config/monit/monitrc

   1 ###############################################################################
   2 ## Monit control file
   3 ###############################################################################
   4 ##
   5 ## Comments begin with a '#' and extend through the end of the line. Keywords
   6 ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
   7 ##
   8 ## Below you will find examples of some frequently used statements. For
   9 ## information about the control file and a complete list of statements and
  10 ## options, please have a look in the Monit manual.
  11 ##
  12 ##
  13 ###############################################################################
  14 ## Global section
  15 ###############################################################################
  16 ##
  17 ## Start Monit in the background (run as a daemon):
  18 #
  19 set daemon  60              # check services at 1-minute intervals
  20 #   with start delay 240    # optional: delay the first check by 4-minutes (by
  21 #                           # default Monit check immediately after Monit start)
  22 #
  23 #
  24 ## Set syslog logging with the 'daemon' facility. If the FACILITY option is
  25 ## omitted, Monit will use 'user' facility by default. If you want to log to
  26 ## a standalone log file instead, specify the full path to the log file
  27 #
  28 set logfile syslog facility log_daemon
  29 #
  30 #
  31 ## Set the location of the Monit lock file which stores the process id of the
  32 ## running Monit instance. By default this file is stored in $HOME/.monit.pid
  33 #
  34 set pidfile /var/run/monit.pid
  35 #
  36 ## Set the location of the Monit id file which stores the unique id for the
  37 ## Monit instance. The id is generated and stored on first Monit start. By
  38 ## default the file is placed in $HOME/.monit.id.
  39 #
  40 set idfile /var/lib/monit/id
  41 #
  42 ## Set the location of the Monit state file which saves monitoring states
  43 ## on each cycle. By default the file is placed in $HOME/.monit.state. If
  44 ## the state file is stored on a persistent filesystem, Monit will recover
  45 ## the monitoring state across reboots. If it is on temporary filesystem, the
  46 ## state will be lost on reboot which may be convenient in some situations.
  47 #
  48 set statefile /var/lib/monit/state
  49 #
  50 ## Set the list of mail servers for alert delivery. Multiple servers may be
  51 ## specified using a comma separator. If the first mail server fails, Monit
  52 # will use the second mail server in the list and so on. By default Monit uses
  53 # port 25 - it is possible to override this with the PORT option.
  54 #
  55 # set mailserver mail.bar.baz,               # primary mailserver
  56 #                backup.bar.baz port 10025,  # backup mailserver on port 10025
  57 #                localhost                   # fallback relay
  58 #
  59 #
  60 ## By default Monit will drop alert events if no mail servers are available.
  61 ## If you want to keep the alerts for later delivery retry, you can use the
  62 ## EVENTQUEUE statement. The base directory where undelivered alerts will be
  63 ## stored is specified by the BASEDIR option. You can limit the queue size
  64 ## by using the SLOTS option (if omitted, the queue is limited by space
  65 ## available in the back end filesystem).
  66 #
  67 set eventqueue
  68     basedir /var/lib/monit  # set the base directory where events will be stored
  69     slots 100           # optionally limit the queue size
  70 #
  71 #
  72 ## Send status and events to M/Monit (for more informations about M/Monit
  73 ## see http://mmonit.com/). By default Monit registers credentials with
  74 ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
  75 ## have to register Monit credentials manually in M/Monit. It is possible to
  76 ## disable credential registration using the commented out option below.
  77 ## Though, if safety is a concern we recommend instead using https when
  78 ## communicating with M/Monit and send credentials encrypted.
  79 #
  80 # set mmonit http://monit:monit@192.168.1.10:8080/collector
  81 #     # and register without credentials     # Don't register credentials
  82 #
  83 #
  84 ## Monit by default uses the following format for alerts if the the mail-format
  85 ## statement is missing::
  86 ## --8<--
  87 ## set mail-format {
  88 ##      from: monit@$HOST
  89 ##   subject: monit alert --  $EVENT $SERVICE
  90 ##   message: $EVENT Service $SERVICE
  91 ##                 Date:        $DATE
  92 ##                 Action:      $ACTION
  93 ##                 Host:        $HOST
  94 ##                 Description: $DESCRIPTION
  95 ##
  96 ##            Your faithful employee,
  97 ##            Monit
  98 ## }
  99 ## --8<--
 100 ##
 101 ## You can override this message format or parts of it, such as subject
 102 ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
 103 ## are expanded at runtime. For example, to override the sender, use:
 104 #
 105 # set mail-format { from: monit@foo.bar }a
 106 #
 107 #
 108 ## You can set alert recipients whom will receive alerts if/when a
 109 ## service defined in this file has errors. Alerts may be restricted on
 110 ## events by using a filter as in the second example below.
 111 #
 112 # set alert sysadm@foo.bar                       # receive all alerts
 113 ## Do not alert when Monit start, stop or perform a user initiated action.
 114 ## This filter is recommended to avoid getting alerts for trivial cases
 115 # set alert your-name@your.domain not on { instance, action }
 116 #
 117 #
 118 ## Monit has an embedded web server which can be used to view status of
 119 ## services monitored and manage services from a web interface. See the
 120 ## Monit Wiki if you want to enable SSL for the web server.
 121 #
 122 set httpd port 2812 and
 123     use address localhost  # only accept connection from localhost
 124     allow localhost        # allow localhost to connect to the server and
 125 #    allow admin:monit      # require user 'admin' with password 'monit'
 126 #    allow @monit           # allow users of group 'monit' to connect (rw)
 127 #    allow @users readonly  # allow users of group 'users' to connect readonly
 128
 129 ###############################################################################
 130 ## Services
 131 ###############################################################################
 132 ##
 133 ## Check general system resources such as load average, cpu and memory
 134 ## usage. Each test specifies a resource, conditions and the action to be
 135 ## performed should a test fail.
 136 #
 137 #  check system myhost.mydomain.tld
 138 #    if loadavg (1min) > 4 then alert
 139 #    if loadavg (5min) > 2 then alert
 140 #    if memory usage > 75% then alert
 141 #    if swap usage > 25% then alert
 142 #    if cpu usage (user) > 70% then alert
 143 #    if cpu usage (system) > 30% then alert
 144 #    if cpu usage (wait) > 20% then alert
 145 #
 146 #
 147 ## Check if a file exists, checksum, permissions, uid and gid. In addition
 148 ## to alert recipients in the global section, customized alert can be sent to
 149 ## additional recipients by specifying a local alert handler. The service may
 150 ## be grouped using the GROUP option. More than one group can be specified by
 151 ## repeating the 'group name' statement.
 152 #
 153 #  check file apache_bin with path /usr/local/apache/bin/httpd
 154 #    if failed checksum and
 155 #       expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
 156 #    if failed permission 755 then unmonitor
 157 #    if failed uid root then unmonitor
 158 #    if failed gid root then unmonitor
 159 #    alert security@foo.bar on {
 160 #           checksum, permission, uid, gid, unmonitor
 161 #        } with the mail-format { subject: Alarm! }
 162 #    group server
 163 #
 164 #
 165 ## Check that a process is running, in this case Apache, and that it respond
 166 ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
 167 ## and number of children. If the process is not running, Monit will restart
 168 ## it by default. In case the service is restarted very often and the
 169 ## problem remains, it is possible to disable monitoring using the TIMEOUT
 170 ## statement. This service depends on another service (apache_bin) which
 171 ## is defined above.
 172 #
 173 #  check process apache with pidfile /usr/local/apache/logs/httpd.pid
 174 #    start program = "/etc/init.d/httpd start" with timeout 60 seconds
 175 #    stop program  = "/etc/init.d/httpd stop"
 176 #    if cpu > 60% for 2 cycles then alert
 177 #    if cpu > 80% for 5 cycles then restart
 178 #    if totalmem > 200.0 MB for 5 cycles then restart
 179 #    if children > 250 then restart
 180 #    if loadavg(5min) greater than 10 for 8 cycles then stop
 181 #    if failed host www.tildeslash.com port 80 protocol http
 182 #       and request "/somefile.html"
 183 #    then restart
 184 #    if failed port 443 type tcpssl protocol http
 185 #       with timeout 15 seconds
 186 #    then restart
 187 #    if 3 restarts within 5 cycles then timeout
 188 #    depends on apache_bin
 189 #    group server
 190 #
 191 #
 192 ## Check filesystem permissions, uid, gid, space and inode usage. Other services,
 193 ## such as databases, may depend on this resource and an automatically graceful
 194 ## stop may be cascaded to them before the filesystem will become full and data
 195 ## lost.
 196 #
 197 #  check filesystem datafs with path /dev/sdb1
 198 #    start program  = "/bin/mount /data"
 199 #    stop program  = "/bin/umount /data"
 200 #    if failed permission 660 then unmonitor
 201 #    if failed uid root then unmonitor
 202 #    if failed gid disk then unmonitor
 203 #    if space usage > 80% for 5 times within 15 cycles then alert
 204 #    if space usage > 99% then stop
 205 #    if inode usage > 30000 then alert
 206 #    if inode usage > 99% then stop
 207 #    group server
 208 #
 209 #
 210 ## Check a file's timestamp. In this example, we test if a file is older
 211 ## than 15 minutes and assume something is wrong if its not updated. Also,
 212 ## if the file size exceed a given limit, execute a script
 213 #
 214 #  check file database with path /data/mydatabase.db
 215 #    if failed permission 700 then alert
 216 #    if failed uid data then alert
 217 #    if failed gid data then alert
 218 #    if timestamp > 15 minutes then alert
 219 #    if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
 220 #
 221 #
 222 ## Check directory permission, uid and gid.  An event is triggered if the
 223 ## directory does not belong to the user with uid 0 and gid 0.  In addition,
 224 ## the permissions have to match the octal description of 755 (see chmod(1)).
 225 #
 226 #  check directory bin with path /bin
 227 #    if failed permission 755 then unmonitor
 228 #    if failed uid 0 then unmonitor
 229 #    if failed gid 0 then unmonitor
 230 #
 231 #
 232 ## Check a remote host availability by issuing a ping test and check the
 233 ## content of a response from a web server. Up to three pings are sent and
 234 ## connection to a port and an application level network check is performed.
 235 #
 236 #  check host myserver with address 192.168.1.1
 237 #    if failed icmp type echo count 3 with timeout 3 seconds then alert
 238 #    if failed port 3306 protocol mysql with timeout 15 seconds then alert
 239 #    if failed port 80 protocol http
 240 #       and request /monit/ with content = "Monit [0-9.]+ Download"
 241 #    then alert
 242 #
 243 #
 244 ###############################################################################
 245 ## Includes
 246 ###############################################################################
 247 ##
 248 ## It is possible to include additional configuration parts from other files or
 249 ## directories.
 250 #
 251 include /etc/monit.d/*
 252 #