Monit provides lightweight process supervision and automatic recovery for Linux servers, making it essential for maintaining high-availability services. System administrators use Monit to monitor Apache, Nginx, MySQL, and other critical services, automatically restarting them when failures occur. Beyond process monitoring, Monit tracks system resources like CPU, memory, and disk usage, sending alerts before problems escalate.
By the end of this guide, you will have a fully operational Monit installation with a web-based dashboard for real-time monitoring and firewall rules configured for secure remote access.
Update Ubuntu Before Monit Installation
First, update your package index to ensure you install the latest available version:
sudo apt updateNext, upgrade any outdated packages:
sudo apt upgradeInstall Monit via APT
Monit is available in Ubuntu’s default universe repository, making installation straightforward with no additional repositories required.
This guide supports Ubuntu 22.04 LTS and 24.04 LTS installations. Monit is included in Ubuntu’s default repositories, and the commands shown work identically on both supported LTS releases.
Install Monit using the following command:
sudo apt install monitOnce installed, verify the installation by checking the version:
monit --versionExample output on Ubuntu 24.04:
This is Monit version 5.33.0 Built with ssl, with ipv6, with compression, with pam and with large files
Example output on Ubuntu 22.04:
This is Monit version 5.31.0 Built with ssl, with ipv6, with compression, with pam and with large files
Next, enable and start the Monit service so it runs automatically on boot:
sudo systemctl enable monit --nowUbuntu 22.04 uses a SysV init script for Monit, while Ubuntu 24.04 includes both a SysV script and a systemd unit file. Both versions support
systemctlcommands, but the status output format differs slightly.
Finally, confirm Monit is operational by checking the service status:
systemctl status monitExample output on Ubuntu 24.04:
● monit.service - LSB: service and resource monitoring daemon
Loaded: loaded (/etc/init.d/monit; generated)
Active: active (running) since Wed 2024-07-10 14:23:15 UTC; 2min 5s ago
Docs: man:systemd-sysv-generator(8)
Tasks: 1 (limit: 4915)
Memory: 2.1M
CPU: 45ms
CGroup: /system.slice/monit.service
└─1234 /usr/bin/monit -c /etc/monit/monitrc
Jul 10 14:23:15 ubuntu-server systemd[1]: Starting LSB: service and resource monitoring daemon...
Jul 10 14:23:15 ubuntu-server monit[1232]: Starting daemon monitor: monit.
Jul 10 14:23:15 ubuntu-server systemd[1]: Started LSB: service and resource monitoring daemon.
Example output on Ubuntu 22.04:
● monit.service - LSB: service and resource monitoring daemon
Loaded: loaded (/etc/init.d/monit; generated)
Active: active (running) since Wed 2024-07-10 14:23:15 UTC; 2min 5s ago
Docs: man:systemd-sysv-generator(8)
Process: 1232 ExecStart=/etc/init.d/monit start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 4915)
Memory: 2.1M
CGroup: /system.slice/monit.service
└─1234 /usr/bin/monit -c /etc/monit/monitrc
The output should show “active (running)” confirming the service started successfully.
Configure Monit Web User Interface
With Monit running, the next step is configuring the web interface. First, create a backup of the configuration file:
sudo cp /etc/monit/monitrc /etc/monit/monitrc.bakNext, open the main configuration file for editing:
sudo nano /etc/monit/monitrcNow, find the lines in the configuration file:
# set httpd port 2812 and # allow admin:monit
Next, modify the username and password with your own credentials. Replace your-username and your-secure-password with your chosen credentials. For security, avoid using the default “admin” username. Optionally, you can change the default port 2812 to a less-common port for added obscurity in sensitive environments.
set httpd port 2812 and allow your-username:your-secure-password
To restrict access to localhost only, uncomment the “allow localhost” line to ensure remote clients cannot connect.
use address localhost # only accept connection from localhost allow localhost # allow localhost to connect to the server
If you are accessing from an external location, refrain from uncommenting the above lines. Securely save the configuration file by pressing CTRL+O and exit by pressing CTRL+X.
Security Note: Monit’s built-in HTTP server does not support TLS encryption, meaning credentials are transmitted in base64 encoding (easily decoded). For remote access, use SSH tunneling instead of opening port 2812 to the internet:
ssh username@server-ip -L 2812:localhost:2812, then accesshttp://localhost:2812in your local browser. This encrypts all traffic including authentication credentials.
After saving your changes (CTRL+O, then CTRL+X in nano), test the configuration for syntax errors:
sudo monit -tExample output:
Control file syntax OK
Now restart the service so the configuration file changes take effect.
sudo systemctl restart monitConfigure Firewall Rules for Monit
If you plan to access the Monit web interface from another machine, you need to configure firewall rules. Ubuntu typically has UFW pre-installed, and you must establish allow rules for TCP port 2812 (or any alternate port you specified in your Monit configuration). For comprehensive firewall configuration, see the UFW firewall guide for Ubuntu.
Begin by confirming the installation of UFW, and install it if absent:
sudo apt install ufw -yWarning: Before enabling UFW, ensure SSH access is permitted to avoid being locked out of remote servers.
If you are connected via SSH, allow SSH access first:
sudo ufw allow OpenSSHNext, enable UFW if it is not already active:
sudo ufw enableExample output:
Firewall is active and enabled on system startup
Depending on your requirements, use one of the following rules to allow access to the Monit web interface.
Allow access from a specific IP address:
sudo ufw allow proto tcp from 203.0.113.50 to any port 2812Allow access from a subnet (multiple servers):
sudo ufw allow proto tcp from 192.168.1.0/24 to any port 2812Note that the second UFW rule is a subnet rule; before allowing it, ensure the internal network is secure and trustworthy. Verify the rule was added:
sudo ufw status numberedExample output:
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 2812/tcp ALLOW IN 192.168.1.0/24
[ 3] 22/tcp (v6) ALLOW IN Anywhere (v6)
Access Monit Web User Interface
Now that you have installed Monit and configured the back end, you can access the Monit service using the server’s IP address.
http://203.0.113.10:2812
Users can use localhost to connect locally.
http://localhost:2812
Log in with the username and password set in the configuration file. Once in, you will arrive at the main dashboard with your overall view.
Once on the dashboard, you can click on your system to show more detailed stats.
Also, for users who may encounter issues and need to adjust some settings, you can see the overview of your Monit settings using the web interface.
This tutorial covered the basic setup. For advanced monitoring options including process checks, filesystem monitoring, and email notifications, consult the Monit Documentation Manual.
Troubleshoot Common Monit Issues
Configuration Syntax Errors
If Monit fails to start after editing the configuration, you may see an error like this when running sudo monit -t:
/etc/monit/monitrc:188: syntax error 'allow' monit: error reading the control file '/etc/monit/monitrc'
This error typically indicates missing quotation marks around passwords or incorrect indentation. After fixing the syntax error, verify the configuration:
sudo monit -tA successful test displays:
Control file syntax OK
Once the syntax is correct, restart the service:
sudo systemctl restart monitWeb Interface Not Accessible
If you cannot access the web interface, first verify the service is running:
sudo systemctl status monitIf the service is running but the web interface is inaccessible, check that the set httpd section in /etc/monit/monitrc is uncommented and has valid credentials. Additionally, verify your firewall permits connections on port 2812:
sudo ufw status numberedThe output should show a rule allowing port 2812. If the rule is missing, add it as described in the firewall section above.
Manage Monit
Update Monit
Since Monit is installed from Ubuntu’s default repository, updates arrive through the standard system update process:
sudo apt update && sudo apt install --only-upgrade monitAfter updating, restart the Monit service to apply any changes:
sudo systemctl restart monitRemove Monit
To remove Monit along with its configuration files, use the following commands:
sudo systemctl stop monit
sudo apt remove --purge monitNext, remove any orphaned dependencies that were installed with Monit:
sudo apt autoremoveVerify the removal by refreshing the package cache and checking that Monit is no longer installed:
sudo apt update
apt-cache policy monitExample output:
monit:
Installed: (none)
Candidate: 1:5.33.0-2build2
Version table:
1:5.33.0-2build2 500
500 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages
The output showing “Installed: (none)” confirms complete removal.
Conclusion
You now have Monit installed and running with a web interface for real-time system monitoring. The core configuration file at /etc/monit/monitrc supports monitoring processes, files, directories, filesystems, and network connections. Next, consider adding service checks for critical applications like Nginx on Ubuntu or Apache on Ubuntu, and configure email alerts for automatic notifications when issues occur.
