On Thursday 20 April 2006 19:26, Joachim Schipper wrote: > Some monitoring script sounds like the way to go, though.
Perhaps you're right. Monit looks good - presumably I could install that both on the firewalls and the webservers, so that in the event of an httpd failure the local monit could restart it, and in the event of server failure, the firewall monit could modify the pf rules. Again, I haven't looked into this in detail but I assume it would be easy enough. I think rdr/source-hash avoids the need to use CARP on the web servers, which should avoid SSL problems and means we could apply it to our two old Windoze servers too. Ideally I wanted something more box fresh because I'm not actually our sysadmin although I end up doing a lot of the work on our production servers! But pf looks quite straightforward to administer. Maybe this is my best bet? Ashley
