|
| 1 | +############################################################################### |
| 2 | +## Monit control file |
| 3 | +############################################################################### |
| 4 | +## |
| 5 | +## Comments begin with a '#' and extend through the end of the line. Keywords |
| 6 | +## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. |
| 7 | +## |
| 8 | +## Below you will find examples of some frequently used statements. For |
| 9 | +## information about the control file and a complete list of statements and |
| 10 | +## options, please have a look in the Monit manual. |
| 11 | +## |
| 12 | +## |
| 13 | +############################################################################### |
| 14 | +## Global section |
| 15 | +############################################################################### |
| 16 | +## |
| 17 | +## Start Monit in the background (run as a daemon): |
| 18 | +# |
| 19 | + set daemon 120 # check services at 2-minute intervals |
| 20 | +# with start delay 240 # optional: delay the first check by 4-minutes (by |
| 21 | +# # default Monit check immediately after Monit start) |
| 22 | +# |
| 23 | +# |
| 24 | +## Set syslog logging with the 'daemon' facility. If the FACILITY option is |
| 25 | +## omitted, Monit will use 'user' facility by default. If you want to log to |
| 26 | +## a standalone log file instead, specify the full path to the log file |
| 27 | +# |
| 28 | +# set logfile syslog facility log_daemon |
| 29 | + set logfile /var/log/monit.log |
| 30 | +# |
| 31 | +# |
| 32 | +## Set the location of the Monit lock file which stores the process id of the |
| 33 | +## running Monit instance. By default this file is stored in $HOME/.monit.pid |
| 34 | +# |
| 35 | +# set pidfile /var/run/monit.pid |
| 36 | +# |
| 37 | +## Set the location of the Monit id file which stores the unique id for the |
| 38 | +## Monit instance. The id is generated and stored on first Monit start. By |
| 39 | +## default the file is placed in $HOME/.monit.id. |
| 40 | +# |
| 41 | +# set idfile /var/.monit.id |
| 42 | + set idfile /var/lib/monit/id |
| 43 | +# |
| 44 | +## Set the location of the Monit state file which saves monitoring states |
| 45 | +## on each cycle. By default the file is placed in $HOME/.monit.state. If |
| 46 | +## the state file is stored on a persistent filesystem, Monit will recover |
| 47 | +## the monitoring state across reboots. If it is on temporary filesystem, the |
| 48 | +## state will be lost on reboot which may be convenient in some situations. |
| 49 | +# |
| 50 | + set statefile /var/lib/monit/state |
| 51 | +# |
| 52 | +## Set the list of mail servers for alert delivery. Multiple servers may be |
| 53 | +## specified using a comma separator. If the first mail server fails, Monit |
| 54 | +# will use the second mail server in the list and so on. By default Monit uses |
| 55 | +# port 25 - it is possible to override this with the PORT option. |
| 56 | +# |
| 57 | +# set mailserver mail.bar.baz, # primary mailserver |
| 58 | +# backup.bar.baz port 10025, # backup mailserver on port 10025 |
| 59 | +# localhost # fallback relay |
| 60 | +# |
| 61 | +# |
| 62 | +## By default Monit will drop alert events if no mail servers are available. |
| 63 | +## If you want to keep the alerts for later delivery retry, you can use the |
| 64 | +## EVENTQUEUE statement. The base directory where undelivered alerts will be |
| 65 | +## stored is specified by the BASEDIR option. You can limit the queue size |
| 66 | +## by using the SLOTS option (if omitted, the queue is limited by space |
| 67 | +## available in the back end filesystem). |
| 68 | +# |
| 69 | + set eventqueue |
| 70 | + basedir /var/lib/monit/events # set the base directory where events will be stored |
| 71 | + slots 100 # optionally limit the queue size |
| 72 | +# |
| 73 | +# |
| 74 | +## Send status and events to M/Monit (for more informations about M/Monit |
| 75 | +## see http://mmonit.com/). By default Monit registers credentials with |
| 76 | +## M/Monit so M/Monit can smoothly communicate back to Monit and you don't |
| 77 | +## have to register Monit credentials manually in M/Monit. It is possible to |
| 78 | +## disable credential registration using the commented out option below. |
| 79 | +## Though, if safety is a concern we recommend instead using https when |
| 80 | +## communicating with M/Monit and send credentials encrypted. |
| 81 | +# |
| 82 | +# set mmonit http://monit: [email protected]:8080/collector |
| 83 | +# # and register without credentials # Don't register credentials |
| 84 | +# |
| 85 | +# |
| 86 | +## Monit by default uses the following format for alerts if the the mail-format |
| 87 | +## statement is missing:: |
| 88 | +## --8<-- |
| 89 | +## set mail-format { |
| 90 | +## from: monit@$HOST |
| 91 | +## subject: monit alert -- $EVENT $SERVICE |
| 92 | +## message: $EVENT Service $SERVICE |
| 93 | +## Date: $DATE |
| 94 | +## Action: $ACTION |
| 95 | +## Host: $HOST |
| 96 | +## Description: $DESCRIPTION |
| 97 | +## |
| 98 | +## Your faithful employee, |
| 99 | +## Monit |
| 100 | +## } |
| 101 | +## --8<-- |
| 102 | +## |
| 103 | +## You can override this message format or parts of it, such as subject |
| 104 | +## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. |
| 105 | +## are expanded at runtime. For example, to override the sender, use: |
| 106 | +# |
| 107 | +# set mail-format { from: [email protected] } |
| 108 | +# |
| 109 | +# |
| 110 | +## You can set alert recipients whom will receive alerts if/when a |
| 111 | +## service defined in this file has errors. Alerts may be restricted on |
| 112 | +## events by using a filter as in the second example below. |
| 113 | +# |
| 114 | +# set alert [email protected] # receive all alerts |
| 115 | +# |
| 116 | +## Do not alert when Monit starts, stops or performs a user initiated action. |
| 117 | +## This filter is recommended to avoid getting alerts for trivial cases. |
| 118 | +# |
| 119 | +# set alert [email protected] not on { instance, action } |
| 120 | +# |
| 121 | +# |
| 122 | +## Monit has an embedded HTTP interface which can be used to view status of |
| 123 | +## services monitored and manage services from a web interface. The HTTP |
| 124 | +## interface is also required if you want to issue Monit commands from the |
| 125 | +## command line, such as 'monit status' or 'monit restart service' The reason |
| 126 | +## for this is that the Monit client uses the HTTP interface to send these |
| 127 | +## commands to a running Monit daemon. See the Monit Wiki if you want to |
| 128 | +## enable SSL for the web server. |
| 129 | +# |
| 130 | + set httpd port 2812 and |
| 131 | + use address localhost # only accept connection from localhost |
| 132 | + allow localhost # allow localhost to connect to the server and |
| 133 | +# allow admin:monit # require user 'admin' with password 'monit' |
| 134 | +# allow @monit # allow users of group 'monit' to connect (rw) |
| 135 | +# allow @users readonly # allow users of group 'users' to connect readonly |
| 136 | +# |
| 137 | +############################################################################### |
| 138 | +## Services |
| 139 | +############################################################################### |
| 140 | +## |
| 141 | +## Check general system resources such as load average, cpu and memory |
| 142 | +## usage. Each test specifies a resource, conditions and the action to be |
| 143 | +## performed should a test fail. |
| 144 | +# |
| 145 | +# check system myhost.mydomain.tld |
| 146 | +# if loadavg (1min) > 4 then alert |
| 147 | +# if loadavg (5min) > 2 then alert |
| 148 | +# if memory usage > 75% then alert |
| 149 | +# if swap usage > 25% then alert |
| 150 | +# if cpu usage (user) > 70% then alert |
| 151 | +# if cpu usage (system) > 30% then alert |
| 152 | +# if cpu usage (wait) > 20% then alert |
| 153 | +# |
| 154 | +# |
| 155 | +## Check if a file exists, checksum, permissions, uid and gid. In addition |
| 156 | +## to alert recipients in the global section, customized alert can be sent to |
| 157 | +## additional recipients by specifying a local alert handler. The service may |
| 158 | +## be grouped using the GROUP option. More than one group can be specified by |
| 159 | +## repeating the 'group name' statement. |
| 160 | +# |
| 161 | +# check file apache_bin with path /usr/local/apache/bin/httpd |
| 162 | +# if failed checksum and |
| 163 | +# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor |
| 164 | +# if failed permission 755 then unmonitor |
| 165 | +# if failed uid root then unmonitor |
| 166 | +# if failed gid root then unmonitor |
| 167 | + |
| 168 | +# checksum, permission, uid, gid, unmonitor |
| 169 | +# } with the mail-format { subject: Alarm! } |
| 170 | +# group server |
| 171 | +# |
| 172 | +# |
| 173 | +## Check that a process is running, in this case Apache, and that it respond |
| 174 | +## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, |
| 175 | +## and number of children. If the process is not running, Monit will restart |
| 176 | +## it by default. In case the service is restarted very often and the |
| 177 | +## problem remains, it is possible to disable monitoring using the TIMEOUT |
| 178 | +## statement. This service depends on another service (apache_bin) which |
| 179 | +## is defined above. |
| 180 | +# |
| 181 | +# check process apache with pidfile /usr/local/apache/logs/httpd.pid |
| 182 | +# start program = "/etc/init.d/httpd start" with timeout 60 seconds |
| 183 | +# stop program = "/etc/init.d/httpd stop" |
| 184 | +# if cpu > 60% for 2 cycles then alert |
| 185 | +# if cpu > 80% for 5 cycles then restart |
| 186 | +# if totalmem > 200.0 MB for 5 cycles then restart |
| 187 | +# if children > 250 then restart |
| 188 | +# if loadavg(5min) greater than 10 for 8 cycles then stop |
| 189 | +# if failed host www.tildeslash.com port 80 protocol http |
| 190 | +# and request "/somefile.html" |
| 191 | +# then restart |
| 192 | +# if failed port 443 type tcpssl protocol http |
| 193 | +# with timeout 15 seconds |
| 194 | +# then restart |
| 195 | +# if 3 restarts within 5 cycles then timeout |
| 196 | +# depends on apache_bin |
| 197 | +# group server |
| 198 | +# |
| 199 | +# |
| 200 | +## Check filesystem permissions, uid, gid, space and inode usage. Other services, |
| 201 | +## such as databases, may depend on this resource and an automatically graceful |
| 202 | +## stop may be cascaded to them before the filesystem will become full and data |
| 203 | +## lost. |
| 204 | +# |
| 205 | +# check filesystem datafs with path /dev/sdb1 |
| 206 | +# start program = "/bin/mount /data" |
| 207 | +# stop program = "/bin/umount /data" |
| 208 | +# if failed permission 660 then unmonitor |
| 209 | +# if failed uid root then unmonitor |
| 210 | +# if failed gid disk then unmonitor |
| 211 | +# if space usage > 80% for 5 times within 15 cycles then alert |
| 212 | +# if space usage > 99% then stop |
| 213 | +# if inode usage > 30000 then alert |
| 214 | +# if inode usage > 99% then stop |
| 215 | +# group server |
| 216 | +# |
| 217 | +# |
| 218 | +## Check a file's timestamp. In this example, we test if a file is older |
| 219 | +## than 15 minutes and assume something is wrong if its not updated. Also, |
| 220 | +## if the file size exceed a given limit, execute a script |
| 221 | +# |
| 222 | +# check file database with path /data/mydatabase.db |
| 223 | +# if failed permission 700 then alert |
| 224 | +# if failed uid data then alert |
| 225 | +# if failed gid data then alert |
| 226 | +# if timestamp > 15 minutes then alert |
| 227 | +# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba |
| 228 | +# |
| 229 | +# |
| 230 | +## Check directory permission, uid and gid. An event is triggered if the |
| 231 | +## directory does not belong to the user with uid 0 and gid 0. In addition, |
| 232 | +## the permissions have to match the octal description of 755 (see chmod(1)). |
| 233 | +# |
| 234 | +# check directory bin with path /bin |
| 235 | +# if failed permission 755 then unmonitor |
| 236 | +# if failed uid 0 then unmonitor |
| 237 | +# if failed gid 0 then unmonitor |
| 238 | +# |
| 239 | +# |
| 240 | +## Check a remote host availability by issuing a ping test and check the |
| 241 | +## content of a response from a web server. Up to three pings are sent and |
| 242 | +## connection to a port and an application level network check is performed. |
| 243 | +# |
| 244 | +# check host myserver with address 192.168.1.1 |
| 245 | +# if failed ping then alert |
| 246 | +# if failed port 3306 protocol mysql with timeout 15 seconds then alert |
| 247 | +# if failed port 80 protocol http |
| 248 | +# and request /some/path with content = "a string" |
| 249 | +# then alert |
| 250 | +# |
| 251 | +# |
| 252 | +############################################################################### |
| 253 | +## Includes |
| 254 | +############################################################################### |
| 255 | +## |
| 256 | +## It is possible to include additional configuration parts from other files or |
| 257 | +## directories. |
| 258 | +# |
| 259 | + include /etc/monit/conf.d/* |
| 260 | +# |
0 commit comments