Page tree
Skip to end of metadata
Go to start of metadata

Overview

The TailWatch driver monitors a log file for certain activities and then takes action based on the activity. Driver modules monitor specific services and contain instructions for which actions to perform (for example, which log to monitor and what to do with the information).

As of cPanel & WHM version 56, we ship the following stock drivers:

  • chkservd
  • cpbandwd
  • eximstats
  • jailmanager
  • modseclog
  • recentauthedmailiptracker

Note:

 In cPanel & WHM version 11.52, we removed the antirelayd driver and added the recentauthedmailiptracker driver.

You can enable or disable TailWatch drivers in WHM's Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).

The chkservd driver

The chkservd driver determines whether a process is online and whether to restart the process via either of the following actions:

  • Connection-based monitoring — The chkservd driver attempts to connect to a service's specified port, issues a command, and waits for a response. If the driver receives a response, the driver reports the service online. 
  • Process-based monitoring — The chkservd driver checks for a specific process and determines its connection status. 

You can set a service's monitor process in that service's configuration file. For more information, read the Add a new monitor section below.

By default, the chkservd driver checks each service every five minutes to determine the service's status.

  • If a service is online, the chkservd driver will check the next service. 
  • If a service is offline, the chkservd driver will use one of the cPanel restart scripts, located at /usr/local/cpanel/scripts/restartsrv_*, to attempt to restart the service.

You can view the results of the chkservd checks in any of the following formats:

  • The /var/log/chkservd.log log file contains the results from each check that it performs. 
  • WHM's Server Information interface (WHM >> Home  >> Server Status >> Server Information) displays the results from each check. 
  • You can configure the system to email you the results from each check.

Notes:

  • To choose which services the chkservd driver will monitor, use WHM's Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).
  • To modify the chkservd driver's configuration options, use the System section of WHM's Tweak Settings interface (WHM >> Home >> Server Configuration>> Tweak Settings)

Add a new monitor

To add a service that you wish for the chkservd driver to monitor, perform the following steps:

  1. Open the /etc/chkserv.d/chkservd.conf file with a text editor.
  2. Add the service that you want to monitor to the file, a colon (:), and a 1 or a 0 to indicate whether the system should monitor the new service. For example:

     Click to view...
    clamd:1
    cpanel_php_fpm:1
    cpanellogd:1
    cpdavd:1
    cphulkd:0
    cpsrvd:1
    crond:1
    dnsadmin:1
    csf:1
    exim:0
    ftpd:1
    httpd:1
    imap:1
    ipaliases:1
    mysql:1
    named:1
    nginx:1
    pop:1
    queueprocd:1
    rsyslogd:1
    spamd:0
    sshd:1

    Note:

    In this example, pop represents the new service to monitor.

  3. Create the configuration file for the new service in the /etc/chkserv.d directory.

  4. Open the file and add a line that resembles either of the following examples:

    service[ftpd]=21,QUIT,220,/usr/local/cpanel/scripts/restartsrv_ftpserver,ftp|root

    Note:

    This example contains the following values:

    • ftpd represents the service to monitor.
    • 21 represents the port through which the chkservd driver will attempt to connect to the service.
    • QUIT represents the command that the chkservd driver will send to check the service's connection.
    • 220 represents the time, in seconds, that the chkservd driver will wait for the server's response to the command.
    • /usr/local/cpanel/scripts/restartsrv/ftpserver represents the service's restart command.
    • ftp|root represents the users who own the monitor process. Make certain to separate each user with a pipe (|) character.
    service[ftpd]=x,x,x,/usr/local/cpanel/scripts/restartsrv_ftpserver,ftp|root

    Note:

    This example contains the following values:

    • ftpd represents the service to monitor.
    • /usr/local/cpanel/scripts/restartsrv/ftpserver represents the service's restart command.
      • To enter more than one restart command, separate each command with a semicolon (;) in the order that the chkservd driver will execute them.
    • ftp|root represents the users who own the monitor process. Make certain to separate each user with a pipe (|) character.
  5. After you enter the service's configuration information, restart the chkservd driver. To do this, run the following command:

    /etc/init.d/chkservd restart
  6. Confirm that the service appears in WHM's Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).

Common problem

One of the most common chkservd driver issues occurs when you do not monitor and have not disabled a service, but it continues to appear as offline in WHM's Service Manager interface (WHM >> Home  >> Service Configuration >> Service Manager). To fix this error, you may need to remove or edit certain files.

To fix this error, perform the following steps, where service represents the name of the service with which you experience problems:

  1. To remove the run file, run the following command:

    rm -f /var/run/chkservd/service 
  2. To remove the chkservd configuration file, run the following command:

    rm -f /etc/chkserv.d/service 
  3. In your preferred text editor, remove the service's line from the /etc/chkserv.d/chkservd.conf configuration file.

  4. To restart the chkservd driver, run the following command:

    /scripts/restartsrv_chkservd
  5. Navigate to WHM's Service Manager interface (WHM >> Home  >> Service Configuration >> Service Manager). 
  6. Click Save at the bottom of the interface without any additional changes.

Other drivers (antirelayd, eximstats, jailmanager, cpbandwd, and modseclog)

Unlike the chkservd driver, the other TailWatch drivers do not possess their own log files or configuration.

Note:

The system writes these drivers' activities to the main /usr/local/cpanel/logs/tailwatchd_log log file.

Process control and status

To control the TailWatch process, pass command line flags to the /usr/local/cpanel/libexec/tailwatchd file.

For a full list of available flags, run the following command:

 /usr/local/cpanel/libexec/tailwatchd --help

Custom functionality

To add custom functionality to TailWatch, add a new driver. The PerlDoc for the TailWatch Module contains full documentation and examples for customizations.

To access this documentation, run the following command:

/usr/local/cpanel/libexec/tailwatchd --perldoc

Place your new drivers in the /usr/local/cpanel/Cpanel/TailWatch directory, then restart TailWatch to load the new drivers.

Additional documentation

There is no content with the specified labels

There is no content with the specified labels