Help finding pid file for a service



  • I am setting up monit for doing some monitoring of services.

    I have configured it to monitor the two following services using the settings below:

    check process auditd with pidfile /var/run/auditd.pid
            start program = "/etc/init.d/auditd start" with timeout 60 seconds
            stop program  = "/etc/init.d/auditd stop"
    
    check process suricata with pidfile /var/run/suricata.pid
            start program = "/etc/init.d/suricata start" with timeout 60 seconds
            stop program  = "/etc/init.d/suricata stop"
    

    I am trying to monitor the wazuh-agent, but I dont see a single pid, there are several. I am assuming I need to monitor all these services. I am unsure how to point monit to the pid file like I did with the other services.

    6639fbd6-05c2-42f5-9015-8f67316dadd5-image.png



  • Welp found another solution that is working

    #***********************************************************
    # Monitoring wazuh agent
    #***********************************************************
    
    check process wazuh-execd
            matching "ossec-execd"
    
    check process wazuh-agentd
            matching "ossec-agentd"
    
    check process wazuh-syscheckd
            matching "ossec-syscheckd"
    
    check process wazuh-logcollector
            matching "ossec-logcollector"
    
    check process wazuh-modulesd
            matching "wazuh-modulesd"
    

    8f75e34b-d12e-4c47-a156-409eb74b66bd-image.png

    When i stop, I now get an email 🙂

    aa9a1c2c-40f2-437b-916b-e9504a23e22c-image.png



  • Can zabbix do the something similar like monit?



  • @black3dynamite said in Help finding pid file for a service:

    Can zabbix do the something similar like monit?

    It's likely. I'm not familiar with zabbix, but I just decided to try monit and so far I'm liking it.


Log in to reply