Overview
The TailWatch driver monitors a log file for certain activities, and then performs actions for the activity. Driver modules monitor specific services and contain instructions for which actions to perform (for example, which log to monitor and what to do with the information).
As of cPanel & WHM version 56, we ship the following stock drivers:
-
chkservd
-
cpbandwd
-
eximstats
-
jailmanager
-
modseclog
-
recentauthedmailiptracker
In cPanel & WHM version 11.52, we removed the antirelayd
driver and added the recentauthedmailiptracker
driver.
You can enable or disable TailWatch drivers in WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).
The chkservd driver
The chkservd
driver determines whether a process is online and whether to restart the process via either of the following actions:
-
Connection-based monitoring — The
chkservd
driver attempts to connect to a service’s specified port, issues a command, and waits for a response. If the driver receives a response, the driver reports the service online. This action uses therestartsrv
script with the--check
option. -
Process-based monitoring — The
chkservd
driver checks for a specific process and determines the connection status.
You can set a service’s monitor process in that service’s configuration file. For more information, read the Add a new monitor section below.
By default, the chkservd
driver checks each service every five minutes to determine the service’s status.
-
If a service is online, the
chkservd
driver will check the next service. -
If a service is offline, the
chkservd
driver will use one of therestartsrv
script to attempt to restart the service.
You can view the results of the chkservd
checks in any of the following formats:
-
The
/var/log/chkservd.log
log file contains the results from each check that it performs. -
WHM’s Server Information interface (WHM >> Home >> Server Status >> Server Information) displays the results from each check.
-
You can configure the system to email you the results from each check.
-
To choose which services the
chkservd
driver will monitor, use WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager). -
To modify the
chkservd
driver’s configuration options, use the System section of WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).
Add a new monitor
To add a service that you wish for the chkservd
driver to monitor, perform the following steps:
-
Open the
/etc/chkserv.d/chkservd.conf
file with a text editor. -
Add the service that you want to monitor to the file, a colon (
:
), and a1
or a0
to indicate whether the system should monitor the new service. In the following example,ftpd
represents the new service:Click to view…
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
clamd:1 cpanel_php_fpm:1 cpanellogd:1 cpdavd:1 cphulkd:0 cpsrvd:1 crond:1 dnsadmin:1 csf:1 exim:0 ftpd:1 httpd:1 imap:1 ipaliases:1 mysql:1 named:1 nginx:1 pop:1 queueprocd:1 rsyslogd:1 spamd:0 sshd:1
-
Create the configuration file for the new service in the
/etc/chkserv.d
directory. -
Open the file and add a line that resembles either of the following examples:
-
Connection-based monitoring:
service[ftpd]=21,QUIT,220,/usr/local/cpanel/scripts/restartsrv_ftpserver
Note:This example contains the following values:
-
ftpd
represents the service to monitor. -
21
represents the port through which thechkservd
driver will attempt to connect to the service. -
QUIT
represents the command that thechkservd
driver will send to check the service’s connection. -
220
represents the server’s expected response to the command. -
/usr/local/cpanel/scripts/restartsrv_ftpserver
represents the service’s restart command.
-
-
Process-based monitoring:
service[ftpd]=x,x,x,/usr/local/cpanel/scripts/restartsrv_ftpserver.service,ftpd,root
Note:This example contains the following values:
-
ftpd
represents the service to monitor. -
x,x,x
directs the system to use process-based tracking. -
/usr/local/cpanel/scripts/restartsrv/ftpserver
represents the service’s restart command. To enter more than one restart command, separate each command with a semicolon (;
) in the order that thechkservd
driver will execute them. -
ftpd
represents the service to restart. -
root
represents the user who owns the monitor process. -
Make certain to separate multiple users with a pipe (
|
) character.
-
-
Combined connection-based and process-based monitoring:
service[ftpd]=21,QUIT,220,/usr/local/cpanel/scripts/restartsrv_ftpserver,ftpd,root
Note:This example contains the following values:
-
ftpd
represents the service to monitor. -
21
represents the port through which thechkservd
driver will attempt to connect to the service. -
QUIT
represents the command that thechkservd
driver will send to check the service’s connection. -
220
represents the server’s expected response to the command. -
/usr/local/cpanel/scripts/restartsrv_ftpserver
represents the service’s restart command. -
ftpd
represents the service to restart. -
root
represents the user who owns the monitor process. Make certain to separate multiple users with a pipe (|
) character.
-
-
-
After you enter the service’s configuration information, restart the
chkservd
driver. To do this, run the following command:/etc/init.d/chkservd restart
-
Confirm that the service appears in WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).
Common errors
One common chkservd
driver error occurs when an unmonitored, enabled service appears as offline in WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager). To fix this error, perform the following steps, where service
represents the name of the service with which you experience problems:
-
To remove the run file, run the following command:
rm -f /var/run/chkservd/service
-
To remove the
chkservd
configuration file, run the following command:rm -f /etc/chkserv.d/service
-
Open the
/etc/chkserv.d/chkservd.conf
configuration file with a text editor and delete the service’s line. -
To restart the
chkservd
driver, run the following command:/scripts/restartsrv_chkservd
-
Navigate to WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).
-
Click Save at the bottom of the interface without any additional changes.
Other drivers
Unlike the chkservd
driver, these other TailWatch drivers do not possess their own log files or configuration:
antirelayd
eximstats
jailmanager
cpbandwd
modseclog
The system records these drivers’ activities in the main /usr/local/cpanel/logs/tailwatchd_log
log file.
Process control and status
To control the TailWatch process, pass command line flags to the /usr/local/cpanel/libexec/tailwatchd
file.
For a full list of available flags, run the following command:
/usr/local/cpanel/libexec/tailwatchd --help
Custom functionality
To add custom functionality to TailWatch, add a new driver. The PerlDoc for the TailWatch Module contains full documentation and examples for customizations.
To access this documentation, run the following command:
/usr/local/cpanel/libexec/tailwatchd --perldoc
Place your new drivers in the /usr/local/cpanel/Cpanel/TailWatch
directory, then restart TailWatch to load the new drivers.