No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

etc_monit_monitrc.j2 11KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274
  1. ###############################################################################
  2. ## Monit control file
  3. ###############################################################################
  4. ##
  5. ## Comments begin with a '#' and extend through the end of the line. Keywords
  6. ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
  7. ##
  8. ## Below you will find examples of some frequently used statements. For
  9. ## information about the control file and a complete list of statements and
  10. ## options, please have a look in the Monit manual.
  11. ##
  12. ##
  13. ###############################################################################
  14. ## Global section
  15. ###############################################################################
  16. ##
  17. ## Start Monit in the background (run as a daemon):
  18. #
  19. set daemon 120 # check services at 2-minute intervals
  20. # with start delay 240 # optional: delay the first check by 4-minutes (by
  21. # # default Monit check immediately after Monit start)
  22. #
  23. #
  24. ## Set syslog logging with the 'daemon' facility. If the FACILITY option is
  25. ## omitted, Monit will use 'user' facility by default. If you want to log to
  26. ## a standalone log file instead, specify the full path to the log file
  27. #
  28. # set logfile syslog facility log_daemon
  29. set logfile /var/log/monit.log
  30. #
  31. #
  32. ## Set the location of the Monit id file which stores the unique id for the
  33. ## Monit instance. The id is generated and stored on first Monit start. By
  34. ## default the file is placed in $HOME/.monit.id.
  35. #
  36. # set idfile /var/.monit.id
  37. set idfile /var/lib/monit/id
  38. #
  39. ## Set the location of the Monit state file which saves monitoring states
  40. ## on each cycle. By default the file is placed in $HOME/.monit.state. If
  41. ## the state file is stored on a persistent filesystem, Monit will recover
  42. ## the monitoring state across reboots. If it is on temporary filesystem, the
  43. ## state will be lost on reboot which may be convenient in some situations.
  44. #
  45. set statefile /var/lib/monit/state
  46. #
  47. ## Set the list of mail servers for alert delivery. Multiple servers may be
  48. ## specified using a comma separator. If the first mail server fails, Monit
  49. # will use the second mail server in the list and so on. By default Monit uses
  50. # port 25 - it is possible to override this with the PORT option.
  51. #
  52. # set mailserver mail.bar.baz, # primary mailserver
  53. # backup.bar.baz port 10025, # backup mailserver on port 10025
  54. # localhost # fallback relay
  55. #
  56. set mailserver localhost
  57. ## By default Monit will drop alert events if no mail servers are available.
  58. ## If you want to keep the alerts for later delivery retry, you can use the
  59. ## EVENTQUEUE statement. The base directory where undelivered alerts will be
  60. ## stored is specified by the BASEDIR option. You can limit the maximal queue
  61. ## size using the SLOTS option (if omitted, the queue is limited by space
  62. ## available in the back end filesystem).
  63. #
  64. set eventqueue
  65. basedir /var/lib/monit/events # set the base directory where events will be stored
  66. slots 100 # optionally limit the queue size
  67. #
  68. #
  69. ## Send status and events to M/Monit (for more informations about M/Monit
  70. ## see http://mmonit.com/). By default Monit registers credentials with
  71. ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
  72. ## have to register Monit credentials manually in M/Monit. It is possible to
  73. ## disable credential registration using the commented out option below.
  74. ## Though, if safety is a concern we recommend instead using https when
  75. ## communicating with M/Monit and send credentials encrypted.
  76. #
  77. # set mmonit http://monit:monit@192.168.1.10:8080/collector
  78. # # and register without credentials # Don't register credentials
  79. #
  80. #
  81. ## Monit by default uses the following format for alerts if the the mail-format
  82. ## statement is missing::
  83. ## --8<--
  84. ## set mail-format {
  85. ## from: monit@$HOST
  86. ## subject: monit alert -- $EVENT $SERVICE
  87. ## message: $EVENT Service $SERVICE
  88. ## Date: $DATE
  89. ## Action: $ACTION
  90. ## Host: $HOST
  91. ## Description: $DESCRIPTION
  92. ##
  93. ## Your faithful employee,
  94. ## Monit
  95. ## }
  96. ## --8<--
  97. ##
  98. ## You can override this message format or parts of it, such as subject
  99. ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
  100. ## are expanded at runtime. For example, to override the sender, use:
  101. #
  102. # set mail-format { from: monit@foo.bar }
  103. #
  104. set mail-format {
  105. from: monit@{{ domain }}
  106. subject: monit alert $HOST
  107. message: $EVENT $SERVICE
  108. $DESCRIPTION
  109. }
  110. #
  111. ## You can set alert recipients whom will receive alerts if/when a
  112. ## service defined in this file has errors. Alerts may be restricted on
  113. ## events by using a filter as in the second example below.
  114. #
  115. # set alert sysadm@foo.bar # receive all alerts
  116. # set alert manager@foo.bar only on { timeout } # receive just service-
  117. # # timeout alert
  118. #
  119. {% for mail in monit_alert_emails %}
  120. set alert {{ mail }}
  121. {% endfor %}
  122. #
  123. ## Monit has an embedded web server which can be used to view status of
  124. ## services monitored and manage services from a web interface. See the
  125. ## Monit Wiki if you want to enable SSL for the web server.
  126. #
  127. set httpd port 2812 and
  128. use address localhost # only accept connection from localhost
  129. allow localhost # allow localhost to connect to the server and
  130. allow {{ monit_admin_username }}:{{ monit_admin_password }}
  131. # allow @monit # allow users of group 'monit' to connect (rw)
  132. # allow @users readonly # allow users of group 'users' to connect readonly
  133. #
  134. ###############################################################################
  135. ## Services
  136. ###############################################################################
  137. ##
  138. ## Check general system resources such as load average, cpu and memory
  139. ## usage. Each test specifies a resource, conditions and the action to be
  140. ## performed should a test fail.
  141. #
  142. # check system myhost.mydomain.tld
  143. # if loadavg (1min) > 4 then alert
  144. # if loadavg (5min) > 2 then alert
  145. # if memory usage > 75% then alert
  146. # if swap usage > 25% then alert
  147. # if cpu usage (user) > 70% then alert
  148. # if cpu usage (system) > 30% then alert
  149. # if cpu usage (wait) > 20% then alert
  150. #
  151. #
  152. ## Check if a file exists, checksum, permissions, uid and gid. In addition
  153. ## to alert recipients in the global section, customized alert can be sent to
  154. ## additional recipients by specifying a local alert handler. The service may
  155. ## be grouped using the GROUP option. More than one group can be specified by
  156. ## repeating the 'group name' statement.
  157. #
  158. # check file apache_bin with path /usr/local/apache/bin/httpd
  159. # if failed checksum and
  160. # expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
  161. # if failed permission 755 then unmonitor
  162. # if failed uid root then unmonitor
  163. # if failed gid root then unmonitor
  164. # alert security@foo.bar on {
  165. # checksum, permission, uid, gid, unmonitor
  166. # } with the mail-format { subject: Alarm! }
  167. # group server
  168. #
  169. #
  170. ## Check that a process is running, in this case Apache, and that it respond
  171. ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
  172. ## and number of children. If the process is not running, Monit will restart
  173. ## it by default. In case the service is restarted very often and the
  174. ## problem remains, it is possible to disable monitoring using the TIMEOUT
  175. ## statement. This service depends on another service (apache_bin) which
  176. ## is defined above.
  177. #
  178. # check process apache with pidfile /usr/local/apache/logs/httpd.pid
  179. # start program = "/etc/init.d/httpd start" with timeout 60 seconds
  180. # stop program = "/etc/init.d/httpd stop"
  181. # if cpu > 60% for 2 cycles then alert
  182. # if cpu > 80% for 5 cycles then restart
  183. # if totalmem > 200.0 MB for 5 cycles then restart
  184. # if children > 250 then restart
  185. # if loadavg(5min) greater than 10 for 8 cycles then stop
  186. # if failed host www.tildeslash.com port 80 protocol http
  187. # and request "/somefile.html"
  188. # then restart
  189. # if failed port 443 type tcpssl protocol http
  190. # with timeout 15 seconds
  191. # then restart
  192. # if 3 restarts within 5 cycles then timeout
  193. # depends on apache_bin
  194. # group server
  195. #
  196. #
  197. ## Check filesystem permissions, uid, gid, space and inode usage. Other services,
  198. ## such as databases, may depend on this resource and an automatically graceful
  199. ## stop may be cascaded to them before the filesystem will become full and data
  200. ## lost.
  201. #
  202. # check filesystem datafs with path /dev/sdb1
  203. # start program = "/bin/mount /data"
  204. # stop program = "/bin/umount /data"
  205. # if failed permission 660 then unmonitor
  206. # if failed uid root then unmonitor
  207. # if failed gid disk then unmonitor
  208. # if space usage > 80% for 5 times within 15 cycles then alert
  209. # if space usage > 99% then stop
  210. # if inode usage > 30000 then alert
  211. # if inode usage > 99% then stop
  212. # group server
  213. #
  214. check filesystem rootfs with path /
  215. if space usage > 80% for 5 times within 15 cycles then alert
  216. if space usage > 99% then alert
  217. if inode usage > 80% for 5 times within 15 cycles then alert
  218. if inode usage > 99% then alert
  219. group server
  220. #
  221. ## Check a file's timestamp. In this example, we test if a file is older
  222. ## than 15 minutes and assume something is wrong if its not updated. Also,
  223. ## if the file size exceed a given limit, execute a script
  224. #
  225. # check file database with path /data/mydatabase.db
  226. # if failed permission 700 then alert
  227. # if failed uid data then alert
  228. # if failed gid data then alert
  229. # if timestamp > 15 minutes then alert
  230. # if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
  231. #
  232. #
  233. ## Check directory permission, uid and gid. An event is triggered if the
  234. ## directory does not belong to the user with uid 0 and gid 0. In addition,
  235. ## the permissions have to match the octal description of 755 (see chmod(1)).
  236. #
  237. # check directory bin with path /bin
  238. # if failed permission 755 then unmonitor
  239. # if failed uid 0 then unmonitor
  240. # if failed gid 0 then unmonitor
  241. #
  242. #
  243. ## Check a remote host availability by issuing a ping test and check the
  244. ## content of a response from a web server. Up to three pings are sent and
  245. ## connection to a port and an application level network check is performed.
  246. #
  247. # check host myserver with address 192.168.1.1
  248. # if failed icmp type echo count 3 with timeout 3 seconds then alert
  249. # if failed port 3306 protocol mysql with timeout 15 seconds then alert
  250. # if failed url http://user:password@www.foo.bar:8080/?querystring
  251. # and content == 'action="j_security_check"'
  252. # then alert
  253. #
  254. #
  255. ###############################################################################
  256. ## Includes
  257. ###############################################################################
  258. ##
  259. ## It is possible to include additional configuration parts from other files or
  260. ## directories.
  261. #
  262. include /etc/monit/conf.d/*
  263. include /etc/monit/monitrc.d/*