# Monit control file # # Comments begin with a '#' and extend through the end of the line. # Blank lines between program entries are ignored. Keywords are case # insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/' # # Legal keywords are # check -- Must be followed by a descriptive name for the # program. # # pidfile -- Must be followed by a path to the programs pidfile. # Such a file should contain only one entry, a number # representing the process's pid. (See the apache pid # file for an example) # # group -- Must be followed by a descriptive name for a process # group. This statment can be used to group together # several processes. Monit can start/stop/restart a # group of processes. # # start -- Must be followed by a full path to a program for # starting the process. If you need to specify arguments # to the program, enclose the program and arguments in # quotes - like: "/local/bin/program -i start". # This entry is optional. # # stop -- Must be followed by a full path to a program for # stopping the process. If you need to specify arguments # to the program, enclose the program and arguments in # quotes - like: "/local/bin/program -i stop". # This entry is optional. # # host -- Specify a hostname or ip-address to test port # connection at. This statment must be followed by a # port-statment. # # port(number) -- Must be followed by an integer representing a portnumber. # The monit program will try to connect to this port to # to verify that there is a server listening behind the # portnumber. If the connection fails the default action # is to write a notification into the logfile and to # restart the process. This entry is optional. # # type -- Must be followed by the keyword udp or tcp. This keyword # specifies the type of socket the monit program should # use when testing connection to the portnumber. If the # type keyword is omitted, tcp is used. # # tcp -- Specifies that monit should use a TCP socket type # (Stream socket) when testing the port # # udp -- Specifies that monit should use a UDP socket type # (datagram socket) when testing the port # # protocol -- Must be followed by a protocol keyword. This keyword # specifies the type of service found at the port. # monit knows at the moment how to speak HTTP, SMPT, # FTP, POP and IMAP. You're welcome to write new # protocol test modules. If no protocol is specified # monit will use a default test which in most cases is # good enough. This statment is optional. # # timeout -- Must be followed by two integers where the first # number is max restart and the second the number of # poll-cycles. This statment is optional. # # alert -- Specifies an email address for notification if a # process timed out or restarted. This statment is # also optional. # # checksum -- Must be followed by the keywords start, stop and/or # a list of files with an absolute path. This statment # is optional. More than one checksum-statment is allowed. # # expect -- Specify a md5 string digest monit should expect when # testing a particular file's checksum. This statment is # an optional part of the checksum-statment. # # every -- Only check the program at every n cycles. Optional. # # autostart -- Must be followed by the keywords yes or no. If yes # monit will restart the program if it is not running # (this is the default behaviour). If no monit will not # (re)start the program if it is not running. It is # recommended that you use yes or don't use this statment. # # # Legal global option statements are # # set daemon -- Must be followed by a number (in seconds) # # set logfile -- Must be followed by either a filename (full path is # required) or the string 'syslog'. # # set mailserver -- Must be followed by a mailserver hostname. If the # mailserver is not defined, monit will try to use # 'localhost' as the smtp-server for sending mail # notification. # # set httpd port -- Must be followed by a portnumber for the monit http # server. # # allow -- Specify a host allowed to connect to the http server # and/or # allow -- Specify a username:password in clear text for # connecting to monit httpd # # # The noise keywords 'if', `and', `with', `has', `using', 'use', 'on(ly)' # and `program(s)' are ignored anywhere in an entry; they can be used to make # it resemble English. The punctuation characters `,' `;' and '=' are # also ignored. # # # Here's an example for monitoring an apache web-server on port # HTTP and HTTPS and a Sybase Database Server: # # [NB! Check and edit for your system and uncomment below] # # set daemon 120 # Poll at 2-minute intervals # set logfile syslog # Set syslog as the logfile # set mailserver localhost # Use localhost as the smtp server # set httpd port 2812 # Make monit start it's web-server # allow localhost # allow localhost to connect to the server and # allow hauk:monit # user 'hauk' with password 'monit' # # # check apache with pidfile /usr/local/apache/logs/httpd.pid # start program = "/etc/init.d/httpd start" # stop program = "/etc/init.d/httpd stop" # port 80 protocol http # port 443 # default/no protocol test # checksum start and stop # checksum /usr/local/apache/bin/httpd # and expect the sum 8f7f419955cefa0b33a2ba316cba3659 # alert address@hidden # autostart yes # group server # # check sybase with pidfile /var/run/sybase.pid # start program = "/etc/init.d/sybase start" # stop program = "/etc/init.d/sybase stop" # port 4001 # timeout if 2 restarts within 3 cycles # alert address@hidden # autostart no # group database set daemon 120 set logfile syslog set mailserver localhost set httpd port 2812 allow localhost allow admin:Qu0M0n1T # WWW Services: # ------------- check apache with pidfile /opt/apache_misc/logs/httpd.pid start program = "/etc/init.d/apache start" stop program = "/etc/init.d/apache stop" host 139.174.75.1 port 80 protocol http host 139.174.75.1 port 443 alert address@hidden group www checksum /etc/init.d/apache checksum /opt/apache/bin/httpd check zope with pidfile /var/run/zope.pid start program = "/etc/init.d/zope start" stop program = "/etc/init.d/zope stop" group www port 8080 protocol http alert address@hidden checksum /etc/init.d/zope every 5 check squid with pidfile /opt/squid/logs/squid.pid start program = "/etc/init.d/squid start" stop program = "/etc/init.d/squid stop" group www host 139.174.75.1 port 3128 alert address@hidden checksum /etc/init.d/squid checksum /opt/squid/bin/squid # Mail Services: # -------------- check sophie with pidfile /var/run/sophie.pid start program = "/etc/init.d/sophie start" stop program = "/etc/init.d/sophie stop" group mail alert address@hidden checksum /etc/init.d/sophie checksum /opt/virus/sophie/sophie check trophie with pidfile /var/run/trophie.pid start program = "/etc/init.d/trophie start" stop program = "/etc/init.d/trophie stop" group mail alert address@hidden checksum /etc/init.d/trophie checksum /opt/virus/trophie/trophie check postfix with pidfile /var/spool/postfix/pid/master.pid start program = "/etc/init.d/postfix start" stop program = "/etc/init.d/postfix stop" port 25 protocol smtp group mail alert address@hidden checksum /etc/init.d/postfix check qpopper with pidfile /var/run/popper.pid start program = "/etc/init.d/qpopper start" stop program = "/etc/init.d/qpopper stop" group mail alert address@hidden checksum /etc/init.d/qpopper checksum /opt/sbin/popper # Databases: # ---------- check mysql with pidfile /opt/mysql/data/iei1.iei.tu-clausthal.de.pid start program = "/etc/init.d/mysql start" stop program = "/etc/init.d/mysql stop" port 3306 group database alert address@hidden checksum /etc/init.d/mysql checksum /opt/mysql/bin/mysqld # Misc Services: # -------------- check portfwd with pidfile /var/run/portfwd.pid start program = "/etc/init.d/portfwd start" stop program = "/etc/init.d/portfwd stop" host 139.174.75.1 port 11022 group misc alert address@hidden checksum /etc/init.d/portfwd checksum /opt/sbin/portfwd # Samba # ----- check samba with pidfile /opt/samba2.2/var/locks/smbd.pid start program = "/etc/init.d/samba2.2 start" stop program = "/etc/init.d/samba2.2 stop" port 139 type TCP # smbd port 138 type UDP # nmbd port 137 type UDP # nmbd group samba alert address@hidden checksum /etc/init.d/samba2.2 checksum /opt/samba2.2/sbin/smbd checksum /opt/samba2.2/sbin/nmbd # SSH # ----- check ssh with pidfile /var/run/sshd.pid start program = "/etc/init.d/sshd start" stop program = "/etc/init.d/sshd stop" port 22 type TCP group ssh alert address@hidden checksum /etc/init.d/sshd checksum /opt/sbin/sshd # SSL Encryption: # --------------- check stunnel_pop3 with pidfile /opt/var/stunnel/stunnel.110.pid start program = "/opt/sbin/stunnel -p /opt/etc/stunnel.pem -D 3 -d pop3s -r 110" stop program = "/bin/pkill -f stunnel.*pop3s.*110" group stunnel alert address@hidden checksum /opt/sbin/stunnel check stunnel_swat with pidfile /opt/var/stunnel/stunnel.901.pid start program = "/opt/sbin/stunnel -p /opt/etc/stunnel.pem -D 3 -d 902 -r 901" stop program = "/bin/pkill -f stunnel.*902.*901" group stunnel alert address@hidden checksum /opt/sbin/stunnel check stunnel_monit with pidfile /opt/var/stunnel/stunnel.12812.pid start program = "/opt/sbin/stunnel -p /opt/etc/stunnel.pem -D 3 -d 12813 -r 12812" stop program = "/bin/pkill -f stunnel.*12813.*12812" group stunnel alert address@hidden checksum /opt/sbin/stunnel