monitrc

1. ###############################################################################
2. ## Monit control file
3. ###############################################################################
4. ##
5. ## Comments begin with a '#' and extend through the end of the line. Keywords
6. ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
7. ##
8. ## Below you will find examples of some frequently used statements. For
9. ## information about the control file and a complete list of statements and
10. ## options, please have a look in the Monit manual.
11. ##
12. ##
13. ###############################################################################
14. ## Global section
15. ###############################################################################
16. ##
17. ## Start Monit in the background (run as a daemon):
18. #
19. set daemon 300 # check services at 2-minute intervals
20. with start delay 300 # optional: delay the first check by 4-minutes (by
21. # # default Monit check immediately after Monit start)
22. #
23. #
24. ## Set syslog logging with the 'daemon' facility. If the FACILITY option is
25. ## omitted, Monit will use 'user' facility by default. If you want to log to
26. ## a standalone log file instead, specify the full path to the log file
27. #
28. # set logfile syslog facility log_daemon
29. set logfile /var/log/monit.log
30. #
31. #
32. ## Set the location of the Monit id file which stores the unique id for the
33. ## Monit instance. The id is generated and stored on first Monit start. By
34. ## default the file is placed in $HOME/.monit.id.
35. #
36. # set idfile /var/.monit.id
37. set idfile /var/lib/monit/id
38. #
39. ## Set the location of the Monit state file which saves monitoring states
40. ## on each cycle. By default the file is placed in $HOME/.monit.state. If
41. ## the state file is stored on a persistent filesystem, Monit will recover
42. ## the monitoring state across reboots. If it is on temporary filesystem, the
43. ## state will be lost on reboot which may be convenient in some situations.
44. #
45. set statefile /var/lib/monit/state
46. #
47. ## Set the list of mail servers for alert delivery. Multiple servers may be
48. ## specified using a comma separator. If the first mail server fails, Monit
49. # will use the second mail server in the list and so on. By default Monit uses
50. # port 25 - it is possible to override this with the PORT option.
51. #
52. # set mailserver mail.bar.baz, # primary mailserver
53. # backup.bar.baz port 10025, # backup mailserver on port 10025
54. # localhost # fallback relay
55.  
56. set mailserver smtp.gmail.com port 587
57. username "xxx@gmail.com" password "xxx"
58. using tlsv1
59. with timeout 30 seconds
60. set alert xxx@gmail.com
61.  
62. #
63. #
64. ## By default Monit will drop alert events if no mail servers are available.
65. ## If you want to keep the alerts for later delivery retry, you can use the
66. ## EVENTQUEUE statement. The base directory where undelivered alerts will be
67. ## stored is specified by the BASEDIR option. You can limit the maximal queue
68. ## size using the SLOTS option (if omitted, the queue is limited by space
69. ## available in the back end filesystem).
70. #
71. set eventqueue
72. basedir /var/lib/monit/events # set the base directory where events will be stored
73. slots 100 # optionally limit the queue size
74. #
75. #
76. ## Send status and events to M/Monit (for more informations about M/Monit
77. ## see http://mmonit.com/). By default Monit registers credentials with
78. ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
79. ## have to register Monit credentials manually in M/Monit. It is possible to
80. ## disable credential registration using the commented out option below.
81. ## Though, if safety is a concern we recommend instead using https when
82. ## communicating with M/Monit and send credentials encrypted.
83. #
84. # set mmonit http://monit:monit@192.168.1.10:8080/collector
85. # # and register without credentials # Don't register credentials
86. #
87. #
88. ## Monit by default uses the following format for alerts if the the mail-format
89. ## statement is missing::
90. ## --8<--
91. ## set mail-format {
92. ## from: monit@$HOST
93. ## subject: monit alert -- $EVENT $SERVICE
94. ## message: $EVENT Service $SERVICE
95. ## Date: $DATE
96. ## Action: $ACTION
97. ## Host: $HOST
98. ## Description: $DESCRIPTION
99. ##
100. ## Your faithful employee,
101. ## Monit
102. ## }
103. ## --8<--
104. ##
105. ## You can override this message format or parts of it, such as subject
106. ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
107. ## are expanded at runtime. For example, to override the sender, use:
108. #
109. # set mail-format { from: monit@foo.bar }
110. #
111. #
112. ## You can set alert recipients whom will receive alerts if/when a
113. ## service defined in this file has errors. Alerts may be restricted on
114. ## events by using a filter as in the second example below.
115. #
116. # set alert sysadm@foo.bar # receive all alerts
117. # set alert manager@foo.bar only on { timeout } # receive just service-
118. # # timeout alert
119. #
120. #
121. ## Monit has an embedded web server which can be used to view status of
122. ## services monitored and manage services from a web interface. See the
123. ## Monit Wiki if you want to enable SSL for the web server.
124. #
125. set httpd port 2812 and
126. use address 192.168.0.125 # only accept connection from localhost
127. allow 192.168.0.0/255.255.255.0
128. # allow localhost # allow localhost to connect to the server and
129. # allow admin:monit # require user 'admin' with password 'monit'
130. # allow @monit # allow users of group 'monit' to connect (rw)
131. # allow @users readonly # allow users of group 'users' to connect readonly
132. #
133. ###############################################################################
134. ## Services
135. ###############################################################################
136. ##
137. ## Check general system resources such as load average, cpu and memory
138. ## usage. Each test specifies a resource, conditions and the action to be
139. ## performed should a test fail.
140. #
141. # check system myhost.mydomain.tld
142. # if loadavg (1min) > 4 then alert
143. # if loadavg (5min) > 2 then alert
144. # if memory usage > 75% then alert
145. # if swap usage > 25% then alert
146. # if cpu usage (user) > 70% then alert
147. # if cpu usage (system) > 30% then alert
148. # if cpu usage (wait) > 20% then alert
149. #
150. #
151. ## Check if a file exists, checksum, permissions, uid and gid. In addition
152. ## to alert recipients in the global section, customized alert can be sent to
153. ## additional recipients by specifying a local alert handler. The service may
154. ## be grouped using the GROUP option. More than one group can be specified by
155. ## repeating the 'group name' statement.
156. #
157. # check file apache_bin with path /usr/local/apache/bin/httpd
158. # if failed checksum and
159. # expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
160. # if failed permission 755 then unmonitor
161. # if failed uid root then unmonitor
162. # if failed gid root then unmonitor
163. # alert security@foo.bar on {
164. # checksum, permission, uid, gid, unmonitor
165. # } with the mail-format { subject: Alarm! }
166. # group server
167. #
168. #
169. ## Check that a process is running, in this case Apache, and that it respond
170. ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
171. ## and number of children. If the process is not running, Monit will restart
172. ## it by default. In case the service is restarted very often and the
173. ## problem remains, it is possible to disable monitoring using the TIMEOUT
174. ## statement. This service depends on another service (apache_bin) which
175. ## is defined above.
176. #
177. # check process apache with pidfile /usr/local/apache/logs/httpd.pid
178. # start program = "/etc/init.d/httpd start" with timeout 60 seconds
179. # stop program = "/etc/init.d/httpd stop"
180. # if cpu > 60% for 2 cycles then alert
181. # if cpu > 80% for 5 cycles then restart
182. # if totalmem > 200.0 MB for 5 cycles then restart
183. # if children > 250 then restart
184. # if loadavg(5min) greater than 10 for 8 cycles then stop
185. # if failed host www.tildeslash.com port 80 protocol http
186. # and request "/somefile.html"
187. # then restart
188. # if failed port 443 type tcpssl protocol http
189. # with timeout 15 seconds
190. # then restart
191. # if 3 restarts within 5 cycles then timeout
192. # depends on apache_bin
193. # group server
194. #
195. #
196. ## Check filesystem permissions, uid, gid, space and inode usage. Other services,
197. ## such as databases, may depend on this resource and an automatically graceful
198. ## stop may be cascaded to them before the filesystem will become full and data
199. ## lost.
200. #
201. # check filesystem datafs with path /dev/sdb1
202. # start program = "/bin/mount /data"
203. # stop program = "/bin/umount /data"
204. # if failed permission 660 then unmonitor
205. # if failed uid root then unmonitor
206. # if failed gid disk then unmonitor
207. # if space usage > 80% for 5 times within 15 cycles then alert
208. # if space usage > 99% then stop
209. # if inode usage > 30000 then alert
210. # if inode usage > 99% then stop
211. # group server
212. #
213. #
214. ## Check a file's timestamp. In this example, we test if a file is older
215. ## than 15 minutes and assume something is wrong if its not updated. Also,
216. ## if the file size exceed a given limit, execute a script
217. #
218. # check file database with path /data/mydatabase.db
219. # if failed permission 700 then alert
220. # if failed uid data then alert
221. # if failed gid data then alert
222. # if timestamp > 15 minutes then alert
223. # if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
224. #
225. #
226. ## Check directory permission, uid and gid. An event is triggered if the
227. ## directory does not belong to the user with uid 0 and gid 0. In addition,
228. ## the permissions have to match the octal description of 755 (see chmod(1)).
229. #
230. # check directory bin with path /bin
231. # if failed permission 755 then unmonitor
232. # if failed uid 0 then unmonitor
233. # if failed gid 0 then unmonitor
234. #
235. #
236. ## Check a remote host availability by issuing a ping test and check the
237. ## content of a response from a web server. Up to three pings are sent and
238. ## connection to a port and an application level network check is performed.
239. #
240. # check host myserver with address 192.168.1.1
241. # if failed icmp type echo count 3 with timeout 3 seconds then alert
242. # if failed port 3306 protocol mysql with timeout 15 seconds then alert
243. # if failed url http://user:password@www.foo.bar:8080/?querystring
244. # and content == 'action="j_security_check"'
245. # then alert
246. #
247. #
248. ###############################################################################
249. ## Includes
250. ###############################################################################
251. ##
252. ## It is possible to include additional configuration parts from other files or
253. ## directories.
254. #
255. include /etc/monit/conf.d/*
256. #