The maldet real-time monitoring daemon will not start. How can I fix this?

1. Double check that the default_monitor_mode is set:

Edit /usr/local/maldetect/conf.maldet and find and set:

default_monitor_mode="users"

2. Some users may also need to increase their inotify file watch limit on their systems before the maldet monitoring daemon will start.

To view your current limit:

cat /proc/sys/fs/inotify/max_user_watches

To raise your limit:

echo fs.inotify.max_user_watches=1048576 > /etc/sysctl.d/sentinel.conf
sysctl -p /etc/sysctl.d/sentinel.conf

Start the service:

systemctl restart maldet

Check the logs for any errors:

tail -f /usr/local/maldetect/logs/event_log

Example error of when max_user_watches is too low:

Please increase the amount of inotify watches allowed per user via `/proc/sys/fs/inotify/max_user_watches'.
  • real-time monitoring, maldet
  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

How can I fix the error: Kohana_Exception [ 0 ]: Directory APPPATH/cache must be writable?

This error means that the permissions on the Plesk extension are not set properly. Running the...

How can I fix the error: The domain limit of this license key has been reached?

The admin and pro versions of our products are limited to the number of domains you can have in...

How can I repair my Sentinel Anti-malware installation?

If your Sentinel Anti-malware installation is having problems it is recommended to go though the...

I received an email from Maxmind that they will drop support for unsecure database downloads. How are your products affected?

MaxMind sent out the following email below: To ensure that you can continue to download GeoIP...

How can I fix the error: The licensing server was invalid or could not be reached ?

Restart Plesk Panel Interface 1. Many times this error can be fixed by just restarting the Plesk...