Fernando Schwartz wrote:

No. That's more like a routing problem. No service dies.

This hardware has 3 NICs. I'll downgrade to the usual LAN/WAN and see the results.

I learned not to guess work but read log files better. I'll keep you all posted. Thanks.

###############################################################################
## Global section
###############################################################################
##
## Start Monit in the background (run as a daemon):
#
set daemon 30 # check services at 30 seconds intervals
# with start delay 240 # optional: delay the first check by 4-minutes (by
# # default Monit check immediately after Monit start)
#
#
## Set syslog logging. If you want to log to a standalone log file instead,
## specify the full path to the log file
#
set logfile /var/log/monit

#
#
## Set the location of the Monit lock file which stores the process id of the
## running Monit instance. By default this file is stored in $HOME/.monit.pid
#
set pidfile /var/run/monit.pid
#
## Set the location of the Monit id file which stores the unique id for the
## Monit instance. The id is generated and stored on first Monit start. By
## default the file is placed in $HOME/.monit.id.
#
set idfile /var/.monit.id
#
## Set the location of the Monit state file which saves monitoring states
## on each cycle. By default the file is placed in $HOME/.monit.state. If
## the state file is stored on a persistent filesystem, Monit will recover
## the monitoring state across reboots. If it is on temporary filesystem, the
## state will be lost on reboot which may be convenient in some situations.
#
set statefile /var/.monit.state
#
## Set the list of mail servers for alert delivery. Multiple servers may be
## specified using a comma separator. If the first mail server fails, Monit
# will use the second mail server in the list and so on. By default Monit uses
# port 25 - it is possible to override this with the PORT option.
#
# set mailserver smtp-relay.gmail.com port 25 # primary mailserver
set mailserver localhost # primary mailserver
# backup.bar.baz port 10025, # backup mailserver on port 10025
# localhost # fallback relay
#
#
## By default Monit will drop alert events if no mail servers are available.
## If you want to keep the alerts for later delivery retry, you can use the
## EVENTQUEUE statement. The base directory where undelivered alerts will be
## stored is specified by the BASEDIR option. You can limit the queue size
## by using the SLOTS option (if omitted, the queue is limited by space
## available in the back end filesystem).
#
set eventqueue
basedir /var/monit # set the base directory where events will be stored
slots 100 # optionally limit the queue size
#


#
#
## Monit has an embedded HTTP interface which can be used to view status of
## services monitored and manage services from a web interface. The HTTP
## interface is also required if you want to issue Monit commands from the
## command line, such as 'monit status' or 'monit restart service' The reason
## for this is that the Monit client uses the HTTP interface to send these
## commands to a running Monit daemon. See the Monit Wiki if you want to
## enable SSL for the HTTP interface.
#
set httpd port 2812 and
use address 192.168.1.11 # only accept connection from localhost
allow 0.0.0.0/0.0.0.0 # allow localhost to connect to the server and
allow admin:PUT PASSWORD HERE # require user 'admin' with password 'monit'

###############################################################################
## Services
###############################################################################
##

#
#
## Check a network link status (up/down), link capacity changes, saturation
## and bandwidth usage.
#
check network public with interface eth1
if failed link then alert
if changed link then alert
if saturation > 90% then alert
# if download > 10 MB/s then alert
# if total upload > 1 GB in last hour then alert
#
#

# check dansguardian

check process dansguardian with pidfile /var/run/dansguardian-av.pid
start program = "/etc/init.d/dansguardian-av start"
stop program = "/etc/init.d/dansguardian-av stop"
#
# check squid

check process squid with pidfile /var/run/squid.pid
start program = "/etc/init.d/squid start"
stop program = "/etc/init.d/squid stop"

# check OpenLDAP
check process openldap with pidfile /var/run/slapd.pid
start program = "/etc/init.d/slapd start"
stop program = "/etc/init.d/slapd stop"


###############################################################################
## Includes
###############################################################################
##
## It is possible to include additional configuration parts from other files or
## directories.
#
# include /etc/monit.d/*
#

# set daemon mode timeout to 1 minute
set daemon 60
# Include all files from /etc/monit.d/
include /etc/monit.d/*