"monit" package for pfSense part 2
-
Well, you have to extrapolate for your installation. On my machine:
So, from that link I gave you I'd have something like:
check process openvpn with pidfile /var/run/openvpn_server1.pid start program = "/usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf start" stop program = "/usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf stop" if failed host x.x.x.x port xxxx type udp then restartAnd I'd probably have to find where openvpn is started by pfsense and disable it there and let monit take over starting/stopping instead.
I still can't see how a package would be useful since each entry in the config file is unique and a package gui interface can't handle all the unique cases.
-
Hiya,
Sorry for the very late reply.
A gui that could simplify the config would be a good thing and an email notification to let the administrator know that a service was restarted.
I do understand that its not the same for everyone as it depends on what you have on your box but maybe allowing to add config from the gui itself might resolve that.
On another note could you advise how you been able to sort this bit out pls?
"- I use the Filer package, suggested in another thread by marcelloc, to modify an /etc/rc.conf.local to include the line monit_enable="YES". This is an environment variable that monit requires to fire up. /usr/local/etc/rc.d/monit has a few details about that."
Again thanks for all the help.
Cheers,
Raj
-
Like this:
Or you could probably edit /usr/local/etc/rc.d/monit directly to set monit_enable="YES", but I'm not very good at shell scripting, never was, so I can only read enough to get the gist of what a script does, not write my own.
-
Filer is one of the standard pfSense packages and once you install it it lives under the Diagnostics -> Filer menu.
-
Thanks again for the reply :-)
Now in the config, you just modify the line:
Monit has an embedded web server which can be used to view status of
services monitored and manage services from a web interface. See the
Monit Wiki if you want to enable SSL for the web server.
set httpd port 2812 and
use address localhost # only accept connection from localhost
allow X.X.X.X # allow localhost to connect to the server and
allow admin:monit # require user 'admin' with password 'monit'
allow @monit # allow users of group 'monit' to connect (rw)
allow @users readonly # allow users of group 'users' to connect readonlyWhere the X.X.X.X would be the ip of the pfsense box is that correct?
Cheers,
Raj
-
Sorry sorted it out you just modify one line:
set httpd port 2812 and
use address localhost # only accept connection from localhost
allow X.X.X.X # allow localhost to connect to the server and
allow admin:monit # require user 'admin' with password 'monit'
allow @monit # allow users of group 'monit' to connect (rw)
allow @users readonly # allow users of group 'users' to connect readonlywhere X.X.X.X is the machine from which you are trying to connect.
Do you have a 32 bit or 64 bit pfsense as the package is in both flavours and I am running 64 bit pfsense.
Cheers,
Raj
-
Mine is slightly different. I allow localhost and some of my private subnets. No users, no passwords. There is plenty of information if you search the internet of different configurations.
I am running 32-bit
-
Ok,
I manage to get monit working well on pfsense fingers cross.
Now if I reboot pfsense, I need to start monit via shell to be able to access the gui.
Is there a way to get monit started without any input from me pls.
I made a wee install doc with a lot of help from this forum and google that I am posting here.
The work in there is not mine, I just gathered it in that doc
Hope it can help someone also and thanks to everyone for the help.
Cheers,
raj
[monit pfsense install for forum.txt](/public/imported_attachments/1/monit pfsense install for forum.txt)
-
Sorry forgot to ask another question,
When I do a backup of the firewall via the diag => Backup and restore will it also backup this custom install of monit and the config of it.
Cheers,
Raj
-
Is there a way to get monit started without any input from me pls.
Read my first post again. I use etc/rc.d, but there are other methods.
-
Hi Legion,
I did that as per your post
"/usr/local/etc/rc.d/monit
There duplicate the monit and rename it to monit.sh
So you will have the following in that directory:
/usr/local/etc/rc.d/monit
/usr/local/etc/rc.d/monit.shNow we need to modify /etc/rc.conf.local to include the line monit_enable="YES"
So install the filer package from the normal package manager.Then go to Diagnostics -> Filer menu
There you can modify /etc/rc.conf.localNow we need to modify :
/usr/local/etc/monitrc.sample
So that we have :
/usr/local/etc/monitrcSo just duplicate it so that folder will have both
/usr/local/etc/monitrc.sample
/usr/local/etc/monitrc"Now when i reboot pfsense, monit does not start by itself.
:-(
-
Ok rebooted pfsense and on the bootup console, i can see :
Starting /usr/local/etc/rc.d/monit.sh…doneBut when I try to connect nothing.
If i log on the console and run the following command :
monit
This returns the following :
Starting monit daemon with http interface at [x.x.x.x:yyyy]
x is the ip
y is the portSo the startup script runs but without typing "monit" on the pfsense shell, it does not start the server.
Any ideas why.
My config file is attached here.
Cheers for any ideas/help.
Raj
[monit pfsense install for forum.txt](/public/imported_attachments/1/monit pfsense install for forum.txt)
-
Hi Legion,
Can you show me a copy of you monit.sh file pls.
I am thinking that the issue might be in there.
Or do you have any other ideas.
Cheers,
Raj
-
OK found my problem, permission.
The permission of /usr/local/etc/rc.d/monit.sh should be 0755
All starting fine now :-)
Cheers