.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "MONIT 1" .TH MONIT 1 "www.mmonit.com" "5.32.0" "User Commands" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Monit \- utility for monitoring services on a Unix system .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBmonit\fR [options] .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBMonit\fR is a utility for managing and monitoring processes, programs, files, directories and filesystems on a Unix system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations. E.g. Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. You can use Monit to monitor files, directories and filesystems for changes, such as timestamps changes, checksum changes or size changes. .PP Monit is controlled via an easy to configure control file based on a free-format, token-oriented syntax. Monit logs to syslog or to its own log file and notifies you about error conditions via customisable alert messages. Monit can perform various \s-1TCP/IP\s0 network checks, protocol checks and can utilise \s-1SSL\s0 for such checks. Monit provides a \s-1HTTP\s0(S) interface and you may use a browser to access the Monit program. .SH "WHAT TO MONITOR?" .IX Header "WHAT TO MONITOR?" You can use Monit to monitor daemon \fBprocesses\fR or similar programs running on localhost. Monit is particularly useful for monitoring daemon processes, such as those started at system boot time. For instance sendmail, sshd, apache and mysql. In contrast to many other monitoring systems, Monit can act if an error situation should occur, e.g.; if sendmail is not running, monit can start sendmail again automatically or if apache is using too many resources (e.g. if a DoS attack is in progress) Monit can stop or restart apache and send you an alert message. Monit can also monitor process characteristics, such as how much memory or cpu cycles a process is using. .PP You can also use Monit to monitor \fBfiles\fR, \fBdirectories\fR and \&\fBfilesystems\fR on localhost. Monit can monitor these items for changes, such as timestamps changes, checksum changes or size changes. This is also useful for security reasons \- you can monitor the md5 or sha1 checksum of files that should not change and get an alert or perform an action if they should change. .PP Monit can monitor \fBnetwork connections\fR to various servers, either on localhost or on remote hosts. \s-1TCP, UDP\s0 and Unix Domain Sockets are supported. Network test can be performed on a protocol level; Monit has built-in tests for the main Internet protocols, such as \s-1HTTP, SMTP\s0 etc. Even if a protocol is not supported you can still test the server because you can configure Monit to send any data and test the response from the server. .PP Monit can be used to test \fBprograms\fR or scripts at certain times, much like cron, but in addition, you can test the exit value of a program and perform an action or send an alert if the exit value indicates an error. This means that you can use Monit to perform any type of check you can write a script for. .PP Finally, Monit can be used to monitor general \fBsystem\fR resources on localhost such as overall \s-1CPU\s0 usage, Memory and System Load. .SH "GENERAL OPERATION" .IX Header "GENERAL OPERATION" The behaviour of Monit is controlled by command-line options \&\fIand\fR a run control file, monitrc, the syntax of which we describe in a later section. Command-line options override \fI.monitrc\fR declarations. .PP The default location for \fImonitrc\fR is \fI~/.monitrc\fR. If this file does not exist, Monit will try \fI/etc/monitrc\fR and a few other places. See \s-1FILES\s0 for details. You can also specify the control file directly by using the \fI\-c\fR command-line switch to monit. For instance, .PP .Vb 1 \& $ monit \-c /var/monit/monitrc .Ve .PP Before Monit is started the first time, you can test the control file for syntax errors: .PP .Vb 2 \& $ monit \-t \& $ Control file syntax OK .Ve .PP If there was an error, Monit will print an error message to the console, including the line number in the control file from where the error was found. .PP Once you have a working Monit control file, simply start Monit from the console, like so: .PP .Vb 1 \& $ monit .Ve .PP You can change some configuration directives via command-line switches, but for simplicity it is recommended that you put these in the control file. .PP Monit will detach from the terminal and run as a background process, i.e. as a daemon process. As a daemon, Monit runs in cycles; It monitor services, then goes to sleep for a configured period, then wakes up and start monitoring again in an endless loop. .SS "Options" .IX Subsection "Options" The following options are recognized by Monit. However, it is recommended that you set options (when applicable) directly in the \fI.monitrc\fR control file. .PP \&\fB\-c\fR \fIfile\fR Use this control file .PP \&\fB\-d\fR \fIn\fR Run Monit as a daemon once per \fIn\fR seconds. Or use \fI\*(L"set daemon\*(R"\fR in monitrc. .PP \&\fB\-g\fR \fIname\fR Set group name for start, stop, restart, monitor, unmonitor, status and summary action. .PP \&\fB\-l\fR \fIfile\fR Print log information to this file. Or use \fI\*(L"set log\*(R"\fR in monitrc. .PP \&\fB\-p\fR \fIpidfile\fR Use this lock file in daemon mode. Or use \fI\*(L"set pidfile\*(R"\fR in monitrc. .PP \&\fB\-s\fR \fIstatefile\fR Write state information to this file. Or use \fI\*(L"set statefile\*(R"\fR in monitrc. .PP \&\fB\-B\fR Batch command line mode (no tabular output and no colors). Or use \fI\*(L"set terminal batch\*(R"\fR in monitrc. .PP \&\fB\-I\fR Do not run in background mode (needed to run from init). Or use \fI\*(L"set init\*(R"\fR in monitrc. .PP \&\fB\-i\fR Print Monit's unique \s-1ID\s0 .PP \&\fB\-r\fR Reset Monit's unique \s-1ID.\s0 Use with caution .PP \&\fB\-t\fR Run syntax check for the control file .PP \&\fB\-v\fR Verbose mode, work noisy (diagnostic output) .PP \&\fB\-vv\fR Very verbose mode, same as \-v plus log stack-trace on error .PP \&\fB\-H\fR \fI[filename]\fR Print \s-1MD5\s0 and \s-1SHA1\s0 hashes of the file or of stdin if the filename is omitted; Monit will exit afterwards .PP \&\fB\-V\fR Print version number and patch level .PP \&\fB\-h\fR Print a help text .SS "Arguments" .IX Subsection "Arguments" Once you have Monit running as a daemon process, you can call Monit with one of the following arguments. Monit will then connect to the Monit daemon (on \s-1TCP\s0 port 127.0.0.1:2812 by default) and ask the Monit daemon to perform the requested action. In other words; calling monit without arguments starts the Monit daemon, and calling monit \fIwith\fR arguments enables you to communicate with the Monit daemon process. .IP "start all" 4 .IX Item "start all" Start all services listed in the control file and enable monitoring for them. If the group option is set (\fI\-g\fR), only start and enable monitoring of services in the named group (\*(L"all\*(R" is not required in this case). .IP "start " 4 .IX Item "start " Start the named service and enable monitoring for it. The name is a service entry name from the monitrc file. You can use a regex pattern too (note that it is case insensitive). .IP "stop all" 4 .IX Item "stop all" Stop all services listed in the control file and disable their monitoring. If the group option is set, only stop and disable monitoring of the services in the named group (\*(L"all\*(R" is not required in this case). .IP "stop " 4 .IX Item "stop " Stop the named service and disable its monitoring. The name is a service entry name from the monitrc file. You can use a regex pattern too (note that it is case insensitive). .IP "restart all" 4 .IX Item "restart all" Stop and start \fIall\fR services. If the group option is set, only restart the services in the named group (\*(L"all\*(R" is not required in this case). .IP "restart " 4 .IX Item "restart " Restart the named service. The name is a service entry name from the monitrc file. You can use a regex pattern too (note that it is case insensitive). .IP "monitor all" 4 .IX Item "monitor all" Enable monitoring of all services listed in the control file. If the group option is set, only start monitoring of services in the named group (\*(L"all\*(R" is not required in this case). .IP "monitor " 4 .IX Item "monitor " Enable monitoring of the named service. The name is a service entry name from the monitrc file. Monit will also enable monitoring of all services this service depends on. You can use a regex pattern too (note that it is case insensitive). .IP "unmonitor all" 4 .IX Item "unmonitor all" Disable monitoring of all services listed in the control file. If the group option is set, only disable monitoring of services in the named group (\*(L"all\*(R" is not required in this case). .IP "unmonitor " 4 .IX Item "unmonitor " Disable monitoring of the named service. The name is a service entry name from the monitrc file. Monit will also disable monitoring of all services that depends on this service. You can use a regex pattern too (note that it is case insensitive). .IP "status [name|pattern]" 4 .IX Item "status [name|pattern]" Print service status information. .IP "summary [name|pattern]" 4 .IX Item "summary [name|pattern]" Print a short status summary. .IP "report [up | down | initialising | unmonitored | total]" 4 .IX Item "report [up | down | initialising | unmonitored | total]" Report services state. The output can easily be parsed by scripts. Without options, prints a short overview of the state of all services managed by Monit. The option, \fIup\fR prints the number of all services in this state, \fIdown\fR likewise and so on. .IP "reload" 4 .IX Item "reload" Reinitialise a running Monit daemon, the daemon will reread its configuration, close and reopen log files. .IP "quit" 4 .IX Item "quit" Kill the Monit daemon process .IP "validate" 4 .IX Item "validate" Check all services listed in the control file. This action is also the default behaviour when Monit runs in daemon mode. .IP "procmatch " 4 .IX Item "procmatch " Allows for easy testing of pattern for process match check. The command takes regular expression as an argument and displays all running processes matching the pattern. .SH "THE MONIT CONTROL FILE" .IX Header "THE MONIT CONTROL FILE" Monit is configured and controlled via a control file called \&\fImonitrc\fR. The default location for this file is ~/.monitrc. If this file does not exist, Monit will try /etc/monitrc, then \&\f(CW@sysconfdir\fR@/monitrc and finally ./monitrc. If you build Monit from source, the value of \f(CW@sysconfdir\fR@ can be given at configure time as \&./configure \-\-sysconfdir. For instance, using \fI./configure \&\-\-sysconfdir /var/monit/etc\fR will make Monit search for \fImonitrc\fR in \&\fI/var/monit/etc\fR .PP To protect the security of your control file and passwords the control file must have read-write permissions \fIno more than 0700\fR (u=xrw,g=,o=); Monit will complain and exit otherwise. .PP When there is a conflict between the command-line arguments and the arguments in this file, the command-line arguments takes precedence. .PP Monit uses its own Domain Specific Language (\s-1DSL\s0); The control file consists of a series of service entries and global option statements. .PP Comments begin with a \f(CW\*(Aq#\*(Aq\fR and extend through the end of the line. Otherwise the file consists of a series of service entries or global option statements in a free-format, token-oriented syntax. .PP You can use noise keywords like \f(CW\*(Aqif\*(Aq\fR, \f(CW\*(Aqand\*(Aq\fR, \f(CW\*(Aqwith(in)\*(Aq\fR, \&\f(CW\*(Aqhas\*(Aq\fR, \f(CW\*(Aqus(ing|e)\*(Aq\fR, \f(CW\*(Aqon(ly)\*(Aq\fR, \f(CW\*(Aqthen\*(Aq\fR, \f(CW\*(Aqfor\*(Aq\fR, \f(CW\*(Aqof\*(Aq\fR anywhere in an entry to make it resemble English. They're ignored, but can make entries much easier to read at a glance. Keywords are case insensitive. .PP There are three kinds of tokens: \fIgrammar\fR, \fInumbers\fR (i.e. decimal digit sequences) and \fIstrings\fR. Strings can be either quoted or unquoted. A quoted string is bounded by double quotes and may contain whitespace (and quoted digits are treated as a string). An unquoted string is any whitespace-delimited token, containing characters and/or numbers. .PP On a semantic level, the control file consists of three types of entries: .IP "1. Global set-statements" 4 .IX Item "1. Global set-statements" A global set-statement starts with the keyword \f(CW\*(C`set\*(C'\fR and the item to configure. .IP "2. Global include-statement" 4 .IX Item "2. Global include-statement" The include statement consists of the keyword \f(CW\*(C`include\*(C'\fR and a glob string. This statement is used to include configure directives from separate files. .IP "3. One or more service entry statements." 4 .IX Item "3. One or more service entry statements." .SS "Service checks" .IX Subsection "Service checks" Each service entry consists of the keywords \f(CW\*(C`check\*(C'\fR, followed by the service type. Each entry requires a \fBunique\fR descriptive name, which may be freely chosen. This name is used by Monit to refer to the service internally and in all interactions with the user. The name is case insensitive. .PP Currently, nine types of check statements are supported: .PP \fIProcess\fR .IX Subsection "Process" .PP .Vb 1 \& CHECK PROCESS | MATCHING > .Ve .PP is the absolute path to the program's pid-file. A pid-file is a file, containing a Process's unique \s-1ID.\s0 If the pid-file does not exist or does not contain the \s-1PID\s0 number of a running process, Monit will call the entry's start method if defined. .PP is an alternative to using \s-1PID\s0 files and uses process name pattern matching to find the process to monitor. The top-most matching parent with highest uptime is selected, so this form of check is most useful if the process name is unique. Pid-file should be used where possible as it defines expected \s-1PID\s0 exactly. You can test if a process match a pattern from the command-line using \f(CW\*(C`monit procmatch "regex\-pattern"\*(C'\fR. This will lists all processes matching or not, the regex-pattern. .PP \fIFile\fR .IX Subsection "File" .PP .Vb 1 \& CHECK FILE PATH .Ve .PP is the absolute path to the file. If the file does not exist, Monit will call the entry's start method if defined, if does not point to a regular file type (for instance a directory), Monit will disable monitoring of this entry. If Monit runs in passive mode or the start method is not defined, Monit will just send an alert on error. .PP \fIFifo\fR .IX Subsection "Fifo" .PP .Vb 1 \& CHECK FIFO PATH .Ve .PP is the absolute path to the fifo. If the fifo does not exist, Monit will call the entry's start method if defined, if does not point to a fifo type (for instance a directory), Monit will disable monitoring of this entry. If Monit runs in passive mode or the start method is not defined, Monit will just send an alert on error. .PP \fIFilesystem\fR .IX Subsection "Filesystem" .PP .Vb 1 \& CHECK FILESYSTEM PATH .Ve .PP is the path to the device/disk, mount point or \s-1NFS/CIFS/FUSE\s0 connection string. If the filesystem becomes unavailable, Monit will call the service's start method if defined. If Monit runs in passive mode or the start method is not defined, Monit will just send an alert on error. .PP \fIDirectory\fR .IX Subsection "Directory" .PP .Vb 1 \& CHECK DIRECTORY PATH .Ve .PP is the absolute path to the directory. If the directory does not exist, Monit will call the entry's start method if defined. If does not point to a directory, monit will disable monitoring of this entry. If Monit runs in passive mode or the start methods is not defined, Monit will just send an alert on error. .PP \fIRemote host\fR .IX Subsection "Remote host" .PP .Vb 1 \& CHECK HOST ADDRESS .Ve .PP The host address can be specified as a hostname string or as an IP-address string on a dotted decimal format. Such as, \&\*(L"tildeslash.com\*(R" or \*(L"64.87.72.95\*(R". .PP \fISystem\fR .IX Subsection "System" .PP .Vb 1 \& CHECK SYSTEM .Ve .PP The \fIunique name\fR is usually the local host name, but any descriptive name can be used. If you use the variable \f(CW$HOST\fR as the name, it will expand to the hostname. This check allows one to monitor general system resources such as \s-1CPU\s0 usage, total memory usage or load average. The \&\fIunique name\fR is used as the system hostname in mail alerts and as the initial name of the host entry in M/Monit. .PP \fIProgram\fR .IX Subsection "Program" .PP .Vb 1 \& CHECK PROGRAM PATH [TIMEOUT SECONDS] .Ve .PP is the absolute path to the executable program or script. The status test allows one to check the program's exit status. If the program does not finish executing within seconds, Monit will terminate it. The default program timeout is 300 seconds (5 minutes). The output of the program is recorded and made available in the User Interface and in alerts, by default up to 512 bytes. You can change the output limit using the set limits statement). .PP \fINetwork\fR .IX Subsection "Network" .PP .Vb 1 \& CHECK NETWORK
| INTERFACE > .Ve .PP is the IPv4 or IPv6 address of the monitored network interface. It is also possible to use interface name, such as \*(L"eth0\*(R" on Linux. .SH "LOGGING" .IX Header "LOGGING" Monit will log status and error messages to a file or via syslog. Use the \fIset log\fR statement in the monitrc control file. .PP To setup Monit to log to its own file, use e.g. \fIset log /var/log/monit.log\fR. Note, the previous \fIset logfile\fR statement is deprecated, but can alternatively be used. .PP If \fBsyslog\fR is given as a value for the \f(CW\*(C`\-l\*(C'\fR command-line switch or the keyword \fIset log syslog\fR is found in the control file, Monit will use the \fBsyslog\fR system daemon to log messages with a priority assigned to each message based on the context. .PP To turn off logging, simply do not set the log in the control file (and of course, do not use the \-l switch) .PP The format for an entry in the log file is: .PP .Vb 1 \& [date] priority : message .Ve .PP for example: .PP .Vb 1 \& [2020\-08\-12T16:35:00+0200] info : \*(Aqlocalhost\*(Aq Monit started .Ve .SH "TERMINAL OUTPUT" .IX Header "TERMINAL OUTPUT" Monit uses \s-1ANSI\s0 escape sequences to colorise important parts of the command-line output, if the terminal supports colors, and \s-1UTF\-8\s0 box characters for tabular output. .PP If you want to process the monit \s-1CLI\s0 output in a script, you can use either the \-B option or use the following statement in the monit configuration file to disable tabular output and colors completely: .PP .Vb 1 \& SET TERMINAL BATCH .Ve .SH "DAEMON MODE" .IX Header "DAEMON MODE" Use .PP .Vb 2 \& SET DAEMON \& [[WITH] START DELAY ] .Ve .PP to specify Monit's poll cycle length and run Monit in daemon mode. You must specify a numeric argument which is a polling interval in seconds. .PP In daemon mode, Monit detaches from the console, puts itself in the background and runs continuously, monitoring each specified service and then goes to sleep for the given poll interval, wakes up and start monitoring again in an endless cycle. .PP Alternatively, you can use the \f(CW\*(C`\-d\*(C'\fR command line switch to set the poll interval, but it is strongly recommended to set the poll interval in your \fI~/.monitrc\fR file, by using \fIset daemon\fR. .PP Monit will then always start in daemon mode. If you do not use this statement and do not start monit with the \-d option, Monit will just run through the service checks once and then exit. This might be useful in some situations, but Monit is primarily designed to run as a daemon process. .PP Calling \f(CW\*(C`monit\*(C'\fR with a Monit daemon running in the background sends a wake-up signal to the daemon, forcing it to check services immediately. Calling \f(CW\*(C`monit\*(C'\fR with the quit argument will kill a running Monit daemon process instead of waking it up. .PP The start delay option can be used to wait (once) before Monit starts checking services after system reboot. Monit will by default start checking services immediately at startup. .SH "INIT SUPPORT" .IX Header "INIT SUPPORT" The \f(CW\*(C`set init\*(C'\fR statement prevents Monit from transforming itself into a daemon process. Instead Monit will run as a foreground process. (You should still use \f(CW\*(C`set daemon\*(C'\fR to specify the poll cycle). .PP This is required to run Monit from init. Using init to start Monit is probably the best way to run Monit if you want to be certain that you always have a running Monit daemon on your system. Another option is to run Monit from crontab. In any case, you should make sure that the control file does not have any syntax errors before you start Monit from init or crontab (use \f(CW\*(C`monit \-t\*(C'\fR to check). .PP To setup Monit to run from init, you can either use the \f(CW\*(C`set init\*(C'\fR statement in Monit's control file or use the \f(CW\*(C`\-I\*(C'\fR option from the command line. Here is what you must add to \f(CW\*(C`/etc/inittab\*(C'\fR: .PP .Vb 2 \& # Run Monit in standard run\-levels \& mo:2345:respawn:/usr/local/bin/monit \-Ic /etc/monitrc .Ve .PP After you have modified init's configuration file, you can run the following command to re-examine /etc/inittab and start Monit: .PP .Vb 1 \& telinit q .Ve .PP For systems without telinit: .PP .Vb 1 \& kill \-1 1 .Ve .PP If Monit is used to monitor services that are also started at boot time (e.g. services started via \s-1SYSV\s0 init rc scripts or via inittab) then, in some cases, a race condition could occur. That is; if a service is slow to start, Monit can assume that the service is not running and possibly try to start it and raise an alert, while, in fact the service is already about to start or already in its startup sequence. Please see the \s-1FAQ\s0 for a solution to this problem. The short version is to start Monit on a higher run-level after system processes. .SH "INCLUDE FILES" .IX Header "INCLUDE FILES" The Monit control file, \f(CW\*(C`monitrc\*(C'\fR, can include additional configuration files. This feature helps one to organise configuration into separate files instead of having everything in one file, if you like this kind of thing. Include statements can be placed at virtually any place in \f(CW\*(C`monitrc\*(C'\fR though the convention is at the bottom. The syntax is the following: .PP .Vb 1 \& INCLUDE .Ve .PP The globstring is any kind of string as defined in \f(CWglob(7)\fR. Thus, you can refer to a single file or you can load several files at once. If you want to use whitespace in your string the globstring needs to be embedded into quotes (') or double quotes ("). If the globstring matches a directory instead of a file, it is silently ignored. .PP Any \fIinclude\fR statements in an included file are parsed as in the main control file. .PP If the globstring matches several results, the files are included in a non sorted manner. If you need to rely on a certain order, you should avoid wild-card globbing and instead specify the full path of files included. .PP An example, .PP .Vb 1 \& include /etc/monit.d/*.cfg .Ve .PP This will load any file matching the globstring. That is, all files in \fI/etc/monit.d\fR that ends with the prefix \fI.cfg\fR. .PP Up to 1024 include files are supported. If this limit is exceeded, Monit will report an error. .SH "SSL OPTIONS" .IX Header "SSL OPTIONS" Common \s-1SSL/TLS\s0 options can be set using the following statement and will apply to all \s-1SSL\s0 connections made through Monit: .PP .Vb 12 \& SET [OPTIONS] { \& VERSION: , ... \& VERIFY: \& SELFSIGNED: \& CIPHERS: \& PEMFILE: \& PEMCHAIN: \& PEMKEY: \& CLIENTPEMFILE: \& CACERTIFICATEFILE: \& CACERTIFICATEPATH: \& } .Ve .PP \&\fI\s-1VERSION\s0\fR set the specific \s-1SSL/TLS\s0 version to use. By default Monit uses \s-1AUTO.\s0 In \s-1AUTO\s0 mode, only \s-1TLS 1.2\s0 and 1.3 are allowed, all other protocols are considered obsolete. If you want to use the obsolete protocol you must explicitly set the version. You can exclude the protocol using the \*(L"\-\*(R" prefix. Exclude list example: set ssl { version: auto \-sslv2 \-sslv3 \-tlsv1 \-tlsv11 } Example of allowed protocols list: set ssl { version: tlsv12 tlsv13 } .PP \&\fI\s-1VERIFY\s0\fR enable \s-1SSL\s0 server certificate verification. This will verify and report an error if the server certificate is not trusted, not valid or has expired. By default certificate verification is disabled, though we recommend enabling it, otherwise there is no guarantee that Monit speaks with the server you think it speaks with. .PP \&\fI\s-1SELFSIGNED\s0\fR self-signed certificates are rejected by default. Use this option to allow self-signed certificates. Warning: not recommended in production for security reasons, as in such case the client cannot verify it talks to the correct server and attack types like man-in-the-middle or \s-1DNS\s0 hijacking are possible). .PP \&\fI\s-1CIPHERS\s0\fR override default \s-1SSL/TLS\s0 ciphers. .PP \&\fI\s-1PEMFILE\s0\fR set the path to the \s-1SSL\s0 server certificate \&\*(L"database-file\*(R" in \s-1PEM\s0 format. This options has effect only for the monit \s-1HTTP\s0 interface. .PP As an alternative to setting \fI\s-1PEMFILE\s0\fR with a combined chain-key file, \&\fI\s-1PEMCHAIN\s0\fR and \fI\s-1PEMKEY\s0\fR set the path to the \s-1SSL\s0 certificate chain respectively the server private key file in \s-1PEM\s0 format. This options has effect only for the monit \s-1HTTP\s0 interface. .PP \&\fI\s-1CLIENTPEMFILE\s0\fR set the path to the \s-1PEM\s0 encoded \s-1SSL\s0 client certificates database file. If set, a client certificate authentication is enabled. .PP \&\fI\s-1CACERTIFICATEFILE\s0\fR set the path to the \s-1PEM\s0 encoded file containing Certificate Authority (\s-1CA\s0) certificates. Monit uses OpenSSL's default \&\s-1CA\s0 certificates if this options is not used (\fIopenssl version \-d\fR can be used to get the default \s-1CA\s0 certificates). Many distributions comes with \s-1SSL\s0 and \s-1CA\s0 certificates already setup and using this option is normally not necessary. .PP \&\fI\s-1CACERTIFICATEPATH\s0\fR set the path to the directory containing Certificate Authority (\s-1CA\s0) certificates. Monit uses OpenSSL's default \&\s-1CA\s0 certificates if this options is not used. Many distributions comes with \s-1SSL\s0 and \s-1CA\s0 certificates already setup and using this option is normally not necessary. .PP The \s-1SSL\s0 options statement will globally apply to all \s-1SSL/TLS\s0 connection made through Monit. \s-1SSL\s0 options can also be set in a local check, in \&\fImailserver\fR settings or in the \fImmonit\fR statement, and will then override or extend the global settings. .PP To set global \s-1SSL\s0 options, put this statement near the top of your \&\fI.monitrc\fR file: .PP .Vb 1 \& set ssl options {...} .Ve .PP Here is an example of setting both global and local \s-1SSL\s0 options: .PP .Vb 5 \& # Enable certificate verification for all SSL connections \& # Self\-signed certificates are not allowed by default \& set ssl options { \& verify: enable \& } \& \& # Verify certificate (via global setting) \& # Allow self\-signed certificate for this check \& check host example with address example.com \& if failed \& port 443 \& protocol https \& with ssl options {selfsigned: allow} \& then alert \& \& # Do not verify example2.com\*(Aqs certificate (override global setting) \& check host example2 with address example2.com \& if failed \& port 443 \& protocol https \& with ssl options {verify: disable} \& then alert .Ve .SH "FIPS MODE" .IX Header "FIPS MODE" To enable \s-1FIPS\s0 mode (provided your OpenSSL library supports it), add this statement to Monit control file: .PP .Vb 1 \& SET FIPS .Ve .SH "MONIT HTTPD" .IX Header "MONIT HTTPD" If specified in the control file, Monit will start with \s-1HTTP\s0 support. You can then use Monit \s-1CLI\s0 to start and stop services, disable or enable service monitoring as well as view the status of each service. .PP If \s-1HTTP\s0 support is enabled over \s-1TCP\s0 rather than over a Unix Socket, you can also view Monit's informative dashboard in your web browser. .PP Note that if \s-1HTTP\s0 support is disabled, the Monit \s-1CLI\s0 interface will have reduced functionality, as most \s-1CLI\s0 commands (such as \*(L"monit status\*(R") needs to communicate with the Monit background process via the \s-1HTTP\s0 interface. We strongly recommend having \s-1HTTP\s0 support enabled. If security is a concern, bind the \s-1HTTP\s0 interface to local host only or use Unix Socket so Monit is not accessible from the outside. .SS "\s-1UNIX SOCKET\s0" .IX Subsection "UNIX SOCKET" Syntax for Unix Socket: .PP .Vb 5 \& SET HTTPD UNIXSOCKET \& [UID ] \& [GID ] \& [PERMISSION ] \& ALLOW + .Ve .PP Example: .PP .Vb 2 \& set httpd unixsocket /var/run/monit.sock \& allow username:password .Ve .PP \&\fB\s-1UNIXSOCKET\s0\fR set the path to the Unix Socket Monit should bind to and listen on. .PP \&\fB\s-1UID\s0\fR Socket owner (optional, defaults to the user who executes Monit) .PP \&\fB\s-1GID\s0\fR Socket group (optional, defaults to primary group of the user who executes Monit) .PP \&\fB\s-1PERMISSION\s0\fR Socket permissions \- absolute octal mode (optional, process \s-1UMASK\s0 is applied by default) .SS "\s-1TCP PORT\s0" .IX Subsection "TCP PORT" Syntax for \s-1TCP\s0 port: .PP .Vb 4 \& SET HTTPD PORT \& [ADDRESS ] \& [[with] SSL {pemfile: }] \& ALLOW + .Ve .PP \&\fB\s-1PORT\s0\fR set the port Monit should bind to and listen on. Monit is usually setup on port 2812. Example: .PP .Vb 2 \& set httpd port 2812 \& allow username:password .Ve .PP You can now use to access Monit's web interface from a browser, after you have entered username and password as credentials. You might need to use double quotes around the password if it contains special chars such as \&\*(L"p@ssw:r#\*(R". .PP \&\fB\s-1ADDRESS\s0\fR make Monit listen on a specific interface only. For example if you \fIdon't\fR want to expose Monit's web interface to the network, bind it to localhost only. Monit will accept connections on any addresses if the \s-1ADDRESS\s0 option is not used: .PP .Vb 4 \& set httpd \& port 2812 \& use address 127.0.0.1 \& allow username:password .Ve .PP Monit \s-1HTTP\s0 over \s-1TCP\s0 supports both \s-1IP\s0 version 4 and 6. Support is transparent and does not require any special configuration. If the bind \&\fIaddress\fR is \fBnot\fR specified as in this example: .PP .Vb 3 \& set httpd \& port 2812 \& allow ... .Ve .PP Monit will bind to and listen on port 2812 on all interfaces, both IPv4 and IPv6 if available. To force Monit \s-1HTTP\s0 to only listen on and accept connections over \s-1IP\s0 version 6, specify an IPv6 address: .PP .Vb 4 \& set httpd \& port 2812 \& use address "fe80::222:19ff:fe53:6c59" \& allow ... .Ve .PP Likewise, to force Monit \s-1HTTP\s0 to only listen on and accept connections over \s-1IP\s0 version 4, specify an IPv4 address: .PP .Vb 4 \& set httpd \& port 2812 \& use address 62.109.39.247 \& allow ... .Ve .PP \fI\s-1SSL\s0 settings\fR .IX Subsection "SSL settings" .PP \&\fB\s-1SSL\s0\fR enable \s-1SSL/TLS\s0 for Monit's web interface. See options for full list of \s-1SSL\s0 options. .PP \&\fI\s-1PEMFILE\s0\fR sets the path to the \s-1PEM\s0 encoded file, which contains the server's private key and certificate. This file should be stored in a safe place on the filesystem and should have strict permissions, no more than 0700. .PP As an alternative \fI\s-1PEMCHAIN\s0\fR and \fI\s-1PEMKEY\s0\fR sets the path to separate \s-1PEM\s0 encoded certificate chain and private key file. The key file should be stored in a safe place on the filesystem and should have strict permissions, no more than 0700. .PP Example for using pemfile: .PP .Vb 6 \& set httpd \& port 2812 \& with ssl { \& pemfile: /etc/ssl/certs/monit.pem \& } \& allow myuser:mypassword .Ve .PP Example for using separate certificate chain and key: .PP .Vb 7 \& set httpd \& port 2812 \& with ssl { \& pemchain: /etc/ssl/certs/monit.chain.pem \& pemkey: /etc/ssl/certs/monit.key.pem \& } \& allow myuser:mypassword .Ve .PP You can now use to access the Monit web server over a \s-1TLS\s0 encrypted connection. .PP Self-signed server certificates note: The Monit \s-1CLI\s0 works on a client-server basis and uses the Monit \s-1HTTP GUI\s0 to collect status from the Monit daemon and pass commands like start/stop to it. As self-signed certificates are rejected by default for security reasons, the \s-1CLI\s0 won't work unless you explicitly allow it by using the \fI\s-1SELFSIGNED: ALLOW\s0\fR option: .PP .Vb 7 \& set httpd \& port 2812 \& with ssl { \& pemfile: /etc/ssl/certs/monit.pem \& selfsigned: allow \& } \& allow myuser:mypassword .Ve .PP \&\fB\s-1CLIENTPEMFILE\s0\fR enables a client certificate based authentication and sets the path to a \s-1PEM\s0 encoded database file, that contains a list of allowed client certificates. A connecting client has to provide a certificate known to Monit (listed in \fIclientpemfile\fR), otherwise it is rejected. This file must also include all necessary \s-1CA\s0 certificates. By default self-signed client certificates are \fBrejected\fR for security reasons, if you want to allow self-signed client certificates (recommended only for testing), you have to allow it explicitly using the \fB\s-1SELFSIGNED: ALLOW\s0\fR option (see the example above). See your browser's documentation for how to import client certificate to it. .PP Example: .PP .Vb 6 \& set httpd \& port 2812 \& with SSL { \& pemfile: /etc/ssl/certs/monit.pem \& clientpemfile: /etc/ssl/certs/monit\-client.pem \& } .Ve .SS "Monit version signature" .IX Subsection "Monit version signature" \&\fB\s-1SIGNATURE\s0\fR can be used to hide Monit version from the \&\s-1HTTP\s0 response header and error pages. For example: .PP .Vb 4 \& set httpd \& port 2812 \& signature disable \& allow myuser:mypassword .Ve .SS "Authentication" .IX Subsection "Authentication" Access to the Monit web interface is controlled primarily via the \&\fB\s-1ALLOW\s0\fR option which is used to specify authentication and authorise only specific clients to connect. .PP If the Monit command line interface is being used, at least one cleartext password is necessary (see below), otherwise the Monit command line interface will not be able to connect to the Monit web interface. .PP Clients that try to connect to Monit, but submit a wrong username and/or password are logged with their IP-address. .PP \fIClient certificates\fR .IX Subsection "Client certificates" .PP This authentication method is a strong authentication mechanism and employ \s-1HTTPS\s0 client certificates to verify the authenticity of a connecting client. Clients must posses a Public Key Certificate known by Monit. The client must connect to Monit over \s-1SSL\s0 and Monit will ask the client to send its certificate. Upon receiving the certificate Monit compares the certificate to certificates located in the \&\fI\s-1CLIENTPEMFILE\s0\fR file. Access is granted if the client certificate is in this file. See \s-1SSL\s0 settings for details. .PP \fIBasic Authentication\fR .IX Subsection "Basic Authentication" .PP Monit supports Basic Authentication as described in \s-1RFC 2617.\s0 .PP In short; a server challenge a client (e.g. a Browser) to send authentication information (username and password) and if accepted, the server will allow the client access to the requested document. .PP The biggest weakness with Basic Authentication is that username and password is sent in clear-text over the network (i.e. base64 encoded). It is therefore recommended that you do not use this authentication method unless you run Monit with \fIssl\fR support. With ssl, it is safe to use Basic Authentication since \fIall\fR \s-1HTTP\s0 data, including Basic Authentication headers will be encrypted. .PP Cleartext user and password .IX Subsection "Cleartext user and password" .PP Monit will use Basic Authentication if an allow statement contains a username and a password separated with a single ':' character. .PP Note: Special characters can be used, but for non-alphanumerics the password has to be quoted. .PP Syntax: .PP .Vb 1 \& ALLOW : .Ve .PP \fIHost and network allow list\fR .IX Subsection "Host and network allow list" .PP Monit maintains an access-control list of hosts and networks allowed to connect. You can add as many hosts as you want to, but only hosts with a valid domain name or its \s-1IP\s0 address are allowed. .PP Monit will query a name server to check any hosts trying to connect. If a host (client) is trying to connect, but cannot be found in the access list or cannot be resolved, Monit will shutdown the connection to the client promptly. .PP Control file example: .PP .Vb 6 \& set httpd port 2812 \& allow localhost \& allow my.other.work.machine.com \& allow 10.1.1.1 \& allow 192.168.1.0/255.255.255.0 \& allow 10.0.0.0/8 .Ve .PP Clients, not mentioned in the allow list and trying to connect to Monit will be denied access and are logged with their IP-address. .PP \s-1PAM\s0 .IX Subsection "PAM" .PP \&\s-1PAM\s0 is supported on platforms which provide \s-1PAM\s0 (such as Linux, macOS, FreeBSD, NetBSD). .PP Syntax: .PP .Vb 1 \& ALLOW @ .Ve .PP where \f(CW\*(C`group\*(C'\fR is the group name allowed to access Monit's web interface. Monit uses a \s-1PAM\s0 service called \fImonit\fR for \s-1PAM\s0 authentication, see the \s-1PAM\s0 manual page for detailed instructions on how to set the \s-1PAM\s0 service and \s-1PAM\s0 authentication plugins. .PP Sample \s-1PAM\s0 service for Monit on macOS (store as \&\*(L"/etc/pam.d/monit\*(R" file): .PP .Vb 5 \& # monit: auth account password session \& auth sufficient pam_securityserver.so \& auth sufficient pam_unix.so \& auth required pam_deny.so \& account required pam_permit.so .Ve .PP A \f(CW\*(C`monitrc\*(C'\fR config which only allows group \f(CW\*(C`admin\*(C'\fR authenticated via \&\s-1PAM\s0 to access the web interface: .PP .Vb 3 \& set httpd \& port 2812 \& allow @admin .Ve .PP htpasswd file .IX Subsection "htpasswd file" .PP Alternatively you store credentials in a \f(CW\*(C`htpasswd\*(C'\fR formatted file (one \&\fIuser:passwd\fR entry per line), like so: \fIallow [cleartext|crypt|md5] /path [users]\fR. The default is cleartext passwords. In case passwords are digested it is necessary to specify the cryptographic method. If you do not want all users in the password file to have access to Monit, you can specify only those users that should have access in the allow statement. Otherwise all users are added. .PP Example1: .PP .Vb 2 \& set httpd port 2812 \& allow md5 /etc/httpd/htpasswd john paul ringo george .Ve .PP If you use this method together with a host list, then only clients from the listed hosts will be allowed to connect to the Monit \s-1HTTP\s0 server and each client will be asked to provide a username and a password. .PP Example2: .PP .Vb 4 \& set httpd port 2812 \& allow localhost \& allow 10.1.1.1 \& allow hauk:"passw@rd" .Ve .PP If you only want to use Basic Authentication, then just provide allow entries with username and password or password files as in example 1 above. .PP Read-only users .IX Subsection "Read-only users" .PP Further it is possible to define some users as read-only. A read-only user can read the Monit web pages but will \fInot\fR get access to push-buttons and cannot change a service from the web interface. .PP .Vb 5 \& set httpd port 2812 \& allow admin:password \& allow hauk:password read\-only \& allow @admins \& allow @users read\-only .Ve .PP A user is set to read-only by using the \fIread-only\fR keyword \&\fBafter\fR username:password. In the above example the user \fIhauk\fR is defined as a read-only user, while the \fIadmin\fR user has all access rights. .PP Read-only http server .IX Subsection "Read-only http server" .PP Finally is is possible to restrict the entire web interface as read-only. All users, regardless if defined with or without the \fIread-only\fR keyword, have only the permissions described above. When using this setting it is recommend to set up a \fB\s-1UNIXSOCKET\s0\fR as well, otherwise the monit \s-1CLI\s0 will \fBnot\fR work. .PP .Vb 5 \& set httpd \& port 2812 \& read\-only \& unixsocket /run/monit.socket \& allow @users .Ve .SH "ALERT MESSAGES" .IX Header "ALERT MESSAGES" Monit will raise an alert in the following situations: .PP .Vb 10 \& o A service does not exist (e.g. process is not running) \& o Cannot read service data (e.g. cannot get filesystem usage) \& o Execution of a service related script failed (e.g. start failed) \& o Invalid service type (e.g. if path points to directory instead of file) \& o Custom test script returned error \& o Ping test failed \& o TCP/UDP connection and/or port test failed \& o Resource usage test failed (e.g. cpu usage too high) \& o Checksum mismatch or change (e.g. file changed) \& o File size test failed (e.g. file too large) \& o Timestamp test failed (e.g. file is older then expected) \& o Permission test failed (e.g. file mode doesn\*(Aqt match) \& o An UID test failed (e.g. file owned by different user) \& o A GID test failed (e.g. file owned by different group) \& o A process\*(Aqs PID changed out of Monit\*(Aqs control \& o A process\*(Aqs PPID changed out of Monit control \& o Too many service recovery attempts failed \& o A file content test found a match \& o Filesystem flags changed \& o A service action was performed by administrator \& o A network link down or up \& o A network link capacity changed \& o A network link saturation failed \& o A network link upload/download rate failed \& o Monit was started, stopped or reloaded .Ve .PP To get an alert via e\-mail, set the alert target using the global \f(CW\*(C`set alert\*(C'\fR statement (for all services) or the \f(CW\*(C`alert\*(C'\fR statement in the context of a service entry (for a single service). .SS "Setting an alert recipient" .IX Subsection "Setting an alert recipient" If an event occurs, Monit will send an alert. There are two kinds of alert statement: global and local. .PP Global syntax: .PP .Vb 1 \& SET ALERT mail\-address [[NOT] {event, ...}] [REMINDER cycles] .Ve .PP Example: .PP .Vb 1 \& set alert foo@bar .Ve .PP will send a default email to the address foo@bar whenever any event occurs on any service. .PP If you want to send alert messages to more email addresses, add a \&\f(CW\*(C`set alert \*(Aqemail\*(Aq\*(C'\fR statement for each address. .PP It is also possible to use the local alert statement in the context of a service check to enable alert for the given service only: .PP .Vb 1 \& ALERT mail\-address [[NOT] {event, ...}] [REMINDER cycles] .Ve .PP Local alert example: .PP .Vb 4 \& check host myhost with address 1.2.3.4 \& if failed port 3306 protocol mysql then alert \& if failed port 80 protocol http then alert \& alert foo@baz # Local service alert .Ve .PP You can combine global and local alert statements. If there is a conflict, the local alert has precedence and overrides the global statement. .PP \fISetting an event filter\fR .IX Subsection "Setting an event filter" .PP If you only want an alert message sent for certain events, list them in an \f(CW\*(C`{event, ...}\*(C'\fR block, e.g.: .PP .Vb 1 \& set alert foo@bar only on { timeout, nonexist } .Ve .PP The event list can also be negated to send alerts for all events \&\fIexcept\fR those which are listed, by prepending the list with the word \&\f(CW\*(C`not\*(C'\fR. For example, to receive all alerts except notification about Monit program start and stop: .PP .Vb 1 \& set alert foo@bar but not on { instance } .Ve .PP Here is a list of all possible event types emitted by Monit. Values from the first column can be used in the event filter list mentioned above: .PP .Vb 10 \& Event: | Failure state: | Success state: \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& action | "Action failed" | "Action done" \& checksum | "Checksum failed" | "Checksum succeeded" \& bytein | "Download bytes exceeded" | "Download bytes ok" \& byteout | "Upload bytes exceeded" | "Upload bytes ok" \& connection | "Connection failed" | "Connection succeeded" \& content | "Content failed", | "Content succeeded" \& data | "Data access error" | "Data access succeeded" \& exec | "Execution failed" | "Execution succeeded" \& fsflags | "Filesystem flags failed" | "Filesystem flags succeeded" \& gid | "GID failed" | "GID succeeded" \& icmp | "Ping failed" | "Ping succeeded" \& instance | "Monit instance changed" | "Monit instance changed not" \& invalid | "Invalid type" | "Type succeeded" \& link | "Link down" | "Link up" \& nonexist | "Does not exist" | "Exists" \& packetin | "Download packets exceeded" | "Download packets ok" \& packetout | "Upload packets exceeded" | "Upload packets ok" \& permission | "Permission failed" | "Permission succeeded" \& pid | "PID failed" | "PID succeeded" \& ppid | "PPID failed" | "PPID succeeded" \& resource | "Resource limit matched" | "Resource limit succeeded" \& saturation | "Saturation exceeded" | "Saturation ok" \& size | "Size failed" | "Size succeeded" \& speed | "Speed failed" | "Speed ok" \& status | "Status failed" | "Status succeeded" \& timeout | "Timeout" | "Timeout recovery" \& timestamp | "Timestamp failed" | "Timestamp succeeded" \& uid | "UID failed" | "UID succeeded" \& uptime | "Uptime failed" | "Uptime succeeded" .Ve .PP Each alert recipient can have it's own filter, for example: .PP .Vb 3 \& set alert foo@bar { nonexist, timeout, resource, icmp, connection } \& set alert security@bar on { checksum, permission, uid, gid } \& set alert admin@bar .Ve .PP \fISetting an error reminder\fR .IX Subsection "Setting an error reminder" .PP Monit by default sends just \fIone\fR notification if a service failed and another when/if it recovers. If you want to be notified that the service is still in a failed state, you can use the reminder option in the alert statement: .PP .Vb 1 \& SET ALERT mail\-address [WITH] REMINDER [ON] number [CYCLES] .Ve .PP For example if you want to be notified each tenth cycle if a service remains in a failed state, you can use: .PP .Vb 1 \& alert foo@bar with reminder on 10 cycles .Ve .PP Likewise if you want to be notified on each failed cycle, you can use: .PP .Vb 1 \& alert foo@bar with reminder on 1 cycle .Ve .SS "Disabling alerts for some service" .IX Subsection "Disabling alerts for some service" To suppress alerts for some user and service, add the \f(CW\*(C`noalert\*(C'\fR statement in the context of a service check. .PP .Vb 1 \& NOALERT mail\-address .Ve .PP Example (send all alerts to foo@bar except for service p3): .PP .Vb 1 \& set alert foo@bar \& \& check process p1 with pidfile /var/run/p1.pid \& \& check process p2 with pidfile /var/run/p2.pid \& \& check process p3 with pidfile /var/run/p3.pid \& noalert foo@bar .Ve .SS "Message format" .IX Subsection "Message format" The alert message format can be modified by using the \f(CW\*(C`set mail\-format\*(C'\fR statement: .PP .Vb 1 \& SET MAIL\-FORMAT {mail\-format} .Ve .PP Example: .PP .Vb 8 \& set mail\-format { \& from: Monit Support \& reply\-to: support@domain.com \& subject: $SERVICE $EVENT at $DATE \& message: Monit $ACTION $SERVICE at $DATE on $HOST: $DESCRIPTION. \& Yours sincerely, \& monit \& } .Ve .PP The \fIfrom:\fR option is the sender's email address for Monit alerts. A sender's name is optional, but if used, requires that the subsequent email-address is enclosed in angle brackets as in the example above. .PP The \fIreply-to:\fR option can be used to set the reply-to mail header, optionally with a name. .PP The \fIsubject:\fR option sets the message subject and must be on only \&\fIone\fR line. .PP The \fImessage:\fR option sets the mail body. This option should always be the last in a mail-format statement. The mail body can be as long as needed, but must \fInot\fR contain the block-closing '}' character. .PP You need not use all options, only the option which you want to override. For example to globally change the sender address only: .PP .Vb 1 \& set mail\-format { from: bofh@foo.bar } .Ve .PP The subject and body may contain \f(CW$NAME\fR variables, which are expanded by Monit. Here is a list of variables that can be used when composing an alert message. .IP "\(bu" 4 \&\fI\f(CI$EVENT\fI\fR .Sp A string describing the event that occurred. .IP "\(bu" 4 \&\fI\f(CI$SERVICE\fI\fR .Sp The service name .IP "\(bu" 4 \&\fI\f(CI$DATE\fI\fR .Sp The current time and date (\s-1RFC 822\s0 date style). .IP "\(bu" 4 \&\fI\f(CI$HOST\fI\fR .Sp The name of the host Monit is running on .IP "\(bu" 4 \&\fI\f(CI$ACTION\fI\fR .Sp The name of the action which was done by Monit. .IP "\(bu" 4 \&\fI\f(CI$DESCRIPTION\fI\fR .Sp The description of the error condition .SS "Setting a mail server for alert delivery" .IX Subsection "Setting a mail server for alert delivery" The mail server Monit should use to send alert messages is defined with a \f(CW\*(C`set mailserver\*(C'\fR statement: .PP .Vb 9 \& SET MAILSERVER \& \& [PORT number] \& [USERNAME string] [PASSWORD string] \& [using SSL [with options {...}] \& [CERTIFICATE CHECKSUM [MD5|SHA1] ], \& ... \& [with TIMEOUT X SECONDS] \& [using HOSTNAME hostname] .Ve .PP Multiple mail servers can be set by using a comma separated list. If Monit cannot connect to the first server, it will try the next in the list and so on. .PP The port statement allows one to override the default \s-1SMTP\s0 port (465 for \s-1SSL,\s0 or 25 for \s-1TLS\s0 and non secure connection). .PP Monit supports \s-1AUTH PLAIN\s0 and \s-1AUTH LOGIN\s0 for \s-1SMTP\s0 authentication. You can set a username and a password using the \s-1USERNAME\s0 and \&\s-1PASSWORD\s0 options. .PP You can set \s-1SSL/TLS\s0 options for the connection and also check a \s-1SSL\s0 certificate checksum. .PP The default connection timeout is 5 seconds. You can rise this limit using the \s-1TIMEOUT\s0 option. .PP Example (setting two mail servers for failover): .PP .Vb 1 \& set mailserver smtp.gmail.com, smtp.other.host .Ve .PP By default, Monit uses the local host name in \s-1SMTP HELO/EHLO\s0 and in the Message-ID header. You can override this using the \s-1HOSTNAME\s0 option. .SS "Event queue" .IX Subsection "Event queue" If no mail server is available, Monit \fIcan\fR queue events in the local file-system for retry until the mail server recovers. .PP If Monit is used with M/Monit, the event queue provides a safe event store for M/Monit in the case of temporary problems. .PP The event queue is persistent across Monit restarts and provided that the back-end filesystem is persistent, across system restart as well. .PP By default, the queue is disabled and if the alert handler fails, Monit will simply drop the alert message. .PP To enable the event queue, add the following statement: .PP .Vb 1 \& SET EVENTQUEUE BASEDIR [SLOTS ] .Ve .PP The is the path to the directory where events will be stored. .PP Optionally if you want to limit the queue size, use the slots option to only store up to \fInumber\fR event messages. .PP Example: .PP .Vb 1 \& set eventqueue basedir /var/monit slots 5000 .Ve .PP If you are running more then one Monit instance on the same machine, you \fBmust\fR use separated event queue directories. .SH "SERVICE METHODS" .IX Header "SERVICE METHODS" Each service can have associated \fIstart\fR, \fIstop\fR and \fIrestart\fR methods which Monit can use to execute action on the service. .PP Syntax: .PP .Vb 4 \& [PROGRAM] = "program" \& [[AS] UID ] \& [[AS] GID ] \& [[WITH] TIMEOUT SECOND(S)] .Ve .PP If the \f(CW\*(C`program\*(C'\fR is a shell script it must begin with \f(CW\*(C`#!\*(C'\fR and the remainder of the first line must specify an interpreter for the program. e.g. \f(CW\*(C`#!/bin/sh\*(C'\fR .PP The \f(CW\*(C`program\*(C'\fR must also be executable (for example mode 0755). .PP It's possible to write scripts directly into the \fIprogram\fR this way: .PP .Vb 1 \& stop = "/bin/sh \-c \*(Aqkill \-s SIGTERM \`cat /var/run/process.pid\`\*(Aq" .Ve .PP By default the program is executed as the user under which Monit is running. If Monit is running as root, you may optionally specify the \fI\s-1UID\s0\fR and \fI\s-1GID\s0\fR the executed program should switch to. .PP Example: .PP .Vb 3 \& check process mmonit with pidfile /usr/local/mmonit/mmonit/logs/mmonit.pid \& start program = "/usr/local/mmonit/bin/mmonit" as uid "mmonit" and gid "mmonit" \& stop program = "/usr/local/mmonit/bin/mmonit stop" as uid "mmonit" and gid "mmonit" .Ve .PP In the case of a process check, Monit will wait up to 30 seconds for the start/stop action to finish before giving up and report an error. You can override this timeout using the \fI\s-1TIMEOUT\s0\fR option or globally using the set limits. .PP Example: .PP .Vb 3 \& check process foobar with pidfile /var/run/foobar.pid \& start program = "/etc/init.d/foobar start" with timeout 60 seconds \& stop program = "/etc/init.d/foobar stop" .Ve .SH "SERVICE POLL TIME" .IX Header "SERVICE POLL TIME" Services are checked regularly in an interval defined by the \f(CW\*(C`set daemon n\*(C'\fR statement. Checks are performed in the same order as they are written in the \f(CW\*(C`.monitrc\*(C'\fR file, except if dependencies are setup between services, where pre-requisite services are tested first. .PP It is possible to modify a service check schedule by using the \f(CW\*(C`every\*(C'\fR statement. .PP There are three variants: .IP "1. A poll cycle multiple" 4 .IX Item "1. A poll cycle multiple" .Vb 1 \& EVERY [number] CYCLES .Ve .IP "2. Cron-style" 4 .IX Item "2. Cron-style" .Vb 1 \& EVERY [cron] .Ve .IP "3. Negative Cron-style (do-not-check)" 4 .IX Item "3. Negative Cron-style (do-not-check)" .Vb 1 \& NOT EVERY [cron] .Ve .PP A cron-style string consist of 5 fields separated with white-space. All fields are required: .PP .Vb 7 \& Name: | Allowed values: | Special characters: \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& Minutes | 0\-59 | * \- , \& Hours | 0\-23 | * \- , \& Day of month | 1\-31 | * \- , \& Month | 1\-12 (1=jan, 12=dec) | * \- , \& Day of week | 0\-6 (0=sunday, 6=saturday) | * \- , .Ve .PP The special characters: .PP .Vb 10 \& Character: | Description: \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& * (asterisk) | The asterisk indicates that the expression will \& | match for all values of the field; e.g., using \& | an asterisk in the 4th field (month) would \& | indicate every month. \& \- (hyphen) | Hyphens are used to define ranges. For example, \& | 8\-9 in the hour field indicate between 8AM and \& | 9AM. Note that range is from start time until and \& | including end time. That is, from 8AM and until \& | 10AM unless minutes are set. Another example, \& | 1\-5 in the weekday field, specify from monday to \& | friday (including friday). \& , (comma) | Comma are used to specify a sequence. For example \& | 17,18 in the day field indicate the 17th and 18th \& | day of the month. A sequence can also include \& | ranges. For example, using 1\-5,0 in the weekday \& | field indicate monday to friday and sunday. .Ve .PP Example 1: Check once per two cycles .PP .Vb 2 \& check process nginx with pidfile /var/run/nginx.pid \& every 2 cycles .Ve .PP Example 2: Check every workday between 8AM to 7PM .PP .Vb 3 \& check program checkOracleDatabase \& with path /var/monit/programs/checkoracle.pl \& every "* 8\-19 * * 1\-5" .Ve .PP Example 3: Do not run the check in the backup window on Sunday between 0AM to 3AM, otherwise run the check with the regular poll cycle frequency. .PP .Vb 2 \& check process mysqld with pidfile /var/run/mysqld.pid \& not every "* 0\-3 * * 0" .Ve .PP Limitations: .PP The current scheduler is poll cycle based. If a service check is scheduled with the \fIevery cron\fR statement, Monit will check if the current time match the cron-string pattern. If it does, then the check is performed otherwise it is skipped. The cron specification does not guarantee when exactly the test will run, this depends on the default poll time and the length of the check cycle. In other words, we cannot guarantee that Monit will run on a specific time. Therefore we \&\fBstrongly\fR recommend to use an asterix in the minute field or at minimum a range, e..g. 0\-15. \fBNever\fR use a specific minute as Monit may not run on that minute. .PP We will address this limitation in a future release and convert the scheduler from serial polling into a parallel non-blocking scheduler where checks are guaranteed to run on time and with seconds resolution. .SH "SERVICE GROUPS" .IX Header "SERVICE GROUPS" Service entries in the control file, \fImonitrc\fR, can be grouped together by the \fIgroup\fR statement. The syntax is simply (keyword in capital): .PP .Vb 1 \& GROUP groupname .Ve .PP With this statement it is possible to group similar service entries together and manage them as a whole. Monit provides functions to start, stop, restart, monitor and unmonitor a group of services, like so: .PP To start a group of services from the console: .PP .Vb 1 \& monit \-g start .Ve .PP To stop a group of services: .PP .Vb 1 \& monit \-g stop .Ve .PP To restart a group of services: .PP .Vb 1 \& monit \-g restart .Ve .PP A service can be added to multiple groups by using more than one group statement: .PP .Vb 2 \& group www \& group filesystem .Ve .SH "SERVICE MONITORING MODE" .IX Header "SERVICE MONITORING MODE" Monit supports two monitoring modes: \fIactive\fR and \fIpassive\fR. .PP Syntax: .PP .Vb 1 \& MODE .Ve .PP In \fIactive\fR mode, Monit will pro-actively monitor a service and in case of problems raise alerts and restart the service. Active is the default mode. .PP The \fIpassive\fR mode is similar to the \fIactive\fR mode, except if the service fails, monit will \fBnot\fR try to fix a problem by restarting the service and will raise alerts only. .SH "SYSTEM REBOOT AND SERVICE STARTUP" .IX Header "SYSTEM REBOOT AND SERVICE STARTUP" Monit supports three reboot modes: \fIstart\fR, \fInostart\fR and \fIlaststate\fR. .PP Syntax: .PP .Vb 1 \& ONREBOOT .Ve .PP In \fIstart\fR mode, Monit will always start the service automatically on reboot, even if it was stopped before restart. This is the default mode and used if \fIonreboot\fR is not specified. .PP In \fInostart\fR mode, the service is \fInever\fR started automatically after reboot. This mode is intended for a high-availability solutions with active/passive clusters. For example, a service group \s-1HA,\s0 consisting of e.g. a mobile \s-1IP\s0 alias and an application server, is started on host H1, host H2 is backup and heartbeat is in place between both hosts. The service group \fI\s-1HA\s0\fR must be started on one node only. If H1 dies, H2 takes over the \s-1HA\s0 group. If H1 reboots, it is important that it won't try to start the \s-1HA\s0 group also. Even though the group was active on H1 before it crashed, as \s-1HA\s0 is running on H2 now. .PP In \fIlaststate\fR mode, a service's monitoring state is persistent across reboot. For instance, if a service was started before reboot, it will be started after reboot. If it was stopped before reboot, it will not be started after and so on. .PP The default \s-1ONREBOOT START\s0 mode can be overridden globally: .PP .Vb 1 \& SET ONREBOOT .Ve .SH "SERVICE RESTART LIMIT" .IX Header "SERVICE RESTART LIMIT" \&\fBMonit\fR provides a restart limit mechanism for situations where a service simply refuses to start or respond over a longer period. .PP The restart limit mechanism is based on number of service restarts and number of poll-cycles. For example, if a service had \fIx\fR restarts within \fIy\fR poll-cycles (where \fIx\fR <= \fIy\fR) then Monit will perform an action (for example unmonitor the service). If a timeout occurs, Monit will send an alert message if you have register interest for this event. .PP The syntax for the timeout statement is as follows (keywords are in capital): .PP .Vb 1 \& IF RESTART CYCLE(S) THEN .Ve .PP The \fIaction\fR value is either one of common actions or \&\s-1TIMEOUT\s0 (for backward compatibility, equals to \s-1UNMONITOR\s0 action). .PP Here is an example where Monit will unmonitor the service if it was restarted 2 times within 3 cycles: .PP .Vb 1 \& if 2 restarts within 3 cycles then unmonitor .Ve .PP To have Monit check the service again after monitoring was disabled, run \f(CW\*(C`monit monitor servicename\*(C'\fR from the command line. .PP Example for setting custom exec on timeout: .PP .Vb 1 \& if 5 restarts within 5 cycles then exec "/foo/bar" .Ve .PP Example for stopping the service: .PP .Vb 1 \& if 7 restarts within 10 cycles then stop .Ve .SH "SERVICE DEPENDENCIES" .IX Header "SERVICE DEPENDENCIES" If specified in the control file, Monit can do dependency checking before start, stop, monitoring or unmonitoring of services. The dependency statement may be used within any service entries in the Monit control file. .PP The syntax for the depend statement is simply: .PP .Vb 1 \& DEPENDS on service[, service [,...]] .Ve .PP Where \fBservice\fR is a check service entry name used in your \f(CW\*(C`.monitrc\*(C'\fR file, for instance \fBapache\fR or \fBdatafs\fR. .PP You may add more than one service name of any type or use more than one depend statement in an entry. .PP Services specified in a \fIdepend\fR statement will be checked during stop/start/monitor/unmonitor operations. .PP If a service is stopped or unmonitored it will stop/unmonitor any services that depends on itself. .PP If the service is started, all services which this service depends on will be started before starting this service. if start of some service failed, the service with prerequisites will \s-1NOT\s0 be started and the, but will remember that it should start and will retry next cycle. .PP If a service is restarted, it will first stop any active services that depend on it and after it is started, start all depending services that were active before the restart again. .PP Here is an example where we set up an apache service entry to depend on the underlying apache binary. If the binary should change an alert is sent and apache is not monitored anymore. The rationale is security and that Monit should not execute a possibly cracked apache binary. .PP .Vb 6 \& (1) check process apache with pidfile "/var/run/httpd.pid" \& (2) depends on httpd \& (3) ... \& (4) \& (5) check file httpd with path /usr/bin/httpd \& (6) if failed checksum then stop .Ve .PP The first entry is the process entry for apache. The second line sets up a dependency between this entry and the service entry named httpd in line 5. A dependency tree works as follows, if an action is conducted in a lower branch it will propagate upward in the tree and for every dependent entry execute the same action. In this case, if the checksum should fail in line 6 then an stop action is executed and apache binary is not checked anymore. But since the apache process entry depends on the httpd entry this entry will also execute the stop action. In short, if the checksum test for the httpd binary file should fail, both the check file httpd and the check process apache entry are stopped. .PP A dependency tree is a general construct and can be used between all types of service entries and span many levels and propagate any supported action (except the exec action which will not propagate upward in a dependency tree for obvious reasons). .PP Here is another different example. Consider the following common server setup: .PP .Vb 2 \& WEB\-SERVER \-> APPLICATION\-SERVER \-> DATABASE \-> FILESYSTEM \& (a) (b) (c) (d) .Ve .PP You can set dependencies so that the web-server depends on the application server to run before the web-server starts and the application server depends on the database server and the database depends on the filesystem to be mounted before it starts. See also the example section below for examples using the depend statement. .PP Here we describe how Monit will function with the above dependencies: .IP "If no services are running" 4 .IX Item "If no services are running" Monit will start the servers in the following order: \fId\fR, \fIc\fR, \&\fIb\fR, \fIa\fR .IP "If all servers are running" 4 .IX Item "If all servers are running" When you run 'monit stop all' this is the stop order: \fIa\fR, \fIb\fR, \&\fIc\fR, \fId\fR. If you run 'Monit stop d' then \fIa\fR, \fIb\fR and \fIc\fR are also stopped because they depend on \fId\fR and finally \fId\fR is stopped. .IP "If \fIa\fR does not run" 4 .IX Item "If a does not run" Monit will start \fIa\fR .IP "If \fIb\fR does not run" 4 .IX Item "If b does not run" Monit will first stop \fIa\fR then start \fIb\fR and finally start \fIa\fR if \&\fIb\fR is up again. .IP "If \fIc\fR does not run" 4 .IX Item "If c does not run" Monit will first stop \fIa\fR and \fIb\fR then start \fIc\fR and finally start \&\fIb\fR then \fIa\fR. .IP "If \fId\fR does not run" 4 .IX Item "If d does not run" Monit will first stop \fIa\fR, \fIb\fR and \fIc\fR then start \fId\fR and finally start \fIc\fR, \fIb\fR then \fIa\fR. .IP "If the control file contains a depend loop." 4 .IX Item "If the control file contains a depend loop." A depend loop is for example; a\->b and b\->a or a\->b\->c\->a. .Sp When Monit starts it will check for such loops and complain and exit if a loop was found. It will also exit with a complaint if a depend statement was used that does not point to a service in the control file. .SH "SERVICE TESTS" .IX Header "SERVICE TESTS" .SS "\s-1LIMITS\s0" .IX Subsection "LIMITS" You can configure and set various limits to tweak buffer sizes and timeouts used by Monit. In most situations the default values are fine. If needed, below are the limits you can currently modify in Monit. .PP Syntax: .PP .Vb 11 \& SET LIMITS { \& PROGRAMOUTPUT: , \& SENDEXPECTBUFFER: , \& FILECONTENTBUFFER: , \& HTTPCONTENTBUFFER: , \& NETWORKTIMEOUT: \& PROGRAMTIMEOUT: \& STOPTIMEOUT: \& STARTTIMEOUT: \& RESTARTTIMEOUT: \& } .Ve .PP Where: \fIunit\fR is \*(L"B\*(R" (byte), \*(L"kB\*(R" (kilobyte) or \*(L"\s-1MB\*(R"\s0 (megabyte) \fItimeunit\fR is \*(L"\s-1MS\*(R"\s0 (millisecond) or \*(L"S\*(R" (second) .PP Options legend: .PP .Vb 10 \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& | Option | Description | Default | \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& | programOutput | limit for check program output (truncated after) | 512 B | \& | sendExpectBuffer | limit for send/expect protocol test | 256 B | \& | fileContentBuffer | limit for file content test (line) | 512 B | \& | httpContentBuffer | limit for HTTP content test (response body) | 1 MB | \& | networkTimeout | timeout for network I/O | 5 s | \& | programTimeout | timeout for check program | 300 s | \& | stopTimeout | timeout for service stop | 30 s | \& | startTimeout | timeout for service start | 30 s | \& | restartTimeout | timeout for service restart | 30 s | \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- .Ve .SS "\s-1GENERAL SYNTAX\s0" .IX Subsection "GENERAL SYNTAX" Monit offers several if-tests you can use in a 'check' statement to test various aspects of a service. .PP You can test both for a predefined value or for a range and take actions if the value changes. .PP General syntax for testing a specific value or range: .PP .Vb 1 \& IF THEN [ELSE ] .Ve .PP The action is evaluated each time the <\s-1TEST\s0> condition is true. Success action is optional and executed only when the state changes from failure to success. If success action is not set, Monit will send a recovery alert by default. .PP General syntax for a value change test: .PP .Vb 1 \& IF CHANGED THEN .Ve .PP The action is executed each time the value changes. Monit will remember the new value and will trigger event if the value change again. .SS "\s-1ACTION\s0" .IX Subsection "ACTION" In each test you must select the action to be executed from this list: .IP "\(bu" 4 \&\fB\s-1ALERT\s0\fR sends the user an alert event on each state change. .IP "\(bu" 4 \&\fB\s-1RESTART\s0\fR restarts the service \fBand\fR send an alert. Restart is performed by calling the service's registered restart method or by first calling the stop method followed by the start method if restart is not set. .IP "\(bu" 4 \&\fB\s-1START\s0\fR starts the service by calling the service's registered start method \fBand\fR send an alert. .IP "\(bu" 4 \&\fB\s-1STOP\s0\fR stops the service by calling the service's registered stop method \fBand\fR send an alert. If Monit stops a service it will not be checked by Monit anymore nor restarted again later. To reactivate monitoring of the service again you must explicitly enable monitoring from the web interface or from the console. .IP "\(bu" 4 \&\fB\s-1EXEC\s0\fR can be used to execute an arbitrary program \fBand\fR send an alert. If you choose this action you must state the program to be executed and if the program requires arguments you must enclose the program and its arguments in a quoted string. You may optionally specify the uid and gid the executed program should switch to upon start. The program is executed only \fIonce\fR if the test fails. You can enable execute repetition if the error persists for a given number of cycles. For instance: .Sp .Vb 3 \& if failed then exec "/usr/local/bin/sms.sh" \& as uid "nobody" and gid "nobody" \& repeat every 5 cycles .Ve .Sp Remember, if Monit is run by root, then all programs executed by Monit will be started with superuser privileges unless the uid and gid extension is used. .IP "\(bu" 4 \&\fB\s-1UNMONITOR\s0\fR will disable monitoring of the service \fBand\fR send an alert. The service will not be checked by Monit anymore nor restarted again later. To reactivate monitoring of the service you must explicitly enable monitoring from the web interface or from the console. .SS "\s-1FAULT TOLERANCE\s0" .IX Subsection "FAULT TOLERANCE" By default an action is executed if it matches and the corresponding service is set in an error state. However, you can require a test to fail more than once before the error event is triggered and the service state is changed to failed. This is useful to avoid getting alerts on spurious errors, which can happen, especially with network tests. .PP Syntax: .PP .Vb 1 \& FOR CYCLES ... .Ve .PP or: .PP .Vb 1 \& [TIMES WITHIN] CYCLES ... .Ve .PP The condition can be used both for failure and success action. .PP The first, simpler and recommended format requires \f(CW\*(C`X\*(C'\fR consecutive events before switching the state: .PP .Vb 4 \& if failed \& port 80 \& for 3 cycles \& then alert .Ve .PP The second format is more advanced and allows one to tolerate intermittent issues, but still catch excessive problems, where the service is flapping between error and success states frequently. .PP For example if every second cycle fails (1\-0\-1\-0\-1\-0\-...), then \*(L"for 2 cycles\*(R" condition will never match, despite the service having problems. The following statement will catch such a state: .PP .Vb 4 \& if failed \& port 80 \& for 3 times within 5 cycles \& then alert .Ve .PP Example which sets multiple error levels and actions: .PP .Vb 3 \& check filesystem rootfs with path /dev/hda1 \& if space usage > 80% for 5 times within 15 cycles then alert \& if space usage > 90% for 5 cycles then exec \*(Aq/try/to/free/the/space\*(Aq .Ve .PP Note: the maximum value for cycles is 64. .SS "\s-1EXISTENCE TESTS\s0" .IX Subsection "EXISTENCE TESTS" This test allows one to trigger an action based on the monitored object existence. It is supported for \fIprocess\fR, \fIfile\fR, \fIdirectory\fR, \&\fIfilesystem\fR and \fIfifo\fR services. .PP If no existence test is defined, the implicit non-existence test with restart action is activated, so for example if the process stops, Monit will restart it. .PP There are two types of existence tests: .PP \fINON-EXIST\fR .IX Subsection "NON-EXIST" .PP This test will trigger an action if the object does not exist. It can be used for example to make sure apache is running, data filesystem is mounted, etc. .PP .Vb 1 \& IF [DOES] NOT EXIST THEN .Ve .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \*(L"EXEC\*(R"\s0 or \&\*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: Exec a script if a filesystem does \s-1NOT\s0 exist: .PP .Vb 2 \& check filesystem disk1 with path /dev/sda1 \& if does not exist then exec "/sbin/mount..." .Ve .PP \fI\s-1EXIST\s0\fR .IX Subsection "EXIST" .PP This test is the inverse of the non-existence test: it will trigger an action if the object \s-1DOES\s0 exist. It can be used for example to kill a process which shouldn't be running. .PP .Vb 1 \& IF [DOES] EXIST THEN .Ve .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \*(L"EXEC\*(R"\s0 or \&\*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: kill a process that should not run: .PP .Vb 2 \& check process vmware matching "vmware" \& if exist then exec "/usr/bin/pkill \-9 vmware" .Ve .PP Example: Alert if a file exist which shouldn't .PP .Vb 2 \& check file x with path /some/path/x \& if exist then alert .Ve .SS "\s-1RESOURCE TESTS\s0" .IX Subsection "RESOURCE TESTS" Monit can examine how much resources a service is using. This test can only be used within a system or process service entry in the Monit control file. .PP Depending on system or process characteristics, services can be stopped or restarted and alerts can be generated. Thus it is possible to utilise systems which are idle and to spare system under high load. .PP Syntax: .PP .Vb 1 \& IF THEN .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation, \&\*(L"gt\*(R", \*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \&\*(L"less\*(R", \*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIvalue\fR is either an integer or a real number. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP \&\fIresource\fR set depends on the service type: .PP \fISystem resource tests\fR .IX Subsection "System resource tests" .PP \&\fI\s-1LOADAVG\s0([1min|5min|15min]) [\s-1PER CORE\s0]\fR refers to the system's load average. The load average is the number of processes in the system run queue per \s-1CPU\s0 core, averaged over the specified time period. Example: .PP .Vb 3 \& if loadavg (1min) per core > 2 for 15 cycles then alert \& if loadavg (5min) per core > 1.5 for 10 cycles then alert \& if loadavg (15min) per core > 1 for 8 cycles then alert .Ve .PP If you'll omit the \fIper core\fR option, the test will check the total load average regardless of \s-1CPU\s0 cores count. .PP \&\fI\s-1CPU\s0([user|system|wait|nice|hardirq|softirq|steal|guest|guestnice])\fR is the percent of time the system spend in given type of task: .IP "user" 4 .IX Item "user" The \s-1CPU\s0 is running code in user space mode, which includes any process that doesn't belong to the kernel, such as webservers, databases, shells and desktop related programs. .IP "system" 4 .IX Item "system" The \s-1CPU\s0 is running the kernel, which includes drivers and other kernel modules. The kernel also handles requests from user space processes like memory allocation, disk and network I/O and creating child processes. .IP "wait" 4 .IX Item "wait" I/O wait is when the \s-1CPU\s0 was idle while waiting for an I/O operation from disk or network to complete. .IP "nice" 4 .IX Item "nice" The nice statistics accounts for user space processes that are running with altered priority (higher or lower then normal). .IP "hardirq" 4 .IX Item "hardirq" The kernel is servicing hardware interrupt requests. Hardware interrupts come from peripherals like keyboard, network interfaces, disks, system clock, etc. .IP "softirq" 4 .IX Item "softirq" The kernel is servicing software interrupt requests. Software interrupts come from processes running in the system. .IP "steal" 4 .IX Item "steal" This applies only to virtual machines on a hypervisor. The steal time shows the percentage of time a virtual machine had to wait the real \s-1CPU\s0 while the hypervisor was servicing another virtual machine. If this number remains high, the host system is too busy and may need more physical CPUs or offload some virtual machines to another host. .IP "guest" 4 .IX Item "guest" This applies only to host machines running a hypervisor. It shows time spent running a virtual \s-1CPU\s0 for guest operating systems under the control of the Linux kernel. This value is already included in \&\*(L"user\*(R" statistics. .IP "guestnice" 4 .IX Item "guestnice" This applies only to host machines running a hypervisor. It shows time spent running a virtual \s-1CPU\s0 for guest operating systems under the control of the Linux kernel, with altered priority. This value is already included in \*(L"nice\*(R" statistics. .PP The user/system/wait/nice/hardirq/softirq/steal/guest/guestnice modifier is optional and the support depends on platform (Linux support depends on kernel version, all statistics are available since kernel 2.6.33): .PP .Vb 12 \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& | Platform | user | nice | system | wait | hardirq | softirq | steal | guest | guest nice | \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& | AIX | X | | X | X | | | | | | \& | DragonFlyBSD | X | X | X | | X | | | | | \& | FreeBSD | X | X | X | | X | | | | | \& | Linux | X | X | X | X | X | X | X | X | X | \& | MacOS | X | X | X | | | | | | | \& | NetBSD | X | X | X | | X | | | | | \& | OpenBSD | X | X | X | | X | | | | | \& | Solaris | X | | X | X | | | | | | \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- .Ve .PP Example: .PP .Vb 1 \& if cpu usage > 95% for 10 cycles then alert .Ve .PP \&\fI\s-1MEMORY\s0\fR is the system memory usage [%] or absolute value [B, kB, \&\s-1MB, GB\s0]. Example: .PP .Vb 1 \& if memory usage > 75% for 5 cycles then alert .Ve .PP \&\fI\s-1SWAP\s0\fR is the swap usage of the system [%] or absolute [B, kB, \s-1MB, GB\s0]. Example: .PP .Vb 1 \& if swap usage > 20% for 10 cycles then alert .Ve .PP \fIProcess resource tests\fR .IX Subsection "Process resource tests" .PP \&\fI\s-1CPU\s0\fR is the \s-1CPU\s0 usage of the process itself [%]. Monit calculates the \s-1CPU\s0 usage based on number of threads vs. available \s-1CPU\s0 cores. If the process has one thread, the 100% \s-1CPU\s0 usage equals to 100% utilization of one \s-1CPU\s0 core. If it has 2 threads, 100% \s-1CPU\s0 usage is reported when it uses 2 \s-1CPU\s0 cores on 100%, etc. If the process has more threads then the machine's available \s-1CPU\s0 cores, then the 100% \s-1CPU\s0 usage corresponds to utilization of all available \s-1CPU\s0 cores. Example: .PP .Vb 1 \& if cpu > 10% for 5 cycles then restart .Ve .PP \&\fI\s-1TOTAL CPU\s0\fR is the total \s-1CPU\s0 usage of the process and its children in (percent). You will want to use \s-1TOTAL CPU\s0 typically for services like Apache web server where one master process forks child processes as workers. Example: .PP .Vb 1 \& if total cpu > 50% for 10 cycles then restart .Ve .PP \&\fI\s-1THREADS\s0\fR is the number of processes' threads. Example: .PP .Vb 1 \& if threads > 3 then alert .Ve .PP \&\fI\s-1CHILDREN\s0\fR is the number of child processes of the process. Example: .PP .Vb 1 \& if children > 10 then alert .Ve .PP \&\fI\s-1MEMORY\s0\fR is the memory usage of the process itself, [%] or absolute value [B, kB, \s-1MB, GB\s0]. Example: .PP .Vb 1 \& if memory usage > 8 MB then alert .Ve .PP \&\fI\s-1TOTAL MEMORY\s0\fR is the memory usage of the process and its child processes in either percent or as an amount [B, kB, \s-1MB, GB\s0]. Example: .PP .Vb 1 \& if total memory usage > 1% for 10 cycles then alert .Ve .SS "\s-1PROCESS I/O ACTIVITY TEST\s0" .IX Subsection "PROCESS I/O ACTIVITY TEST" Monit can test process's filesystem read and write activity. This test can only be used in the context of a process service type. Monit will normally need to run as the root user to access this metrics. .PP The \s-1OS\s0 usually supports the per-process I/O metrics by bytes or by operations. .PP Some platforms allows one to differentiate the I/O subset that required physical storage access from generic I/O which was handled by cache. Note that as the physical I/O is usually aligned to the filesystem page, there may be difference between the total and physical I/O even if the process tried to read just 1 byte. .PP Per-process I/O activity statistics by platform: .PP .Vb 12 \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& | Platform | Operation | Byte (physical) | Byte (generic) | \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& | AIX | X | | | \& | DragonFlyBSD | X | | | \& | FreeBSD | X | | | \& | Linux | X | X | X | \& | MacOS | | X | | \& | NetBSD | X | | | \& | OpenBSD | X | | | \& | Solaris | X | | | \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- .Ve .PP \fIRead: bytes per second (generic)\fR .IX Subsection "Read: bytes per second (generic)" .PP Syntax: .PP .Vb 1 \& IF READ [ACTIVITY] /S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R", \&\*(L"percent\*(R". .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check process p... \& if read activity > 1 MB/s then alert .Ve .PP \fIRead: bytes per second (physical storage)\fR .IX Subsection "Read: bytes per second (physical storage)" .PP Syntax: .PP .Vb 1 \& IF DISK READ [ACTIVITY] /S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R", \&\*(L"percent\*(R". .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check process p... \& if disk read activity > 1 MB/s then alert .Ve .PP \fIRead: operations per second\fR .IX Subsection "Read: operations per second" .PP Syntax: .PP .Vb 1 \& IF DISK READ [ACTIVITY] operations/S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check process p... \& if disk read activity > 500 operations/s then alert .Ve .PP \fIWrite: bytes per second (generic)\fR .IX Subsection "Write: bytes per second (generic)" .PP Syntax: .PP .Vb 1 \& IF WRITE [ACTIVITY] /S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R", \&\*(L"percent\*(R". .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check process p... \& if write activity > 1 MB/s then alert .Ve .PP \fIWrite: bytes per second (physical storage)\fR .IX Subsection "Write: bytes per second (physical storage)" .PP Syntax: .PP .Vb 1 \& IF DISK WRITE [ACTIVITY] /S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R", \&\*(L"percent\*(R". .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check process p... \& if disk write activity > 1 MB/s then alert .Ve .PP \fIWrite: operations per second\fR .IX Subsection "Write: operations per second" .PP Syntax: .PP .Vb 1 \& IF DISK WRITE [ACTIVITY] operations/S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check process p... \& if disk write activity > 500 operations/s then alert .Ve .SS "\s-1FILE CHECKSUM TEST\s0" .IX Subsection "FILE CHECKSUM TEST" The checksum statement may only be used in a file service entry and can be used to check the file's \s-1MD5\s0 or \s-1SHA1\s0 checksum. .PP Check specific checksum: .PP .Vb 1 \& IF FAILED [MD5|SHA1] CHECKSUM [EXPECT checksum] THEN action .Ve .PP Check any file changes: .PP .Vb 1 \& IF CHANGED [MD5|SHA1] CHECKSUM THEN action .Ve .PP The choice of \s-1MD5\s0 or \s-1SHA1\s0 is optional. \s-1MD5\s0 features a 128 bits checksum (32 bytes hex encoded string) and \s-1SHA1\s0 a 160 bits checksum (40 bytes hex encoded string). If this option is omitted, Monit will try to guess the method from the \s-1EXPECT\s0 string or use \s-1MD5\s0 as the default checksum. .PP \&\f(CW\*(C`expect\*(C'\fR is optional and if used, specifies the md5 or sha1 string Monit should expect when testing a file's checksum. Monit will then not compute an initial checksum for the file, but instead use the string you submit. For example: .PP .Vb 3 \& if failed \& checksum expect 8f7f419955cefa0b33a2ba316cba3659 \& then alert .Ve .PP You can, for example, use the \s-1GNU\s0 utility \fI\f(BImd5sum\fI\|(1)\fR or \&\fI\f(BIsha1sum\fI\|(1)\fR to create a checksum string for a file and use this string in the expect-statement. .PP Reloading a server if its configuration file was changed: .PP .Vb 2 \& check file apache_conf with path /etc/apache/httpd.conf \& if changed checksum then exec "/usr/bin/apachectl graceful" .Ve .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .SS "\s-1TIMESTAMP TEST\s0" .IX Subsection "TIMESTAMP TEST" The timestamp statement may only be used in a file, fifo or directory service entry. .PP Relative timestamp syntax: .PP .Vb 1 \& IF [unit] THEN .Ve .PP Timestamp change syntax: .PP .Vb 1 \& IF CHANGED THEN action .Ve .PP There are four timestamp test types: .IP "\s-1ACCESS\s0 (\s-1ATIME\s0)" 12 .IX Item "ACCESS (ATIME)" Test the timestamp which is updated whenever the object is accessed, for example the file is read. Filesystem usually allows one to disable \fIatime\fR updates using mount options, so this test will work only if the filesystem performs atime updates. .IP "\s-1CHANGE\s0 (\s-1CTIME\s0)" 12 .IX Item "CHANGE (CTIME)" Test the timestamp which is updated whenever the object metadata such as owner, group, permissions or hard link count are changed. .IP "\s-1MODIFICATION\s0 (\s-1MTIME\s0)" 12 .IX Item "MODIFICATION (MTIME)" Test the timestamp which is updated whenever the object content is modified. The file modification timestamp is updated whenever the file is truncated or written to. The directory modification timestamp is updated whenever some files/subdirectories were added to the directory or removed from that directory. .IP "\s-1DEFAULT\s0 (\s-1LATEST OF CHANGE AND MODIFICATION TIMES\s0)" 12 .IX Item "DEFAULT (LATEST OF CHANGE AND MODIFICATION TIMES)" If no specific timestamp type is set, the latest of change and modification timestamps is checked. This test allows for simple testing of any object modification (data and metadata). .PP \&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation, \&\*(L"\s-1GT\*(R", \*(L"LT\*(R", \*(L"EQ\*(R", \*(L"NE\*(R"\s0 in shell sh notation and \*(L"\s-1NEWER, \*(R"OLDER\*(L", \&\*(R"GREATER\*(L", \*(R"LESS\*(L", \*(R"EQUAL\*(L", \*(R"NOTEQUAL"\s0 in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIvalue\fR is a time watermark. .PP \&\fIunit\fR is either \*(L"\s-1SECOND\s0(S)\*(R", \*(L"\s-1MINUTE\s0(S)\*(R", \*(L"\s-1HOUR\s0(S)\*(R" or \*(L"\s-1DAY\s0(S)\*(R". .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP For example to reload apache if the configuration file changed: .PP .Vb 2 \& check file apache_conf with path /etc/apache/httpd.conf \& if changed timestamp then exec "/usr/bin/apachectl graceful" .Ve .PP For example to test directory for file addition or removal: .PP .Vb 2 \& check directory bar path /foo/bar \& if changed timestamp then alert .Ve .PP Example for sending alert if a log file is not updated for more than 1 hour: .PP .Vb 1 \& if timestamp is older than 1 hour then alert .Ve .SS "\s-1FILE SIZE TEST\s0" .IX Subsection "FILE SIZE TEST" The size statement may only be used in a check file service entry. If specified in the control file, Monit will compute a size for a file. .PP Testing specific size or range: .PP .Vb 1 \& IF SIZE [[operator] value [unit]] THEN action .Ve .PP Testing size changes: .PP .Vb 1 \& IF CHANGED SIZE THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation, \&\*(L"\s-1GT\*(R", \*(L"LT\*(R", \*(L"EQ\*(R", \*(L"NE\*(R"\s0 in shell sh notation and \*(L"\s-1GREATER\*(R", \&\*(L"LESS\*(R", \*(L"EQUAL\*(R", \*(L"NOTEQUAL\*(R"\s0 in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIvalue\fR is a size watermark. .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives \&\*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R". If it is not specified, \*(L"byte\*(R" unit is assumed by default. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP For example to send an alert if the file is too large: .PP .Vb 2 \& check file mydb with path /data/mydatabase.db \& if size > 1 GB then alert .Ve .SS "\s-1FILE CONTENT TEST\s0" .IX Subsection "FILE CONTENT TEST" The content statement can be used to incrementally test the content of a text file by using regular expressions. .PP Syntax: .PP .Vb 1 \& IF CONTENT THEN action .Ve .PP \&\fIoperator\fR is either a \*(L"=\*(R" for match or \*(L"!=\*(R" for no-match. .PP \&\fIregex\fR is a string containing the extended regular expression. See also \fBregex\fR\|(7). .PP \&\fIpath\fR is an absolute path to a file containing extended regular expression on every line. See also \fBregex\fR\|(7). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP On startup the read position is set to the end of the file and Monit continues to scan to the end of the file on each cycle. .PP If the file size should decrease or inode changed, the read position is set to the start of the file. .PP Only lines ending with a newline character are inspected. .PP By default only the first 511 characters of a line are inspected. You can increase the limit using the set limits statement. .PP .Vb 1 \& IGNORE CONTENT .Ve .PP Lines matching an \fI\s-1IGNORE\s0\fR are not inspected during later evaluations. \fI\s-1IGNORE CONTENT\s0\fR has always precedence over \&\fI\s-1IF CONTENT\s0\fR. .PP All \fI\s-1IGNORE CONTENT\s0\fR statements are evaluated first, in the order of their appearance. Thereafter, all the \fI\s-1IF CONTENT\s0\fR statements are evaluated. .PP For example: .PP .Vb 3 \& check file syslog with path /var/log/syslog \& ignore content = "monit" \& if content = "^mrcoffee" then alert .Ve .SS "\s-1FILESYSTEM MOUNT FLAGS TEST\s0" .IX Subsection "FILESYSTEM MOUNT FLAGS TEST" Monit can test the filesystem mount flags for changes. This test is implicit and Monit will send alert in case of failure by default. .PP This test is useful for detecting changes of filesystem flags such as if the filesystem become read-only (on disk error) or mount flags were changed (such as nosuid). .PP The syntax for the fsflags statement is: .PP .Vb 1 \& IF CHANGED FSFLAGS THEN action .Ve .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check filesystem rootfs with path / \& if changed fsflags then exec "/my/script" .Ve .SS "\s-1SPACE USAGE TEST\s0" .IX Subsection "SPACE USAGE TEST" Monit can test a filesystem or a disk for space usage. This test may only be used in the context of a filesystem service type. .PP Filesystems usually have some space reserved for the root user (ca. 1\-5%), so non-superusers cannot write to a nearly full filesystem. If you set a limit for the filesystem which is used by non-root users you might want to consider these reserved blocks when setting the limit. You can use Monit itself to view the reserved blocks percentage by using the \s-1CLI\s0 status command or the \s-1HTTP\s0 interface for the given filesystem. .PP Syntax: .PP .Vb 1 \& IF SPACE operator value unit THEN action .Ve .PP or: .PP .Vb 1 \& IF SPACE FREE operator value unit THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R",\s0 \*(L"%\*(R" or long alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R", \&\*(L"percent\*(R". .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check filesystem rootfs with path / \& if space usage > 90% then alert .Ve .SS "\s-1INODE USAGE TEST\s0" .IX Subsection "INODE USAGE TEST" Monit can test filesystem inode usage. This test may only be used in the context of a filesystem service type. .PP Syntax: .PP .Vb 1 \& IF INODE(S) operator value [unit] THEN action .Ve .PP or: .PP .Vb 1 \& IF INODE(S) FREE operator value [unit] THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is optional. If not specified, the value is an absolute count of inodes. You can use the \*(L"%\*(R" character or the longer alternative \*(L"percent\*(R" as a unit. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check filesystem rootfs with path / \& if inode usage > 90% then alert .Ve .SS "\s-1DISK I/O TEST\s0" .IX Subsection "DISK I/O TEST" Monit can test a filesystem read and write activity. This test may only be used in the context of a filesystem service type. .PP The available I/O metrics depends on the platform and filesystem. Some platforms allows us to get I/O activity for specific partition, others just for the whole disk. Some allows us to get metrics for network filesystems, others just for block devices. .PP Platforms I/O metrics granularity and filesystem support in Monit: .PP .Vb 12 \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& | Platform | Granularity | Supported filesystems | TBD | \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& | AIX | per\-disk | Disk io monitoring currently not supported | JFSx | \& | DragonFlyBSD | per\-disk | UFS | HAMMER | \& | FreeBSD | per\-disk | UFS, ZFS | | \& | Linux | per\-filesystem | EXTx, XFS, BTRFS, ZFS, NFS, CIFS | | \& | MacOS | per\-disk | HFS | | \& | NetBSD | per\-disk | FFS | NFS | \& | OpenBSD | per\-disk | FFS | | \& | Solaris | per\-filesystem | ZFS, UFS, NFS | | \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- .Ve .PP \fIRead: bytes per second\fR .IX Subsection "Read: bytes per second" .PP Syntax: .PP .Vb 1 \& IF READ [RATE] /S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R", \&\*(L"percent\*(R". .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check filesystem disk1... \& if read rate > 1 MB/s then alert .Ve .PP \fIRead: operations per second\fR .IX Subsection "Read: operations per second" .PP Syntax: .PP .Vb 1 \& IF READ [RATE] operations/S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check filesystem disk1... \& if read rate > 500 operations/s then alert .Ve .PP \fIWrite: bytes per second\fR .IX Subsection "Write: bytes per second" .PP Syntax: .PP .Vb 1 \& IF WRITE [RATE] /S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R", \&\*(L"percent\*(R". .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check filesystem disk1... \& if write rate > 1 MB/s then alert .Ve .PP \fIWrite: operations per second\fR .IX Subsection "Write: operations per second" .PP Syntax: .PP .Vb 1 \& IF WRITE [RATE] operations/S THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check filesystem disk1... \& if write rate > 500 operations/s then alert .Ve .PP \fIService time per operation\fR .IX Subsection "Service time per operation" .PP Service Time is the time taken to complete a read or a write operation. This is a fairly important metric. If it grows, it means that the disk is not able to handle the operations fast enough. Growth charts are available in M/Monit. .PP Syntax: .PP .Vb 1 \& IF SERVICE TIME THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is \*(L"\s-1MS\*(R"\s0 (millisecond) or \*(L"S\*(R" (second) .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 3 \& if service time > 10 milliseconds \& for 3 times within 5 cycles \& then alert .Ve .SS "\s-1PERMISSION TEST\s0" .IX Subsection "PERMISSION TEST" Monit can test the permissions of file objects. This test may only be used in the context of a file, fifo, directory or filesystem service types. .PP Syntax for testing specific permissions: .PP .Vb 1 \& IF FAILED PERM(ISSION) octalnumber THEN action .Ve .PP Syntax for testing any permission change: .PP .Vb 1 \& IF CHANGED PERM(ISSION) THEN action .Ve .PP \&\fIoctalnumber\fR defines permissions for a file, a directory or a filesystem as four octal digits (0\-7). Valid range is 0000 \- 7777 (you can omit the leading zeros, Monit will add the zeros to the left. For example, \*(L"640\*(R" is a valid value and matches \*(L"0640\*(R"). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check file shadow with path /etc/shadow \& if failed permission 0640 then alert .Ve .SS "\s-1UID TEST\s0" .IX Subsection "UID TEST" Monit can monitor the owner user id (uid) of a file, fifo, directory or owner and effective user of a process. .PP Syntax: .PP .Vb 1 \& IF FAILED [E]UID THEN action .Ve .PP \&\fIvalue\fR defines a user id either in numeric or in string form. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check file shadow with path /etc/shadow \& if failed uid "root" then alert .Ve .SS "\s-1GID TEST\s0" .IX Subsection "GID TEST" Monit can monitor the owner group id (gid) of a file, fifo, directory or process. .PP Syntax: .PP .Vb 1 \& IF FAILED GID THEN action .Ve .PP \&\fIvalue\fR defines a group id either in numeric or in string form. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check file shadow with path /etc/shadow \& if failed gid "shadow" then alert .Ve .SS "\s-1PID TEST\s0" .IX Subsection "PID TEST" Monit can test the process's \s-1PID.\s0 Monit will send an alert in case the \s-1PID\s0 changed outside of Monit's control. .PP Syntax: .PP .Vb 1 \& IF CHANGED PID THEN action .Ve .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP This test is useful to detect possible process restarts which has occurred in the timeframe between two Monit testing cycles. .PP For example if someone changes sshd configuration and did sshd restart outside of Monit's control you will be notified that the process was replaced by a new instance: .PP .Vb 2 \& check process sshd with pidfile /var/run/sshd.pid \& if changed pid then alert .Ve .SS "\s-1PPID TEST\s0" .IX Subsection "PPID TEST" Monit can test the process's parent \s-1PID\s0 (\s-1PPID\s0) for changes. Monit will send alert in the case that the \s-1PPID\s0 changed outside of Monit control. .PP The syntax for the ppid statement is: .PP .Vb 1 \& IF CHANGED PPID THEN action .Ve .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check process myproc with pidfile /var/run/myproc.pid \& if changed ppid then exec "/my/script" .Ve .SS "\s-1UPTIME TEST\s0" .IX Subsection "UPTIME TEST" The uptime statement may only be used in a process and system service type context. .PP Syntax: .PP .Vb 1 \& IF UPTIME [[operator] value [unit]] THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation, \&\*(L"\s-1GT\*(R", \*(L"LT\*(R", \*(L"EQ\*(R", \*(L"NE\*(R"\s0 in shell sh notation and \*(L"\s-1GREATER\*(R", \&\*(L"LESS\*(R", \*(L"EQUAL\*(R", \*(L"NOTEQUAL\*(R"\s0 in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIvalue\fR is a uptime watermark. .PP \&\fIunit\fR is either \*(L"\s-1SECOND\*(R", \*(L"MINUTE\*(R", \*(L"HOUR\*(R"\s0 or \*(L"\s-1DAY\*(R"\s0 (it is also possible to use \*(L"\s-1SECONDS\*(R", \*(L"MINUTES\*(R", \*(L"HOURS\*(R",\s0 or \*(L"\s-1DAYS\*(R"\s0). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example of restarting the process every three days: .PP .Vb 4 \& check process myapp with pidfile /var/run/myapp.pid \& start program = "/etc/init.d/myapp start" \& stop program = "/etc/init.d/myapp stop" \& if uptime > 3 days then restart .Ve .SS "\s-1SECURITY ATTRIBUTE TEST\s0" .IX Subsection "SECURITY ATTRIBUTE TEST" The security attribute statement may only be used in a process context. .PP Syntax: .PP .Vb 1 \& IF FAILED SECURITY ATTRIBUTE THEN .Ve .PP \&\fIstring\fR expected security attribute value .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example for SELinux: .PP .Vb 2 \& check process ntpd matching "ntpd" \& if failed security attribute "system_u:system_r:ntpd_t:s0" then alert .Ve .PP Example for AppArmor: .PP .Vb 2 \& check process ntpd matching "ntpd" \& if failed security attribute "/usr/sbin/ntpd (enforce)" then alert .Ve .SS "\s-1SYSTEM AND\s0 PER-PROCESS \s-1FILEDESCRIPTORS TEST\s0" .IX Subsection "SYSTEM AND PER-PROCESS FILEDESCRIPTORS TEST" Monit can test the filedescriptors usage on the system and process level. You can check either an absolute value or percentual usage of the current maximum. The per-process percentual usage can be used only if the system exposes per-process maximum. .PP Syntax: .PP .Vb 1 \& IF FILEDESCRIPTORS [%] THEN action .Ve .PP For process only, you can also check accumulated number for the process and all its children. .PP Syntax: .PP .Vb 1 \& IF TOTAL FILEDESCRIPTORS THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fInumber\fR limit. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Examples: .PP .Vb 2 \& check system $HOST \& if filedescriptors >= 90% then alert \& \& check process myproc with pidfile /var/run/myproc.pid \& if filedescriptors >= 90% then alert \& if filedescriptors >= 99% then restart \& if total filedescriptors > 5000 then alert .Ve .SS "\s-1PROGRAM STATUS TEST\s0" .IX Subsection "PROGRAM STATUS TEST" You can check the exit status of a program or a script. This test may only be used within a check program service entry in the Monit control file. .PP Syntax for testing specific exit value: .PP .Vb 1 \& IF STATUS operator value THEN action .Ve .PP Syntax for testing any exit value change: .PP .Vb 1 \& IF CHANGED STATUS THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Example: .PP .Vb 2 \& check program myscript with path /usr/local/bin/myscript.sh \& if status != 0 then alert .Ve .PP Sample script for the above example (/usr/local/bin/myscript.sh): .PP .Vb 3 \& #!/bin/sh \& echo test \& exit $? .Ve .PP You can also send parameters with the program: .PP .Vb 2 \& check program list\-files with path "/bin/ls \-lrt /tmp/" \& if status != 0 then alert .Ve .PP Arguments to the program or script is a sequence of whitespace separated strings. In the above example the strings '\-lrt' and '/tmp/' are arguments to the program '/bin/ls'. If arguments are used, it is recommended to use quotes \fB"\fR to enclose the string, otherwise, if no arguments are used, quotes are not needed. .PP Notes: If the program is a script, the interpreter is required in the first line. The program or script must also be executable. .PP If Monit is run as the super user, you can optionally run the program as a different user and/or group. In this example we run the \fIls\fR program as user www and as group staff: .PP .Vb 3 \& check program ls with path "/bin/ls /tmp" as uid "www" \& and gid "staff" \& if status != 0 then alert .Ve .PP Monit will execute the program periodically and if the exit status of the program does not match the expected result, Monit can perform an action. In the example above, Monit will raise an alert if the exit value is different from 0. By convention, 0 means the program exited normally. .PP Program checks are asynchronous. Meaning that Monit will not wait for the program to exit, but instead, Monit will start the program in the background and immediately continue checking the next service entry in \&\fImonitrc\fR. At the next cycle, Monit will check if the program has finished and if so, collect the program's exit status. If the status indicate a failure, Monit will raise an alert message containing the program's error (stderr) output, if any. If the program has not exited after the first cycle, Monit will wait another cycle and so on. If the program is still running after 5 minutes, Monit will kill it and generate a program timeout event. It is possible to override the default timeout (see the syntax below). .PP The asynchronous nature of the program check allows for non-blocking behaviour in the current Monit design, but it comes with a side-effect: when the program has finished executing and is waiting for Monit to collect the result, it becomes a so-called \*(L"zombie\*(R" process. A zombie process does not consume any system resources (only the \s-1PID\s0 remains in use) and it is under Monit's control and the zombie process is removed from the system as soon as Monit collects the exit status. This means that every \*(L"check program\*(R" will be associated with either a running process or a temporary zombie. This unwanted zombie side-effect will be removed in a later release of Monit. .PP Multiple status tests can be used, for example: .PP .Vb 4 \& check program hwtest with path /usr/local/bin/hwtest.sh \& with timeout 500 seconds \& if status = 1 then alert \& if status = 3 for 5 cycles then exec "/usr/local/bin/emergency.sh" .Ve .SS "\s-1PROGRAM OUTPUT CONTENT TEST\s0" .IX Subsection "PROGRAM OUTPUT CONTENT TEST" The content statement can be used to test the content of a program by using regular expressions. .PP Syntax: .PP .Vb 1 \& IF CONTENT THEN action .Ve .PP \&\fIoperator\fR is either a \*(L"=\*(R" for match or \*(L"!=\*(R" for no-match. .PP \&\fIregex\fR is a string containing the extended regular expression. See also \fBregex\fR\|(7). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP By default the output check is limited to 511 characters only. You can increase the limit using the set limits statement. .PP Example: .PP .Vb 2 \& check program disk0_smart with path "/usr/sbin/nvme smart\-log /dev/nvme0" \& if content != "critical_warning[ ]+: 0" then alert .Ve .SS "\s-1NETWORK INTERFACE TESTS\s0" .IX Subsection "NETWORK INTERFACE TESTS" Monit can check network interfaces for: .IP "Status" 3 .IX Item "Status" .PD 0 .IP "Capacity" 3 .IX Item "Capacity" .IP "Saturation" 3 .IX Item "Saturation" .IP "Upload and download [bytes]" 3 .IX Item "Upload and download [bytes]" .IP "Upload and download [packets]" 3 .IX Item "Upload and download [packets]" .PD .PP \fILink status\fR .IX Subsection "Link status" .PP You can check the network link state. This test may only be used within a check network service entry in the Monit control file. .PP Syntax: .PP .Vb 1 \& IF LINK THEN action .Ve .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP The \fI\s-1DOWN\s0\fR test will fail if the link/interface is down or link errors were detected. .PP Mixing \*(L"link up\*(R" and \*(L"link down\*(R" in the same \*(L"check network\*(R" is not supported. .PP Examples: .PP .Vb 2 \& check network eth0 with interface eth0 \& if link down then alert \& \& check network eth5 with interface eth5 \& if link up then exec "/usr/bin/monit start backup" .Ve .PP In case a link failed you can add a start and stop program to automatically restart the interface which might help. (Substitute with the relevant network commands for your system) .PP .Vb 4 \& check network eth0 with interface eth0 \& start program = \*(Aq/sbin/ipup eth0\*(Aq \& stop program = \*(Aq/sbin/ipdown eth0\*(Aq \& if link down then restart .Ve .PP \fILink capacity\fR .IX Subsection "Link capacity" .PP You can check the network link mode capacity for changes. This test may only be used within a check network service entry in the Monit control file. .PP Syntax: .PP .Vb 1 \& IF CHANGED LINK [CAPACITY] THEN action .Ve .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP The test will match if the link mode has changed (e.g. maximum speed dropped) or if the duplex mode has changed. .PP \&\s-1NOTE:\s0 not all interface types allow for capacity monitoring. Pseudo interfaces such as loopback device or VMWare interfaces does not have a speed attribute. .PP Example: .PP .Vb 2 \& check network eth0 with interface eth0 \& if changed link capacity then alert .Ve .PP \fILink saturation\fR .IX Subsection "Link saturation" .PP You can check the network link saturation. Monit then computes the link utilisation based on the current transfer rate vs. link capacity. This test may only be used within a check network service entry in the Monit control file. .PP Syntax: .PP .Vb 1 \& IF SATURATION operator value% THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP \&\s-1NOTE:\s0 this test depends on the availability of the speed attribute and not all interface types have this attribute. See the \s-1LINK SPEED\s0 test description. .PP Example: .PP .Vb 2 \& check network eth0 with interface eth0 \& if saturation > 90% then alert .Ve .PP \fILink upload and download [bytes]\fR .IX Subsection "Link upload and download [bytes]" .PP You can check a network link upload and download bandwidth usage, current transfer speed and total data transferred in the last 24 hours. This test may only be used within a \fIcheck network\fR service entry in the Monit control file. .PP Upload speed test syntax (per second): .PP .Vb 1 \& IF UPLOAD operator value unit/S THEN action .Ve .PP Download speed test syntax (per second): .PP .Vb 1 \& IF DOWNLOAD operator value unit/S THEN action .Ve .PP Total upload data test syntax: .PP .Vb 1 \& IF TOTAL UPLOADED operator value unit IN LAST number time\-unit THEN action .Ve .PP Total download data test syntax: .PP .Vb 1 \& IF TOTAL DOWNLOADED operator value unit IN LAST number time\-unit THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives \&\*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R". .PP \&\fItime-unit\fR is a choice of \*(L"\s-1MINUTE\s0(S)\*(R", \*(L"\s-1HOUR\s0(S)\*(R", \*(L"\s-1DAY\*(R". NOTE:\s0 Monit maintains a rolling count of total uploaded and downloaded bytes for the last 24 hours only. The value of time-unit can therefore not specify a range wider than one day. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Examples: .PP .Vb 4 \& check network eth0 with interface eth0 \& if upload > 500 kB/s then alert \& if total downloaded > 1 GB in last 2 hours then alert \& if total downloaded > 10 GB in last day then alert .Ve .PP \fILink upload and download [packets]\fR .IX Subsection "Link upload and download [packets]" .PP You can check the network link upload and download packets count, current transfer rate and total data transferred in last 24 hours. This test may only be used within a check network service entry in the Monit control file. .PP Current upload bandwidth rate test syntax: .PP .Vb 1 \& IF UPLOAD operator value PACKETS/S THEN action .Ve .PP Current download bandwidth rate test syntax: .PP .Vb 1 \& IF DOWNLOAD operator value PACKETS/S THEN action .Ve .PP Total upload test syntax: .PP .Vb 1 \& IF TOTAL UPLOADED operator value PACKETS IN LAST number time\-unit THEN action .Ve .PP Total download test syntax: .PP .Vb 1 \& IF TOTAL DOWNLOADED operator value PACKETS IN LAST number time\-unit THEN action .Ve .PP \&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", \&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", \&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, default is \s-1EQUAL\s0). .PP \&\fItime-unit\fR is a choice of \*(L"\s-1MINUTE\s0(S)\*(R", \*(L"\s-1HOUR\s0(S)\*(R", \*(L"\s-1DAY\*(R". NOTE:\s0 Monit keeps total upload/download statistics only for the last 24 hours. The time-unit value cannot therefore span more than one day. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP Examples: .PP .Vb 3 \& check network eth0 with interface eth0 \& if upload > 1000 packets/s then alert \& if total uploaded > 900000 packets in last hour then alert .Ve .SS "\s-1NETWORK PING TEST\s0" .IX Subsection "NETWORK PING TEST" Monit can perform a network ping test by sending \s-1ICMP\s0 echo request datagram packets to a host and wait for the reply. This test can only be used within a check host statement. Monit must also run as the root user in order to be able to perform the ping test (because the ping test must use raw sockets which usually only the super user is allowed to). .PP Syntax: .PP .Vb 7 \& IF PING[4|6] \& [COUNT number] \& [SIZE number] \& [RESPONSETIME number ] \& [TIMEOUT number SECONDS] \& [ADDRESS string] \& THEN action .Ve .PP If a \s-1DNS\s0 host name was used in the \fIcheck host\fR statement and the host name resolve to several addresses (either IPv4 or IPv6), Monit will ping the first available address and continue with the next address until one connection succeed or until there are no more addresses left to try. You can force Monit to only ping IPv4 or IPv6 addresses by using the \s-1PING4\s0 or the \s-1PING6\s0 keyword instead of \s-1PING.\s0 .PP The \fB\s-1COUNT\s0\fR parameter specifies how many consecutive ping requests will be sent to the host in one cycle at maximum. The default value is 3. .PP The \fB\s-1SIZE\s0\fR parameter specifies the ping request payload size. Default is 64 bytes, minimum is 8 bytes, maximum 1492 bytes. .PP The \fB\s-1RESPONSETIME\s0\fR parameter sets the response time limit. .PP If no reply arrive within \fB\s-1TIMEOUT\s0\fR seconds, Monit reports an error. If at least one reply was received, the ping test is considered a success. .PP The \fB\s-1ADDRESS\s0\fR parameter specifies source \s-1IP\s0 address. .PP Monit will, by default, send up to \fIthree\fR ping request packets in one cycle to prevent false alarm (i.e. up to 66% packet loss is tolerated). You can set the \fB\s-1COUNT\s0\fR option to a value between 1 and 20 to send more or fewer packets. If you require 100% ping success, set the count to 1 (i.e. just one request will be sent, and if the packet was lost an error will be reported). .PP Note that many ISPs have started to filter out ping or \s-1ICMP\s0 packets now, in which case there will be no reply from the host. .PP If a ping test is used in a check host entry, this test is run first and if the test should fail, we assume that the connection to the host is down and Monit will \fInot\fR continue with any subsequent port tests. .PP Example: .PP .Vb 2 \& check host mmonit.com with address mmonit.com \& if failed ping then alert # IPv4 or IPv6 \& \& check host mmonit.com with address 62.109.39.247 \& if failed ping then alert # Address is IPv4 so IPv4 is preferred .Ve .PP or test that the system is explicit accessible via IPv4 and IPv6: .PP .Vb 3 \& check host mmonit.com with address mmonit.com \& if failed ping4 then alert # IPv4 only \& if failed ping6 then alert # IPv6 only .Ve .PP or with all parameters; Send five 128 byte pings to mmonit.com and wait for up to 10 seconds for a reply .PP .Vb 2 \& check host mmonit.com with address mmonit.com \& if failed ping count 5 size 128 with timeout 10 seconds then alert .Ve .PP You can also watch host, that is supposed to be offline: .PP .Vb 2 \& check host offlinehost with address 192.168.100.50 \& if succeeded ping then alert .Ve .SS "\s-1CONNECTION TESTS\s0" .IX Subsection "CONNECTION TESTS" Monit can perform connection testing via network ports or via Unix sockets. A connection test may only be used within a process or host service type context. .PP If a service listens on one or more sockets, Monit can connect to the port (using \s-1TCP\s0 or \s-1UDP\s0) and verify that the service will accept a connection and that it is possible to write and read from the socket. If a connection is not accepted or if there is a problem with socket I/O, Monit will execute a specified action. .PP For \s-1TCP/UDP\s0 ports monit can alert on successful connection, e.g. when a service like mysql should not be publicly available. .PP \&\s-1TCP/UDP\s0 port test syntax: .PP .Vb 10 \& IF \& [HOST string] \& \& [ADDRESS string] \& [IPV4 | IPV6] \& [TYPE ] \& [ [with options {...}] \& [CERTIFICATE CHECKSUM [MD5|SHA1] string] \& [CERTIFICATE VALID for number DAYS] \& [PROTOCOL protocol | "string",...] \& [RESPONSETIME number ] \& [TIMEOUT number SECONDS] \& [RETRY number] \& THEN action .Ve .PP Unix socket test syntax: .PP .Vb 8 \& IF \& \& [TYPE ] \& [PROTOCOL protocol | "string",...] \& [RESPONSETIME number ] \& [TIMEOUT number SECONDS] \& [RETRY number] \& THEN action .Ve .PP Examples: .PP .Vb 1 \& if failed port 80 then alert \& \& if failed port 53 type udp protocol dns then alert \& \& if succeeded host example.org port 3306 type tcp protocol mysql then alert \& \& if failed unixsocket /var/run/sophie then alert .Ve .PP Options: .PP \&\fI\s-1HOST\s0 hostname\fR. Optionally specify the host to connect to. If the host is not given then localhost is assumed if this test is used inside a process entry. If this test is used inside a remote host entry then the entry's remote host is assumed. .PP \&\fI\s-1PORT\s0 number\fR. The port number to connect to .PP \&\fI\s-1UNIXSOCKET\s0 path\fR. Specifies the path to a Unix socket (local machine only). .PP \&\fI\s-1ADDRESS\s0 string\fR. The source \s-1IP\s0 address to use. .PP \&\fI\s-1IPV4\s0 | \s-1IPV6\s0 \fR. Optionally specify the \s-1IP\s0 version Monit should use when trying to connect to the port. If not used, Monit will try to connect to the first available address (IPv4 or IPv6). If multiple addresses are available and connection to one address failed, Monit will try the next address and so on until a connection succeed or until there are no more addresses left to try. .PP \&\fI\s-1TYPE\s0 [\s-1TCP\s0 | \s-1UDP\s0]\fR. Optionally specify the socket type Monit should use when trying to connect to the port. The different socket types are: \s-1TCP\s0 or \s-1UDP,\s0 where \s-1TCP\s0 is a regular stream based socket, \s-1UDP,\s0 a datagram socket. The default socket type is \s-1TCP.\s0 .PP \&\fI[\s-1SSL\s0 | \s-1TLS\s0] [with options {...}]\fR. Set \s-1SSL/TLS\s0 options and override global/default \s-1SSL\s0 options. You can set the \&\s-1SSL/TLS\s0 version to use, whether to verify certificates, trust self-signed certificates or set the \s-1SSL\s0 client certificates database-file for client certificate authentication. .PP \&\fI\s-1CERTIFICATE CHECKSUM\s0 [MD5|SHA1] hash\fR. Verify the \s-1SSL\s0 server certificate by checking its checksum. You can use either \&\s-1MD5\s0 or \s-1SHA1\s0 checksum (if you don't specify the type, Monit will determine the digest based on the hash length). You can use the \&\fIopenssl\fR command line tool to get the checksum value for your certificate, which you can then use in Monit's control file: .PP .Vb 1 \& openssl x509 \-fingerprint \-sha1 \-in server.crt | head \-1 | cut \-f2 \-d\*(Aq=\*(Aq .Ve .PP Example: .PP .Vb 5 \& if failed \& port 443 \& protocol https \& and certificate checksum = "1ED948A6F4258ACAB964227EF4EB19FCC453B0F8" \& then alert .Ve .PP \&\fI\s-1CERTIFICATE VALID\s0 for number \s-1DAYS\s0\fR. Send an alert if the certificate will expire in the given number of days. This test is pretty useful to get a notification when it is time to renew your \s-1SSL\s0 certificate. .PP Example: .PP .Vb 5 \& if failed \& port 443 \& protocol https \& and certificate valid > 30 days \& then alert .Ve .PP \&\fI\s-1PROTOCOL\s0 protocol\fR. Optionally specify the protocol Monit should speak when a connection is established. At the moment Monit knows how to speak: \fIAPACHE-STATUS\fR \fI\s-1DNS\s0\fR \fI\s-1DWP\s0\fR \fI\s-1FAIL2BAN\s0\fR \fI\s-1FTP\s0\fR \fI\s-1GPS\s0\fR \fI\s-1HTTP\s0\fR \fI\s-1HTTPS\s0\fR \fI\s-1IMAP\s0\fR \fI\s-1IMAPS\s0\fR \fI\s-1CLAMAV\s0\fR \fI\s-1LDAP2\s0\fR \fI\s-1LDAP3\s0\fR \fI\s-1LMTP\s0\fR \fI\s-1MEMCACHE\s0\fR \fI\s-1MONGODB\s0\fR \fI\s-1MQTT\s0\fR \fI\s-1MYSQL\s0\fR \fI\s-1MYSQLS\s0\fR \fI\s-1NNTP\s0\fR \fI\s-1NTP3\s0\fR \fI\s-1PGSQL\s0\fR \fI\s-1POP\s0\fR \fI\s-1POPS\s0\fR \fIPOSTFIX-POLICY\fR \fI\s-1RADIUS\s0\fR \fI\s-1RDATE\s0\fR \fI\s-1REDIS\s0\fR \fI\s-1RSYNC\s0\fR \fI\s-1SIEVE\s0\fR \fI\s-1SIP\s0\fR \fI\s-1SMTP\s0\fR \fI\s-1SMTPS\s0\fR \fI\s-1SPAMASSASSIN\s0\fR \fI\s-1SSH\s0\fR \fI\s-1TNS\s0\fR \fI\s-1WEBSOCKET\s0\fR .PP If the target server's protocol is not found in this list, simply do not specify the protocol and Monit will use a default connection test. .PP \&\fI\s-1RESPONSETIME\s0\fR parameter sets the response time limit. .PP \&\fI\s-1TIMEOUT\s0 number \s-1SECONDS\s0\fR. Optionally specifies the connect and read timeout for the connection. If Monit cannot connect to the server within this time it will assume that the connection failed and execute the specified action. The default connect timeout is 5 seconds. .PP \&\fI\s-1RETRY\s0 number\fR. Optionally specifies the number of consecutive retries within the same testing cycle in the case that the connection failed. The default is fail on first error. .PP \&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R", \&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0 .PP \fISpecific protocol test options\fR .IX Subsection "Specific protocol test options" .PP \s-1GENERIC\s0 (\s-1SEND/EXPECT\s0) .IX Subsection "GENERIC (SEND/EXPECT)" .PP If Monit does not support the protocol spoken by the server, you can write your own protocol-test using \fIsend\fR and \fIexpect\fR strings. The \fI\s-1SEND\s0\fR statement sends a string to the server port and the \fI\s-1EXPECT\s0\fR statement compares a string read from the server with the string given in the expect statement. .PP Syntax: .PP .Vb 1 \& [ "string"]+ .Ve .PP Monit will send a string as it is, and you \fBmust\fR remember to include \s-1CR\s0 and \s-1LF\s0 in the string sent to the server if the protocol expects such characters to terminate a string (most text based protocols used over Internet do). .PP Monit will by default read up to 255 bytes from the server and use this string when comparing the \s-1EXPECT\s0 string. You can override the default value using the set limits statement. .PP You can use non-printable characters in a \s-1SEND\s0 string if needed. Use the hex notation, \e0xHEXHEX to send any char in the range \&\e0x00\-\e0xFF, that is, 0\-255 in decimal. For example, to test a Quake 3 server: .PP .Vb 2 \& send "\e0xFF\e0xFF\e0xFF\e0xFFgetstatus" \& expect "sv_floodProtect|sv_maxPing" .Ve .PP If your system supports \s-1POSIX\s0 regular expressions, you can use regular expressions in the \s-1EXPECT\s0 string, see \fBregex\fR\|(7) to learn more about the types of regular expressions you can use in an expect string. .PP Since both regex and string compare operates on a zero terminated string, you cannot test for '\e0' in an \s-1EXPECT\s0 buffer since this character marks the end of the buffer. However, we escape '\e0' in the expect buffer as \*(L"\e0\*(R" which you can test for. That is, '\e' followed by the ascii value for 0. For instance, here is how to test for an expect string that starts with zero followed by any number of characters. .PP .Vb 1 \& expect "^[\e\e]0.*" .Ve .PP Here is a simple \s-1SMTP\s0 protocol example: .PP .Vb 7 \& if failed \& port 25 and \& expect "^220.*" \& send "HELO localhost.localdomain\er\en" \& expect "^250.*" \& send "QUIT\er\en" \& then alert .Ve .PP \&\s-1SEND/EXPECT\s0 can be used with any socket type, such as \s-1TCP\s0 sockets, \&\s-1UNIX\s0 sockets and \s-1UDP\s0 sockets. .PP \s-1HTTP\s0 .IX Subsection "HTTP" .PP Syntax: .PP .Vb 9 \& PROTO(COL) HTTP \& [USERNAME "string"] \& [PASSWORD "string"] \& [REQUEST "string"] \& [METHOD ] \& [STATUS operator number] \& [CHECKSUM checksum] \& [HTTP HEADERS list of headers] \& [CONTENT < "=" | "!=" > STRING] .Ve .PP \&\fI\s-1USERNAME\s0\fR is an optional username for Basic authentication .PP \&\fI\s-1PASSWORD\s0\fR is an optional password for Basic authentication .PP \&\fI\s-1REQUEST\s0\fR option can set an \s-1URL\s0 string specifying a document on the \&\s-1HTTP\s0 server. If the request statement isn't specified, the default \*(L"/\*(R" page will be requested. .PP For example: .PP .Vb 5 \& if failed \& port 80 \& protocol http \& request "/data/show?a=b&c=d" \& then restart .Ve .PP \&\fI\s-1METHOD\s0\fR set the \s-1HTTP\s0 request method. If not specified, Monit prefers the \s-1HTTP GET\s0 request method, which is more common then the \s-1HEAD\s0 method. One may want to set the method explicitly to \s-1HEAD\s0 to save the network bandwidth. .PP \&\fI\s-1STATUS\s0\fR option can be used to explicitly test the \s-1HTTP\s0 status code returned by the \s-1HTTP\s0 server. If not used, the \s-1HTTP\s0 protocol test will fail if the status code returned is greater than or equal to 400. You can override this behaviour by using the \fIstatus\fR qualifier. .PP For example to test that a page does \fBnot\fR exist (the \s-1HTTP\s0 server should return 404 in this case): .PP .Vb 6 \& if failed \& port 80 \& protocol http \& request "/non/existent.php" \& status = 404 \& then alert .Ve .PP \&\fI\s-1CHECKSUM\s0\fR You can test the checksum of documents returned by a \s-1HTTP\s0 server. Either \s-1MD5\s0 or \s-1SHA1\s0 hash can be used. Monit will \fBnot\fR test the checksum for a document if the server does not set the \s-1HTTP\s0 \&\fIContent-Length\fR header. A \s-1HTTP\s0 server should set this header when it server a static document (i.e. a file). There are no limitation on the document size, but keep in mind that Monit will use time to download the document over the network to compute the checksum. .PP Example: .PP .Vb 6 \& if failed \& port 80 \& protocol http \& request "/page.html" \& checksum 8f7f419955cefa0b33a2ba316cba3659 \& then alert .Ve .PP \&\fI\s-1HTTP HEADERS\s0\fR can be used to send a list of \s-1HTTP\s0 headers when using the \s-1HTTP\s0 protocol test. For instance, the host header. If the host header is not set, Monit will use the hostname or IP-address of the host as specified in the check host statement. Specifying a host header is useful if you want to connect to and test a name-based virtual host. The syntax for setting \s-1HTTP\s0 headers is .PP .Vb 1 \& http headers [name:value, name:value,..] .Ve .PP where each name:value pair is separated with ','. If you need to use ':' in the value string, for instance to set port number for a host header, you must enclose the value in quotes. For example, .PP .Vb 1 \& http headers [Host: "mmonit.com:443"] .Ve .PP In a check host context, using this statement might look like .PP .Vb 7 \& check host mmonit.com with address mmonit.com \& if failed \& port 80 protocol http \& with http headers [Host: mmonit.com, Cache\-Control: no\-cache, \& Cookie: csrftoken=nj1bI3CnMCaiNv4beqo8ZaCfAQQvpgLH] \& and request /monit/ with content = "Monit [0\-9.]+" \& then alert .Ve .PP Setting \s-1HTTP\s0 headers is associated with the \s-1HTTP\s0 protocol test and must come before \fIrequest\fR as in the example above. .PP The \fI\s-1CONTENT\s0\fR option sets the pattern which is expected in the data returned by the server. If the pattern doesn't match, the test fails. In the example above, if the server does not return a page with the name Monit followed by a version number the test will fail. .PP By default, at maximum 1MB of content is inspected. You can increase this limit using the set limits statement. .PP For example: .PP .Vb 5 \& if failed \& port 80 \& protocol http \& content = "foobar [0\-9.]+" \& then alert .Ve .PP APACHE-STATUS .IX Subsection "APACHE-STATUS" .PP The \fIAPACHE-STATUS\fR test allows one to check server performance by examination of the status page generated by Apache's mod_status, which is expected to be at its default address of http://www.example.com/server\-status. .PP Syntax: .PP .Vb 1 \& PROTOCOL APACHE\-STATUS [PATH ] [USERNAME ] [PASSWORD ] [ ]+ .Ve .PP \&\fI\s-1PATH\s0\fR is an optional path to apache status (\*(L"/server\-status\*(R" by default) .PP \&\fI\s-1USERNAME\s0\fR is an optional username for Basic authentication .PP \&\fI\s-1PASSWORD\s0\fR is an optional password for Basic authentication .PP \&\fIproperty\fR is acronym for child status: .PP .Vb 10 \& (1) logging (loglimit) \& (2) closing connections (closelimit) \& (3) performing DNS lookups (dnslimit) \& (4) in keepalive with a client (keepalivelimit) \& (5) replying to a client (replylimit) \& (6) receiving a request (requestlimit) \& (7) initialising (startlimit) \& (8) waiting for incoming connections (waitlimit) \& (9) gracefully closing down (gracefullimit) \& (10) performing cleanup procedures (cleanuplimit) .Ve .PP \&\fIoperator\fR is one of \*(L"<\*(R", \*(L"=\*(R", \*(L">\*(R". .PP \&\fInumber\fR is percentile numeric limit. .PP Each of these limits can be compared against a value relative to the total number of active Apache child processes. .PP You can combine all of these tests into one expression or you can choose to test a certain limit only. If you combine the limits you must connect them together using the \s-1OR\s0 keyword. .PP Example: .PP .Vb 5 \& if failed port 80 protocol apache\-status \& loglimit > 10% or \& dnslimit > 50% or \& waitlimit < 20% \& then alert .Ve .PP \s-1MQTT\s0 .IX Subsection "MQTT" .PP Syntax: .PP .Vb 1 \& PROTOCOL MQTT [USERNAME string PASSWORD string] .Ve .PP \&\fI\s-1USERNAME\s0\fR \s-1MQTT\s0 username .PP \&\fI\s-1PASSWORD\s0\fR \s-1MQTT\s0 password .PP Username and password (credentials) are \fBoptional\fR. If not used, Monit will try anonymous connect, which may trigger authorization error => credentials are recommended unless your server allows anonymous connect. .PP Example: .PP .Vb 4 \& check process mosquitto with pidfile /var/run/mosquitto.pid \& start program = "/sbin/start mosquitto" \& stop program = "/sbin/stop mosquitto" \& if failed port 1883 protocol mqtt then alert .Ve .PP \s-1MYSQL\s0 .IX Subsection "MYSQL" .PP Syntax: .PP .Vb 1 \& PROTOCOL MYSQL[S] [USERNAME string PASSWORD string [RSAKEY CHECKSUM string]] .Ve .PP \&\fI\s-1USERNAME\s0\fR MySQL username. .PP \&\fI\s-1PASSWORD\s0\fR MySQL password (special characters can be used, but for non-alphanumerics the password has to be quoted). .PP \&\fI\s-1RSKEY CHECKSUM\s0\fR If you use unsecured connection (plain \s-1MYSQL\s0 without \s-1TLS\s0), you can set the expected \s-1MD5\s0 or \s-1SHA1\s0 checksum of the server's \s-1RSA\s0 key to protect afainst man-in-the-middle attacks. Monit will check the key fingerprint before sending the password to the server. .PP Username and password (credentials) are \fBoptional\fR and if not set, Monit will perform the test using anonymous login. This can cause an authentication error to be logged in your MySQL log, depending on your MySQL configuration. .PP If credentials are set, Monit will try to login. Monit does not require any database privileges, it just needs the database user. You might want to create standalone user for Monit to use when testing, for example: .PP .Vb 2 \& CREATE USER \*(Aqmonit\*(Aq@\*(Aqhost_from_which_monit_performs_testing\*(Aq IDENTIFIED BY \*(Aqmysecretpassword\*(Aq; \& FLUSH PRIVILEGES; .Ve .PP Example: .PP .Vb 7 \& check process mysql with pidfile /var/run/mysqld/mysqld.pid \& start program = "/sbin/start mysql" \& stop program = "/sbin/stop mysql" \& if failed \& port 3306 \& protocol mysql username "foo" password "bar" \& then alert .Ve .PP or with unix-socket start/stop commands .PP .Vb 7 \& check process mysql with pidfile /var/run/mysqld/mysqld.pid \& start program = "/usr/local/mysql/support\-files/mysql.server start" \& stop program = "/usr/local/mysql/support\-files/mysql.server stop" \& if failed \& unixsocket /tmp/mysql.sock \& protocol mysql username "foo" password "bar" \& then alert .Ve .PP You can enable the \s-1TLS\s0 encryption for the test by using \s-1MYSQLS\s0 as protocol name: .PP .Vb 4 \& if failed \& port 3306 \& protocol mysqls username "foo" password "bar" \& then alert .Ve .PP \s-1PGSQL\s0 .IX Subsection "PGSQL" .PP Syntax: .PP .Vb 1 \& PROTOCOL PGSQL [USERNAME string] [PASSWORD string] [DATABASE string]] .Ve .PP \&\fI\s-1USERNAME\s0\fR PostgreSQL username. .PP \&\fI\s-1PASSWORD\s0\fR PostgreSQL password (special characters can be used, but for non-alphanumerics the password has to be quoted). .PP \&\fI\s-1DATABASE\s0\fR PostgreSQL database (defaults to the database that matches the username if not set). .PP Username and password (credentials) are \fBoptional\fR and if not set, Monit will perform the test with hardcoded user=root and database=root, which may trigger errors in PostgreSQL logs. .PP If credentials are set, Monit will try to login. You might want to create standalone user for Monit to use when testing. .PP Monit currently supports only 'password' and 'md5' PostgreSQL authentication methods. If the server asks for authentication method that Monit doesn't support (such as 'scram\-sha\-256'), Monit terminates the connection and the test succeeds (although monit cannot authenticate, the server is communicating). .PP To allow access to Monit for testing purposes, one can create an account and allow access for example like this: .PP PostgreSQL pg_hba.conf entry example: .PP .Vb 2 \& # TYPE DATABASE USER ADDRESS METHOD \& host test monit 127.0.0.1/32 md5 .Ve .PP Monit configurations example: .PP .Vb 7 \& check process postgresql with pidfile /var/run/postgresql/12\-main.pid \& start program = "/bin/systemctl postgresql start" \& stop program = "/bin/systemctl postgresql stop" \& if failed \& port 5432 \& protocol pgsql username "monit" password "123456" database "test" \& then alert .Ve .PP \s-1RADIUS\s0 .IX Subsection "RADIUS" .PP Syntax: .PP .Vb 1 \& PROTOCOL RADIUS [SECRET string] .Ve .PP \&\fI\s-1SECRET\s0\fR you may specify an alternative secret, default is \*(L"testing123\*(R". .PP For example: .PP .Vb 7 \& check process radiusd with pidfile /var/run/radiusd.pid \& start program = "/etc/init.d/freeradius start" \& stop program = "/etc/init.d/freeradius stop" \& if failed \& host 127.0.0.1 port 1812 type udp protocol radius \& secret pingpong \& then alert .Ve .PP \s-1SIP\s0 .IX Subsection "SIP" .PP The \s-1SIP\s0 protocol is used by communication platform servers such as Asterisk and FreeSWITCH. .PP Syntax: .PP .Vb 1 \& PROTOCOL SIP [TARGET valid@uri] [MAXFORWARD n] .Ve .PP \&\fI\s-1TARGET\s0\fR you may specify an alternative recipient for the message, by adding a valid sip uri after this keyword. .PP \&\fI\s-1MAXFORWARD\s0\fR Limit the number of proxies or gateways that can forward the request to the next server. It's value is an integer in the range 0\-255, set by default to 70. If max-forward = 0, the next server may respond 200 \s-1OK\s0 (test succeeded) or send a 483 Too Many Hops (test failed) .PP For example: .PP .Vb 5 \& check host openser_all with address 127.0.0.1 \& if failed \& port 5060 type udp protocol sip \& with target "localhost:5060" and maxforward 6 \& then alert .Ve .PP \s-1SMTP\s0 .IX Subsection "SMTP" .PP Syntax: .PP .Vb 1 \& PROTOCOL SMTP[S] [USERNAME string PASSWORD string] .Ve .PP \&\fI\s-1USERNAME\s0\fR \s-1SMTP\s0 username. .PP \&\fI\s-1PASSWORD\s0\fR \s-1SMTP\s0 password (special characters can be used, but for non-alphanumerics the password has to be quoted). .PP Credentials are \fIoptional\fR and when used will perform authentication during testing so you can test that authentication also works. We recommend using \fIsmtps\fR if authentication is to be used to encrypt the communication. If no credentials are set, Monit will just perform a basic protocol test. .PP Example: .PP .Vb 7 \& check process postfix with pidfile /var/spool/postfix/pid/master.pid \& start program = "/etc/init.d/postfix start" \& stop program = "/etc/init.d/postfix stop" \& if failed \& port 25 \& protocol smtp \& then alert .Ve .PP Example using authentication and \s-1STARTTLS/SMTPS:\s0 .PP .Vb 9 \& check process postfix with pidfile /var/spool/postfix/pid/master.pid \& start program = "/etc/init.d/postfix start" \& stop program = "/etc/init.d/postfix stop" \& if failed \& port 25 \& protocol smtps \& username "foo" \& password "bar" \& then alert .Ve .PP \s-1WEBSOCKET\s0 .IX Subsection "WEBSOCKET" .PP Syntax: .PP .Vb 5 \& PROTOCOL WEBSOCKET \& [REQUEST string] \& [HOST string] \& [ORIGIN string] \& [VERSION number] .Ve .PP \&\fI\s-1HOST\s0\fR you may specify an alternative Host header .PP \&\fI\s-1REQUEST\s0\fR you may specify an alternative request, default is \*(L"/\*(R" .PP \&\fI\s-1ORIGIN\s0\fR you may specify an alternative origin, default is \*(L"https://mmonit.com\*(R" .PP \&\fI\s-1VERSION\s0\fR you may specify an alternative version, default is \*(L"0\*(R" .PP For example: .PP .Vb 8 \& check host websocket.org with address "echo.websocket.org" \& if failed \& port 80 protocol websocket \& host "echo.websocket.org" \& request "/" \& origin \*(Aqhttp://websocket.com\*(Aq \& version 13 \& then alert .Ve .SH "MANAGE YOUR MONIT INSTANCES" .IX Header "MANAGE YOUR MONIT INSTANCES" M/Monit expands on Monit's capabilities and provides monitoring and management of all your Monit enabled hosts. .PP M/Monit uses Monit as an agent. With regular intervals, Monit sends a status message to M/Monit with a snapshot of the host it is running on. .PP M/Monit presents the collected data in charts and event logs and give you the option to view key performance data of all your hosts in a modern, clean and well designed user interface which also works on mobile devices. .PP From M/Monit, you can also start, stop and restart services on your hosts running Monit. .PP To send data to M/Monit, add the following statement to your Monit control file: .PP .Vb 3 \& SET MMONIT \& [TIMEOUT SECONDS] \& [REGISTER WITHOUT CREDENTIALS] .Ve .PP Example: .PP .Vb 1 \& set mmonit https://monit:monit@192.168.1.10:8443/collector .Ve .PP Monit will register itself in M/Monit and will start sending status and event messages to M/Monit. We recommend using \fIhttps\fR as in the example above to ensure that the communication between Monit and M/Monit is secure. .PP The password should be \s-1URL\s0 encoded if it contains URL-significant characters like \*(L":\*(R", \*(L"?\*(R", \*(L"@\*(R". .PP The default timeout is 5 seconds, you can customise the timeout using the \fI\s-1TIMEOUT\s0\fR option. .PP When Monit registers itself in M/Monit it sends credentials that can be used to perform service actions from M/Monit. You can disable sending credentials by using \fI\s-1REGISTER WITHOUT CREDENTIALS\s0\fR and instead manually add credentials in M/Monit. .SH "CONFIGURATION EXAMPLES" .IX Header "CONFIGURATION EXAMPLES" The simplest form is just the check statement. In this example we check to see if our web server is running and raise an alert if not: .PP .Vb 1 \& check process nginx with pidfile /var/run/nginx.pid .Ve .PP To have Monit start the server if it's not running, add a start statement: .PP .Vb 2 \& check process nginx with pidfile /var/run/nginx.pid \& start program = "/etc/init.d/nginx start" .Ve .PP Here's a more advanced example for monitoring an apache web-server listening on the default port number for \s-1HTTP\s0 and \s-1HTTPS.\s0 In this example Monit will restart apache if it's not accepting connections at the port numbers. The method Monit use for restart is to first execute the stop-program, then wait (up to 30s) for the process to stop and then execute the start-program and wait (30s) for it to start. The length of start or stop wait can be overridden using the 'timeout' option. If Monit was unable to stop or start the service a failed alert message will be sent if you have requested alert messages to be sent. .PP .Vb 5 \& check process apache with pidfile /var/run/httpd.pid \& start program = "/etc/init.d/httpd start" with timeout 60 seconds \& stop program = "/etc/init.d/httpd stop" \& if failed port 80 for 2 cycles then restart \& if failed port 443 for 2 cycles then restart .Ve .PP This example demonstrate how you can run a program as a specified user (uid) and with a specified group (gid). Many daemon programs can do the uid and gid switch by themselves, but for those programs that does not (e.g. Java programs), monit's ability to start a program as a certain user can be very useful. In this example we start the Tomcat Java Servlet Engine as the standard \fInobody\fR user and group. Please note that Monit can only switch uid and gid for the program if the super-user is running Monit, otherwise Monit will simply ignore the request to change uid and gid. .PP .Vb 7 \& check process tomcat with pidfile /var/run/tomcat.pid \& start program = "/etc/init.d/tomcat start" \& as uid "nobody" and gid "nobody" \& stop program = "/etc/init.d/tomcat stop" \& # You can also use id numbers instead and write: \& as uid 99 and with gid 99 \& if failed port 8080 then alert .Ve .PP In this example we use udp for connection testing to check if the name-server is running: .PP .Vb 4 \& check process named with pidfile /var/run/named.pid \& start program = "/etc/init.d/named start" \& stop program = "/etc/init.d/named stop" \& if failed port 53 use type udp protocol dns then restart .Ve .PP The following example illustrates how to check if the service \&'sophie' is answering connections on its Unix domain socket: .PP .Vb 4 \& check process sophie with pidfile /var/run/sophie.pid \& start program = "/etc/init.d/sophie start" \& stop program = "/etc/init.d/sophie stop" \& if failed unix /var/run/sophie then restart .Ve .PP In this example we check an apache web-server running on localhost which answers for several IP-based virtual hosts or vhosts, hence the host statement before port: .PP .Vb 6 \& check process apache with pidfile /var/run/httpd.pid \& start "/etc/init.d/httpd start" \& stop "/etc/init.d/httpd stop" \& if failed host www.sol.no port 80 then alert \& if failed host shop.sol.no port 443 then alert \& if failed host chat.sol.no port 80 then alert .Ve .PP To make sure that Monit is communicating with a \s-1HTTP\s0 server a protocol test can be added: .PP .Vb 6 \& check process apache with pidfile /var/run/httpd.pid \& start "/etc/init.d/httpd start" \& stop "/etc/init.d/httpd stop" \& if failed \& host www.sol.no port 80 protocol http \& then alert .Ve .PP This example demonstrate a different way to check a web-server using the send/expect mechanism: .PP .Vb 8 \& check process apache with pidfile /var/run/httpd.pid \& start "/etc/init.d/httpd start" \& stop "/etc/init.d/httpd stop" \& if failed \& host www.sol.no port 80 and \& send "GET / HTTP/1.1\er\enHost: www.sol.no\er\en\er\en" \& expect "HTTP/[0\-9\e.]{3} 200.*" \& then alert .Ve .PP Here we ping a remote host to check if it is up and if not, send an alert: .PP .Vb 2 \& check host www.tildeslash.com with address www.tildeslash.com \& if failed ping then alert .Ve .PP In the following example we ask Monit to compute and verify the checksum for the underlying apache binary used by the start and stop programs. If the checksum test should fail, monitoring will be disabled to prevent possibly restarting a compromised binary: .PP .Vb 5 \& check process apache with pidfile /var/run/httpd.pid \& start program = "/etc/init.d/httpd start" \& stop program = "/etc/init.d/httpd stop" \& if failed host www.tildeslash.com port 80 then restart \& depends on apache_bin \& \& check file apache_bin with path /usr/local/apache/bin/httpd \& if failed checksum then unmonitor .Ve .PP In this example we ask Monit to test a document's checksum on a remote server. If the checksum was changed we send an alert: .PP .Vb 6 \& check host mmonit.com with address mmonit.com \& if failed \& port 80 protocol http and \& request "/monit/dist/monit\-5.7.tar.gz" \& with checksum f9d26b8393736b5dfad837bb13780786 \& then alert .Ve .PP Here are a couple of tests for some popular communication servers, using the \s-1SIP\s0 protocol. First we test a FreeSWITCH server and then an Asterisk server .PP .Vb 12 \& check process freeswitch \& with pidfile /usr/local/freeswitch/log/freeswitch.pid \& start program = "/usr/local/freeswitch/bin/freeswitch \-nc \-hp" \& stop program = "/usr/local/freeswitch/bin/freeswitch \-stop" \& if total memory > 1000.0 MB for 5 cycles then alert \& if total memory > 1500.0 MB for 5 cycles then alert \& if total memory > 2000.0 MB for 5 cycles then restart \& if cpu > 60% for 5 cycles then alert \& if failed \& port 5060 type udp protocol SIP \& target me@foo.bar and maxforward 10 \& then restart \& \& check process asterisk \& with pidfile /var/run/asterisk/asterisk.pid \& start program = "/usr/sbin/asterisk" \& stop program = "/usr/sbin/asterisk \-r \-x \*(Aqshutdown now\*(Aq" \& if total memory > 1000.0 MB for 5 cycles then alert \& if total memory > 1500.0 MB for 5 cycles then alert \& if total memory > 2000.0 MB for 5 cycles then restart \& if cpu > 60% for 5 cycles then alert \& if failed \& port 5060 type udp protocol SIP \& and target me@foo.bar maxforward 10 \& then restart .Ve .PP Some servers are slow starters, like for example Java based Application Servers. If we want to keep the poll-cycle low (i.e. < 60 seconds) but allow some services to take its time to start, the \fBevery\fR statement is handy: .PP .Vb 4 \& check process dynamo with pidfile /etc/dynamo.pid every 2 cycles \& start program = "/etc/init.d/dynamo start" \& stop program = "/etc/init.d/dynamo stop" \& if failed port 8840 then alert .Ve .PP Here is an example where we group together two database entries so you can manage them together, e.g.; 'Monit \-g database start all'. The mode statement is also illustrated in the first entry and have the effect that Monit will not try to (re)start this service if it is not running: .PP .Vb 5 \& check process sybase with pidfile /var/run/sybase.pid \& start = "/etc/init.d/sybase start" \& stop = "/etc/init.d/sybase stop" \& mode passive \& group database \& \& check process oracle with pidfile /var/run/oracle.pid \& start program = "/etc/init.d/oracle start" \& stop program = "/etc/init.d/oracle stop" \& if failed \& port 9001 protocol tns \& then restart \& group database .Ve .PP This resource checks example will send an alert if \s-1CPU\s0 usage of the Apache's \s-1HTTP\s0 daemon and its child processes goes beyond 60% for two cycles. Apache is restarted if the \s-1CPU\s0 usage is over 80% for five cycles or the memory usage is over 100Mb for five cycles: .PP .Vb 7 \& check process apache with pidfile /var/run/httpd.pid \& start program = "/etc/init.d/httpd start" \& stop program = "/etc/init.d/httpd stop" \& if cpu > 40% for 2 cycles then alert \& if total cpu > 60% for 2 cycles then alert \& if total cpu > 80% for 5 cycles then restart \& if mem > 100 MB for 5 cycles then stop .Ve .PP This examples demonstrate the timestamp statement with exec and how you may restart apache if its configuration file was changed. .PP .Vb 3 \& check file httpd.conf with path /etc/httpd/httpd.conf \& if changed timestamp \& then exec "/etc/init.d/httpd graceful" .Ve .PP In this example we demonstrate usage of the extended alert statement and a file check dependency: .PP .Vb 10 \& check process apache with pidfile /var/run/httpd.pid \& start = "/etc/init.d/httpd start" \& stop = "/etc/init.d/httpd stop" \& alert admin@bar on {nonexist, timeout} \& with mail\-format { \& from: bofh@$HOST \& subject: apache $EVENT \- $ACTION \& message: This event occurred on $HOST at $DATE. \& Your faithful employee, \& monit \& } \& if failed host www.tildeslash.com port 80 then restart \& depend httpd_bin \& group apache \& \& check file httpd_bin with path /usr/local/apache/bin/httpd \& alert security@bar on {checksum, timestamp, \& permission, uid, gid} \& with mail\-format {subject: Alaaarrm! on $HOST} \& if failed checksum \& and expect 8f7f419955cefa0b33a2ba316cba3659 \& then unmonitor \& if failed permission 755 then unmonitor \& if failed uid "root" then unmonitor \& if failed gid "root" then unmonitor \& if changed timestamp then alert \& group apache .Ve .PP In this example, we demonstrate usage of the depend statement. In this case, we want to start oracle and apache. However, we've set up apache to use oracle as a back end, and if oracle is restarted, apache must be restarted as well. .PP .Vb 4 \& check process apache with pidfile /var/run/httpd.pid \& start = "/etc/init.d/httpd start" \& stop = "/etc/init.d/httpd stop" \& depends on oracle \& \& check process oracle with pidfile /var/run/oracle.pid \& start = "/etc/init.d/oracle start" \& stop = "/etc/init.d/oracle stop" \& if failed port 9001 for 5 cycles then restart .Ve .PP Next, we have 2 services, oracle-import and oracle-export that need to be restarted if oracle is restarted, but are independent of each other. .PP .Vb 4 \& check process oracle with pidfile /var/run/oracle.pid \& start = "/etc/init.d/oracle start" \& stop = "/etc/init.d/oracle stop" \& if failed port 9001 for 3 cycles then restart \& \& check process oracle\-import \& with pidfile /var/run/oracle\-import.pid \& start = "/etc/init.d/oracle\-import start" \& stop = "/etc/init.d/oracle\-import stop" \& depends on oracle \& \& check process oracle\-export \& with pidfile /var/run/oracle\-export.pid \& start = "/etc/init.d/oracle\-export start" \& stop = "/etc/init.d/oracle\-export stop" \& depends on oracle .Ve .SH "FILES" .IX Header "FILES" \&\fI~/.monitrc\fR Default run control file .PP \&\fI/etc/monitrc\fR If the control file is not found in the default location and /etc contains a \fImonitrc\fR file, this file will be used instead. .PP \&\fI./monitrc\fR If the control file is not found in either of the previous two locations, and the current working directory contains a \fImonitrc\fR file, this file is used instead. .PP \&\fI~/.monit.pid\fR Lock file to help prevent concurrent runs (non-root mode). .PP \&\fI/run/monit.pid\fR Lock file to help prevent concurrent runs (root mode, Linux systems, if /run directory is available). .PP \&\fI/var/run/monit.pid\fR Lock file to help prevent concurrent runs (root mode, Linux systems). .PP \&\fI/etc/monit.pid\fR Lock file to help prevent concurrent runs (root mode, systems without /var/run). .PP \&\fI~/.monit.state\fR Monit saves its state to this file and utilises information found in this file to recover from a crash. This is a binary file and its content is only of interest to monit. You may set the location of this file in the Monit control file or by using the \-s switch when Monit is started. .PP \&\fI~/.monit.id\fR Monit save its unique id to this file. .SH "ENVIRONMENT" .IX Header "ENVIRONMENT" No environment variables are used by Monit. However, when Monit executes a start/stop/restart program or an exec action, it will set several environment variables which can be utilised by the executable to get information about the event, which triggered the action. .PP The following environment variable is set for every program executed by monit, including \fIcheck program\fR: .IP "\s-1MONIT_SERVICE\s0" 4 .IX Item "MONIT_SERVICE" The name of the service (from monitrc) for which the program is executed. .PP The following environment variables are only available in the service start/stop/restart program and exec action context: .IP "\s-1MONIT_EVENT\s0" 4 .IX Item "MONIT_EVENT" The event that occurred on the service .IP "\s-1MONIT_DESCRIPTION\s0" 4 .IX Item "MONIT_DESCRIPTION" A description of the error condition .IP "\s-1MONIT_DATE\s0" 4 .IX Item "MONIT_DATE" The time and date (\s-1RFC 822\s0 style) the event occurred .IP "\s-1MONIT_HOST\s0" 4 .IX Item "MONIT_HOST" The host the event occurred on .PP The following environment variables are only available in the \&\fIcheck process\fR start/stop/restart program and exec action context: .IP "\s-1MONIT_PROCESS_PID\s0" 4 .IX Item "MONIT_PROCESS_PID" The process pid. This may be 0 if the process was (re)started, .IP "\s-1MONIT_PROCESS_MEMORY\s0" 4 .IX Item "MONIT_PROCESS_MEMORY" Process memory. This may be 0 if the process was (re)started, .IP "\s-1MONIT_PROCESS_CHILDREN\s0" 4 .IX Item "MONIT_PROCESS_CHILDREN" Process children. This may be 0 if the process was (re)started, .IP "\s-1MONIT_PROCESS_CPU_PERCENT\s0" 4 .IX Item "MONIT_PROCESS_CPU_PERCENT" Process cpu%. This may be 0 if the process was (re)started, .PP The following environment variables are only available for \&\fIcheck program\fR start/stop/restart program and exec action context: .IP "\s-1MONIT_PROGRAM_STATUS\s0" 4 .IX Item "MONIT_PROGRAM_STATUS" The program status (exit value). .SH "SIGNALS" .IX Header "SIGNALS" If a Monit daemon is running, \s-1SIGUSR1\s0 wakes it up from its sleep phase and forces a poll of all services. \s-1SIGTERM\s0 and \s-1SIGINT\s0 will gracefully terminate a Monit daemon. The \s-1SIGTERM\s0 signal is sent to a Monit daemon if Monit is started with the \fIquit\fR action argument. .PP Sending a \s-1SIGHUP\s0 signal to a running Monit daemon will force the daemon to reinitialise itself, specifically it will reread configuration, close and reopen log files. .PP Running Monit in foreground while a background Monit daemon is running will wake up the daemon. .SH "NOTES" .IX Header "NOTES" This is a very silent program. Use the \-v switch if you want to see what Monit is doing, and tail \-f the log file. Optionally for testing purposes; you can start Monit with the \-Iv switch. Monit will then print debug information to the console, to stop monit in this mode, simply press CTRL^C (i.e. \s-1SIGINT\s0) in the same console. .PP The syntax (and parser) of the control file was inspired by Eric S. Raymond et al.'s excellent fetchmail program. Some portions of this man page also receive inspiration from the same authors. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright (C) 2001\-2022 by Tildeslash Ltd. All Rights Reserved. This product is distributed in the hope that it will be useful, but \s-1WITHOUT\s0 any warranty; without even the implied warranty of \&\s-1MERCHANTABILITY\s0 or \s-1FITNESS\s0 for a particular purpose. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1GNU\s0 text utilities; \fBmd5sum\fR\|(1); \fBsha1sum\fR\|(1); \fBopenssl\fR\|(1); \fBglob\fR\|(7); \&\fBregex\fR\|(7); \fIhttps://mmonit.com\fR