Page tree
Skip to end of metadata
Go to start of metadata

Overview

The TailWatch driver monitors a log file for certain activities and then performs actions based on the activity. Driver modules monitor specific services and contain instructions for which actions to perform (for example, which log to monitor and what to do with the information).

As of cPanel & WHM version 56, we ship the following stock drivers:

  • chkservd
  • cpbandwd
  • eximstats
  • jailmanager
  • modseclog
  • recentauthedmailiptracker

Note:

 In cPanel & WHM version 11.52, we removed the antirelayd driver and added the recentauthedmailiptracker driver.

You can enable or disable TailWatch drivers in WHM's Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).

The chkservd driver

The chkservd driver determines whether a process is online and whether to restart the process via either of the following actions:

  • Connection-based monitoring — The chkservd driver attempts to connect to a service's specified port, issues a command, and waits for a response. If the driver receives a response, the driver reports the service online. 
  • Process-based monitoring — The chkservd driver checks for a specific process and determines the connection status. 

You can set a service's monitor process in that service's configuration file. For more information, read the Add a new monitor section below.

By default, the chkservd driver checks each service every five minutes to determine the service's status.

  • If a service is online, the chkservd driver will check the next service. 
  • If a service is offline, the chkservd driver will use one of the cPanel restart scripts to attempt to restart the service.

You can view the results of the chkservd checks in any of the following formats:

  • The /var/log/chkservd.log log file contains the results from each check that it performs. 
  • WHM's Server Information interface (WHM >> Home  >> Server Status >> Server Information) displays the results from each check. 

Notes:

  • You can configure the system to email you the results from each check.
  • To choose which services the chkservd driver will monitor, use WHM's Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).
  • To modify the chkservd driver's configuration options, use the System section of WHM'sTweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings)

Add a new monitor

To add a service that you wish for the chkservd driver to monitor, perform the following steps:

  1. Open the /etc/chkserv.d/chkservd.conf file with a text editor.
  2. Add the service that you want to monitor to the file, a colon (:), and a 1 or a 0 to indicate whether the system should monitor the new service. For example:

     Click to view...
    clamd:1
    cpanel_php_fpm:1
    cpanellogd:1
    cpdavd:1
    cphulkd:0
    cpsrvd:1
    crond:1
    dnsadmin:1
    csf:1
    exim:0
    ftpd:1
    httpd:1
    imap:1
    ipaliases:1
    mysql:1
    named:1
    nginx:1
    pop:1
    queueprocd:1
    rsyslogd:1
    spamd:0
    sshd:1

    Note:

    In this example, ftpd represents the new service.

  3. Create the configuration file for the new service in the /etc/chkserv.d directory.

  4. Open the file and add a line that resembles either of the following examples:

    service[ftpd]=21,QUIT,220,/usr/local/cpanel/scripts/restartsrv_ftpserver

    Note:

    This example contains the following values:

    • ftpd represents the service to monitor.
    • 21 represents the port through which the chkservd driver will attempt to connect to the service.
    • QUIT represents the command that the chkservd driver will send to check the service's connection.
    • 220 represents the server's expected response to the command.
    • /usr/local/cpanel/scripts/restartsrv_ftpserver represents the service's restart command.
    service[ftpd]=x,x,x,/usr/local/cpanel/scripts/restartsrv_ftpserver.service,ftpd,root

    Note:

    This example contains the following values:

    • ftpd represents the service to monitor.
    • x,x,x directs the system to use process-based tracking.
    • /usr/local/cpanel/scripts/restartsrv/ftpserver represents the service's restart command.
      • To enter more than one restart command, separate each command with a semicolon (;) in the order that the chkservd driver will execute them.
    • ftpd represents the service to restart.
    • root represents the user who owns the monitor process.
      • Make certain to separate multiple users with a pipe (|) character.
    service[ftpd]=21,QUIT,220,/usr/local/cpanel/scripts/restartsrv_ftpserver,ftpd,root

    Note:

    This example contains the following values:

    • ftpd represents the service to monitor.
    • 21 represents the port through which the chkservd driver will attempt to connect to the service.
    • QUIT represents the command that the chkservd driver will send to check the service's connection.
    • 220 represents the server's expected response to the command.
    • /usr/local/cpanel/scripts/restartsrv_ftpserver represents the service's restart command.
    • ftpd represents the service to restart.
    • root represents the user who own the monitor process.
      • Make certain to separate multiple users with a pipe (|) character.
  5. After you enter the service's configuration information, restart the chkservd driver. To do this, run the following command:

    /etc/init.d/chkservd restart
  6. Confirm that the service appears in WHM's Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).

Common problem

One common chkservd driver error occurs when an unmonitored, enabled service appears as offline in WHM's Service Manager interface (WHM >> Home  >> Service Configuration >> Service Manager). To fix this error, perform the following steps, where service represents the name of the service with which you experience problems:

  1. To remove the run file, run the following command:

    rm -f /var/run/chkservd/service 
  2. To remove the chkservd configuration file, run the following command:

    rm -f /etc/chkserv.d/service 
  3. Open the the /etc/chkserv.d/chkservd.conf configuration file with a text editor and delete the service's line.

  4. To restart the chkservd driver, run the following command:

    /scripts/restartsrv_chkservd
  5. Navigate to WHM's Service Manager interface (WHM >> Home  >> Service Configuration >> Service Manager). 
  6. Click Save at the bottom of the interface without any additional changes.

Other drivers (antirelayd, eximstats, jailmanager, cpbandwd, and modseclog)

Unlike the chkservd driver, the other TailWatch drivers do not possess their own log files or configuration.

Note:

The system records these drivers' activities in the main /usr/local/cpanel/logs/tailwatchd_log log file.

Process control and status

To control the TailWatch process, pass command line flags to the /usr/local/cpanel/libexec/tailwatchd file.

For a full list of available flags, run the following command:

 /usr/local/cpanel/libexec/tailwatchd --help

Custom functionality

To add custom functionality to TailWatch, add a new driver. The PerlDoc for the TailWatch Module contains full documentation and examples for customizations.

To access this documentation, run the following command:

/usr/local/cpanel/libexec/tailwatchd --perldoc

Place your new drivers in the /usr/local/cpanel/Cpanel/TailWatch directory, then restart TailWatch to load the new drivers.

Additional documentation