lsof | grep deleted
https://mmonit.com/monit/
https://mmonit.com/wiki/Monit/ConfigurationExamples
https://mmonit.com/monit/documentation/monit.html
https://mmonit.com/
check directory bin with path /bin
if failed permission 755 then unmonitor
if failed uid 0 then unmonitor
if failed gid 0 then unmonitor
check filesystem dev_sda with path /dev/sda
#if failed permission 660 then unmonitor
#if failed uid "huangjian" then unmonitor
#if failed gid "root" then unmonitor
if space usage > 80% for 5 times within 15 cycles then alert
if space usage > 90% then alert
if inode usage > 90% then alert
if read rate > 1 MB/s for 5 cycles then alert
if read rate > 500 operations/s for 5 cycles then alert
if write rate > 1 MB/s for 5 cycles then alert
if write rate > 500 operations/s for 5 cycles then alert
if service time > 10 milliseconds for 3 times within 5 cycles then alert
check network enp0s31f6 with interface enp0s31f6
if failed link then alert
if changed link then alert
if saturation > 90% then alert
if download > 10 MB/s then alert
if total uploaded > 10 GB in last hour then alert
if total downloaded > 10 GB in last hour then alert
check file nginxlog with path /home/huangjian/local/openresty/nginx/logs/access.log
if size > 1 GB then alert
group nginx
check file nginxpid with path /home/huangjian/local/openresty/nginx/logs/nginx.pid
if changed timestamp then alert
if size == 0 then alert
group nginx
check process nginxbin with pidfile /home/huangjian/local/openresty/nginx/logs/nginx.pid
if changed pid then alert
if changed ppid then alert
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then alert
if totalmem > 1024.0 MB for 5 cycles then alert
if children > 250 then alert
group nginx
check host baidu with address www.baidu.com
if failed ping count 5 size 128 with timeout 10 seconds then alert
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/ssh start"
stop program "/etc/init.d/ssh stop"
if failed port 22 protocol ssh then restart
check system $HOST
if loadavg (5min) > 6 then alert
if loadavg (15min) > 5 then alert
if memory usage > 80% for 4 cycles then alert
if swap usage > 20% for 4 cycles then alert
# Test the user part of CPU usage
if cpu usage (user) > 80% for 2 cycles then alert
# Test the system part of CPU usage
if cpu usage (system) > 20% for 2 cycles then alert
# Test the i/o wait part of CPU usage
if cpu usage (wait) > 80% for 2 cycles then alert
# Test CPU usage including user, system and wait. Note that
# multi-core systems can generate 100% per core
# so total CPU usage can be more than 100%
if cpu usage > 200% for 4 cycles then alert
master 进程不见了。而且监听的端口也变成了 worker 进程在监听。
# ps -ef | grep nginx
root 7215 7180 0 07:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn nginx
www-data 9824 1 0 Jan11 ? 00:12:10 nginx: worker process
www-data 9825 1 0 Jan11 ? 00:15:01 nginx: worker process
# netstat -ltnp | grep nginx
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 9824/nginx: worker
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 9824/nginx: worker
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 9824/nginx: worker
export TIME_STYLE='+%Y/%m/%d %H:%M:%S'
创建一个 foo.txt 文件
$ touch foo.txt
$ echo "hello" > foo.txt
$ cat foo.txt
hello
foo.txt 文件的 inode 是 13
$ ls -lhi foo.txt
13 -rw-rw-r-- 1 huangjian huangjian 6 Feb 22 13:56 foo.txt
$ stat foo.txt
File: 'foo.txt'
Size: 6 Blocks: 8 IO Block: 4096 regular file
Device: 800h/2048d Inode: 13 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/huangjian) Gid: ( 1000/huangjian)
Access: 2019-02-22 13:56:35.097721182 +0800
Modify: 2019-02-22 13:56:31.645684665 +0800
Change: 2019-02-22 13:56:31.645684665 +0800
Birth: -
cp 拷贝出来的文件,inode 的值改变了。
$ cp foo.txt foo.txt.cp
$ stat foo.txt.cp
File: 'foo.txt.cp'
Size: 6 Blocks: 8 IO Block: 4096 regular file
Device: 800h/2048d Inode: 15 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/huangjian) Gid: ( 1000/huangjian)
Access: 2019-02-22 13:58:18.050807588 +0800
Modify: 2019-02-22 13:58:18.050807588 +0800
Change: 2019-02-22 13:58:18.050807588 +0800
Birth: -
给 foo.txt 创建一个硬链接,inode 不变
$ ln foo.txt foo.txt.hardlink
$ stat foo.txt.hardlink
File: 'foo.txt.hardlink'
Size: 6 Blocks: 8 IO Block: 4096 regular file
Device: 800h/2048d Inode: 13 Links: 2
Access: (0664/-rw-rw-r--) Uid: ( 1000/huangjian) Gid: ( 1000/huangjian)
Access: 2019-02-22 13:56:35.097721182 +0800
Modify: 2019-02-22 13:56:31.645684665 +0800
Change: 2019-02-22 13:58:38.651024368 +0800
Birth: -
给 foo.txt 创建一个软链接,inode 改变了
$ ln -s foo.txt foo.txt.softlink
$ stat foo.txt.softlink
File: 'foo.txt.softlink' -> 'foo.txt'
Size: 7 Blocks: 0 IO Block: 4096 symbolic link
Device: 800h/2048d Inode: 16 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 1000/huangjian) Gid: ( 1000/huangjian)
Access: 2019-02-22 13:59:06.099312909 +0800
Modify: 2019-02-22 13:59:00.707256254 +0800
Change: 2019-02-22 13:59:00.707256254 +0800
Birth: -
mv 移动文件的时候,inode 不变。但是如果系统中有多个硬盘,mv 的时候是从一个硬盘移动到另一个硬盘的话,inode 会改变。
$ ls -lhi foo.txt*
13 -rw-rw-r-- 2 huangjian huangjian 6 Feb 22 13:56 foo.txt
15 -rw-rw-r-- 1 huangjian huangjian 6 Feb 22 13:58 foo.txt.cp
13 -rw-rw-r-- 2 huangjian huangjian 6 Feb 22 13:56 foo.txt.hardlink
16 lrwxrwxrwx 1 huangjian huangjian 7 Feb 22 13:59 foo.txt.softlink -> foo.txt
$ mv foo.txt foo.txt.bar
$ ls -lhi foo.txt*
13 -rw-rw-r-- 2 huangjian huangjian 6 Feb 22 13:56 foo.txt.bar
15 -rw-rw-r-- 1 huangjian huangjian 6 Feb 22 13:58 foo.txt.cp
13 -rw-rw-r-- 2 huangjian huangjian 6 Feb 22 13:56 foo.txt.hardlink
16 lrwxrwxrwx 1 huangjian huangjian 7 Feb 22 13:59 foo.txt.softlink -> foo.txt
修改 foo.txt.bar 的内容,硬链接也会改变,因为他们的 inode 是相同的。
$ echo "world" > foo.txt.bar
$ cat foo.txt.hardlink
world