.0.0/0
allow localhost
allow admin:monit
allow guest:guest read-only