thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1108 Commits
1 Branch
Tree: 08462f5d86
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '08462f5d86'
${ noResults }
sovereign/roles/monitoring/templates/etc_monit_monitrc.j2

etc_monit_monitrc.j2 11KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274 
  1. ###############################################################################

  2. ## Monit control file

  3. ###############################################################################

  4. ##

  5. ## Comments begin with a '#' and extend through the end of the line. Keywords

  6. ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.

  7. ##

  8. ## Below you will find examples of some frequently used statements. For

  9. ## information about the control file and a complete list of statements and

  10. ## options, please have a look in the Monit manual.

  11. ##

  12. ##

  13. ###############################################################################

  14. ## Global section

  15. ###############################################################################

  16. ##

  17. ## Start Monit in the background (run as a daemon):

  18. #

  19.   set daemon 120            # check services at 2-minute intervals

  20. #   with start delay 240    # optional: delay the first check by 4-minutes (by

  21. #                           # default Monit check immediately after Monit start)

  22. #

  23. #

  24. ## Set syslog logging with the 'daemon' facility. If the FACILITY option is

  25. ## omitted, Monit will use 'user' facility by default. If you want to log to

  26. ## a standalone log file instead, specify the full path to the log file

  27. #

  28. # set logfile syslog facility log_daemon

  29.   set logfile /var/log/monit.log

  30. #

  31. #

  32. ## Set the location of the Monit id file which stores the unique id for the

  33. ## Monit instance. The id is generated and stored on first Monit start. By

  34. ## default the file is placed in $HOME/.monit.id.

  35. #

  36. # set idfile /var/.monit.id

  37.   set idfile /var/lib/monit/id

  38. #

  39. ## Set the location of the Monit state file which saves monitoring states

  40. ## on each cycle. By default the file is placed in $HOME/.monit.state. If

  41. ## the state file is stored on a persistent filesystem, Monit will recover

  42. ## the monitoring state across reboots. If it is on temporary filesystem, the

  43. ## state will be lost on reboot which may be convenient in some situations.

  44. #

  45.   set statefile /var/lib/monit/state

  46. #

  47. ## Set the list of mail servers for alert delivery. Multiple servers may be

  48. ## specified using a comma separator. If the first mail server fails, Monit

  49. # will use the second mail server in the list and so on. By default Monit uses

  50. # port 25 - it is possible to override this with the PORT option.

  51. #

  52. # set mailserver mail.bar.baz,               # primary mailserver

  53. #                backup.bar.baz port 10025,  # backup mailserver on port 10025

  54. #                localhost                   # fallback relay

  55. #

  56. 

  57. set mailserver localhost

  58. 

  59. ## By default Monit will drop alert events if no mail servers are available.

  60. ## If you want to keep the alerts for later delivery retry, you can use the

  61. ## EVENTQUEUE statement. The base directory where undelivered alerts will be

  62. ## stored is specified by the BASEDIR option. You can limit the maximal queue

  63. ## size using the SLOTS option (if omitted, the queue is limited by space

  64. ## available in the back end filesystem).

  65. #

  66.   set eventqueue

  67.       basedir /var/lib/monit/events # set the base directory where events will be stored

  68.       slots 100                     # optionally limit the queue size

  69. #

  70. #

  71. ## Send status and events to M/Monit (for more informations about M/Monit

  72. ## see http://mmonit.com/). By default Monit registers credentials with

  73. ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't

  74. ## have to register Monit credentials manually in M/Monit. It is possible to

  75. ## disable credential registration using the commented out option below.

  76. ## Though, if safety is a concern we recommend instead using https when

  77. ## communicating with M/Monit and send credentials encrypted.

  78. #

  79. # set mmonit http://monit:monit@192.168.1.10:8080/collector

  80. #     # and register without credentials     # Don't register credentials

  81. #

  82. #

  83. ## Monit by default uses the following format for alerts if the the mail-format

  84. ## statement is missing::

  85. ## --8<--

  86. ## set mail-format {

  87. ##      from: monit@$HOST

  88. ##   subject: monit alert --  $EVENT $SERVICE

  89. ##   message: $EVENT Service $SERVICE

  90. ##                 Date:        $DATE

  91. ##                 Action:      $ACTION

  92. ##                 Host:        $HOST

  93. ##                 Description: $DESCRIPTION

  94. ##

  95. ##            Your faithful employee,

  96. ##            Monit

  97. ## }

  98. ## --8<--

  99. ##

  100. ## You can override this message format or parts of it, such as subject

  101. ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.

  102. ## are expanded at runtime. For example, to override the sender, use:

  103. #

  104. # set mail-format { from: monit@foo.bar }

  105. #

  106. 

  107. set mail-format {

  108.      from: monit@{{ domain }}

  109.   subject: monit alert $HOST

  110.   message: $EVENT $SERVICE

  111. $DESCRIPTION

  112. }

  113. 

  114. #

  115. ## You can set alert recipients whom will receive alerts if/when a

  116. ## service defined in this file has errors. Alerts may be restricted on

  117. ## events by using a filter as in the second example below.

  118. #

  119. # set alert sysadm@foo.bar                       # receive all alerts

  120. # set alert manager@foo.bar only on { timeout }  # receive just service-

  121. #                                                # timeout alert

  122. #

  123. 

  124. {% for mail in monit_alert_emails %}

  125. set alert {{ mail }}

  126. {% endfor %}

  127. 

  128. #

  129. ## Monit has an embedded web server which can be used to view status of

  130. ## services monitored and manage services from a web interface. See the

  131. ## Monit Wiki if you want to enable SSL for the web server.

  132. #

  133. 

  134. set httpd port 2812 and

  135.     use address localhost  # only accept connection from localhost

  136.     allow localhost        # allow localhost to connect to the server and

  137.     allow {{ monit_admin_username }}:{{ monit_admin_password }}

  138. 

  139. #    allow @monit           # allow users of group 'monit' to connect (rw)

  140. #    allow @users readonly  # allow users of group 'users' to connect readonly

  141. #

  142. ###############################################################################

  143. ## Services

  144. ###############################################################################

  145. ##

  146. ## Check general system resources such as load average, cpu and memory

  147. ## usage. Each test specifies a resource, conditions and the action to be

  148. ## performed should a test fail.

  149. #

  150. #  check system myhost.mydomain.tld

  151. #    if loadavg (1min) > 4 then alert

  152. #    if loadavg (5min) > 2 then alert

  153. #    if memory usage > 75% then alert

  154. #    if swap usage > 25% then alert

  155. #    if cpu usage (user) > 70% then alert

  156. #    if cpu usage (system) > 30% then alert

  157. #    if cpu usage (wait) > 20% then alert

  158. #

  159. #

  160. ## Check if a file exists, checksum, permissions, uid and gid. In addition

  161. ## to alert recipients in the global section, customized alert can be sent to

  162. ## additional recipients by specifying a local alert handler. The service may

  163. ## be grouped using the GROUP option. More than one group can be specified by

  164. ## repeating the 'group name' statement.

  165. #

  166. #  check file apache_bin with path /usr/local/apache/bin/httpd

  167. #    if failed checksum and

  168. #       expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor

  169. #    if failed permission 755 then unmonitor

  170. #    if failed uid root then unmonitor

  171. #    if failed gid root then unmonitor

  172. #    alert security@foo.bar on {

  173. #           checksum, permission, uid, gid, unmonitor

  174. #        } with the mail-format { subject: Alarm! }

  175. #    group server

  176. #

  177. #

  178. ## Check that a process is running, in this case Apache, and that it respond

  179. ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,

  180. ## and number of children. If the process is not running, Monit will restart

  181. ## it by default. In case the service is restarted very often and the

  182. ## problem remains, it is possible to disable monitoring using the TIMEOUT

  183. ## statement. This service depends on another service (apache_bin) which

  184. ## is defined above.

  185. #

  186. #  check process apache with pidfile /usr/local/apache/logs/httpd.pid

  187. #    start program = "/etc/init.d/httpd start" with timeout 60 seconds

  188. #    stop program  = "/etc/init.d/httpd stop"

  189. #    if cpu > 60% for 2 cycles then alert

  190. #    if cpu > 80% for 5 cycles then restart

  191. #    if totalmem > 200.0 MB for 5 cycles then restart

  192. #    if children > 250 then restart

  193. #    if loadavg(5min) greater than 10 for 8 cycles then stop

  194. #    if failed host www.tildeslash.com port 80 protocol http

  195. #       and request "/somefile.html"

  196. #       then restart

  197. #    if failed port 443 type tcpssl protocol http

  198. #       with timeout 15 seconds

  199. #       then restart

  200. #    if 3 restarts within 5 cycles then timeout

  201. #    depends on apache_bin

  202. #    group server

  203. #

  204. #

  205. ## Check filesystem permissions, uid, gid, space and inode usage. Other services,

  206. ## such as databases, may depend on this resource and an automatically graceful

  207. ## stop may be cascaded to them before the filesystem will become full and data

  208. ## lost.

  209. #

  210. #  check filesystem datafs with path /dev/sdb1

  211. #    start program  = "/bin/mount /data"

  212. #    stop program  = "/bin/umount /data"

  213. #    if failed permission 660 then unmonitor

  214. #    if failed uid root then unmonitor

  215. #    if failed gid disk then unmonitor

  216. #    if space usage > 80% for 5 times within 15 cycles then alert

  217. #    if space usage > 99% then stop

  218. #    if inode usage > 30000 then alert

  219. #    if inode usage > 99% then stop

  220. #    group server

  221. #

  222. 

  223. check filesystem rootfs with path /

  224.     if space usage > 80% for 5 times within 15 cycles then alert

  225.     if space usage > 99% then alert

  226.     if inode usage > 80% for 5 times within 15 cycles then alert

  227.     if inode usage > 99% then alert

  228.     group server

  229. 

  230. #

  231. ## Check a file's timestamp. In this example, we test if a file is older

  232. ## than 15 minutes and assume something is wrong if its not updated. Also,

  233. ## if the file size exceed a given limit, execute a script

  234. #

  235. #  check file database with path /data/mydatabase.db

  236. #    if failed permission 700 then alert

  237. #    if failed uid data then alert

  238. #    if failed gid data then alert

  239. #    if timestamp > 15 minutes then alert

  240. #    if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba

  241. #

  242. #

  243. ## Check directory permission, uid and gid.  An event is triggered if the

  244. ## directory does not belong to the user with uid 0 and gid 0.  In addition,

  245. ## the permissions have to match the octal description of 755 (see chmod(1)).

  246. #

  247. #  check directory bin with path /bin

  248. #    if failed permission 755 then unmonitor

  249. #    if failed uid 0 then unmonitor

  250. #    if failed gid 0 then unmonitor

  251. #

  252. #

  253. ## Check a remote host availability by issuing a ping test and check the

  254. ## content of a response from a web server. Up to three pings are sent and

  255. ## connection to a port and an application level network check is performed.

  256. #

  257. #  check host myserver with address 192.168.1.1

  258. #    if failed icmp type echo count 3 with timeout 3 seconds then alert

  259. #    if failed port 3306 protocol mysql with timeout 15 seconds then alert

  260. #    if failed url http://user:password@www.foo.bar:8080/?querystring

  261. #       and content == 'action="j_security_check"'

  262. #       then alert

  263. #

  264. #

  265. ###############################################################################

  266. ## Includes

  267. ###############################################################################

  268. ##

  269. ## It is possible to include additional configuration parts from other files or

  270. ## directories.

  271. #

  272. 

  273. include /etc/monit/conf.d/*

  274. include /etc/monit/monitrc.d/*