]>
Commit | Line | Data |
---|---|---|
57865e53 DW |
1 | ############################################################################### |
2 | ## Monit control file | |
3 | ############################################################################### | |
4 | ## | |
5 | ## Comments begin with a '#' and extend through the end of the line. Keywords | |
6 | ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. | |
7 | ## | |
8 | ## Below you will find examples of some frequently used statements. For | |
9 | ## information about the control file and a complete list of statements and | |
10 | ## options, please have a look in the Monit manual. | |
11 | ## | |
12 | ## | |
13 | ############################################################################### | |
14 | ## Global section | |
15 | ############################################################################### | |
16 | ## | |
17 | ## Start Monit in the background (run as a daemon): | |
18 | # | |
19 | set daemon 60 # check services at 1-minute intervals | |
20 | # with start delay 240 # optional: delay the first check by 4-minutes (by | |
21 | # # default Monit check immediately after Monit start) | |
22 | # | |
23 | # | |
24 | ## Set syslog logging with the 'daemon' facility. If the FACILITY option is | |
25 | ## omitted, Monit will use 'user' facility by default. If you want to log to | |
26 | ## a standalone log file instead, specify the full path to the log file | |
27 | # | |
28 | set logfile syslog facility log_daemon | |
29 | # | |
30 | # | |
31 | ## Set the location of the Monit lock file which stores the process id of the | |
32 | ## running Monit instance. By default this file is stored in $HOME/.monit.pid | |
33 | # | |
34 | set pidfile /var/run/monit.pid | |
35 | # | |
36 | ## Set the location of the Monit id file which stores the unique id for the | |
37 | ## Monit instance. The id is generated and stored on first Monit start. By | |
38 | ## default the file is placed in $HOME/.monit.id. | |
39 | # | |
40 | set idfile /var/lib/monit/id | |
41 | # | |
42 | ## Set the location of the Monit state file which saves monitoring states | |
43 | ## on each cycle. By default the file is placed in $HOME/.monit.state. If | |
44 | ## the state file is stored on a persistent filesystem, Monit will recover | |
45 | ## the monitoring state across reboots. If it is on temporary filesystem, the | |
46 | ## state will be lost on reboot which may be convenient in some situations. | |
47 | # | |
48 | set statefile /var/lib/monit/state | |
49 | # | |
50 | ## Set the list of mail servers for alert delivery. Multiple servers may be | |
51 | ## specified using a comma separator. If the first mail server fails, Monit | |
52 | # will use the second mail server in the list and so on. By default Monit uses | |
53 | # port 25 - it is possible to override this with the PORT option. | |
54 | # | |
55 | # set mailserver mail.bar.baz, # primary mailserver | |
56 | # backup.bar.baz port 10025, # backup mailserver on port 10025 | |
57 | # localhost # fallback relay | |
58 | # | |
59 | # | |
60 | ## By default Monit will drop alert events if no mail servers are available. | |
61 | ## If you want to keep the alerts for later delivery retry, you can use the | |
62 | ## EVENTQUEUE statement. The base directory where undelivered alerts will be | |
63 | ## stored is specified by the BASEDIR option. You can limit the queue size | |
64 | ## by using the SLOTS option (if omitted, the queue is limited by space | |
65 | ## available in the back end filesystem). | |
66 | # | |
67 | set eventqueue | |
68 | basedir /var/lib/monit # set the base directory where events will be stored | |
69 | slots 100 # optionally limit the queue size | |
70 | # | |
71 | # | |
72 | ## Send status and events to M/Monit (for more informations about M/Monit | |
73 | ## see http://mmonit.com/). By default Monit registers credentials with | |
74 | ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't | |
75 | ## have to register Monit credentials manually in M/Monit. It is possible to | |
76 | ## disable credential registration using the commented out option below. | |
77 | ## Though, if safety is a concern we recommend instead using https when | |
78 | ## communicating with M/Monit and send credentials encrypted. | |
79 | # | |
80 | # set mmonit http://monit:monit@192.168.1.10:8080/collector | |
81 | # # and register without credentials # Don't register credentials | |
82 | # | |
83 | # | |
84 | ## Monit by default uses the following format for alerts if the the mail-format | |
85 | ## statement is missing:: | |
86 | ## --8<-- | |
87 | ## set mail-format { | |
88 | ## from: monit@$HOST | |
89 | ## subject: monit alert -- $EVENT $SERVICE | |
90 | ## message: $EVENT Service $SERVICE | |
91 | ## Date: $DATE | |
92 | ## Action: $ACTION | |
93 | ## Host: $HOST | |
94 | ## Description: $DESCRIPTION | |
95 | ## | |
96 | ## Your faithful employee, | |
97 | ## Monit | |
98 | ## } | |
99 | ## --8<-- | |
100 | ## | |
101 | ## You can override this message format or parts of it, such as subject | |
102 | ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. | |
103 | ## are expanded at runtime. For example, to override the sender, use: | |
104 | # | |
105 | # set mail-format { from: monit@foo.bar }a | |
106 | # | |
107 | # | |
108 | ## You can set alert recipients whom will receive alerts if/when a | |
109 | ## service defined in this file has errors. Alerts may be restricted on | |
110 | ## events by using a filter as in the second example below. | |
111 | # | |
112 | # set alert sysadm@foo.bar # receive all alerts | |
113 | ## Do not alert when Monit start, stop or perform a user initiated action. | |
114 | ## This filter is recommended to avoid getting alerts for trivial cases | |
115 | # set alert your-name@your.domain not on { instance, action } | |
116 | # | |
117 | # | |
118 | ## Monit has an embedded web server which can be used to view status of | |
119 | ## services monitored and manage services from a web interface. See the | |
120 | ## Monit Wiki if you want to enable SSL for the web server. | |
121 | # | |
122 | set httpd port 2812 and | |
123 | use address localhost # only accept connection from localhost | |
124 | allow localhost # allow localhost to connect to the server and | |
125 | # allow admin:monit # require user 'admin' with password 'monit' | |
126 | # allow @monit # allow users of group 'monit' to connect (rw) | |
127 | # allow @users readonly # allow users of group 'users' to connect readonly | |
128 | ||
129 | ############################################################################### | |
130 | ## Services | |
131 | ############################################################################### | |
132 | ## | |
133 | ## Check general system resources such as load average, cpu and memory | |
134 | ## usage. Each test specifies a resource, conditions and the action to be | |
135 | ## performed should a test fail. | |
136 | # | |
137 | # check system myhost.mydomain.tld | |
138 | # if loadavg (1min) > 4 then alert | |
139 | # if loadavg (5min) > 2 then alert | |
140 | # if memory usage > 75% then alert | |
141 | # if swap usage > 25% then alert | |
142 | # if cpu usage (user) > 70% then alert | |
143 | # if cpu usage (system) > 30% then alert | |
144 | # if cpu usage (wait) > 20% then alert | |
145 | # | |
146 | # | |
147 | ## Check if a file exists, checksum, permissions, uid and gid. In addition | |
148 | ## to alert recipients in the global section, customized alert can be sent to | |
149 | ## additional recipients by specifying a local alert handler. The service may | |
150 | ## be grouped using the GROUP option. More than one group can be specified by | |
151 | ## repeating the 'group name' statement. | |
152 | # | |
153 | # check file apache_bin with path /usr/local/apache/bin/httpd | |
154 | # if failed checksum and | |
155 | # expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor | |
156 | # if failed permission 755 then unmonitor | |
157 | # if failed uid root then unmonitor | |
158 | # if failed gid root then unmonitor | |
159 | # alert security@foo.bar on { | |
160 | # checksum, permission, uid, gid, unmonitor | |
161 | # } with the mail-format { subject: Alarm! } | |
162 | # group server | |
163 | # | |
164 | # | |
165 | ## Check that a process is running, in this case Apache, and that it respond | |
166 | ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, | |
167 | ## and number of children. If the process is not running, Monit will restart | |
168 | ## it by default. In case the service is restarted very often and the | |
169 | ## problem remains, it is possible to disable monitoring using the TIMEOUT | |
170 | ## statement. This service depends on another service (apache_bin) which | |
171 | ## is defined above. | |
172 | # | |
173 | # check process apache with pidfile /usr/local/apache/logs/httpd.pid | |
174 | # start program = "/etc/init.d/httpd start" with timeout 60 seconds | |
175 | # stop program = "/etc/init.d/httpd stop" | |
176 | # if cpu > 60% for 2 cycles then alert | |
177 | # if cpu > 80% for 5 cycles then restart | |
178 | # if totalmem > 200.0 MB for 5 cycles then restart | |
179 | # if children > 250 then restart | |
180 | # if loadavg(5min) greater than 10 for 8 cycles then stop | |
181 | # if failed host www.tildeslash.com port 80 protocol http | |
182 | # and request "/somefile.html" | |
183 | # then restart | |
184 | # if failed port 443 type tcpssl protocol http | |
185 | # with timeout 15 seconds | |
186 | # then restart | |
187 | # if 3 restarts within 5 cycles then timeout | |
188 | # depends on apache_bin | |
189 | # group server | |
190 | # | |
191 | # | |
192 | ## Check filesystem permissions, uid, gid, space and inode usage. Other services, | |
193 | ## such as databases, may depend on this resource and an automatically graceful | |
194 | ## stop may be cascaded to them before the filesystem will become full and data | |
195 | ## lost. | |
196 | # | |
197 | # check filesystem datafs with path /dev/sdb1 | |
198 | # start program = "/bin/mount /data" | |
199 | # stop program = "/bin/umount /data" | |
200 | # if failed permission 660 then unmonitor | |
201 | # if failed uid root then unmonitor | |
202 | # if failed gid disk then unmonitor | |
203 | # if space usage > 80% for 5 times within 15 cycles then alert | |
204 | # if space usage > 99% then stop | |
205 | # if inode usage > 30000 then alert | |
206 | # if inode usage > 99% then stop | |
207 | # group server | |
208 | # | |
209 | # | |
210 | ## Check a file's timestamp. In this example, we test if a file is older | |
211 | ## than 15 minutes and assume something is wrong if its not updated. Also, | |
212 | ## if the file size exceed a given limit, execute a script | |
213 | # | |
214 | # check file database with path /data/mydatabase.db | |
215 | # if failed permission 700 then alert | |
216 | # if failed uid data then alert | |
217 | # if failed gid data then alert | |
218 | # if timestamp > 15 minutes then alert | |
219 | # if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba | |
220 | # | |
221 | # | |
222 | ## Check directory permission, uid and gid. An event is triggered if the | |
223 | ## directory does not belong to the user with uid 0 and gid 0. In addition, | |
224 | ## the permissions have to match the octal description of 755 (see chmod(1)). | |
225 | # | |
226 | # check directory bin with path /bin | |
227 | # if failed permission 755 then unmonitor | |
228 | # if failed uid 0 then unmonitor | |
229 | # if failed gid 0 then unmonitor | |
230 | # | |
231 | # | |
232 | ## Check a remote host availability by issuing a ping test and check the | |
233 | ## content of a response from a web server. Up to three pings are sent and | |
234 | ## connection to a port and an application level network check is performed. | |
235 | # | |
236 | # check host myserver with address 192.168.1.1 | |
237 | # if failed icmp type echo count 3 with timeout 3 seconds then alert | |
238 | # if failed port 3306 protocol mysql with timeout 15 seconds then alert | |
239 | # if failed port 80 protocol http | |
240 | # and request /monit/ with content = "Monit [0-9.]+ Download" | |
241 | # then alert | |
242 | # | |
243 | # | |
244 | ############################################################################### | |
245 | ## Includes | |
246 | ############################################################################### | |
247 | ## | |
248 | ## It is possible to include additional configuration parts from other files or | |
249 | ## directories. | |
250 | # | |
251 | include /etc/monit.d/* | |
252 | # |