Monit命令配置（二）

存在性测试：

Monit当发现一个文件不存或者一个服务没有启动的时候默认操作是重启这个操作

语法：

  IF [DOES] NOT EXIST [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]

action is a choice of "ALERT", "RESTART", "START", "STOP","EXEC" or "UNMONITOR".

check file with path /home/laicb/test.txt （with是自己取的一个名字 路径是path 后面所跟的字符串)if does not exist for 5 cycles then alert

注意，检测的是文件，如果你只写了/home/laicb那么监视的时候就会提示，path不是一个有效的类型！目录测试应该是directory

资源测试：

IF resource operator value [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]resource is a choice of "CPU", "TOTALCPU", "CPU([user|system|wait])", "MEMORY", "SWAP", "CHILDREN", "TOTALMEMORY", "LOADAVG([1min|5min|15min])".
Some resource tests can be used inside a check system entry, some in a check process entry and some in both:

有些资源可以在check system路口，有些可以在check entry路口，有些都可以，详见官方文档

语法：

IF resource operator value [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]

resource就是上面所提及的，operator可以是>,>=,<,<=也可以是相应的标识符

 if cpu is greater than 50% for 5 cycles then restart

%也可以用字节或者GB，MB等字符

action可以有"ALERT", "RESTART", "START", "STOP","EXEC" or "UNMONITOR".

文件校验码测试：

这可以测试只能在文件入口

The checksum test in constant form is used to verify that a file does not change. Syntax (keywords are in capital):IF FAILED [MD5|SHA1] CHECKSUM [EXPECT checksum] [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]The checksum test in variable form is used to watch for file changes. Syntax (keywords are in capital):IF CHANGED [MD5|SHA1] CHECKSUM [[<X>] <Y> CYCLES] THEN action

时间戳测试：

IF TIMESTAMP [[operator] value [unit]] [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]The timestamp statement in variable form is simply to test an existing file or directory for timestamp changes and if changed, execute an action. Syntax (keywords are in capital):IF CHANGED TIMESTAMP [[<X>] <Y> CYCLES] THEN actionoperator is a choice of "<", ">", "!=", "==" in C notation, "GT", "LT", "EQ", "NE" in shell sh notation and "GREATER", "LESS", "EQUAL", "NOTEQUAL" in human readable form (if not specified, default is EQUAL).

时间戳 ^[1] 是指文件属性里的创建、修改、访 ^[2] 问的时间

改变形式：

 check file httpd.conf with path /usr/local/apache/conf/httpd.confif changed timestampthen exec "/usr/local/apache/bin/apachectl graceful"

常量模式：

check file stored.ckp with path /msg-foo/config/stored.ckpif timestamp > 1 minute then alert

文件大小测试：

这个只能用在check file入口

The size test in constant form is used to verify various size conditions. Syntax (keywords are in capital):IF SIZE [[operator] value [unit]] [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]The size statement in variable form is simply to test an existing file for size changes and if changed, execute an action. Syntax (keywords are in capital):IF CHANGED SIZE [[<X>] <Y> CYCLES] THEN action

  check file with path /home/laicb/test.txtif does not exist for 5 cycles then alertif changed size for  1 cycles then alert //如果没有指定，查看服务所对应的会发现是for 5 times within 5cycles

如果更改文件大小，那么文件大小变化之后就在状态栏里显示size changed

文件目录测试：

The syntax (keywords in capital) for using this test is:IF [NOT] MATCH {regex|path} [[<X>] <Y> CYCLES] THEN action

(有待进一步研究)

文件系统标签测试:

The syntax for the fsflags statement is:IF CHANGED FSFLAGS [[<X>] <Y> CYCLES] THEN action

Example:

 check filesystem rootfs with path /if changed fsflags then exec "/my/script"alert root@localhost

空间测试：

The full syntax for the space statement is:IF SPACE operator value unit [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]operator is a choice of "<",">","!=","==" in c notation, "gt", "lt", "eq", "ne" in shell sh notation and "greater", "less", "equal", "notequal" in human
readable form (if not specified, default is EQUAL).unit is a choice of "B","KB","MB","GB", "%" or long alternatives "byte", "kilobyte", "megabyte", "gigabyte", "percent".action is a choice of "ALERT", "RESTART", "START", "STOP", "EXEC" or "UNMONITOR"

权限测试：

he syntax for the permission statement is:IF FAILED PERM(ISSION) octalnumber [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]octalnumber defines permissions for a file, a directory or a filesystem as four octal digits (0-7). Valid range: 0000 - 7777 (you can omit the leading zeros, Monit will add the zeros to the left thus for example "640" is valid value and matches "0640").action is a choice of "ALERT", "RESTART", "START", "STOP", "EXEC" or "UNMONITOR"

 check file monit.bin with path "/usr/local/bin/monit"if failed permission 0555 then unmonitor

UID测试（user identify):

Monit can monitor the owner user id (uid) of a file object. This test may only be used within a check - file, fifo, directory or filesystem service entry in the Monit control file.The syntax for the uid statement is:IF FAILED UID user [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]

 check file passwd with path /etc/passwdif failed uid root then unmonitor

如果不是root访问/etc/passwd那么拒绝访问

GID测试：

Monit can monitor the owner group id (gid) of file objects. This test may only be used within a file, fifo, directory or filesystem service entry in the Monit control file.The syntax for the gid statement is:IF FAILED GID user [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]

 check file shadow with path /etc/shadowif failed gid root then unmonitor

如果不是root组，那么就停止监视

PID测试(Progress Identify)：

Monit can test the process identification number (pid) of a process for changes. This test is implicit and Monit will send a alert in the case of failure by default.The syntax for the pid statement is:IF CHANGED PID [[<X>] <Y> CYCLES] THEN action

 check process sshd with pidfile /var/run/sshd.pidif changed pid then exec "/my/script"

更新时间测试：

正常运行时间测试：

Syntax (keywords are in capital):IF UPTIME [[operator] value [unit]] [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]

Example of restarting the process if the uptime exceeded 3 days:

 check process myapp with pidfile /var/run/myapp.pidstart program = "/etc/init.d/myapp start"stop program = "/etc/init.d/myapp stop"if uptime > 3 days then restart

链接测试：

用法很复杂，可以慢慢学！！！！！

程序状态测试：

You can check the exit status of a program or a script. This test may only be used within a check program service entry in the Monit control file.An example:check program myscript with path "/usr/local/bin/myscript.sh" with timeout 1000 secondsif status != 0 then aler

The syntax of the program status statement is:IF STATUS operator value [[<X>] <Y> CYCLES] THEN action [ELSE IF SUCCEEDED [[<X>] <Y> CYCLES] THEN action]

服务轮循时间

There are three variants:

There are three variants:custom interval based on poll cycle length multipleEVERY [number] CYCLEStest schedule based on cron-style stringEVERY [cron]do-not-test schedule based on cron-style stringNOT EVERY [cron]

MONIT HTTPD

set httpd port 2812 然后你可以使用http://localhost:2812去访问，端口可以任意指定

 set httpd port 2812ssl enablepemfile /etc/certs/monit.pem

你可以通过https://localhost:2812 ，通过ssl安全链接访问web服务器

The pemfile, in the example above, holds both the server'sprivate key and certificate. This file should be stored in a safeplace on the filesystem and should have strict permissions, thatis, no more than 0700.

pemfile必须如上设置，存放服务器的私密码值，以及证书

如果你只想httpd只接受到某一个主机的请求那么你可以这么使用，

  set httpd port 2812 and use the address 127.0.0.1

  set httpd port 2812 and use the address localhost

如果不使用use the address那么任何地址都可以

目前有八种访问语句被支持

CHECK PROCESS <unique name> <PIDFILE <path> | MATCHING <regex>><path> is the absolute path to the program's pidfile. If the pidfile does not exist or does not contain the pid number of a running process, Monit will call the entry's start method if defined. <regex> is alternative process specification using pattern matching to process name (command line) from process table instead of pidfile. The first match is used so this form of check is useful for unique pattern matching - the pidfile should be used where possible as it defines expected pid exactly (pattern matching won't be useful for Apache in most cases for example). The pattern can be obtained using monit procmatch ".*" CLI command which lists all processes visible to Monit or using the ps utility. The "procmatch" CLI command can be used to test your pattern as well. If Monit runs in passive mode or the start methods is not defined, Monit will just send alerts on errors.
CHECK FILE <unique name> PATH <path><path> is the absolute path to the file. If the file does not exist or disappeared, Monit will call the entry's start method if defined, if <path> does not point to a regular file type (for instance a directory), Monit will disable monitoring of this entry. If Monit runs in passive mode or the start methods is not defined, Monit will just send alerts on errors.
CHECK FIFO <unique name> PATH <path><path> is the absolute path to the fifo. If the fifo does not exist or disappeared, Monit will call the entry's start method if defined, if <path> does not point to a fifo type (for instance a directory), Monit will disable monitoring of this entry. If Monit runs in passive mode or the start methods is not defined, Monit will just send alerts on errors.
CHECK FILESYSTEM <unique name> PATH <path><path> is the path to the filesystem block special device, mount point, file or a directory which is part of a filesystem. It is recommended to use a block special file directly (for example /dev/hda1 on Linux or /dev/dsk/c0t0d0s1 on Solaris, etc.) If you use a mount point (for example /data), be careful, because if the filesystem is unmounted the test will still be true because the mount point exist.If the filesystem becomes unavailable, Monit will call the entry's start method if defined. if <path> does not point to a filesystem, Monit will disable monitoring of this entry. If Monit runs in passive mode or the start methods is not defined, Monit will just send alerts on errors.
CHECK DIRECTORY <unique name> PATH <path><path> is the absolute path to the directory. If the directory does not exist or disappeared, Monit will call the entry's start method if defined, if <path> does not point to a directory, monit will disable monitoring of this entry. If Monit runs in passive mode or the start methods is not defined, Monit will just send alerts on errors.

CHECK HOST <unique name> ADDRESS <host address>The host address can be specified as a hostname string or as an ip-address string on a dotted decimal format. Such as, tildeslash.com or "64.87.72.95".
CHECK SYSTEM <unique name>The system name is usually hostname, but any descriptive name can be used. You can use the variable $HOST as the name, which will expand to the hostname. This test allows one to check general system resources such as CPU usage (percent of time spent in user, system and wait), total memory usage or load average. The unique name is used as the system hostname in mail alerts and when M/Monit is configured, then also as initial name of the host entry in M/Monit.
CHECK PROGRAM <unique name> PATH <executable file> [TIMEOUT <number> SECONDS]<path> is the absolute path to the executable program or script. The status test allows one to check the program's exit status. If program will not finish within <number> seconds, Monit will terminate it. The default program timeout is 600 seconds (5 minutes).

你可以在配置文件的任何地方使用'if', `and', `with(in)', `has',`using', 'use', 'on(ly)', `usage' and `program(s)'，使配置文件看起来像英语，当读取配置文件的时候实际上是忽略他们的

 Here are the legal global keywords:

 Keyword         Function----------------------------------------------------------------set daemon      Set a background poll interval in seconds.set init        Set Monit to run from init. Monit will nottransform itself into a daemon process.set logfile     Name of a file to dump error- and status-messages to. If syslog is specified as the file, Monit will utilize the syslog daemonto log messages. This can optionally be followed by 'facility <facility>' where facility is 'log_local0' - 'log_local7' or 'log_daemon'. If no facility is specified, LOG_USER is used.set mailserver  The mailserver used for sending alertnotifications. If the mailserver is not defined, Monit will try to use 'localhost' as the smtp-server for sending mail. You can add more mail servers, if Monit cannotconnect to the first server it will try thenext server and so on.set mail-format Set a global mail format for all alertmessages emitted by monit.set idfile      Explicit set the location of the Monit idfile. E.g. set idfile /var/monit/id.set pidfile     Explicit set the location of the Monit lockfile. E.g. set pidfile /var/run/xyzmonit.pid.set statefile   Explicit set the location of the file Monit will write state data to. If not set, thedefault is $HOME/.monit.state. set httpd port  Activates Monit http server at the given port number.

 ssl enable      Enables ssl support for the httpd server.Requires the use of the pemfile statement.ssl disable     Disables ssl support for the httpd server.It is equal to omitting any ssl statement.pemfile         Set the pemfile to be used with ssl.clientpemfile   Set the pemfile to be used when clientcertificates should be checked by monit.address         If specified, the http server will only accept connect requests to this addressesThis statement is an optional part of theset httpd statement.allow           Specifies a host or IP address allowed toconnect to the http server. Can also specifya username and password allowed to connectto the server. More than one allow statementare allowed. This statement is also an optional part of the set httpd statement.read-only       Set the user defined in username:passwordto read only. A read-only user cannot changea service from the Monit web interface.include         include a file or files matching the globstring

 Here are the legal service entry keywords:

Keyword Function----------------------------------------------------------------check Starts an entry and must be followed by the typeof monitored service {filesystem|directory|file|hostprocess|system|program} and a descriptive name forthe service.pidfile Specify the process pidfile. Everyprocess must create a pidfile with itscurrent process id. This statement should onlybe used in a process service entry.path Must be followed by a path to the blockspecial file for filesystem, regularfile, directory or a process's pidfile.group Specify a groupname for a service entry.start The program used to start the specified service. Full path is required. This statement is optional, but recommended.stop The program used to stop the specifiedservice. Full path is required. This statement is optional, but recommended.pid and ppid These keywords may be used as standalonestatements in a process service entry tooverride the alert action for change ofprocess pid and ppid.uid and gid These keywords are either 1) an optional part ofa start, stop or exec statement. They may beused to specify a user id and a group id theprogram (process) should switch to upon start.This feature can only be used if the superuseris running monit. 2) uid and gid may also beused as standalone statements in a file serviceentry to test a file's uid and gid attributes.host The hostname or IP address to test the portat. This keyword can only be used togetherwith a port statement or in the check hoststatement.port Specify a TCP/IP service port number which a process is listening on. This statementis also optional. If this statement is notprefixed with a host-statement, localhost isused as the hostname to test the port at.type Specifies the socket type Monit should use whentesting a connection to a port. If the typekeyword is omitted, tcp is used. This keywordmust be followed by either tcp, udp or tcpssl.tcp Specifies that Monit should use a TCP socket type (stream) when testing a port.tcpssl Specifies that Monit should use a TCP sockettype (stream) and the secure socket layer (ssl)when testing a port connection.udp Specifies that Monit should use a UDP sockettype (datagram) when testing a port.certmd5 The md5 sum of a certificate a ssl forged server has to deliver.proto(col) This keyword specifies the type of service found at the port. See CONNECTION TESTINGfor list of supported protocols.You're welcome to write new protocol testmodules. If no protocol is specified Monit willuse a default test which in most cases are goodenough.request Specifies a server request and must comeafter the protocol keyword mentioned above.- for http it can contain an URL and anoptional query string.- other protocols does not support thisstatement yetsend/expect These keywords specify a generic protocol. Both require a string whether to be sent orto be matched against (as extended regex if supported). Send/expect can not be used together with the proto(col) statement.unix(socket) Specifies a Unix socket file and used like the port statement above to test a Unix domain network socket connection.URL Specify an URL string which Monit will use forconnection testing.content Optional sub-statement for the URL statement.Specifies that Monit should test the contentreturned by the server against a regular expression.timeout x sec. Define a network port connection timeout. Mustbe followed by a number in seconds and the keyword, seconds.timeout Define a service timeout. Must be followed bytwo digits. The first digit is max number ofrestarts for the service. The second digitis the cycle interval to test restarts. This statement is optional.alert Specifies an email address for notificationif a service event occurs. Alert can alsobe postfixed, to only send a message forcertain events. See the examples above. Morethan one alert statement is allowed in anentry. This statement is also optional.noalert Specifies an email address which don't wantto receive alerts. This statement is alsooptional.restart, stop These keywords may be used as actions for unmonitor, various test statements. The exec statement isstart and special in that it requires a following stringexec specifying the program to be execute. You mayalso specify an UID and GID for the exec statement. The program executed will then runusing the specified user id and group id.mail-format Specifies a mail format for an alert message This statement is an optional part of thealert statement.checksum Specify that Monit should compute and monitor afile's md5/sha1 checksum. May only be used in a check file entry.expect Specifies a md5/sha1 checksum string Monit should expect when testing the checksum. This statement is an optional part of the checksum statement.timestamp Specifies an expected timestamp for a fileor directory. More than one timestamp statementare allowed. May only be used in a check file orcheck directory entry.changed Part of a timestamp statement and used as anoperator to simply test for a timestamp change.every Validate this entry only at every n poll cycleor per cron specification. Useful in daemon modewhen the cycle is short and a service takes sometime to start or to suppress monitoring duringbackup windows.mode Must be followed either by the keyword active,passive or manual. If active, Monit will restartthe service if it is not running (this is thedefault behavior). If passive, Monit will not(re)start the service if it is not running - itwill only monitor and send alerts (resourcerelated restart and stop options are ignoredin this mode also). If manual, Monit will enteractive mode only if a service was started undermonit's control otherwise the service isn'tmonitored.cpu Must be followed by a compare operator, a number with "%" and an action. This statement is usedto check the cpu usage in percent of a processwith its children over a number of cycles. Ifthe compare expression matches then the specified action is executed.mem The equivalent to the cpu token for memory of a process (w/o children!). This token must be followed by a compare operator a number with unit {B|KB|MB|GB|%|byte|kilobyte|megabyte|gigabyte|percent} and an action.swap Token for system swap usage monitoring. This tokenmust be followed by a compare operator a number with unit {B|KB|MB|GB|%|byte|kilobyte|megabyte|gigabyte|percent}and an action.loadavg Must be followed by [1min,5min,15min] in (), a compare operator, a number and an action. Thisstatement is used to check the system load average over a number of cycles. If the compare expression matches then the specified action is executed.children This is the number of child processes spawn by aprocess. The syntax is the same as above.totalmem The equivalent of mem, except totalmem is anaggregation of memory, not only used by aprocess but also by all its childprocesses. The syntax is the same as above.space Must be followed by a compare operator, anumber, unit {B|KB|MB|GB|%|byte|kilobyte|megabyte|gigabyte|percent} and an action.inode(s) Must be followed by a compare operator, integernumber, optionally by percent sign (if not, thelimit is absolute) and an action.perm(ission) Must be followed by an octal number describingthe permissions.size Must be followed by a compare operator, anumber, unit {B|KB|MB|GB|byte|kilobyte|megabyte|gigabyte} and an action.uptime Must be followed by a compare operator, anumber, unit {second(s)|minute(s)|hour(s)|day(s)}and an action.depends (on) Must be followed by the name of a service thisservice depends on.

每一进程都有pid,存放在／var/run/monit.pid 这个文件里面会存放一个数值

CONFIGURATION EXAMPLES

The simplest form is just the check statement. In this example wecheck to see if the server is running and log a message if not:

 check process resin with pidfile /usr/local/resin/srun.pid

Checking process without pidfile:

 check process pager matching "/sbin/dynamic_pager -F /private/var/vm/swapfile"

To have Monit start the server if it's not running, add a startstatement:

 check process resin with pidfile /usr/local/resin/srun.pidstart program = "/usr/local/resin/bin/srun.sh start"stop program = "/usr/local/resin/bin/srun.sh stop"

Here's a more advanced example for monitoring an apacheweb-server listening on the default port number for HTTP andHTTPS. In this example Monit will restart apache if it's notaccepting connections at the port numbers. The method Monit usefor a process restart is to first execute the stop-program, waitup to 30s for the process to stop and then execute the start-programand wait up to 30s for it to start. The length of start or stoptimeout can be overridden using the 'timeout' option. If Monit wasunable to stop or start the service a failed alert message willbe sent if you have requested alert messages to be sent.

 check process apache with pidfile /var/run/httpd.pidstart program = "/etc/init.d/httpd start" with timeout 60 secondsstop program  = "/etc/init.d/httpd stop"if failed port 80 then restartif failed port 443 with timeout 15 seconds then restart

This example demonstrate how you can run a program as a specifieduser (uid) and with a specified group (gid). Many daemon programswill do the uid and gid switch by them self, but for thoseprograms that does not (e.g. Java programs), monit's ability tostart a program as a certain user can be very useful. In thisexample we start the Tomcat Java Servlet Engine as the standardnobody user and group. Please note that Monit will only switchuid and gid for a program if the super-user is running monit,otherwise Monit will simply ignore the request to change uid andgid.

 check process tomcat with pidfile /var/run/tomcat.pidstart program = "/etc/init.d/tomcat start" as uid nobody and gid nobodystop program  = "/etc/init.d/tomcat stop"# You can also use id numbers instead and write:as uid 99 and with gid 99if failed port 8080 then alert

In this example we use udp for connection testing to check if thename-server is running and also use timeout and alert:

 check process named with pidfile /var/run/named.pidstart program = "/etc/init.d/named start"stop program  = "/etc/init.d/named stop"if failed port 53 use type udp protocol dns then restartif 3 restarts within 5 cycles then timeout

The following example illustrates how to check if the service'sophie' is answering connections on its Unix domain socket:

 check process sophie with pidfile /var/run/sophie.pidstart program = "/etc/init.d/sophie start"stop  program = "/etc/init.d/sophie stop"if failed unix /var/run/sophie then restart

In this example we check an apache web-server running onlocalhost that answers for several IP-based virtual hosts orvhosts, hence the host statement before port:

 check process apache with pidfile /var/run/httpd.pidstart "/etc/init.d/httpd start"stop  "/etc/init.d/httpd stop"if failed host www.sol.no port 80 then alertif failed host shop.sol.no port 443 then alertif failed host chat.sol.no port 80 then alertif failed host www.tildeslash.com port 80 then alert

To make sure that Monit is communicating with a http server aprotocol test can be added:

 check process apache with pidfile /var/run/httpd.pidstart "/etc/init.d/httpd start"stop  "/etc/init.d/httpd stop"if failed host www.sol.no port 80 protocol HTTPthen alert

This example shows a different way to check a webserver usingthe send/expect mechanism:

 check process apache with pidfile /var/run/httpd.pidstart "/etc/init.d/httpd start"stop  "/etc/init.d/httpd stop"if failed host www.sol.no port 80 send "GET / HTTP/1.0\r\nHost: www.sol.no\r\n\r\n"expect "HTTP/[0-9\.]{3} 200 .*\r\n"then alert

To make sure that Apache is logging successfully (i.e. no more than 60 percent of child servers are logging), use its mod_statuspage at www.sol.no/server-status with this special protocol test:

 check process apache with pidfile /var/run/httpd.pidstart "/etc/init.d/httpd start"stop  "/etc/init.d/httpd stop"if failed host www.sol.no port 80protocol apache-status loglimit > 60% then restart

This configuration can be used to alert you if 25 percent or moreof Apache child processes are stuck performing DNS lookups:

 check process apache with pidfile /var/run/httpd.pidstart "/etc/init.d/httpd start"stop  "/etc/init.d/httpd stop"if failed host www.sol.no port 80protocol apache-status dnslimit > 25% then alert

Here we use an icmp ping test to check if a remote host is up andif not send an alert:

 check host www.tildeslash.com with address www.tildeslash.comif failed icmp type echo count 5 with timeout 15 secondsthen alert

In the following example we ask Monit to compute and verify thechecksum for the underlying apache binary used by the start andstop programs. If the the checksum test should fail, monitoringwill be disabled to prevent possibly starting a compromisedbinary:

 check process apache with pidfile /var/run/httpd.pidstart program = "/etc/init.d/httpd start"stop program  = "/etc/init.d/httpd stop"if failed host www.tildeslash.com port 80 then restartdepends on apache_bin

 check file apache_bin with path /usr/local/apache/bin/httpdif failed checksum then unmonitor

In this example we ask Monit to test the checksum for a documenton a remote server. If the checksum was changed we send an alert:

 check host tildeslash with address www.tildeslash.comif failed port 80 protocol http and request "/monit/dist/monit-4.0.tar.gz"with checksum f9d26b8393736b5dfad837bb13780786then alert

Here are a couple of tests for some popular communicationservers, using the SIP protocol. First we test a FreeSWITCHserver and then an Asterisk server

 check process freeswitch with pidfile /usr/local/freeswitch/log/freeswitch.pidstart program = “/usr/local/freeswitch/bin/freeswitch -nc -hp”stop program = “/usr/local/freeswitch/bin/freeswitch -stop”if totalmem > 1000.0 MB for 5 cycles then alertif totalmem > 1500.0 MB for 5 cycles then alertif totalmem > 2000.0 MB for 5 cycles then restartif cpu > 60% for 5 cycles then alertif failed port 5060 type udp protocol SIP target me@foo.bar and maxforward 10 then restartif 5 restarts within 5 cycles then timeout

 check process asterisk with pidfile /var/run/asterisk/asterisk.pidstart program = “/usr/sbin/asterisk”stop program = “/usr/sbin/asterisk -r -x ’shutdown now’”if totalmem > 1000.0 MB for 5 cycles then alertif totalmem > 1500.0 MB for 5 cycles then alertif totalmem > 2000.0 MB for 5 cycles then restartif cpu > 60% for 5 cycles then alertif failed port 5060 type udp protocol SIP and target me@foo.bar maxforward 10 then restartif 5 restarts within 5 cycles then timeout

Some servers are slow starters, like for example Java basedApplication Servers. So if we want to keep the poll-cycle low(i.e. < 60 seconds) but allow some services to take its time tostart, the every statement is handy:

 check process dynamo with pidfile /etc/dynamo.pid every 2 cyclesstart program = "/etc/init.d/dynamo start"stop program  = "/etc/init.d/dynamo stop"if failed port 8840 then alert

Here is an example where we group together two database entriesso you can manage them together, e.g.; 'Monit -g database startall'. The mode statement is also illustrated in the first entryand have the effect that Monit will not try to (re)start thisservice if it is not running:

 check process sybase with pidfile /var/run/sybase.pidstart = "/etc/init.d/sybase start"stop  = "/etc/init.d/sybase stop"mode passivegroup database

 check process oracle with pidfile /var/run/oracle.pidstart program = "/etc/init.d/oracle start"stop program  = "/etc/init.d/oracle stop"mode active # Not necessary really, since it's the defaultif failed port 9001 then restartgroup database

Here is an example to show the usage of the resource checks. Itwill send an alert when the CPU usage of the http daemon and itschild processes raises beyond 60% for over two cycles. Apache isrestarted if the CPU usage is over 80% for five cycles or thememory usage over 100Mb for five cycles or if the machines loadaverage is more than 10 for 8 cycles:

 check process apache with pidfile /var/run/httpd.pidstart program = "/etc/init.d/httpd start"stop program  = "/etc/init.d/httpd stop"if cpu > 40% for 2 cycles then alertif totalcpu > 60% for 2 cycles then alertif totalcpu > 80% for 5 cycles then restartif mem > 100 MB for 5 cycles then stopif loadavg(5min) greater than 10.0 for 8 cycles then stop

This examples demonstrate the timestamp statement with exec andhow you may restart apache if its configuration file waschanged.

 check file httpd.conf with path /etc/httpd/httpd.confif changed timestampthen exec "/etc/init.d/httpd graceful"

In this example we demonstrate usage of the extended alertstatement and a file check dependency:

 check process apache with pidfile /var/run/httpd.pidstart = "/etc/init.d/httpd start"stop  = "/etc/init.d/httpd stop"alert admin@bar on {nonexist, timeout} with mail-format { from:     bofh@$HOSTsubject:  apache $EVENT - $ACTIONmessage:  This event occurred on $HOST at $DATE. Your faithful employee,monit}if failed host www.tildeslash.com  port 80 then restartif 3 restarts within 5 cycles then timeoutdepend httpd_bingroup apache

 check file httpd_bin with path /usr/local/apache/bin/httpdalert security@bar on {checksum, timestamp, permission, uid, gid}with mail-format {subject: Alaaarrm! on $HOST}if failed checksum and expect 8f7f419955cefa0b33a2ba316cba3659then unmonitorif failed permission 755 then unmonitorif failed uid root then unmonitorif failed gid root then unmonitorif changed timestamp then alertgroup apache

In this example, we demonstrate usage of the depend statement. Inthis case, we want to start oracle and apache. However, we've setup apache to use oracle as a back end, and if oracle isrestarted, apache must be restarted as well.

 check process apache with pidfile /var/run/httpd.pidstart = "/etc/init.d/httpd start"stop  = "/etc/init.d/httpd stop"depends on oracle

 check process oracle with pidfile /var/run/oracle.pidstart = "/etc/init.d/oracle start"stop  = "/etc/init.d/oracle stop"if failed port 9001 then restart

Next, we have 2 services, oracle-import and oracle-export thatneed to be restarted if oracle is restarted, but are independentof each other.

 check process oracle with pidfile /var/run/oracle.pidstart = "/etc/init.d/oracle start"stop  = "/etc/init.d/oracle stop"if failed port 9001 then restart

 check process oracle-import with pidfile /var/run/oracle-import.pidstart = "/etc/init.d/oracle-import start"stop  = "/etc/init.d/oracle-import stop"depends on oracle

 check process oracle-export with pidfile /var/run/oracle-export.pidstart = "/etc/init.d/oracle-export start"stop  = "/etc/init.d/oracle-export stop"depends on oracle

Finally an example with all statements:

 check process apache with pidfile /var/run/httpd.pidstart program = "/etc/init.d/httpd start"stop program  = "/etc/init.d/httpd stop"if 3 restarts within 5 cycles then timeoutif failed host www.sol.no  port 80 protocol httpand use the request "/login.cgi"then alertif failed host shop.sol.no port 443 type tcpssl protocol http and with timeout 15 seconds then restartif cpu is greater than 60% for 2 cycles then alertif cpu > 80% for 5 cycles then restartif totalmem > 100 MB then stopif children > 200 then alertalert bofh@bar with mail-format {from: monit@foo.bar.no}every 2 cyclesmode activedepends on weblogicdepends on httpd.piddepends on httpd.confdepends on httpd_bindepends on datafsgroup server

 check file httpd.pid with path /usr/local/apache/logs/httpd.pidgroup serverif timestamp > 7 days then restartevery 2 cyclesalert bofh@bar with mail-format {from: monit@foo.bar.no}depends on datafs

 check file httpd.conf with path /etc/httpd/httpd.confgroup serverif timestamp was changed then exec "/usr/local/apache/bin/apachectl graceful"every 2 cyclesalert bofh@bar with mail-format {from: monit@foo.bar.no}depends on datafs

 check file httpd_bin with path /usr/local/apache/bin/httpdgroup serverif failed checksum and expect the sum8f7f419955cefa0b33a2ba316cba3659 then unmonitorif failed permission 755 then unmonitorif failed uid root then unmonitorif failed gid root then unmonitorif changed size then alertif changed timestamp then alertevery 2 cyclesalert bofh@bar with mail-format {from: monit@foo.bar.no}alert foo@bar on { checksum, size, timestamp, uid, gid } depends on datafs

 check filesystem datafs with path /dev/sdb1group serverstart program  = "/bin/mount /data"stop program  =  "/bin/umount /data"if failed permission 660 then unmonitorif failed uid root then unmonitorif failed gid disk then unmonitorif space usage > 80 % then alertif space usage > 94 % then stopif inode usage > 80 % then alertif inode usage > 94 % then stopalert root@localhost

 check host ftp.redhat.com with address ftp.redhat.comif failed icmp type echo with timeout 15 secondsthen alert if failed port 21 protocol ftpthen exec "/usr/X11R6/bin/xmessage -display:0 ftp connection failed"alert foo@bar.comcheck host www.gnu.org with address www.gnu.orgif failed port 80 protocol http and request "/pub/gnu/bash/bash-2.05b.tar.gz"with checksum 8f7f419955cefa0b33a2ba316cba3659then alertalert rms@gnu.org with mail-format {subject: The gnu server may be hacked again! }