1. cPanel & WHM Documentation
  2. cPanel Knowledge Base
  3. cPanel Product
  4. TailWatch
whmadvanced logs services

TailWatch

Last modified: February 19, 2024

Overview

The TailWatch driver monitors a log file for certain activities, and then performs actions for the activity. Driver modules monitor specific services and contain instructions for which actions to perform (for example, which log to monitor and what to do with the information).

We ship the following stock drivers:

  • chkservd
  • cpbandwd
  • eximstats
  • jailmanager
  • modseclog
  • recentauthedmailiptracker

You can enable or disable TailWatch drivers in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).

The chkservd driver

The chkservd driver determines whether a process is online and whether to restart the process via either of the following actions:

  • Connection-based monitoring — The chkservd driver attempts to connect to a service’s specified port, issues a command, and waits for a response. If the driver receives a response, the driver reports the service online. This action uses the restartsrv script with the --check option.

  • Process-based monitoring — The chkservd driver checks for a specific process and determines the connection status.

You can set a service’s monitor process in that service’s configuration file. For more information, read the Add a new monitor section below.

By default, the chkservd driver checks each service every five minutes to determine the service’s status.

  • If a service is online, the chkservd driver will check the next service.

  • If a service is offline, the chkservd driver will use one of the restartsrv script to attempt to restart the service.

You can view the results of the chkservd checks in any of the following formats:

  • The /var/log/chkservd.log log file contains the results from each check that it performs.

  • WHM’s Server Information interface (WHM » Home » Server Status » Server Information) displays the results from each check.

Note:

  • You can configure the system to email you the results from each check.

  • To choose which services the chkservd driver will monitor, use WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).

  • To modify the chkservd driver’s configuration options, use the System section of WHM’s Tweak Settings interface (WHM » Home » Server Configuration » Tweak Settings).

Add a new monitor

To add a service that you wish for the chkservd driver to monitor, perform the following steps:

  1. Open the /etc/chkserv.d/chkservd.conf file with a text editor.

  2. Add the service that you want to monitor to the file, a colon (:), and a 1 or a 0 to indicate whether the system should monitor the new service. In the following example, ftpd represents the new service: 

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

    clamd:1
cpanel_php_fpm:1
cpanellogd:1
cpdavd:1
cphulkd:0
cpsrvd:1
crond:1
dnsadmin:1
csf:1
exim:0
ftpd:1
httpd:1
imap:1
ipaliases:1
mysql:1
named:1
nginx:1
pop:1
queueprocd:1
rsyslogd:1
spamd:0
sshd:1

  3. Create the configuration file for the new service in the /etc/chkserv.d directory.

  4. Open the file and add a line that resembles either of the following examples:

    • Connection-based monitoring: 

       service[ftpd]=21,QUIT,220,/usr/local/cpanel/scripts/restartsrv_ftpserver
      Note:

      This example contains the following values:

      • ftpd represents the service to monitor.

      • 21 represents the port through which the chkservd driver will attempt to connect to the service.

      • QUIT represents the command that the chkservd driver will send to check the service’s connection.

      • 220 represents the server’s expected response to the command.

      • /usr/local/cpanel/scripts/restartsrv_ftpserver represents the service’s restart command.

    • Process-based monitoring: 

      service[ftpd]=x,x,x,/usr/local/cpanel/scripts/restartsrv_ftpserver.service,ftpd,root
      Note:

      This example contains the following values:

      • ftpd represents the service to monitor.

      • x,x,x directs the system to use process-based tracking.

      • /usr/local/cpanel/scripts/restartsrv/ftpserver represents the service’s restart command. To enter more than one restart command, separate each command with a semicolon (;) in the order that the chkservd driver will execute them.

      • ftpd represents the service to restart.

      • root represents the user who owns the monitor process.

      • Make certain to separate multiple users with a pipe (|) character.

    • Combined connection-based and process-based monitoring: 

      service[ftpd]=21,QUIT,220,/usr/local/cpanel/scripts/restartsrv_ftpserver,ftpd,root
      Note:

      This example contains the following values:

      • ftpd represents the service to monitor.

      • 21 represents the port through which the chkservd driver will attempt to connect to the service.

      • QUIT represents the command that the chkservd driver will send to check the service’s connection.

      • 220 represents the server’s expected response to the command.

      • /usr/local/cpanel/scripts/restartsrv_ftpserver represents the service’s restart command.

      • ftpd represents the service to restart.

      • root represents the user who owns the monitor process. Make certain to separate multiple users with a pipe (|) character.

  5. After you enter the service’s configuration information, restart the chkservd driver. To do this, run the following command: 

    /etc/init.d/chkservd restart

  6. Confirm that the service appears in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).

Common errors

One common chkservd driver error occurs when an unmonitored, enabled service appears as offline in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager). To fix this error, perform the following steps, where service represents the name of the service with which you experience problems:

  1. To remove the run file, run the following command: 

    rm -f /var/run/chkservd/service

  2. To remove the chkservd configuration file, run the following command: 

    rm -f /etc/chkserv.d/service

  3. Open the /etc/chkserv.d/chkservd.conf configuration file with a text editor and delete the service’s line.

  4. To restart the chkservd driver, run the following command:

    /scripts/restartsrv_chkservd

  5. Navigate to WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).

  6. Click Save at the bottom of the interface without any additional changes.

Other drivers

Unlike the chkservd driver, these other TailWatch drivers do not possess their own log files or configuration:

  • antirelayd
  • eximstats
  • jailmanager
  • cpbandwd
  • modseclog
Note:

The system records these drivers’ activities in the main /usr/local/cpanel/logs/tailwatchd_log log file.

Process control and status

To control the TailWatch process, pass command line flags to the /usr/local/cpanel/libexec/tailwatchd file.

For a full list of available flags, run the following command:

/usr/local/cpanel/libexec/tailwatchd --help

Custom functionality

To add custom functionality to TailWatch, add a new driver. The PerlDoc for the TailWatch Module contains full documentation and examples for customizations.

To access this documentation, run the following command:

/usr/local/cpanel/libexec/tailwatchd --perldoc

Place your new drivers in the /usr/local/cpanel/Cpanel/TailWatch directory, then restart TailWatch to load the new drivers.

Additional Documentation