How to monitor your network with mon

Install Mon:

apt-get install mon

We can configure Mon at /etc/mon/mon.cf. Begin by setting defining some global settings:

#
# global options
#
alertdir   = /usr/lib/mon/alert.d
mondir     = /usr/lib/mon/mon.d
logdir     = /var/log/mon
histlength = 100
# authfile = /etc/mon/auth.cf

Im not currently using Mon's authentication system, so I have left the authfile directive commented out for now. You may want to make use of this feature.

Now we want to set Mon to log all outages to a central “downtime” log. Add the lines below to your config file to enable downtime logging, and to specify that these should be logged to a file called dtlog within the main Mon logging directory (/var/log/mon in the example above).

dtlogging   = yes
dtlogfile   = dtlog

Next we must define one or more host groups. As the name would suggest, these are groups of systems that we want to monitor.

In the example below I define a host group called pingableservers that I will attach a PING monitor to, and that will contain the hostnames of all our servers. Host groups for HTTP, SMTP and POP3 servers are also defined and will have appropriate monitors attached to them.

Note the blank lines seperating your host group definitions. These are important! Leave them out and you loose.

hostgroup pingableservers
	www.domain.com
	pop3.domain.com
	smtp.domain.com

hostgroup httpservers
	www.domain.com


hostgroup smtpservers
	smtp.domain.com


hostgroup pop3servers
	pop3.domain.com

Next we need to proceed to configure monitors and alerts for use with the host groups defined above:

watch pingableservers
	service ping
		interval 10m
		monitor fping.monitor -T
		period
			numalerts 10
			alert mail.alert angry_bofh@domain.com
			upalert mail.alert angry_bofh@domain.com

The watch directive specifies the hostgroup the watch is assigned to, in this case pingableservers, and the service directive specifies a name by which we may refer to the monitored service.

The interval directive specifies that the monitors should be run at an interval of 10 minites. The monitor directive specifies the monitor to be used. You could specify several if you wanted to do so, but here we specify only the fping monitor, to be run with the -T attribute that causes the monitor to include a traceroute when sending an alert.

The period directive is used to define one or more periods, and how Mon should behave during that period. For instance you may want different people to be alerted during different times of the day. But where we just setup a single all encompassing period.

For this period, we use the numalerts directive to tell Mon to send no more than 10 alerts. And then we specify the alerts to be used for both the down event and up event, in this case mail.alert, specifying the email address the alert should be sent to as a parameter.

The watch definitions for our HTTP, SMTP and POP3 hostgroups might look something like the examples below:

watch httpservers
	service http
		interval 10m
		monitor http.monitor
		period
			numalerts 10
			alert mail.alert angry_bofh@domain.com
			upalert mail.alert angry_bofh@domain.com

watch pop3servers
	service pop3
		interval 10m
		monitor pop3.monitor
		period
			numalerts 10
			alert mail.alert angry_bofh@domain.com
			upalert mail.alert angry_bofh@domain.com

watch smtpservers
	service smtp
		interval 10m
		monitor smtp.monitor -t 60
		period
			numalerts 10
			alert mail.alert angry_bofh@domain.com
			upalert mail.alert angry_bofh@domain.com

Note the -t 60 attribute on the SMTP monitor. This defines a timeout for the monitor of 60 seconds.

Note the blank lines seperating your watch definitions. These are important! Leave them out and you loose.

If you have installed Mon from the Debian package then a script will have been installed to /etc/init.d which can be used to start and stop monitoring as shown below:

# /etc/init.d/mon start
# /etc/init.d/mon stop

Mon should have been configured to start on boot for you.

If you are running a web server on the machine then you can use the monshow.cgi found in your /usr/share/cgi-bin directory to keep an eye on your monitoring status. Ie, point your web browser to http://localhost/cgi-bin/monshow.cgi.