thomas
/
sovereign
Bevaka 1
Stjärnmärk 0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Ingen beskrivning
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
1045 Incheckningar
1 Gren
Träd: 21f6ac8d7e
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '21f6ac8d7e'
${ noResults }
sovereign/roles/monitoring/templates/etc_monit_monitrc.j2

etc_monit_monitrc.j2 11KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279 
  1. ###############################################################################

  2. ## Monit control file

  3. ###############################################################################

  4. ##

  5. ## Comments begin with a '#' and extend through the end of the line. Keywords

  6. ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.

  7. ##

  8. ## Below you will find examples of some frequently used statements. For

  9. ## information about the control file and a complete list of statements and

  10. ## options, please have a look in the Monit manual.

  11. ##

  12. ##

  13. ###############################################################################

  14. ## Global section

  15. ###############################################################################

  16. ##

  17. ## Start Monit in the background (run as a daemon):

  18. #

  19.   set daemon 120            # check services at 2-minute intervals

  20. #   with start delay 240    # optional: delay the first check by 4-minutes (by

  21. #                           # default Monit check immediately after Monit start)

  22. #

  23. #

  24. ## Set syslog logging with the 'daemon' facility. If the FACILITY option is

  25. ## omitted, Monit will use 'user' facility by default. If you want to log to

  26. ## a standalone log file instead, specify the full path to the log file

  27. #

  28. # set logfile syslog facility log_daemon

  29.   set logfile /var/log/monit.log

  30. #

  31. #

  32. ## Set the location of the Monit id file which stores the unique id for the

  33. ## Monit instance. The id is generated and stored on first Monit start. By

  34. ## default the file is placed in $HOME/.monit.id.

  35. #

  36. # set idfile /var/.monit.id

  37.   set idfile /var/lib/monit/id

  38. #

  39. ## Set the location of the Monit state file which saves monitoring states

  40. ## on each cycle. By default the file is placed in $HOME/.monit.state. If

  41. ## the state file is stored on a persistent filesystem, Monit will recover

  42. ## the monitoring state across reboots. If it is on temporary filesystem, the

  43. ## state will be lost on reboot which may be convenient in some situations.

  44. #

  45.   set statefile /var/lib/monit/state

  46. #

  47. ## Set the list of mail servers for alert delivery. Multiple servers may be

  48. ## specified using a comma separator. If the first mail server fails, Monit

  49. # will use the second mail server in the list and so on. By default Monit uses

  50. # port 25 - it is possible to override this with the PORT option.

  51. #

  52. # set mailserver mail.bar.baz,               # primary mailserver

  53. #                backup.bar.baz port 10025,  # backup mailserver on port 10025

  54. #                localhost                   # fallback relay

  55. #

  56. 

  57. set mailserver localhost

  58. 

  59. ## By default Monit will drop alert events if no mail servers are available.

  60. ## If you want to keep the alerts for later delivery retry, you can use the

  61. ## EVENTQUEUE statement. The base directory where undelivered alerts will be

  62. ## stored is specified by the BASEDIR option. You can limit the maximal queue

  63. ## size using the SLOTS option (if omitted, the queue is limited by space

  64. ## available in the back end filesystem).

  65. #

  66.   set eventqueue

  67.       basedir /var/lib/monit/events # set the base directory where events will be stored

  68.       slots 100                     # optionally limit the queue size

  69. #

  70. #

  71. ## Send status and events to M/Monit (for more informations about M/Monit

  72. ## see http://mmonit.com/). By default Monit registers credentials with

  73. ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't

  74. ## have to register Monit credentials manually in M/Monit. It is possible to

  75. ## disable credential registration using the commented out option below.

  76. ## Though, if safety is a concern we recommend instead using https when

  77. ## communicating with M/Monit and send credentials encrypted.

  78. #

  79. # set mmonit http://monit:monit@192.168.1.10:8080/collector

  80. #     # and register without credentials     # Don't register credentials

  81. #

  82. #

  83. ## Monit by default uses the following format for alerts if the the mail-format

  84. ## statement is missing::

  85. ## --8<--

  86. ## set mail-format {

  87. ##      from: monit@$HOST

  88. ##   subject: monit alert --  $EVENT $SERVICE

  89. ##   message: $EVENT Service $SERVICE

  90. ##                 Date:        $DATE

  91. ##                 Action:      $ACTION

  92. ##                 Host:        $HOST

  93. ##                 Description: $DESCRIPTION

  94. ##

  95. ##            Your faithful employee,

  96. ##            Monit

  97. ## }

  98. ## --8<--

  99. ##

  100. ## You can override this message format or parts of it, such as subject

  101. ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.

  102. ## are expanded at runtime. For example, to override the sender, use:

  103. #

  104. # set mail-format { from: monit@foo.bar }

  105. #

  106. 

  107. set mail-format {

  108.      from: monit@{{ domain }}

  109.   subject: monit alert --  $EVENT $SERVICE

  110.   message: $EVENT Service $SERVICE

  111. 

  112.     Date:        $DATE

  113.     Action:      $ACTION

  114.     Host:        $HOST

  115.     Description: $DESCRIPTION

  116. 

  117. Your faithful employee,

  118. Monit from Sovereign

  119. }

  120. 

  121. #

  122. ## You can set alert recipients whom will receive alerts if/when a

  123. ## service defined in this file has errors. Alerts may be restricted on

  124. ## events by using a filter as in the second example below.

  125. #

  126. # set alert sysadm@foo.bar                       # receive all alerts

  127. # set alert manager@foo.bar only on { timeout }  # receive just service-

  128. #                                                # timeout alert

  129. #

  130. 

  131. set alert {{ admin_email }}

  132. 

  133. #

  134. ## Monit has an embedded web server which can be used to view status of

  135. ## services monitored and manage services from a web interface. See the

  136. ## Monit Wiki if you want to enable SSL for the web server.

  137. #

  138. 

  139. set httpd port 2812 and

  140.     use address localhost  # only accept connection from localhost

  141.     allow localhost        # allow localhost to connect to the server and

  142.     allow {{ monit_admin_username }}:{{ monit_admin_password }}

  143. 

  144. #    allow @monit           # allow users of group 'monit' to connect (rw)

  145. #    allow @users readonly  # allow users of group 'users' to connect readonly

  146. #

  147. ###############################################################################

  148. ## Services

  149. ###############################################################################

  150. ##

  151. ## Check general system resources such as load average, cpu and memory

  152. ## usage. Each test specifies a resource, conditions and the action to be

  153. ## performed should a test fail.

  154. #

  155. #  check system myhost.mydomain.tld

  156. #    if loadavg (1min) > 4 then alert

  157. #    if loadavg (5min) > 2 then alert

  158. #    if memory usage > 75% then alert

  159. #    if swap usage > 25% then alert

  160. #    if cpu usage (user) > 70% then alert

  161. #    if cpu usage (system) > 30% then alert

  162. #    if cpu usage (wait) > 20% then alert

  163. #

  164. #

  165. ## Check if a file exists, checksum, permissions, uid and gid. In addition

  166. ## to alert recipients in the global section, customized alert can be sent to

  167. ## additional recipients by specifying a local alert handler. The service may

  168. ## be grouped using the GROUP option. More than one group can be specified by

  169. ## repeating the 'group name' statement.

  170. #

  171. #  check file apache_bin with path /usr/local/apache/bin/httpd

  172. #    if failed checksum and

  173. #       expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor

  174. #    if failed permission 755 then unmonitor

  175. #    if failed uid root then unmonitor

  176. #    if failed gid root then unmonitor

  177. #    alert security@foo.bar on {

  178. #           checksum, permission, uid, gid, unmonitor

  179. #        } with the mail-format { subject: Alarm! }

  180. #    group server

  181. #

  182. #

  183. ## Check that a process is running, in this case Apache, and that it respond

  184. ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,

  185. ## and number of children. If the process is not running, Monit will restart

  186. ## it by default. In case the service is restarted very often and the

  187. ## problem remains, it is possible to disable monitoring using the TIMEOUT

  188. ## statement. This service depends on another service (apache_bin) which

  189. ## is defined above.

  190. #

  191. #  check process apache with pidfile /usr/local/apache/logs/httpd.pid

  192. #    start program = "/etc/init.d/httpd start" with timeout 60 seconds

  193. #    stop program  = "/etc/init.d/httpd stop"

  194. #    if cpu > 60% for 2 cycles then alert

  195. #    if cpu > 80% for 5 cycles then restart

  196. #    if totalmem > 200.0 MB for 5 cycles then restart

  197. #    if children > 250 then restart

  198. #    if loadavg(5min) greater than 10 for 8 cycles then stop

  199. #    if failed host www.tildeslash.com port 80 protocol http

  200. #       and request "/somefile.html"

  201. #       then restart

  202. #    if failed port 443 type tcpssl protocol http

  203. #       with timeout 15 seconds

  204. #       then restart

  205. #    if 3 restarts within 5 cycles then timeout

  206. #    depends on apache_bin

  207. #    group server

  208. #

  209. #

  210. ## Check filesystem permissions, uid, gid, space and inode usage. Other services,

  211. ## such as databases, may depend on this resource and an automatically graceful

  212. ## stop may be cascaded to them before the filesystem will become full and data

  213. ## lost.

  214. #

  215. #  check filesystem datafs with path /dev/sdb1

  216. #    start program  = "/bin/mount /data"

  217. #    stop program  = "/bin/umount /data"

  218. #    if failed permission 660 then unmonitor

  219. #    if failed uid root then unmonitor

  220. #    if failed gid disk then unmonitor

  221. #    if space usage > 80% for 5 times within 15 cycles then alert

  222. #    if space usage > 99% then stop

  223. #    if inode usage > 30000 then alert

  224. #    if inode usage > 99% then stop

  225. #    group server

  226. #

  227. 

  228. check filesystem rootfs with path /

  229.     if space usage > 80% for 5 times within 15 cycles then alert

  230.     if space usage > 99% then alert

  231.     if inode usage > 80% for 5 times within 15 cycles then alert

  232.     if inode usage > 99% then alert

  233.     group server

  234. 

  235. #

  236. ## Check a file's timestamp. In this example, we test if a file is older

  237. ## than 15 minutes and assume something is wrong if its not updated. Also,

  238. ## if the file size exceed a given limit, execute a script

  239. #

  240. #  check file database with path /data/mydatabase.db

  241. #    if failed permission 700 then alert

  242. #    if failed uid data then alert

  243. #    if failed gid data then alert

  244. #    if timestamp > 15 minutes then alert

  245. #    if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba

  246. #

  247. #

  248. ## Check directory permission, uid and gid.  An event is triggered if the

  249. ## directory does not belong to the user with uid 0 and gid 0.  In addition,

  250. ## the permissions have to match the octal description of 755 (see chmod(1)).

  251. #

  252. #  check directory bin with path /bin

  253. #    if failed permission 755 then unmonitor

  254. #    if failed uid 0 then unmonitor

  255. #    if failed gid 0 then unmonitor

  256. #

  257. #

  258. ## Check a remote host availability by issuing a ping test and check the

  259. ## content of a response from a web server. Up to three pings are sent and

  260. ## connection to a port and an application level network check is performed.

  261. #

  262. #  check host myserver with address 192.168.1.1

  263. #    if failed icmp type echo count 3 with timeout 3 seconds then alert

  264. #    if failed port 3306 protocol mysql with timeout 15 seconds then alert

  265. #    if failed url http://user:password@www.foo.bar:8080/?querystring

  266. #       and content == 'action="j_security_check"'

  267. #       then alert

  268. #

  269. #

  270. ###############################################################################

  271. ## Includes

  272. ###############################################################################

  273. ##

  274. ## It is possible to include additional configuration parts from other files or

  275. ## directories.

  276. #

  277. 

  278. include /etc/monit/conf.d/*

  279. include /etc/monit/monitrc.d/*