145
136
\&\fBmonit\fR [options] {arguments}
146
137
.SH "DESCRIPTION"
147
138
.IX Header "DESCRIPTION"
148
\&\fBmonit\fR is a utility for managing and monitoring processes,
149
programs, files, directories and filesystems on a Unix system.
150
Monit conducts automatic maintenance and repair and can execute
151
meaningful causal actions in error situations. E.g. Monit can
152
start a process if it does not run, restart a process if it does
153
not respond and stop a process if it uses too much resources. You
154
can use Monit to monitor files, directories and filesystems for
155
changes, such as timestamps changes, checksum changes or size
139
\&\fBMonit\fR is a utility for managing and monitoring processes, programs,
140
files, directories and filesystems on a Unix system. Monit conducts
141
automatic maintenance and repair and can execute meaningful causal
142
actions in error situations. E.g. Monit can start a process if it does
143
not run, restart a process if it does not respond and stop a process if
144
it uses too much resources. You can use Monit to monitor files,
145
directories and filesystems for changes, such as timestamps changes,
146
checksum changes or size changes.
158
Monit is controlled via an easy to configure control file based
159
on a free-format, token-oriented syntax. Monit logs to syslog or
160
to its own log file and notifies you about error conditions via
161
customizable alert messages. Monit can perform various \s-1TCP/IP\s0
162
network checks, protocol checks and can utilize \s-1SSL\s0 for such
163
checks. Monit provides a http(s) interface and you may use a
164
browser to access the Monit program.
148
Monit is controlled via an easy to configure control file based on a
149
free-format, token-oriented syntax. Monit logs to syslog or to its own
150
log file and notifies you about error conditions via customizable alert
151
messages. Monit can perform various \s-1TCP/IP\s0 network checks, protocol
152
checks and can utilize \s-1SSL\s0 for such checks. Monit provides a http(s)
153
interface and you may use a browser to access the Monit program.
165
154
.SH "WHAT TO MONITOR?"
166
155
.IX Header "WHAT TO MONITOR?"
167
You can use Monit to monitor daemon \fBprocesses\fR or similar
168
programs running on localhost. Monit is particularly useful for
169
monitoring daemon processes, such as those started at system boot
170
time from /etc/init.d/. For instance sendmail, sshd, apache and
171
mysql. In contrast to many other monitoring systems, Monit can act if
172
an error situation should occur, e.g.; if sendmail is not
173
running, monit can start sendmail again automatically or if
174
apache is using too many resources (e.g. if a DoS attack is in
175
progress) Monit can stop or restart apache and send you an alert
176
message. Monit can also monitor process characteristics, such as
156
You can use Monit to monitor daemon \fBprocesses\fR or similar programs
157
running on localhost. Monit is particularly useful for monitoring
158
daemon processes, such as those started at system boot time. For
159
instance sendmail, sshd, apache and mysql. In contrast to many other
160
monitoring systems, Monit can act if an error situation should occur,
161
e.g.; if sendmail is not running, monit can start sendmail again
162
automatically or if apache is using too many resources (e.g. if a DoS
163
attack is in progress) Monit can stop or restart apache and send you an
164
alert message. Monit can also monitor process characteristics, such as
177
165
how much memory or cpu cycles a process is using.
179
167
You can also use Monit to monitor \fBfiles\fR, \fBdirectories\fR and
180
\&\fBfilesystems\fR on localhost. Monit can monitor these items for
181
changes, such as timestamps changes, checksum changes or size
182
changes. This is also useful for security reasons \- you can
183
monitor the md5 or sha1 checksum of files that should not change
184
and get an alert or perform an action if they should change.
168
\&\fBfilesystems\fR on localhost. Monit can monitor these items for changes,
169
such as timestamps changes, checksum changes or size changes. This is
170
also useful for security reasons \- you can monitor the md5 or sha1
171
checksum of files that should not change and get an alert or perform an
172
action if they should change.
186
Monit can monitor \fBnetwork connections\fR to various servers,
187
either on localhost or on remote hosts. \s-1TCP, UDP\s0 and Unix Domain
188
Sockets are supported. Network test can be performed on a
189
protocol level; Monit has built-in tests for the main Internet
190
protocols, such as \s-1HTTP, SMTP\s0 etc. Even if a protocol is not
191
supported you can still test the server because you can configure
192
Monit to send any data and test the response from the server.
174
Monit can monitor \fBnetwork connections\fR to various servers, either on
175
localhost or on remote hosts. \s-1TCP\s0, \s-1UDP\s0 and Unix Domain Sockets are
176
supported. Network test can be performed on a protocol level; Monit has
177
built-in tests for the main Internet protocols, such as \s-1HTTP\s0, \s-1SMTP\s0 etc.
178
Even if a protocol is not supported you can still test the server
179
because you can configure Monit to send any data and test the response
194
182
Monit can be used to test \fBprograms\fR or scripts at certain
195
183
times, much like cron, but in addition, you can test the exit
196
184
value of a program and perform an action or send an alert if the
197
exit value indicate an error. This means that you can use Monit
185
exit value indicates an error. This means that you can use Monit
198
186
to perform any type of check you can write a script for.
200
188
Finally, Monit can be used to monitor general \fBsystem\fR resources
201
on localhost such as overall \s-1CPU\s0 usage, Memory and Load Average.
189
on localhost such as overall \s-1CPU\s0 usage, Memory and System Load.
202
190
.SH "GENERAL OPERATION"
203
191
.IX Header "GENERAL OPERATION"
204
192
The behavior of Monit is controlled by command-line options
383
370
.SH "THE MONIT CONTROL FILE"
384
371
.IX Header "THE MONIT CONTROL FILE"
385
372
Monit is configured and controlled via a control file called
386
\&\fImonitrc\fR. The default location for this file is ~/.monitrc. If
387
this file does not exist, Monit will try /etc/monitrc, then
388
\&\f(CW@sysconfdir\fR@/monitrc and finally ./monitrc. The value of
389
\&\f(CW@sysconfdir\fR@ is given at configure time as ./configure
390
\&\-\-sysconfdir. For instance, using \fI./configure \-\-sysconfdir
391
/var/monit/etc\fR will make Monit search for \fImonitrc\fR in
373
\&\fImonitrc\fR. The default location for this file is ~/.monitrc. If this
374
file does not exist, Monit will try /etc/monitrc, then
375
\&\f(CW@sysconfdir\fR@/monitrc and finally ./monitrc. If you build Monit from
376
source, the value of \f(CW@sysconfdir\fR@ can be given at configure time as
377
\&./configure \-\-sysconfdir. For instance, using \fI./configure
378
\&\-\-sysconfdir /var/monit/etc\fR will make Monit search for \fImonitrc\fR in
392
379
\&\fI/var/monit/etc\fR
394
To protect the security of your control file and passwords the
395
control file must have permissions \fIno more than 0700\fR
381
To protect the security of your control file and passwords the control
382
file must have read-write permissions \fIno more than 0700\fR
396
383
(u=xrw,g=,o=); Monit will complain and exit otherwise.
398
385
When there is a conflict between the command-line arguments and
399
the arguments in this file, the command-line arguments take
386
the arguments in this file, the command-line arguments takes
402
389
Monit uses its own Domain Specific Language (\s-1DSL\s0); The control
403
390
file consists of a series of service entries and global option
404
statements in a free-format, token-oriented syntax.
406
Comments begin with a '#' and extend through the end of the line.
408
Otherwise the file consists of a series of service entries or
393
Comments begin with a \f(CW\*(Aq#\*(Aq\fR and extend through the end of the
394
line. Otherwise the file consists of a series of service entries or
409
395
global option statements in a free-format, token-oriented syntax.
411
You can use noise keywords like 'if', 'and', 'with(in)', 'has',
412
\&'us(ing|e)', 'on(ly)', 'then', 'for', 'of' anywhere in an
413
entry to make it resemble English. They're ignored, but can make
414
entries much easier to read at a glance. Keywords are case
397
You can use noise keywords like \f(CW\*(Aqif\*(Aq\fR, \f(CW\*(Aqand\*(Aq\fR, \f(CW\*(Aqwith(in)\*(Aq\fR,
398
\&\f(CW\*(Aqhas\*(Aq\fR, \f(CW\*(Aqus(ing|e)\*(Aq\fR, \f(CW\*(Aqon(ly)\*(Aq\fR, \f(CW\*(Aqthen\*(Aq\fR, \f(CW\*(Aqfor\*(Aq\fR, \f(CW\*(Aqof\*(Aq\fR
399
anywhere in an entry to make it resemble English. They're ignored, but
400
can make entries much easier to read at a glance. Keywords are case
417
403
There are three kinds of tokens: \fIgrammar\fR, \fInumbers\fR (i.e.
426
412
.IP "1. Global set-statements" 4
427
413
.IX Item "1. Global set-statements"
428
A global set-statement starts with the keyword \fIset\fR and the
414
A global set-statement starts with the keyword \f(CW\*(C`set\*(C'\fR and the
429
415
item to configure.
430
416
.IP "2. Global include-statement" 4
431
417
.IX Item "2. Global include-statement"
432
The include statement consists of the keyword \fIinclude\fR and
434
.IP "2. One or more service entry statements." 4
435
.IX Item "2. One or more service entry statements."
436
Each service entry consists of the keywords \fIcheck\fR, followed by
437
the service type. Each entry requires a \fBunique\fR descriptive
438
name, which may be freely chosen. This name is used by monit
439
to refer to the service internally and in all interactions
418
The include statement consists of the keyword \f(CW\*(C`include\*(C'\fR and a glob
419
string. This statement is used to include configure directives from
421
.IP "3. One or more service entry statements." 4
422
.IX Item "3. One or more service entry statements."
423
Each service entry consists of the keywords \f(CW\*(C`check\*(C'\fR, followed by the
424
service type. Each entry requires a \fBunique\fR descriptive name, which
425
may be freely chosen. This name is used by Monit to refer to the
426
service internally and in all interactions with the user.
442
Currently, eight types of check statements are supported:
443
.IP "1. \s-1CHECK PROCESS\s0 <unique name> <\s-1PIDFILE\s0 <path> | \s-1MATCHING\s0 <regex>>" 4
428
Currently, nine types of check statements are supported:
429
.IP "1. \s-1CHECK\s0 \s-1PROCESS\s0 <unique name> <\s-1PIDFILE\s0 <path> | \s-1MATCHING\s0 <regex>>" 4
444
430
.IX Item "1. CHECK PROCESS <unique name> <PIDFILE <path> | MATCHING <regex>>"
445
<path> is the absolute path to the program's pidfile. If the
446
pidfile does not exist or does not contain the pid number of a
447
running process, Monit will call the entry's start method if
449
<regex> is alternative process specification using pattern matching
450
to process name (command line) from process table instead of pidfile.
451
The first match is used so this form of check is useful for unique
452
pattern matching \- the pidfile should be used where possible as it
453
defines expected pid exactly (pattern matching won't be useful for
454
Apache in most cases or for processes which start child processes using
455
fork/clone as the child will match the same pattern temporarily).
456
The pattern can be obtained using \fImonit procmatch \*(L".*\*(R"\fR \s-1CLI\s0 command
457
which lists all processes visible to Monit or using the \fIps\fR utility.
458
The \*(L"procmatch\*(R" \s-1CLI\s0 command can be used to test your pattern as well.
459
If Monit runs in passive mode or the start methods is not defined,
460
Monit will just send alerts on errors.
461
.IP "2. \s-1CHECK FILE\s0 <unique name> \s-1PATH\s0 <path>" 4
431
<path> is the absolute path to the program's pid-file. A pid-file is a
432
file, containing a Process's unique \s-1ID\s0. If the pid-file does not exist
433
or does not contain the \s-1PID\s0 number of a running process, Monit will
434
call the entry's start method if defined.
436
<regex> is an alternative to using \s-1PID\s0 files and uses process name
437
pattern matching to find the process to monitor. The first match is
438
used so this form of check is most useful if the process name is
439
unique. Pid-file should be used where possible as it defines expected
440
pid exactly (pattern matching won't be useful for processes which start
441
a child process using fork/clone as the child will match the same
442
pattern temporarily). You can test if a process match a pattern from
443
the command-line using \f(CW\*(C`monit procmatch "regex\-pattern"\*(C'\fR. This will
444
lists all processes matching or not, the regex-pattern.
445
.IP "2. \s-1CHECK\s0 \s-1FILE\s0 <unique name> \s-1PATH\s0 <path>" 4
462
446
.IX Item "2. CHECK FILE <unique name> PATH <path>"
463
<path> is the absolute path to the file. If the file does not
464
exist or disappeared, Monit will call the entry's start method if
465
defined, if <path> does not point to a regular file type (for
466
instance a directory), Monit will disable monitoring of this
467
entry. If Monit runs in passive mode or the start methods is not
468
defined, Monit will just send alerts on errors.
469
.IP "3. \s-1CHECK FIFO\s0 <unique name> \s-1PATH\s0 <path>" 4
447
<path> is the absolute path to the file. If the file does not exist,
448
Monit will call the entry's start method if defined, if <path> does not
449
point to a regular file type (for instance a directory), Monit will
450
disable monitoring of this entry. If Monit runs in passive mode or the
451
start methods is not defined, Monit will just send an alert on error.
452
.IP "3. \s-1CHECK\s0 \s-1FIFO\s0 <unique name> \s-1PATH\s0 <path>" 4
470
453
.IX Item "3. CHECK FIFO <unique name> PATH <path>"
471
<path> is the absolute path to the fifo. If the fifo does not
472
exist or disappeared, Monit will call the entry's start method if
473
defined, if <path> does not point to a fifo type (for
474
instance a directory), Monit will disable monitoring of this
475
entry. If Monit runs in passive mode or the start methods is not
476
defined, Monit will just send alerts on errors.
477
.IP "4. \s-1CHECK FILESYSTEM\s0 <unique name> \s-1PATH\s0 <path>" 4
454
<path> is the absolute path to the fifo. If the fifo does not exist,
455
Monit will call the entry's start method if defined, if <path> does not
456
point to a fifo type (for instance a directory), Monit will disable
457
monitoring of this entry. If Monit runs in passive mode or the start
458
methods is not defined, Monit will just send an alert on error.
459
.IP "4. \s-1CHECK\s0 \s-1FILESYSTEM\s0 <unique name> \s-1PATH\s0 <path>" 4
478
460
.IX Item "4. CHECK FILESYSTEM <unique name> PATH <path>"
479
<path> is the path to the filesystem block special device, mount point,
480
file or a directory which is part of a filesystem. It is
481
recommended to use a block special file directly (for example
482
/dev/hda1 on Linux or /dev/dsk/c0t0d0s1 on Solaris, etc.) If you
483
use a mount point (for example /data), be careful, because if the
484
filesystem is unmounted the test will still be true because the mount
461
<path> is the path to the device/disk, mount point, file or a directory
462
which is part of a filesystem. It is recommended to use a block special
463
file directly (for example /dev/hda1 on Linux or /dev/dsk/c0t0d0s1 on
464
Solaris, etc.) If you use a mount point (for example /data), note if
465
the filesystem is unmounted the test will still be true because the
487
468
If the filesystem becomes unavailable, Monit will call the entry's
488
469
start method if defined. if <path> does not point to a filesystem,
489
Monit will disable monitoring of this entry. If Monit runs in
490
passive mode or the start methods is not defined, Monit will just
491
send alerts on errors.
492
.IP "5. \s-1CHECK DIRECTORY\s0 <unique name> \s-1PATH\s0 <path>" 4
470
Monit will disable monitoring of this entry. If Monit runs in passive
471
mode or the start methods is not defined, Monit will just send an alert
473
.IP "5. \s-1CHECK\s0 \s-1DIRECTORY\s0 <unique name> \s-1PATH\s0 <path>" 4
493
474
.IX Item "5. CHECK DIRECTORY <unique name> PATH <path>"
494
<path> is the absolute path to the directory. If the directory
495
does not exist or disappeared, Monit will call the entry's start
496
method if defined, if <path> does not point to a directory, monit
497
will disable monitoring of this entry. If Monit runs in passive
498
mode or the start methods is not defined, Monit will just send
500
.IP "6. \s-1CHECK HOST\s0 <unique name> \s-1ADDRESS\s0 <host address>" 4
475
<path> is the absolute path to the directory. If the directory does not
476
exist, Monit will call the entry's start method if defined. If <path>
477
does not point to a directory, monit will disable monitoring of this
478
entry. If Monit runs in passive mode or the start methods is not
479
defined, Monit will just send an alert on error.
480
.IP "6. \s-1CHECK\s0 \s-1HOST\s0 <unique name> \s-1ADDRESS\s0 <host address>" 4
501
481
.IX Item "6. CHECK HOST <unique name> ADDRESS <host address>"
502
482
The host address can be specified as a hostname string or as an
503
ip-address string on a dotted decimal format. Such as,
483
IP-address string on a dotted decimal format. Such as,
504
484
tildeslash.com or \*(L"64.87.72.95\*(R".
505
.IP "7. \s-1CHECK SYSTEM\s0 <unique name>" 4
485
.IP "7. \s-1CHECK\s0 \s-1SYSTEM\s0 <unique name>" 4
506
486
.IX Item "7. CHECK SYSTEM <unique name>"
507
The system name is usually hostname, but any descriptive name can be
508
used. You can use the variable \f(CW$HOST\fR as the name, which will expand to
509
the hostname. This test allows one to check general system resources
510
such as \s-1CPU\s0 usage (percent of time spent in user, system and wait),
511
total memory usage or load average. The unique name is used as the
512
system hostname in mail alerts and when M/Monit is configured, then
513
also as initial name of the host entry in M/Monit.
514
.IP "8. \s-1CHECK PROGRAM\s0 <unique name> \s-1PATH\s0 <executable file> [\s-1TIMEOUT\s0 <number> \s-1SECONDS\s0]" 4
487
The \fIunique name\fR is usually the local host name, but any descriptive
488
name can be used. If you use the variable \f(CW$HOST\fR as the name, it will
489
expand to the hostname. This check allows one to monitor general system
490
resources such as \s-1CPU\s0 usage, total memory usage or load average. The
491
\&\fIunique name\fR is used as the system hostname in mail alerts and as
492
the initial name of the host entry in M/Monit.
493
.IP "8. \s-1CHECK\s0 \s-1PROGRAM\s0 <unique name> \s-1PATH\s0 <executable file> [\s-1TIMEOUT\s0 <number> \s-1SECONDS\s0]" 4
515
494
.IX Item "8. CHECK PROGRAM <unique name> PATH <executable file> [TIMEOUT <number> SECONDS]"
516
<path> is the absolute path to the executable program or script.
517
The \fIstatus\fR test allows one to check the program's exit status. If
518
program will not finish within <number> seconds, Monit will terminate
519
it. The default program timeout is 600 seconds (5 minutes). The output
520
of the program is recorded (up to 1kB).
495
<path> is the absolute path to the executable program or script. The
496
status test allows one to check the
497
program's exit status. If the program does not finish executing within
498
<number> seconds, Monit will terminate it. The default program timeout
499
is 300 seconds (5 minutes). The output of the program is recorded and
500
made available in the User Interface and in alerts (up to 1kB).
501
.IP "9. \s-1CHECK\s0 \s-1NETWORK\s0 <unique name> <\s-1ADDRESS\s0 <ipaddress> | \s-1INTERFACE\s0 <name>>" 4
502
.IX Item "9. CHECK NETWORK <unique name> <ADDRESS <ipaddress> | INTERFACE <name>>"
503
<ipaddress> is the IPv4 or IPv6 address of the monitored network interface. It
504
is also possible to use interface name, such as \*(L"eth0\*(R" on Linux.
522
506
.IX Header "LOGGING"
523
507
Monit will log status and error messages to a log file. Use the
524
508
\&\fIset logfile\fR statement in the monitrc control file. To setup
525
509
Monit to log to its own logfile, use e.g. \fIset logfile
526
510
/var/log/monit.log\fR. If \fBsyslog\fR is given as a value for the
527
\&\fI\-l\fR command-line switch (or the keyword \fIset logfile syslog\fR
511
\&\f(CW\*(C`\-l\*(C'\fR command-line switch (or the keyword \fIset logfile syslog\fR
528
512
is found in the control file) Monit will use the \fBsyslog\fR system
529
513
daemon to log messages with a priority assigned to each message
530
514
based on the context. To turn off logging, simply do not set the
546
530
given poll interval, wakes up and start monitoring again in an
549
Alternatively, you can use the \fI\-d\fR command line switch to set
533
Alternatively, you can use the \f(CW\*(C`\-d\*(C'\fR command line switch to set
550
534
the poll interval, but it is strongly recommended to set the poll
551
535
interval in your \fI~/.monitrc\fR file, by using \fIset daemon\fR.
553
537
Monit will then always start in daemon mode. If you do not use
554
538
this statement and do not start monit with the \-d option, Monit
555
539
will just run through the service checks once and then exit. This
556
may be useful in some situations, but Monit is primarily designed
540
might be useful in some situations, but Monit is primarily designed
557
541
to run as a daemon process.
559
Calling monit with a Monit daemon running in the background sends
543
Calling \f(CW\*(C`monit\*(C'\fR with a Monit daemon running in the background sends
560
544
a wake-up signal to the daemon, forcing it to check services
561
immediately. Calling monit with the quit argument will kill a
545
immediately. Calling \f(CW\*(C`monit\*(C'\fR with the quit argument will kill a
562
546
running Monit daemon process instead of waking it up.
563
547
.SH "INIT SUPPORT"
564
548
.IX Header "INIT SUPPORT"
565
The \fIset init\fR statement prevents Monit from transforming itself
566
into a daemon process. Instead Monit will run as a foreground
567
process. (You should still use set daemon to specify the poll
570
This is required to run Monit from init. Using init to start
571
Monit is probably the best way to run Monit if you want to be
572
certain that you always have a running Monit daemon on your
573
system. Another option is to run Monit from crontab. In any case,
574
you should make sure that the control file does not have any
575
syntax errors before you start Monit from init or crontab.
577
To setup Monit to run from init, you can either use the set init
578
statement in Monit's control file or use the \-I option from the
579
command line. Here is what you must add to /etc/inittab:
549
The \f(CW\*(C`set init\*(C'\fR statement prevents Monit from transforming itself into
550
a daemon process. Instead Monit will run as a foreground process. (You
551
should still use \f(CW\*(C`set daemon\*(C'\fR to specify the poll cycle).
553
This is required to run Monit from init. Using init to start Monit is
554
probably the best way to run Monit if you want to be certain that you
555
always have a running Monit daemon on your system. Another option is to
556
run Monit from crontab. In any case, you should make sure that the
557
control file does not have any syntax errors before you start Monit
558
from init or crontab (use \f(CW\*(C`monit \-t\*(C'\fR to check).
560
To setup Monit to run from init, you can either use the \f(CW\*(C`set init\*(C'\fR
561
statement in Monit's control file or use the \f(CW\*(C`\-I\*(C'\fR option from the
562
command line. Here is what you must add to \f(CW\*(C`/etc/inittab\*(C'\fR:
582
565
\& # Run Monit in standard run\-levels
599
If Monit is used to monitor services that are also started at
600
boot time (e.g. services started via \s-1SYSV\s0 init rc scripts or via
601
inittab) then, in some cases, a race condition could occur. That
602
is; if a service is slow to start, Monit can assume that the
603
service is not running and possibly try to start it and raise an
604
alert, while, in fact the service is already about to start or
605
already in its startup sequence. Please see the \s-1FAQ\s0 for a
606
solution to this problem.
582
If Monit is used to monitor services that are also started at boot time
583
(e.g. services started via \s-1SYSV\s0 init rc scripts or via inittab) then,
584
in some cases, a race condition could occur. That is; if a service is
585
slow to start, Monit can assume that the service is not running and
586
possibly try to start it and raise an alert, while, in fact the service
587
is already about to start or already in its startup sequence. Please
588
see the \s-1FAQ\s0 for a solution to this problem. The short version is to
589
start Monit on a higher run-level after system processes.
607
590
.SH "INCLUDE FILES"
608
591
.IX Header "INCLUDE FILES"
609
The Monit control file, \fImonitrc\fR, can include additional
610
configuration files. This feature helps one to maintain a certain
611
structure or to place repeating settings into one file. Include
612
statements can be placed at virtually any spot. The syntax is the
592
The Monit control file, \f(CW\*(C`monitrc\*(C'\fR, can include additional
593
configuration files. This feature helps one to organize configuration
594
into separate files instead of having everything in one file, if you
595
like this kind of thing. Include statements can be placed at virtually
596
any place in \f(CW\*(C`monitrc\*(C'\fR though the convention is at the bottom. The
597
syntax is the following:
616
600
\& include globstring
619
The globstring is any kind of string as defined in \fIglob\fR\|(7). Thus,
603
The globstring is any kind of string as defined in \f(CWglob(7)\fR. Thus,
620
604
you can refer to a single file or you can load several files at
621
605
once. If you want to use whitespace in your string the globstring
622
need to be embedded into quotes (') or double quotes ("). If the
606
needs to be embedded into quotes (') or double quotes ("). If the
623
607
globstring matches a directory instead of a file, it is silently
626
Any \fIinclude\fR statements in included files are parsed as in the
610
Any \fIinclude\fR statements in an included file are parsed as in the
627
611
main control file.
629
If the globstring matches several results, the files are included
630
in a non sorted manner. If you need to rely on a certain order,
631
you might need to use single \fIinclude\fR statements.
613
If the globstring matches several results, the files are included in a
614
non sorted manner. If you need to rely on a certain order, you should
615
avoid wild-card globbing and instead specify the full path of files
640
625
files in \fI/etc/monit.d\fR that ends with the prefix \fI.cfg\fR.
641
626
.SH "MONIT HTTPD"
642
627
.IX Header "MONIT HTTPD"
643
If specified in the control file, Monit will start a Monit daemon
644
with http support. From a Browser you can then start and stop
645
services, disable or enable service monitoring as well as view
646
the status of each service. Also, if Monit logs to its own file,
647
you can view the content of this logfile in a Browser.
649
The status page displayed by the Monit web server is automatically
650
refreshed with the same poll time set for the monit daemon.
652
The Monit web interface is required for \s-1CLI\s0 interface operation, as
653
all \s-1CLI\s0 commands (such as \*(L"monit status\*(R") are handled by the web
628
If specified in the control file, Monit will start with http support.
629
From a Browser you can then start and stop services, disable or enable
630
service monitoring as well as view the status of each service. Also, if
631
Monit logs to its own file, you can view the content of this logfile in
634
Note that \s-1HTTP\s0 support is required for almost all Monit \s-1CLI\s0 interface
635
operation, as \s-1CLI\s0 commands (such as \*(L"monit status\*(R") are handled by
636
communicating with the Monit background process via the the \s-1HTTP\s0
637
interface. So basically you should have this enable, though you can
638
bind the \s-1HTTP\s0 interface to localhost only so Monit is not accessible
657
.IP "\s-1SET HTTPD PORT\s0 <number> \s-1ALLOW\s0 <user:password | IP-address | IP\-range>+ [\s-1ADDRESS\s0 <hostname | IP\-address>] [\s-1SSL\s0 <\s-1ENABLE\s0 | \s-1DISABLE\s0>] [\s-1PEMFILE\s0 <path>] [\s-1CLIENTPEMFILE\s0 <path>] [\s-1ALLOWSELFCERTIFICATION\s0] [\s-1SIGNATURE\s0 <\s-1ENABLE\s0 | \s-1DISABLE\s0>]" 4
658
.IX Item "SET HTTPD PORT <number> ALLOW <user:password | IP-address | IP-range>+ [ADDRESS <hostname | IP-address>] [SSL <ENABLE | DISABLE>] [PEMFILE <path>] [CLIENTPEMFILE <path>] [ALLOWSELFCERTIFICATION] [SIGNATURE <ENABLE | DISABLE>]"
644
\& SET HTTPD PORT <number> [ADDRESS <hostname | IP\-address>]
645
\& [SSL <ENABLE | DISABLE>]
647
\& [CLIENTPEMFILE <path>]
648
\& [ALLOWSELFCERTIFICATION]
649
\& [SIGNATURE <ENABLE | DISABLE>]
650
\& ALLOW <user:password | IP\-address | IP\-range>+
663
656
\& set httpd port 2812
664
\& allow myuser:mypassword
657
\& allow username:password
667
And you can use \fIhttp://localhost:2812/\fR to access the Monit web
668
interface from a browser.
670
\&\fI\s-1PORT\s0\fR option sets the port where Monit should listen. Monit uses
673
\&\fI\s-1ADDRESS\s0\fR option allows one to make Monit listen on specific interface
674
only. For example if you \fBdon't\fR want to expose Monit web interface
675
on external network, bind it to localhost only. Monit will accept
676
connections on any address by default (if \s-1ADDRESS\s0 option is missing).
660
You can now use <http://localhost:2812/> to
661
access Monit's web interface from a browser, after you have entered
662
username and password as credentials.
664
\&\fB\s-1PORT\s0\fR set the port Monit should bind to and listen on. Monit is
665
usually setup on port 2812.
667
\&\fB\s-1ADDRESS\s0\fR make Monit listen on a specific interface only. For example
668
if you \fIdon't\fR want to expose Monit's web interface to the network,
669
bind it to localhost only. Monit will accept connections on any address
670
by default (if \s-1ADDRESS\s0 option is missing).
678
672
For example to limit the web interface to localhost only:
741
732
.SS "Authentication"
742
733
.IX Subsection "Authentication"
743
Monit web interface access is controlled primarily controlled via the
744
\&\fB\s-1ALLOW\s0\fR option.
734
Access to the Monit web interface is controlled primarily via the
735
\&\fB\s-1ALLOW\s0\fR option which is used to specify authentication and authorize
736
only specific clients to connect.
746
738
If the Monit command line interface is being used, at least one
747
739
cleartext password is necessary (see bellow), otherwise the Monit
748
740
command line interface will not be able to connect to the Monit
751
Clients trying to connect to the server but supply the wrong
752
username and/or password are logged with their ip-address.
743
Clients trying to connect to Monit, but submit a wrong username and/or
744
password are logged with their IP-address.
754
746
\fIClient certificates\fR
755
747
.IX Subsection "Client certificates"
757
See the \fI\s-1CLIENTPEMFILE\s0\fR option above.
749
This authentication method is a strong authentication mechanism and
750
employ \s-1HTTPS\s0 client certificates to verify the authenticity of a
751
connecting client. Clients must posses a Public Key Certificate known
752
by Monit. The client must connect to Monit over \s-1SSL\s0 and Monit ask the
753
client to send its certificate. Upon receiving the certificate Monit
754
compares the certificate to certificates located in the
755
\&\fI\s-1CLIENTPEMFILE\s0\fR file. Access is granted if the client certificate is
756
in this file. See \fI\s-1CLIENTPEMFILE\s0\fR above for details.
759
758
\fIHost and network allow list\fR
760
759
.IX Subsection "Host and network allow list"
762
The http server maintains an access-control list of hosts and
763
networks allowed to connect to the server. You can add as many
764
hosts as you want to, but only hosts with a valid domain name or
765
its \s-1IP\s0 address are allowed. Networks require a network \s-1IP\s0 and a
766
netmask to be accepted.
761
Monit maintains an access-control list of hosts and networks allowed to
762
connect. You can add as many hosts as you want to, but only hosts with
763
a valid domain name or its \s-1IP\s0 address are allowed.
768
The http server will query a name server to check any hosts
769
connecting to the server. If a host (client) is trying to connect
770
to the server, but cannot be found in the access list or cannot
771
be resolved, the server will shutdown the connection to the
765
Monit will query a name server to check any hosts trying to connect. If
766
a host (client) is trying to connect, but cannot be found in the access
767
list or cannot be resolved, Monit will shutdown the connection to the
774
770
Control file example:
782
778
\& allow 10.0.0.0/8
785
Clients, not mentioned in the allow list, trying to connect to
786
the server are logged with their ip-address.
781
Clients, not mentioned in the allow list, trying to connect to Monit
782
will be denied access and are logged with their IP-address.
788
784
\fIBasic Authentication\fR
789
785
.IX Subsection "Basic Authentication"
791
Monit supports Basic Authentication schema described in \s-1RFC 2617.\s0
787
Monit supports Basic Authentication as described in \s-1RFC\s0 2617.
793
789
In short; a server challenge a client (e.g. a Browser) to send
794
authentication information (username and password) and if
795
accepted, the server will allow the client access to the
790
authentication information (username and password) and if accepted, the
791
server will allow the client access to the requested document.
798
The biggest weakness with Basic Authentication is that the
799
username and password is sent in clear-text (i.e. base64 encoded)
800
over the network. It is therefor recommended that you do not use
801
this authentication method unless you run the Monit http server
802
with \fIssl\fR support. With ssl support it is completely safe to
803
use Basic Authentication since \fBall\fR http data, including Basic
793
The biggest weakness with Basic Authentication is that username and
794
password is sent in clear-text over the network (i.e. base64 encoded).
795
It is therefor recommended that you do not use this authentication
796
method unless you run Monit with \fIssl\fR support. With ssl, it is safe
797
to use Basic Authentication since \fIall\fR http data, including Basic
804
798
Authentication headers will be encrypted.
806
800
Cleartext user and password
807
801
.IX Subsection "Cleartext user and password"
809
Monit will use Basic Authentication if an allow statement
810
contains a username and a password separated with a single ':'
811
character. Special characters can be used but the password has
803
Monit will use Basic Authentication if an allow statement contains a
804
username and a password separated with a single ':' character. Special
805
characters can be used, but for non-alphanumerics the password has to
958
957
\& set alert foo@bar
961
will send a default email to the address foo@bar whenever any event occurred on
960
will send a default email to the address foo@bar whenever any event
961
occurs on any service.
964
963
If you want to send alert messages to more email addresses, add a
965
\&\fIset alert 'email'\fR statement for each address.
967
It is also possible to use the local alert statement in the context of some service
968
to enable alert for the given service only:
969
.IP "\s-1ALERT\s0 mail-address [[\s-1NOT\s0] {event, ...}] [\s-1REMINDER\s0 cycles]" 4
970
.IX Item "ALERT mail-address [[NOT] {event, ...}] [REMINDER cycles]"
964
\&\f(CW\*(C`set alert \*(Aqemail\*(Aq\*(C'\fR statement for each address.
966
It is also possible to use the local alert statement in the context of
967
a service check to enable alert for the given service only:
970
\& ALERT mail\-address [[NOT] {event, ...}] [REMINDER cycles]
975
976
\& check host myhost with address 1.2.3.4
976
\& if failed port 25 protocol http then alert
977
\& if failed port 3306 protocol mysql then alert
977
978
\& if failed port 80 protocol http then alert
979
\& alert foo@baz # Local service alert
981
You can combine global and local alert statements. In the case of conflict, the local
982
alert has precedence and overrides the global statement.
982
You can combine global and local alert statements. If there is a
983
conflict, the local alert has precedence and overrides the global
984
986
\fISetting an event filter\fR
985
987
.IX Subsection "Setting an event filter"
987
If you only want an alert message sent for certain events, then list them in
988
the \fI{event, ...}\fR block, e.g.:
989
If you only want an alert message sent for certain events, list
990
them in an \f(CW\*(C`{event, ...}\*(C'\fR block, e.g.:
991
993
\& set alert foo@bar only on { timeout, nonexist }
994
You can also set exclude list (negate the list) to send alerts for all events
995
except those which are listed, by prepending the list with the word \fInot\fR.
996
For example to receive all alerts except notification about Monit program start
996
The event list can also be negated to send alerts for all events
997
\&\fIexcept\fR those which are listed, by prepending the list with the word
998
\&\f(CW\*(C`not\*(C'\fR. For example, to receive all alerts except notification about
999
Monit program start and stop:
1000
1002
\& set alert foo@bar but not on { instance }
1003
List of all possible event types (value from the first column can be used in
1005
Here is a list of all possible event types emitted by Monit. Values
1006
from the first column can be used in the event filter list mentioned
1007
\& Event: | Failure state: | Success state:
1010
\& Event: | Failure state: | Success state:
1008
1011
\& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
1009
\& ACTION | "Action done" | "Action done"
1010
\& CHECKSUM | "Checksum failed" | "Checksum succeeded"
1011
\& CONNECTION | "Connection failed" | "Connection succeeded"
1012
\& CONTENT | "Content failed", | "Content succeeded"
1013
\& DATA | "Data access error" | "Data access succeeded"
1014
\& EXEC | "Execution failed" | "Execution succeeded"
1015
\& FSFLAGS | "Filesystem flags failed" | "Filesystem flags succeeded"
1016
\& GID | "GID failed" | "GID succeeded"
1017
\& ICMP | "Ping failed" | "Ping succeeded"
1018
\& INSTANCE | "Monit instance changed" | "Monit instance changed not"
1019
\& INVALID | "Invalid type" | "Type succeeded"
1020
\& NONEXIST | "Does not exist" | "Exists"
1021
\& PERMISSION | "Permission failed" | "Permission succeeded"
1022
\& PID | "PID failed" | "PID succeeded"
1023
\& PPID | "PPID failed" | "PPID succeeded"
1024
\& RESOURCE | "Resource limit matched" | "Resource limit succeeded"
1025
\& SIZE | "Size failed" | "Size succeeded"
1026
\& STATUS | "Status failed" | "Status succeeded"
1027
\& TIMEOUT | "Timeout" | "Timeout recovery"
1028
\& TIMESTAMP | "Timestamp failed" | "Timestamp succeeded"
1029
\& UID | "UID failed" | "UID succeeded"
1030
\& UPTIME | "Uptime failed" | "Uptime succeeded"
1012
\& action | "Action done" | "Action done"
1013
\& checksum | "Checksum failed" | "Checksum succeeded"
1014
\& bytein | "Download bytes exceeded" | "Download bytes ok"
1015
\& byteout | "Upload bytes exceeded" | "Upload bytes ok"
1016
\& connection | "Connection failed" | "Connection succeeded"
1017
\& content | "Content failed", | "Content succeeded"
1018
\& data | "Data access error" | "Data access succeeded"
1019
\& exec | "Execution failed" | "Execution succeeded"
1020
\& fsflags | "Filesystem flags failed" | "Filesystem flags succeeded"
1021
\& gid | "GID failed" | "GID succeeded"
1022
\& icmp | "Ping failed" | "Ping succeeded"
1023
\& instance | "Monit instance changed" | "Monit instance changed not"
1024
\& invalid | "Invalid type" | "Type succeeded"
1025
\& link | "Link down" | "Link up"
1026
\& nonexist | "Does not exist" | "Exists"
1027
\& packetin | "Download packets exceeded" | "Download packets ok"
1028
\& packetout | "Upload packets exceeded" | "Upload packets ok"
1029
\& permission | "Permission failed" | "Permission succeeded"
1030
\& pid | "PID failed" | "PID succeeded"
1031
\& ppid | "PPID failed" | "PPID succeeded"
1032
\& resource | "Resource limit matched" | "Resource limit succeeded"
1033
\& saturation | "Saturation exceeded" | "Saturation ok"
1034
\& size | "Size failed" | "Size succeeded"
1035
\& speed | "Speed failed" | "Speed ok"
1036
\& status | "Status failed" | "Status succeeded"
1037
\& timeout | "Timeout" | "Timeout recovery"
1038
\& timestamp | "Timestamp failed" | "Timestamp succeeded"
1039
\& uid | "UID failed" | "UID succeeded"
1040
\& uptime | "Uptime failed" | "Uptime succeeded"
1033
Each alert recipient can have its own filter, for example:
1043
Each alert recipient can have it's own filter, for example:
1036
1046
\& set alert foo@bar { nonexist, timeout, resource, icmp, connection }
1103
The \fIfrom:\fR option is the sender email address.
1119
The \fIfrom:\fR option is the sender's email address. That is, the email
1120
address Monit will pretend it is sending alerts from. It does not have
1121
to be a real email-address only a proper formated address.
1105
1123
The \fIreply-to:\fR option can be used to set the reply-to mail header.
1107
The \fIsubject:\fR option allows one to set message subject and must be on
1108
only \fIone\fR line.
1125
The \fIsubject:\fR option sets the message subject and must be on only
1110
1128
The \fImessage:\fR option sets the mail body. This option should always
1111
1129
be the last in a mail-format statement. The mail body can be as long
1112
as needed, but must \fBnot\fR contain the '}' character.
1130
as needed, but must \fInot\fR contain the block-closing '}' character.
1114
You can set only the option which you want to override. For example
1115
to change sender address only:
1132
You need not use all options, only the option which you want to
1133
override. For example to globally change the senders address only:
1118
1136
\& set mail\-format { from: bofh@foo.bar }
1121
The subject and body may contain \f(CW$XYZ\fR variables, which are expanded
1139
The subject and body may contain \f(CW$NAME\fR variables, which are expanded by
1140
Monit. Here is a list of variables that can be used when composing an
1124
1143
\&\fI\f(CI$EVENT\fI\fR
1127
\& A string describing the event that occurred.
1145
A string describing the event that occurred.
1130
1147
\&\fI\f(CI$SERVICE\fI\fR
1136
1151
\&\fI\f(CI$DATE\fI\fR
1139
\& The current time and date (RFC 822 date style).
1153
The current time and date (\s-1RFC\s0 822 date style).
1142
1155
\&\fI\f(CI$HOST\fI\fR
1145
\& The name of the host Monit is running on
1157
The name of the host Monit is running on
1148
1159
\&\fI\f(CI$ACTION\fI\fR
1151
\& The name of the action which was done by Monit.
1161
The name of the action which was done by Monit.
1154
1163
\&\fI\f(CI$DESCRIPTION\fI\fR
1157
\& The description of the error condition
1165
The description of the error condition
1159
1166
.SS "Setting a mail server for alert delivery"
1160
1167
.IX Subsection "Setting a mail server for alert delivery"
1161
1168
The mail server Monit should use to send alert messages is
1162
defined with a \fIset mailserver\fR statement:
1169
defined with a \f(CW\*(C`set mailserver\*(C'\fR statement:
1165
\& SET MAILSERVER <hostname|ip\-address [PORT number] [USERNAME string] [PASSWORD string] [using SSLAUTO|SSLV2|SSLV3|TLSV1|TLSV11|TLSV12] [CERTMD5 checksum]>, ...
1166
\& [with TIMEOUT X SECONDS]
1167
\& [using HOSTNAME hostname]
1172
\& SET MAILSERVER <hostname|ip\-address [PORT number] [USERNAME string]
1173
\& [PASSWORD string] [using SSLAUTO|SSLV2|SSLV3|TLSV1|TLSV11|TLSV12]
1174
\& [CERTMD5 checksum]>, ...
1175
\& [with TIMEOUT X SECONDS]
1176
\& [using HOSTNAME hostname]
1170
Multiple mailservers can be set using a comma separated list. If
1179
Multiple mailservers can be set by using a comma separated list. If
1171
1180
Monit cannot connect to the first server, it will try the next in
1174
1183
The port statement allows one to override the default \s-1SMTP\s0 port
1175
(465 for \s-1SSL,\s0 or 25 for \s-1TLS\s0 and non secure connection).
1184
(465 for \s-1SSL\s0, or 25 for \s-1TLS\s0 and non secure connection).
1177
Monit supports \s-1AUTH PLAIN\s0 and \s-1AUTH LOGIN\s0 for \s-1SMTP\s0 authentication.
1186
Monit supports \s-1AUTH\s0 \s-1PLAIN\s0 and \s-1AUTH\s0 \s-1LOGIN\s0 for \s-1SMTP\s0 authentication.
1178
1187
You can set a username and a password using the \s-1USERNAME\s0 and
1179
1188
\&\s-1PASSWORD\s0 options.
1343
1353
\& check process nginx with pidfile /var/run/nginx.pid
1347
1357
Example 2: Check every workday 8AM\-7PM
1350
\& check program checkOracleDatabase with
1351
\& path /var/monit/programs/checkoracle.pl
1352
\& every "* 8\-19 * * 1\-5"
1360
\& check program checkOracleDatabase
1361
\& with path /var/monit/programs/checkoracle.pl
1362
\& every "* 8\-19 * * 1\-5"
1355
Example 3: Do not run the check in the backup window on
1365
Example 3: Do not run the check in the backup window on
1356
1366
Sunday 0AM\-3AM
1359
1369
\& check process mysqld with pidfile /var/run/mysqld.pid
1360
\& not every "* 0\-3 * * 0"
1370
\& not every "* 0\-3 * * 0"
1365
The current test scheduler is poll cycle based. When Monit starts
1366
testing and the service test is constraint with the \fIevery cron\fR
1367
statement, it checks whether the current time match the
1368
cron-string pattern. If it does, the test is done, otherwise it
1369
is skipped. The cron specification thus does not guarantee when
1370
exactly the test will run \- that depends on the default poll time
1371
and the length of the testing cycle. In other words, we cannot
1372
guarantee that Monit will run on a specific time. Therefor we
1375
The current scheduler is poll cycle based. When a service check is
1376
constraint with the \fIevery cron\fR statement, Monit will check whether
1377
the current time match the cron-string pattern. If it does, the check
1378
is performed, otherwise it is skipped. The cron specification thus does
1379
not guarantee when exactly the test will run, this depends on the
1380
default poll time and the length of the check cycle. In other words, we
1381
cannot guarantee that Monit will run on a specific time. Therefor we
1373
1382
\&\fBstrongly\fR recommend to use an asterix in the minute field or at
1374
minimum a range, e..g. 0\-15. \fBNever\fR use a specific minute as
1375
Monit may not run on that minute.
1383
minimum a range, e..g. 0\-15. \fBNever\fR use a specific minute as Monit
1384
may not run on that minute.
1377
We will address this limitation in a future release and convert
1378
the test scheduler from serial polling into a parallel
1379
non-blocking scheduler where checks are guaranteed to run on time
1380
and with seconds resolution.
1386
We will address this limitation in a future release and convert the
1387
scheduler from serial polling into a parallel non-blocking scheduler
1388
where checks are guaranteed to run on time and with seconds resolution.
1381
1389
.SH "SERVICE GROUPS"
1382
1390
.IX Header "SERVICE GROUPS"
1383
1391
Service entries in the control file, \fImonitrc\fR, can be grouped
1539
1551
\& (7) if failed checksum then unmonitor
1542
The first entry is the process entry for apache shown before
1543
(abbreviated for clarity). The fourth line sets up a dependency
1544
between this entry and the service entry named httpd in line 6. A
1545
depend tree works as follows, if an action is conducted in a
1546
lower branch it will propagate upward in the tree and for every
1547
dependent entry execute the same action. In this case, if the
1548
checksum should fail in line 7 then an unmonitor action is
1549
executed and the apache binary is not checked anymore. But since
1550
the apache process entry depends on the httpd entry this entry
1551
will also execute the unmonitor action. In short, if the checksum
1552
test for the httpd binary file should fail, both the check file
1553
httpd entry and the check process apache entry is set in
1554
The first entry is the process entry for apache (abbreviated for
1555
clarity). The fourth line sets up a dependency between this entry and
1556
the service entry named httpd in line 6. A dependency tree works as
1557
follows, if an action is conducted in a lower branch it will propagate
1558
upward in the tree and for every dependent entry execute the same
1559
action. In this case, if the checksum should fail in line 7 then an
1560
unmonitor action is executed and the apache binary is not checked
1561
anymore. But since the apache process entry depends on the httpd entry
1562
this entry will also execute the unmonitor action. In short, if the
1563
checksum test for the httpd binary file should fail, both the check
1564
file httpd entry and the check process apache entry is set in
1554
1565
un-monitoring mode.
1556
A dependency tree is a general construct and can be used between
1557
all types of service entries and span many levels and propagate
1558
any supported action (except the exec action which will not
1559
propagate upward in a dependency tree for obvious reasons).
1567
A dependency tree is a general construct and can be used between all
1568
types of service entries and span many levels and propagate any
1569
supported action (except the exec action which will not propagate
1570
upward in a dependency tree for obvious reasons).
1561
1572
Here is another different example. Consider the following common
1679
1694
you must explicitly enable monitoring from the web interface or
1680
1695
from the console.
1682
\fI\s-1FAILURE TOLERANCE\s0\fR
1697
\fI\s-1FAILURE\s0 \s-1TOLERANCE\s0\fR
1683
1698
.IX Subsection "FAILURE TOLERANCE"
1685
By default the action is executed on first match. You can ignore soft errors
1686
and require multiple errors before the event is triggered and the service state
1700
By default the action is executed if it matches and the service set in
1701
an error state. However, you can require a test to fail more than once
1702
before the error event is triggered and the service state changed to
1703
failed. This is useful to avoid getting alerts on spurious errors,
1704
which can happen, especially with network tests.
1690
.IP "... [\s-1FOR\s0] <X> \s-1CYCLES ...\s0" 4
1691
.IX Item "... [FOR] <X> CYCLES ..."
1709
\& FOR <X> CYCLES ...
1694
.IP "... <X> [\s-1TIMES WITHIN\s0] <Y> \s-1CYCLES ...\s0" 4
1695
.IX Item "... <X> [TIMES WITHIN] <Y> CYCLES ..."
1697
The condition can be used both for the failure and success action.
1699
The first simpler format requires <X> consecutive events before switching the
1715
\& <X> [TIMES WITHIN] <Y> CYCLES ...
1718
The condition can be used both for failure and success action.
1720
The first, simpler and recommended format requires \f(CW\*(C`X\*(C'\fR consecutive
1721
events before switching the state:
1709
The second format is more advanced and allows one to tolerate intermitent issues, but
1710
still catch excessive problems, where the service is flapping between error and
1711
success states frequently.
1730
The second format is more advanced and allows one to tolerate intermitent
1731
issues, but still catch excessive problems, where the service is
1732
flapping between error and success states frequently.
1713
For example if every second cycle is failure (1\-0\-1\-0\-1\-0\-...), then \*(L"for 2 cycles\*(R"
1714
condition will never match, despite the service has serious problems. The following
1715
statement will catch such state:
1734
For example if every second cycle fails (1\-0\-1\-0\-1\-0\-...), then \*(L"for 2
1735
cycles\*(R" condition will never match, despite the service having
1736
problems. The following statement will catch such a state:
1720
\& for 3 times within 5 cycles
1741
\& for 3 times within 5 cycles
1829
1854
\& if cpu is greater than 50% for 5 cycles then restart
1831
.SS "\s-1FILE CHECKSUM TESTING\s0"
1856
.SS "\s-1FILE\s0 \s-1CHECKSUM\s0 \s-1TESTING\s0"
1832
1857
.IX Subsection "FILE CHECKSUM TESTING"
1833
1858
The checksum statement may only be used in a file service
1834
entry and allows one to check \s-1MD5\s0 or \s-1SHA1\s0 checksum.
1859
entry and can be used to check the file's \s-1MD5\s0 or \s-1SHA1\s0 checksum.
1836
1861
Check specific checksum:
1837
.IP "\s-1IF FAILED\s0 [MD5|SHA1] \s-1CHECKSUM\s0 [\s-1EXPECT\s0 checksum] \s-1THEN\s0 action" 4
1838
.IX Item "IF FAILED [MD5|SHA1] CHECKSUM [EXPECT checksum] THEN action"
1864
\& IF FAILED [MD5|SHA1] CHECKSUM [EXPECT checksum] THEN action
1840
1867
Check any file changes:
1841
.IP "\s-1IF CHANGED\s0 [MD5|SHA1] \s-1CHECKSUM THEN\s0 action" 4
1842
.IX Item "IF CHANGED [MD5|SHA1] CHECKSUM THEN action"
1844
The choice of \s-1MD5\s0 or \s-1SHA1\s0 is optional. \s-1MD5\s0 features a 256 bit
1845
and \s-1SHA1\s0 a 320 bit checksum. If this option is omitted Monit
1846
tries to guess the method from the \s-1EXPECT\s0 string or uses \s-1MD5\s0 as
1849
\&\fIexpect\fR is optional and if used it specifies a md5 or sha1
1850
string Monit should expect when testing a file's checksum. If
1851
\&\fIexpect\fR is used, Monit will not compute an initial checksum for
1852
the file, but instead use the string you submit. For example:
1870
\& IF CHANGED [MD5|SHA1] CHECKSUM THEN action
1873
The choice of \s-1MD5\s0 or \s-1SHA1\s0 is optional. \s-1MD5\s0 features a 128 bits checksum
1874
(32 bytes hex encoded string) and \s-1SHA1\s0 a 160 bits checksum (40 bytes
1875
hex encoded string). If this option is omitted, Monit will try to guess
1876
the method from the \s-1EXPECT\s0 string or use \s-1MD5\s0 as the default checksum.
1878
\&\f(CW\*(C`expect\*(C'\fR is optional and if used, specifies the md5 or sha1 string
1879
Monit should expect when testing a file's checksum. Monit will then not
1880
compute an initial checksum for the file, but instead use the string
1881
you submit. For example:
1856
1885
\& checksum expect 8f7f419955cefa0b33a2ba316cba3659
1860
You can, for example, use the \s-1GNU\s0 utility \fI\fImd5sum\fI\|(1)\fR or
1861
\&\fI\fIsha1sum\fI\|(1)\fR to create a checksum string for a file and
1889
You can, for example, use the \s-1GNU\s0 utility \fI\fImd5sum\fI\|(1)\fR or
1890
\&\fI\fIsha1sum\fI\|(1)\fR to create a checksum string for a file and
1862
1891
use this string in the expect-statement.
1864
1893
Reloading a server if its configuration file was changed:
1868
1897
\& if changed checksum then exec "/usr/bin/apachectl graceful"
1871
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
1872
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
1873
.SS "\s-1TIMESTAMP TESTING\s0"
1900
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
1901
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
1902
.SS "\s-1TIMESTAMP\s0 \s-1TESTING\s0"
1874
1903
.IX Subsection "TIMESTAMP TESTING"
1875
1904
The timestamp statement may only be used in a file, fifo or
1876
1905
directory service entry.
1878
1907
Specific timestamp syntax:
1879
.IP "\s-1IF TIMESTAMP\s0 [[operator] value [unit]] \s-1THEN\s0 action" 4
1880
.IX Item "IF TIMESTAMP [[operator] value [unit]] THEN action"
1882
Timestamp change syntax:
1883
.IP "\s-1IF CHANGED TIMESTAMP THEN\s0 action" 4
1884
.IX Item "IF CHANGED TIMESTAMP THEN action"
1910
\& IF TIMESTAMP [[operator] value [unit]] THEN action
1913
Timestamp changed syntax:
1916
\& IF CHANGED TIMESTAMP THEN action
1886
1919
\&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation,
1887
\&\*(L"\s-1GT\*(R", \*(L"LT\*(R", \*(L"EQ\*(R", \*(L"NE\*(R"\s0 in shell sh notation and \*(L"\s-1GREATER\*(R",
1888
\&\*(L"LESS\*(R", \*(L"EQUAL\*(R", \*(L"NOTEQUAL\*(R"\s0 in human readable form (if not
1920
\&\*(L"\s-1GT\s0\*(R", \*(L"\s-1LT\s0\*(R", \*(L"\s-1EQ\s0\*(R", \*(L"\s-1NE\s0\*(R" in shell sh notation and \*(L"\s-1GREATER\s0\*(R",
1921
\&\*(L"\s-1LESS\s0\*(R", \*(L"\s-1EQUAL\s0\*(R", \*(L"\s-1NOTEQUAL\s0\*(R" in human readable form (if not
1889
1922
specified, default is \s-1EQUAL\s0).
1891
1924
\&\fIvalue\fR is a time watermark.
1893
1926
\&\fIunit\fR is either \*(L"\s-1SECOND\s0(S)\*(R", \*(L"\s-1MINUTE\s0(S)\*(R", \*(L"\s-1HOUR\s0(S)\*(R" or \*(L"\s-1DAY\s0(S)\*(R".
1895
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
1896
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
1928
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
1929
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
1898
For example to reload apache if configuration file timestamp changed:
1931
For example to reload apache if the configuration file timestamp
1901
1935
\& check file apache_conf with path /etc/apache/httpd.conf
1905
1939
For example testing directory for file addition or removal:
1908
\& check directory mydir path /foo/directory
1909
\& if timestamp < 1 hour then alert
1942
\& check directory bar path /foo/bar
1943
\& if timestamp < 1 hour then alert
1911
.SS "\s-1FILE SIZE TESTING\s0"
1945
.SS "\s-1FILE\s0 \s-1SIZE\s0 \s-1TESTING\s0"
1912
1946
.IX Subsection "FILE SIZE TESTING"
1913
1947
The size statement may only be used in a check file service
1914
1948
entry. If specified in the control file, Monit will compute
1915
1949
a size for a file.
1917
1951
Testing specific size or range:
1918
.IP "\s-1IF SIZE\s0 [[operator] value [unit]] \s-1THEN\s0 action" 4
1919
.IX Item "IF SIZE [[operator] value [unit]] THEN action"
1921
Testing size change:
1922
.IP "\s-1IF CHANGED SIZE THEN\s0 action" 4
1923
.IX Item "IF CHANGED SIZE THEN action"
1954
\& IF SIZE [[operator] value [unit]] THEN action
1957
Testing size changes:
1960
\& IF CHANGED SIZE THEN action
1925
1963
\&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation,
1926
\&\*(L"\s-1GT\*(R", \*(L"LT\*(R", \*(L"EQ\*(R", \*(L"NE\*(R"\s0 in shell sh notation and \*(L"\s-1GREATER\*(R",
1927
\&\*(L"LESS\*(R", \*(L"EQUAL\*(R", \*(L"NOTEQUAL\*(R"\s0 in human readable form (if not
1964
\&\*(L"\s-1GT\s0\*(R", \*(L"\s-1LT\s0\*(R", \*(L"\s-1EQ\s0\*(R", \*(L"\s-1NE\s0\*(R" in shell sh notation and \*(L"\s-1GREATER\s0\*(R",
1965
\&\*(L"\s-1LESS\s0\*(R", \*(L"\s-1EQUAL\s0\*(R", \*(L"\s-1NOTEQUAL\s0\*(R" in human readable form (if not
1928
1966
specified, default is \s-1EQUAL\s0).
1930
1968
\&\fIvalue\fR is a size watermark.
1932
\&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R"\s0 or long alternatives
1970
\&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\s0\*(R",\*(L"\s-1MB\s0\*(R",\*(L"\s-1GB\s0\*(R" or long alternatives
1933
1971
\&\*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R". If it is not
1934
1972
specified, \*(L"byte\*(R" unit is assumed by default.
1936
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
1937
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
1974
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
1975
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
1939
1977
For example to send an alert if the file is too large:
1957
1997
\&\fIpath\fR is an absolute path to a file containing extended
1958
1998
regular expression on every line. See also \fIregex\fR\|(7).
1960
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
1961
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
2000
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2001
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
1963
2003
You can use the \fI\s-1NOT\s0\fR statement to invert a match.
1965
On startup the read position is set to the end of the file
1966
and Monit continues to scan to the end of the file each cycle.
2005
On startup the read position is set to the end of the file
2006
and Monit continues to scan to the end of the file on each cycle.
1968
If the file size should decrease or inode change the read
2008
If the file size should decrease or inode changed, the read
1969
2009
position is set to the start of the file.
1971
2011
Only lines ending with a newline character are inspected.
1973
Only first 511 characters of a line are inspected.
1974
.IP "\s-1IGNORE\s0 [\s-1NOT\s0] \s-1MATCH\s0 {regex|path}" 4
1975
.IX Item "IGNORE [NOT] MATCH {regex|path}"
1977
Lines matching an \fI\s-1IGNORE\s0\fR are not inspected during later
1978
evaluations. \fI\s-1IGNORE MATCH\s0\fR has always precedence over
1979
\&\fI\s-1IF MATCH\s0\fR.
1981
All \fI\s-1IGNORE MATCH\s0\fR statements are evaluated first, in the
1982
order of their appearance. Thereafter, all the \fI\s-1IF MATCH\s0\fR
2013
Only the first 511 characters of a line are inspected.
2016
\& IGNORE [NOT] MATCH {regex|path}
2019
Lines matching an \fI\s-1IGNORE\s0\fR are not inspected during later
2020
evaluations. \fI\s-1IGNORE\s0 \s-1MATCH\s0\fR has always precedence over
2021
\&\fI\s-1IF\s0 \s-1MATCH\s0\fR.
2023
All \fI\s-1IGNORE\s0 \s-1MATCH\s0\fR statements are evaluated first, in the
2024
order of their appearance. Thereafter, all the \fI\s-1IF\s0 \s-1MATCH\s0\fR
1983
2025
statements are evaluated.
1988
2030
\& check file syslog with path /var/log/syslog
1989
\& ignore match "^monit"
1990
\& if match "^mrcoffee" then alert
2031
\& ignore match "^monit"
2032
\& if match "^mrcoffee" then alert
1992
.SS "\s-1FILESYSTEM FLAGS TESTING\s0"
2034
.SS "\s-1FILESYSTEM\s0 \s-1FLAGS\s0 \s-1TESTING\s0"
1993
2035
.IX Subsection "FILESYSTEM FLAGS TESTING"
1994
Monit can test the flags of a filesystem for changes. This test
1995
is implicit and Monit will send alert in case of failure by
2036
Monit can test the flags of a filesystem for changes. This test is
2037
implicit and Monit will send alert in case of failure by default.
1998
This test is useful for detecting changes of the filesystem flags
1999
such as when the filesystem became read-only (on disk error) or
2000
mount flags were changed (such as nosuid).
2039
This test is useful for detecting changes of filesystem flags such as
2040
if the filesystem become read-only (on disk error) or mount flags were
2041
changed (such as nosuid).
2002
2043
The syntax for the fsflags statement is:
2003
.IP "\s-1IF CHANGED FSFLAGS THEN\s0 action" 4
2004
.IX Item "IF CHANGED FSFLAGS THEN action"
2006
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
2007
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
2046
\& IF CHANGED FSFLAGS THEN action
2049
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2050
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2012
2055
\& check filesystem rootfs with path /
2013
2056
\& if changed fsflags then exec "/my/script"
2015
.SS "\s-1SPACE TESTING\s0"
2058
.SS "\s-1SPACE\s0 \s-1TESTING\s0"
2016
2059
.IX Subsection "SPACE TESTING"
2017
Monit can test filesystem space usage. This test may only be used
2018
in the context of a filesystem service type.
2060
Monit can test a filesystem or disk for space usage. This test may only
2061
be used in the context of a filesystem service type.
2020
Monit checks a total space usage, including reserved blocks.
2063
Monit will check the total space usage, including reserved blocks.
2023
.IP "\s-1IF SPACE\s0 operator value unit \s-1THEN\s0 action" 4
2024
.IX Item "IF SPACE operator value unit THEN action"
2068
\& IF SPACE operator value unit THEN action
2026
2071
\&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R",
2027
2072
\&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R",
2028
2073
\&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified,
2029
2074
default is \s-1EQUAL\s0).
2031
\&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\*(R",\*(L"MB\*(R",\*(L"GB\*(R", \s0\*(L"%\*(R" or long
2076
\&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\s0\*(R",\*(L"\s-1MB\s0\*(R",\*(L"\s-1GB\s0\*(R", \*(L"%\*(R" or long
2032
2077
alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R",
2033
2078
\&\*(L"percent\*(R".
2035
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
2036
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
2080
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2081
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2132
2185
\& check file shadow with path /etc/shadow
2133
2186
\& if failed gid shadow then alert
2135
.SS "\s-1PID TESTING\s0"
2188
.SS "\s-1PID\s0 \s-1TESTING\s0"
2136
2189
.IX Subsection "PID TESTING"
2137
Monit can test the process' \s-1PID.\s0 This test is implicit and Monit will
2138
send a alert in the case that the \s-1PID\s0 changed outside of Monit control.
2190
Monit can test the process' \s-1PID\s0. This test is implicit and Monit will
2191
send an alert in case the \s-1PID\s0 changed outside of Monit's control.
2141
.IP "\s-1IF CHANGED PID THEN\s0 action" 4
2142
.IX Item "IF CHANGED PID THEN action"
2144
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
2145
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
2196
\& IF CHANGED PID THEN action
2199
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2200
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2147
2202
This test is useful to detect possible process restarts which has
2148
2203
occurred in the timeframe between two Monit testing cycles.
2150
For example if someone changes sshd configuration and do sshd
2151
restart outside of Monit's control you will be notified that the
2152
process was replaced by a new instance:
2205
For example if someone changes sshd configuration and did sshd restart
2206
outside of Monit's control you will be notified that the process was
2207
replaced by a new instance:
2155
2210
\& check process sshd with pidfile /var/run/sshd.pid
2156
2211
\& if changed pid then alert
2158
.SS "\s-1PPID TESTING\s0"
2213
.SS "\s-1PPID\s0 \s-1TESTING\s0"
2159
2214
.IX Subsection "PPID TESTING"
2160
Monit can test the process' parent \s-1PID \s0(\s-1PPID\s0) for changes. This
2215
Monit can test the process' parent \s-1PID\s0 (\s-1PPID\s0) for changes. This
2161
2216
test is implicit and Monit will send alert in the case that the
2162
2217
\&\s-1PPID\s0 changed outside of Monit control.
2164
2219
The syntax for the ppid statement is:
2165
.IP "\s-1IF CHANGED PPID THEN\s0 action" 4
2166
.IX Item "IF CHANGED PPID THEN action"
2168
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
2169
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
2222
\& IF CHANGED PPID THEN action
2225
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2226
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2174
2231
\& check process myproc with pidfile /var/run/myproc.pid
2175
2232
\& if changed ppid then exec "/my/script"
2177
.SS "\s-1PROCESS UPTIME TESTING\s0"
2234
.SS "\s-1PROCESS\s0 \s-1UPTIME\s0 \s-1TESTING\s0"
2178
2235
.IX Subsection "PROCESS UPTIME TESTING"
2179
2236
The uptime statement may only be used in a process service
2183
.IP "\s-1IF UPTIME\s0 [[operator] value [unit]] \s-1THEN\s0 action" 4
2184
.IX Item "IF UPTIME [[operator] value [unit]] THEN action"
2242
\& IF UPTIME [[operator] value [unit]] THEN action
2186
2245
\&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation,
2187
\&\*(L"\s-1GT\*(R", \*(L"LT\*(R", \*(L"EQ\*(R", \*(L"NE\*(R"\s0 in shell sh notation and \*(L"\s-1GREATER\*(R",
2188
\&\*(L"LESS\*(R", \*(L"EQUAL\*(R", \*(L"NOTEQUAL\*(R"\s0 in human readable form (if not
2246
\&\*(L"\s-1GT\s0\*(R", \*(L"\s-1LT\s0\*(R", \*(L"\s-1EQ\s0\*(R", \*(L"\s-1NE\s0\*(R" in shell sh notation and \*(L"\s-1GREATER\s0\*(R",
2247
\&\*(L"\s-1LESS\s0\*(R", \*(L"\s-1EQUAL\s0\*(R", \*(L"\s-1NOTEQUAL\s0\*(R" in human readable form (if not
2189
2248
specified, default is \s-1EQUAL\s0).
2191
2250
\&\fIvalue\fR is a uptime watermark.
2193
\&\fIunit\fR is either \*(L"\s-1SECOND\*(R", \*(L"MINUTE\*(R", \*(L"HOUR\*(R"\s0 or \*(L"\s-1DAY\*(R" \s0(it is also
2194
possible to use \*(L"\s-1SECONDS\*(R", \*(L"MINUTES\*(R", \*(L"HOURS\*(R",\s0 or \*(L"\s-1DAYS\*(R"\s0).
2252
\&\fIunit\fR is either \*(L"\s-1SECOND\s0\*(R", \*(L"\s-1MINUTE\s0\*(R", \*(L"\s-1HOUR\s0\*(R" or \*(L"\s-1DAY\s0\*(R" (it is also
2253
possible to use \*(L"\s-1SECONDS\s0\*(R", \*(L"\s-1MINUTES\s0\*(R", \*(L"\s-1HOURS\s0\*(R", or \*(L"\s-1DAYS\s0\*(R").
2196
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\*(R", \*(L"RESTART\*(R", \*(L"START\*(R", \*(L"STOP\*(R",
2197
\&\*(L"EXEC\*(R"\s0 or \*(L"\s-1UNMONITOR\*(R".\s0
2255
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2256
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2199
2258
Example of restarting the process every three days:
2268
2330
\& if status != 0 then alert
2271
Monit will execute the program periodically and if the exit
2272
status of the program does not match the expected result, Monit
2273
can perform an action. In the example above, Monit will raise an
2274
alert if the exit value is different from 0. By convention, 0
2275
means the program exited normally.
2333
Monit will execute the program periodically and if the exit status of
2334
the program does not match the expected result, Monit can perform an
2335
action. In the example above, Monit will raise an alert if the exit
2336
value is different from 0. By convention, 0 means the program exited
2277
Program checks are asynchronous. Meaning that Monit will not wait
2278
for the program to exit, but instead, Monit will start the
2279
program in the background and immediately continue checking the
2280
next service entry in \fImonitrc\fR. At the next cycle, Monit will
2281
check if the program has finished and if so, collect the programs
2282
exit status \- if the status indicate a failure, Monit will raise
2283
an alert message containing the program's error (stderr) output,
2284
if any. If the program has not exited after the first cycle,
2285
Monit will wait another cycle and so on. If the program is still
2286
running after 5 minutes, Monit will kill it and generate a
2287
program timeout event. It is possible to override the default
2288
timeout (see the syntax below).
2339
Program checks are asynchronous. Meaning that Monit will not wait for
2340
the program to exit, but instead, Monit will start the program in the
2341
background and immediately continue checking the next service entry in
2342
\&\fImonitrc\fR. At the next cycle, Monit will check if the program has
2343
finished and if so, collect the program's exit status. If the status
2344
indicate a failure, Monit will raise an alert message containing the
2345
program's error (stderr) output, if any. If the program has not exited
2346
after the first cycle, Monit will wait another cycle and so on. If the
2347
program is still running after 5 minutes, Monit will kill it and
2348
generate a program timeout event. It is possible to override the
2349
default timeout (see the syntax below).
2290
2351
The asynchronous nature of the program check allows for
2291
2352
non-blocking behavior in the current Monit design, but it comes
2302
2363
Multiple status tests can be used, for example:
2305
2366
\& check program hwtest with path /usr/local/bin/hwtest.sh
2367
\& with timeout 500 seconds
2306
2368
\& if status = 1 then alert
2307
2369
\& if status = 3 for 5 cycles then exec "/usr/local/bin/emergency.sh"
2309
.SS "\s-1NETWORK PING TEST\s0"
2371
.SS "\s-1NETWORK\s0 \s-1LINK\s0 \s-1STATUS\s0 \s-1TEST\s0"
2372
.IX Subsection "NETWORK LINK STATUS TEST"
2373
You can check the network link state. This test may only be used
2374
within a check network service entry in the Monit control file.
2379
\& IF FAILED LINK THEN action
2382
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2383
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2385
The test will fail if the link is down or link errors were detected.
2390
\& if failed link then alert
2392
.SS "\s-1NETWORK\s0 \s-1LINK\s0 \s-1CAPACITY\s0 \s-1TEST\s0"
2393
.IX Subsection "NETWORK LINK CAPACITY TEST"
2394
You can check the network link mode capacity for changes. This test
2395
may only be used within a check network service entry in the Monit
2401
\& IF CHANGED LINK [CAPACITY] THEN action
2404
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2405
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2407
The test will match if the link mode has changed (e.g. maximum speed
2408
dropped) or if the duplex mode has changed.
2410
\&\s-1NOTE:\s0 not all interface types allow for capacity monitoring. Pseudo
2411
interfaces such as loopback device or VMWare interfaces don't have
2417
\& if changed link capacity then alert
2419
.SS "\s-1NETWORK\s0 \s-1SATURATION\s0 \s-1TEST\s0"
2420
.IX Subsection "NETWORK SATURATION TEST"
2421
You can check the network link saturation. Monit then computes the link
2422
utilization based on the current transfer rate vs. maximum link speed.
2423
This test may only be used within a check network service entry in the
2429
\& IF SATURATION operator value% THEN action
2432
\&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R",
2433
\&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R",
2434
\&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified,
2435
default is \s-1EQUAL\s0).
2437
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2438
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2440
\&\s-1NOTE:\s0 as this test depends on the link speed being available, not all
2441
interface types allow to test the saturation. See the \s-1LINK\s0 \s-1SPEED\s0 test
2447
\& if saturation > 90% then alert
2449
.SS "\s-1NETWORK\s0 \s-1BANDWIDTH\s0 \s-1TEST\s0"
2450
.IX Subsection "NETWORK BANDWIDTH TEST"
2451
You can check the network link upload and download bandwidth \- current
2452
transfer rate and total data transferred in last 24 hours. This test may
2453
only be used within a check network service entry in the Monit control file.
2455
Crrent upload bandwidth rate test syntax:
2458
\& IF UPLOAD operator value unit THEN action
2461
Current download bandwidth rate test syntax:
2464
\& IF DOWNLOAD operator value unit THEN action
2467
Total upload test syntax:
2470
\& IF TOTAL UPLOAD operator value unit IN LAST number timeunit THEN action
2473
Total download test syntax:
2476
\& IF TOTAL DOWNLOAD operator value unit IN LAST number timeunit THEN action
2479
\&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R",
2480
\&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R",
2481
\&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified,
2482
default is \s-1EQUAL\s0).
2484
\&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\s0\*(R",\*(L"\s-1MB\s0\*(R",\*(L"\s-1GB\s0\*(R" or long alternatives
2485
\&\*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R".
2487
\&\fItimeunit\fR is a choice of \*(L"\s-1MINUTE\s0(S)\*(R", \*(L"\s-1HOUR\s0(S)\*(R", \*(L"\s-1DAY\s0\*(R".
2488
\&\s-1NOTE:\s0 Monit keeps total upload/download statistics only for last
2489
24 hours => the test cannot span more then one day.
2491
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2492
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2497
\& if upload > 500 kB/s then alert
2498
\& if total download > 1 GB in last 2 hours then alert
2499
\& if total download > 10 GB in last day then alert
2501
.SS "\s-1NETWORK\s0 \s-1PACKETS\s0 \s-1TEST\s0"
2502
.IX Subsection "NETWORK PACKETS TEST"
2503
You can check the network link upload and download packets count \- current
2504
transfer rate and total data transferred in last 24 hours. This test may
2505
only be used within a check network service entry in the Monit control file.
2507
Crrent upload bandwidth rate test syntax:
2510
\& IF UPLOAD operator value PACKETS/S THEN action
2513
Current download bandwidth rate test syntax:
2516
\& IF DOWNLOAD operator value PACKETS/S THEN action
2519
Total upload test syntax:
2522
\& IF TOTAL UPLOAD operator value PACKETS IN LAST number timeunit THEN action
2525
Total download test syntax:
2528
\& IF TOTAL DOWNLOAD operator value PACKETS IN LAST number timeunit THEN action
2531
\&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R",
2532
\&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R",
2533
\&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified,
2534
default is \s-1EQUAL\s0).
2536
\&\fItimeunit\fR is a choice of \*(L"\s-1MINUTE\s0(S)\*(R", \*(L"\s-1HOUR\s0(S)\*(R", \*(L"\s-1DAY\s0\*(R".
2537
\&\s-1NOTE:\s0 Monit keeps total upload/download statistics only for last
2538
24 hours => the test cannot span more then one day.
2540
\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R",
2541
\&\*(L"\s-1EXEC\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R".
2544
if upload > 1000 packets/s then alert
2545
if total upload > 900000 packets in last hour then alert
2546
.SS "\s-1NETWORK\s0 \s-1PING\s0 \s-1TEST\s0"
2310
2547
.IX Subsection "NETWORK PING TEST"
2311
2548
Monit can perform a network ping test by sending \s-1ICMP\s0 echo request
2312
2549
datagram packets to a host and wait for the reply. This test can
2313
2550
only be used within a check host statement. Monit must also run as
2314
2551
the root user in order to be able to perform the ping test (because
2315
2552
a ping test must use raw sockets which usually only the super user
2321
2558
\& IF FAILED PING
2322
\& [COUNT number] [WITH] [TIMEOUT number SECONDS]
2559
\& [COUNT number] [WITH] [TIMEOUT number SECONDS]