diff options
| -rw-r--r-- | sysutils/monit/Makefile | 15 | ||||
| -rw-r--r-- | sysutils/monit/PLIST | 12 | ||||
| -rw-r--r-- | sysutils/monit/distinfo | 17 | ||||
| -rw-r--r-- | sysutils/monit/patches/patch-aa | 29 | ||||
| -rw-r--r-- | sysutils/monit/patches/patch-ab | 15 | ||||
| -rw-r--r-- | sysutils/monit/patches/patch-ac | 15 | ||||
| -rw-r--r-- | sysutils/monit/patches/patch-ad | 39 | ||||
| -rw-r--r-- | sysutils/monit/patches/patch-ae | 3900 | ||||
| -rw-r--r-- | sysutils/monit/patches/patch-af | 16 | ||||
| -rw-r--r-- | sysutils/monit/patches/patch-ag | 15 | ||||
| -rw-r--r-- | sysutils/monit/patches/patch-ah | 23 |
11 files changed, 32 insertions, 4064 deletions
diff --git a/sysutils/monit/Makefile b/sysutils/monit/Makefile index 8102f755358..f5170e35f90 100644 --- a/sysutils/monit/Makefile +++ b/sysutils/monit/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.1.1.1 2007/04/30 20:53:46 heinz Exp $ +# $NetBSD: Makefile,v 1.2 2007/12/15 16:41:50 seb Exp $ # -DISTNAME= monit-4.9 +DISTNAME= monit-4.10.1 CATEGORIES= sysutils MASTER_SITES= http://www.tildeslash.com/monit/dist/ @@ -27,11 +27,11 @@ PKG_SUGGESTED_OPTIONS= ssl CONFIGURE_ARGS+= --without-ssl .endif CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE:Q} -CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} PKG_SYSCONFSUBDIR= monit RCD_SCRIPTS= monit -RCD_SCRIPT_SRC.monit= ${FILESDIR}/monit-rc-script.sh +RCD_SCRIPT_SRC.monit= ${FILESDIR}/monit-rc-script.sh CONF_FILES= ${EGDIR}/monitrc.sample ${PKG_SYSCONFDIR}/monitrc CONF_FILES_MODE= 0600 @@ -54,8 +54,11 @@ SUBST_SED.monit= -e "s|^\# *set *daemon|set daemon|" SUBST_SED.monit+= -e "s|include */etc/monit.d|include ${PKG_SYSCONFDIR}/monit.d|" post-extract: - ${MV} -f ${WRKSRC}/monit.1 ${WRKSRC}/monit.1.obsolete - cd ${WRKSRC}/contrib && ${PAX} -zrf monit-OSX-startup.tar.gz + cd ${WRKSRC}/contrib && pax -zrf monit-OSX-startup.tar.gz + +# Perform configure substitutions on monit.1 +post-configure: + cd ${WRKSRC} && mv monit.1 monit.1.in && ./config.status --file=monit.1 post-install: ${INSTALL_DATA_DIR} ${DESTDIR}${DOCDIR} diff --git a/sysutils/monit/PLIST b/sysutils/monit/PLIST index 2590931ae08..569f2b345a9 100644 --- a/sysutils/monit/PLIST +++ b/sysutils/monit/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2007/04/30 20:53:46 heinz Exp $ +@comment $NetBSD: PLIST,v 1.2 2007/12/15 16:41:50 seb Exp $ bin/monit man/man1/monit.1 share/docs/monit/CHANGES.txt @@ -12,16 +12,16 @@ share/docs/monit/README share/docs/monit/README.SSL share/docs/monit/STATUS share/docs/monit/UPGRADE.txt -share/examples/monit/monitrc.sample -share/examples/monit/monit.php -share/examples/monit/monitrc-gentoo -share/examples/monit/wap.php share/examples/monit/MacOSX/README share/examples/monit/MacOSX/StartupParameters.plist share/examples/monit/MacOSX/monit share/examples/monit/MacOSX/monit.plist share/examples/monit/MacOSX/monitrc +share/examples/monit/monit.php +share/examples/monit/monitrc-gentoo +share/examples/monit/monitrc.sample +share/examples/monit/wap.php share/examples/rc.d/monit -@dirrm share/docs/monit @dirrm share/examples/monit/MacOSX @dirrm share/examples/monit +@dirrm share/docs/monit diff --git a/sysutils/monit/distinfo b/sysutils/monit/distinfo index 94a0197b4a5..4cfcfb69e61 100644 --- a/sysutils/monit/distinfo +++ b/sysutils/monit/distinfo @@ -1,13 +1,6 @@ -$NetBSD: distinfo,v 1.1.1.1 2007/04/30 20:53:46 heinz Exp $ +$NetBSD: distinfo,v 1.2 2007/12/15 16:41:50 seb Exp $ -SHA1 (monit-4.9.tar.gz) = a910b07a9ecc7d2803368d7d114df01f4e0916cd -RMD160 (monit-4.9.tar.gz) = 5c9c9ac48d22d327818253122418e9b4c7f12587 -Size (monit-4.9.tar.gz) = 573711 bytes -SHA1 (patch-aa) = 11d458ca0e8a4047b45651ead153d4acc167d462 -SHA1 (patch-ab) = d97d12c660d170dbd527d5055c2149faf8197838 -SHA1 (patch-ac) = 606529cf1b739591da6ed021866e5390dc9fed9e -SHA1 (patch-ad) = a4d9464bf6c9ed6ab6f725339787fb4308735fb5 -SHA1 (patch-ae) = 0e782ca1cf00a6bdb4edd1761761833ff988b554 -SHA1 (patch-af) = dc51bf856e7a6747c51ba8385c7ccd15dc26964e -SHA1 (patch-ag) = 8c4a29764732f4b7f1ebd05f9390448af07b1797 -SHA1 (patch-ah) = 9e9951aec935b242219164d9f7206d417a189679 +SHA1 (monit-4.10.1.tar.gz) = c87aa0c6e0b1d13f46b7e9d84937191e25a907a6 +RMD160 (monit-4.10.1.tar.gz) = 6c517b19bc43f4023dfca4de1df09272b41af02d +Size (monit-4.10.1.tar.gz) = 606273 bytes +SHA1 (patch-aa) = b51792edf22fb9867d45a4adb2aadd03dbe5467c diff --git a/sysutils/monit/patches/patch-aa b/sysutils/monit/patches/patch-aa index a14963357c6..403769220da 100644 --- a/sysutils/monit/patches/patch-aa +++ b/sysutils/monit/patches/patch-aa @@ -1,20 +1,15 @@ -$NetBSD: patch-aa,v 1.1.1.1 2007/04/30 20:53:54 heinz Exp $ +$NetBSD: patch-aa,v 1.2 2007/12/15 16:41:51 seb Exp $ -Shut up warnings about "subscript has type char" +Fix for LP64 big-endian platforms. ---- util.c.orig 2007-02-03 00:00:25.000000000 +0100 -+++ util.c -@@ -367,11 +367,11 @@ int Util_countWords(char *s, const char - */ - int Util_startsWith(const char *a, const char *b) { - -- if((!a || !b) || toupper(*a)!=toupper(*b)) return FALSE; -+ if((!a || !b) || toupper((int)*a)!=toupper((int)*b)) return FALSE; - - while(*a && *b) { - -- if(toupper(*a++) != toupper(*b++)) return FALSE; -+ if(toupper((int)*a++) != toupper((int)*b++)) return FALSE; - - } +--- http/engine.c.orig 2007-07-29 20:23:26.000000000 +0000 ++++ http/engine.c +@@ -246,7 +246,7 @@ int add_host_allow(char *name) { + struct sockaddr_in *sin = (struct sockaddr_in *)_res->ai_addr; + NEW(h); +- memcpy(&h->network, &sin->sin_addr, 4); ++ h->network = sin->sin_addr.s_addr; + h->mask= 0xffffffff; + LOCK(hostlist_mutex) + if(hostlist) { diff --git a/sysutils/monit/patches/patch-ab b/sysutils/monit/patches/patch-ab deleted file mode 100644 index 8e9c149db06..00000000000 --- a/sysutils/monit/patches/patch-ab +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-ab,v 1.1.1.1 2007/04/30 20:53:54 heinz Exp $ - -Shut up warnings about "subscript has type char" - ---- p.y.orig 2007-01-12 22:17:12.000000000 +0100 -+++ p.y -@@ -3320,7 +3320,7 @@ static int cleanup_hash_string(char *has - - if (isxdigit((int) hashstring[i])) { - -- hashstring[j]=tolower(hashstring[i]); -+ hashstring[j]=tolower((int)hashstring[i]); - j++; - - } diff --git a/sysutils/monit/patches/patch-ac b/sysutils/monit/patches/patch-ac deleted file mode 100644 index e683236e4c1..00000000000 --- a/sysutils/monit/patches/patch-ac +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-ac,v 1.1.1.1 2007/04/30 20:53:54 heinz Exp $ - -C source files must be told where the "sysconfdir" is. - ---- Makefile.in.orig 2007-01-11 23:04:46.000000000 +0100 -+++ Makefile.in -@@ -61,7 +61,7 @@ PROG = monit - - INCDIR = -I. -I./device -I./http -I./process -I./protocols - LIB = @LEXLIB@ @LIBS@ --DEFINES = -D@ARCH@ -+DEFINES = -D@ARCH@ -DSYSCONFDIR="\"@sysconfdir@\"" - - # ------------------------------------------------------------------- # - diff --git a/sysutils/monit/patches/patch-ad b/sysutils/monit/patches/patch-ad deleted file mode 100644 index 3f4129723fa..00000000000 --- a/sysutils/monit/patches/patch-ad +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-ad,v 1.1.1.1 2007/04/30 20:53:54 heinz Exp $ - -Pre-processor macro SYSCONFDIR will be defined on the command line. -SYSCONFDIR has to be a string enclosed by "" to enable string literal -concatenation. - ---- file.c.orig 2007-01-03 22:02:06.000000000 +0100 -+++ file.c -@@ -145,9 +145,9 @@ time_t File_getTimestamp(char *object, m - - /** - * Search the system for the monit control file. Try first ~/.monitrc, -- * if that fails try /etc/monitrc, then /usr/local/etc/monitrc and -- * finally ./monitrc. Exit the application if the control file was -- * not found. -+ * if that fails try /etc/monitrc, then SYSCONFDIR/monitrc (default: -+ * /usr/local/etc/monitrc) and finally ./monitrc. -+ * Exit the application if the control file was not found. - * @return The location of monits control file (monitrc) - */ - char *File_findControlFile() { -@@ -164,7 +164,7 @@ char *File_findControlFile() { - return (rcfile); - } - memset(rcfile, 0, STRLEN); -- snprintf(rcfile, STRLEN, "/usr/local/etc/%s", MONITRC); -+ snprintf(rcfile, STRLEN, SYSCONFDIR "/%s", MONITRC); - if(File_exist(rcfile)) { - return (rcfile); - } -@@ -174,7 +174,7 @@ char *File_findControlFile() { - return (rcfile); - } - LogError("%s: Cannot find the control file at " -- "~/.%s, /etc/%s, /usr/local/etc/%s or at ./%s \n", -+ "~/.%s, /etc/%s, " SYSCONFDIR "/%s or at ./%s \n", - prog, MONITRC, MONITRC, MONITRC, MONITRC); - exit(1); - diff --git a/sysutils/monit/patches/patch-ae b/sysutils/monit/patches/patch-ae deleted file mode 100644 index e2bd6505cb9..00000000000 --- a/sysutils/monit/patches/patch-ae +++ /dev/null @@ -1,3900 +0,0 @@ -$NetBSD: patch-ae,v 1.1.1.1 2007/04/30 20:53:54 heinz Exp $ - -Create monit.1.in so we can replace @sysconfdir@ in the configure script. - ---- monit.1.in.orig 2007-04-16 23:45:44.000000000 +0200 -+++ monit.1.in -@@ -0,0 +1,3893 @@ -+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 -+.\" -+.\" Standard preamble: -+.\" ======================================================================== -+.de Sh \" Subsection heading -+.br -+.if t .Sp -+.ne 5 -+.PP -+\fB\\$1\fR -+.PP -+.. -+.de Sp \" Vertical space (when we can't use .PP) -+.if t .sp .5v -+.if n .sp -+.. -+.de Vb \" Begin verbatim text -+.ft CW -+.nf -+.ne \\$1 -+.. -+.de Ve \" End verbatim text -+.ft R -+.fi -+.. -+.\" Set up some character translations and predefined strings. \*(-- will -+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -+.\" double quote, and \*(R" will give a right double quote. \*(C+ will -+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -+.\" nothing in troff, for use with C<>. -+.tr \(*W- -+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -+.ie n \{\ -+. ds -- \(*W- -+. ds PI pi -+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -+. ds L" "" -+. ds R" "" -+. ds C` "" -+. ds C' "" -+'br\} -+.el\{\ -+. ds -- \|\(em\| -+. ds PI \(*p -+. ds L" `` -+. ds R" '' -+'br\} -+.\" -+.\" If the F register is turned on, we'll generate index entries on stderr for -+.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index -+.\" entries marked with X<> in POD. Of course, you'll have to process the -+.\" output yourself in some meaningful fashion. -+.if \nF \{\ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" -+.. -+. nr % 0 -+. rr F -+.\} -+.\" -+.\" For nroff, turn off justification. Always turn off hyphenation; it makes -+.\" way too many mistakes in technical documents. -+.hy 0 -+.if n .na -+.\" -+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -+.\" Fear. Run. Save yourself. No user-serviceable parts. -+. \" fudge factors for nroff and troff -+.if n \{\ -+. ds #H 0 -+. ds #V .8m -+. ds #F .3m -+. ds #[ \f1 -+. ds #] \fP -+.\} -+.if t \{\ -+. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -+. ds #V .6m -+. ds #F 0 -+. ds #[ \& -+. ds #] \& -+.\} -+. \" simple accents for nroff and troff -+.if n \{\ -+. ds ' \& -+. ds ` \& -+. ds ^ \& -+. ds , \& -+. ds ~ ~ -+. ds / -+.\} -+.if t \{\ -+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -+.\} -+. \" troff and (daisy-wheel) nroff accents -+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -+.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -+.ds ae a\h'-(\w'a'u*4/10)'e -+.ds Ae A\h'-(\w'A'u*4/10)'E -+. \" corrections for vroff -+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -+. \" for low resolution devices (crt and lpr) -+.if \n(.H>23 .if \n(.V>19 \ -+\{\ -+. ds : e -+. ds 8 ss -+. ds o a -+. ds d- d\h'-1'\(ga -+. ds D- D\h'-1'\(hy -+. ds th \o'bp' -+. ds Th \o'LP' -+. ds ae ae -+. ds Ae AE -+.\} -+.rm #[ #] #H #V #F C -+.\" ======================================================================== -+.\" -+.IX Title "MONIT 1" -+.TH MONIT 1 "www.tildeslash.com" "February 19. 2007" "User Commands" -+.SH "NAME" -+monit \- utility for monitoring services on a Unix system -+.SH "SYNOPSIS" -+.IX Header "SYNOPSIS" -+\&\fBmonit\fR [options] {arguments} -+.SH "DESCRIPTION" -+.IX Header "DESCRIPTION" -+\&\fBmonit\fR is a utility for managing and monitoring processes, -+files, directories and devices on a Unix system. Monit conducts -+automatic maintenance and repair and can execute meaningful -+causal actions in error situations. E.g. monit can start a -+process if it does not run, restart a process if it does not -+respond and stop a process if it uses to much resources. You may -+use monit to monitor files, directories and devices for changes, -+such as timestamps changes, checksum changes or size changes. -+.PP -+Monit is controlled via an easy to configure control file based -+on a free\-format, token-oriented syntax. Monit logs to syslog or -+to its own log file and notifies you about error conditions via -+customizable alert messages. Monit can perform various \s-1TCP/IP\s0 -+network checks, protocol checks and can utilize \s-1SSL\s0 for such -+checks. Monit provides a http(s) interface and you may use a -+browser to access the monit program. -+.SH "GENERAL OPERATION" -+.IX Header "GENERAL OPERATION" -+The behavior of monit is controlled by command-line options -+\&\fIand\fR a run control file, \fI~/.monitrc\fR, the syntax of which we -+describe in a later section. Command-line options override -+\&\fI.monitrc\fR declarations. -+.PP -+The following options are recognized by monit. However, it is -+recommended that you set options (when applicable) directly in -+the \fI.monitrc\fR control file. -+.Sh "General Options and Arguments" -+.IX Subsection "General Options and Arguments" -+\&\fB\-c\fR \fIfile\fR -+ Use this control file -+.PP -+\&\fB\-d\fR \fIn\fR -+ Run as a daemon once per \fIn\fR seconds -+.PP -+\&\fB\-g\fR -+ Set group name for start, stop, restart and status -+.PP -+\&\fB\-l\fR \fIlogfile\fR -+ Print log information to this file -+.PP -+\&\fB\-p\fR \fIpidfile\fR -+ Use this lock file in daemon mode -+.PP -+\&\fB\-s\fR \fIstatefile\fR -+ Write state information to this file -+.PP -+\&\fB\-I\fR -+ Do not run in background (needed for run from init) -+.PP -+\&\fB\-t\fR -+ Run syntax check for the control file -+.PP -+\&\fB\-v\fR -+ Verbose mode, work noisy (diagnostic output) -+.PP -+\&\fB\-H\fR \fI[filename]\fR -+ Print \s-1MD5\s0 and \s-1SHA1\s0 hashes of the file or of stdin if the -+ filename is omitted; monit will exit afterwards -+.PP -+\&\fB\-V\fR -+ Print version number and patch level -+.PP -+\&\fB\-h\fR -+ Print a help text -+.PP -+In addition to the options above, monit can be started with one -+of the following action arguments; monit will then execute the -+action and exit without transforming itself to a daemon. -+.PP -+\&\fBstart all\fR -+ Start all services listed in the control file and -+ enable monitoring for them. If the group option is -+ set, only start and enable monitoring of services in -+ the named group. -+.PP -+\&\fBstart name\fR -+ Start the named service and enable monitoring for -+ it. The name is a service entry name from the -+ monitrc file. -+.PP -+\&\fBstop all\fR -+ Stop all services listed in the control file and -+ disable their monitoring. If the group option is -+ set, only stop and disable monitoring of the services -+ in the named group. -+.PP -+\&\fBstop name\fR -+ Stop the named service and disable its monitoring. -+ The name is a service entry name from the monitrc -+ file. -+.PP -+\&\fBrestart all\fR -+ Stop and start \fIall\fR services. If the group option -+ is set, only restart the services in the named group. -+.PP -+\&\fBrestart name\fR -+ Restart the named service. The name is a service entry -+ name from the monitrc file. -+.PP -+\&\fBmonitor all\fR -+ Enable monitoring of all services listed in the -+ control file. If the group option is set, only start -+ monitoring of services in the named group. -+.PP -+\&\fBmonitor name\fR -+ Enable monitoring of the named service. The name is -+ a service entry name from the monitrc file. Monit will -+ also enable monitoring of all services this service -+ depends on. -+.PP -+\&\fBunmonitor all\fR -+ Disable monitoring of all services listed in the -+ control file. If the group option is set, only disable -+ monitoring of services in the named group. -+.PP -+\&\fBunmonitor name\fR -+ Disable monitoring of the named service. The name is -+ a service entry name from the monitrc file. Monit -+ will also disable monitoring of all services that -+ depends on this service. -+.PP -+\&\fBstatus\fR -+ Print full status information for each service. -+.PP -+\&\fBsummary\fR -+ Print short status information for each service. -+.PP -+\&\fBreload\fR -+ Reinitialize a running monit daemon, the daemon will -+ reread its configuration, close and reopen log files. -+.PP -+\&\fBquit\fR -+ Kill a monit daemon process -+.PP -+\&\fBvalidate\fR -+ Check all services listed in the control file. This -+ action is also the default behavior when monit runs -+ in daemon mode. -+.SH "WHAT TO MONITOR" -+.IX Header "WHAT TO MONITOR" -+You may use monit to monitor daemon processes or similar programs -+running on localhost. Monit is particular useful for monitoring -+daemon processes, such as those started at system boot time from -+/etc/init.d/. For instance sendmail, sshd, apache and mysql. In -+difference to many monitoring systems, monit can act if an error -+situation should occur, e.g.; if sendmail is not running, monit -+can start sendmail or if apache is using to much system resources -+(e.g. if a DoS attack is in progress) monit can stop or restart -+apache and send you an alert message. Monit does also monitor -+process characteristics, such as; if a process has become a -+zombie and how much memory or cpu cycles a process is using. -+.PP -+You may also use monit to monitor files, directories and devices -+on localhost. Monit can monitor these items for changes, such as -+timestamps changes, checksum changes or size changes. This is -+also useful for security reasons \- you can monitor the md5 -+checksum of files that should not change. -+.PP -+You may even use monit to monitor remote hosts. First and -+foremost monit is a utility for monitoring and mending services -+on localhost, but if a service depends on a remote service, -+e.g. a database server or an application server, it might by -+useful to be able to test a remote host as well. -+.PP -+You may monitor the general system-wide resources such as cpu -+usage, memory and load average. -+.SH "HOW TO MONITOR" -+.IX Header "HOW TO MONITOR" -+monit is configured and controlled via a control file called -+\&\fBmonitrc\fR. The default location for this file is ~/.monitrc. If -+this file does not exist, monit will try /etc/monitrc, then -+@sysconfdir@/monitrc and finally ./monitrc. -+.PP -+A monit control file consists of a series of service entries and -+global option statements in a free\-format, token-oriented syntax. -+Comments begin with a # and extend through the end of the line. -+There are three kinds of tokens in the control file: grammar -+keywords, numbers and strings. -+.PP -+On a semantic level, the control file consists of three types of -+statements: -+.IP "1. Global set-statements" 4 -+.IX Item "1. Global set-statements" -+A global set-statement starts with the keyword \fIset\fR and the -+item to configure. -+.IP "2. Global include-statement" 4 -+.IX Item "2. Global include-statement" -+The include statement consists of the keyword \fIinclude\fR and -+a glob string. -+.IP "3. One or more service entry statements." 4 -+.IX Item "3. One or more service entry statements." -+A service entry starts with the keyword \fIcheck\fR followed by the -+service type. -+.PP -+This is the hello galaxy version of a monit control file: -+.PP -+.Vb 3 -+\& # -+\& # monit control file -+\& # -+.Ve -+.PP -+.Vb 6 -+\& set daemon 120 # Poll at 2\-minute intervals -+\& set logfile syslog facility log_daemon -+\& set alert foo@bar.baz -+\& set httpd port 2812 and use address localhost -+\& allow localhost # Allow localhost to connect -+\& allow admin:monit # Allow Basic Auth -+.Ve -+.PP -+.Vb 7 -+\& check system myhost.mydomain.tld -+\& if loadavg (1min) > 4 then alert -+\& if loadavg (5min) > 2 then alert -+\& if memory usage > 75% then alert -+\& if cpu usage (user) > 70% then alert -+\& if cpu usage (system) > 30% then alert -+\& if cpu usage (wait) > 20% then alert -+.Ve -+.PP -+.Vb 11 -+\& check process apache -+\& with pidfile "/usr/local/apache/logs/httpd.pid" -+\& start program = "/etc/init.d/httpd start" -+\& stop program = "/etc/init.d/httpd stop" -+\& if 2 restarts within 3 cycles then timeout -+\& if totalmem > 100 Mb then alert -+\& if children > 255 for 5 cycles then stop -+\& if cpu usage > 95% for 3 cycles then restart -+\& if failed port 80 protocol http then restart -+\& group server -+\& depends on httpd.conf, httpd.bin -+.Ve -+.PP -+.Vb 5 -+\& check file httpd.conf -+\& with path /usr/local/apache/conf/httpd.conf -+\& # Reload apache if the httpd.conf file was changed -+\& if changed checksum -+\& then exec "/usr/local/apache/bin/apachectl graceful" -+.Ve -+.PP -+.Vb 7 -+\& check file httpd.bin -+\& with path /usr/local/apache/bin/httpd -+\& # Run /watch/dog in the case that the binary was changed -+\& # and alert in the case that the checksum value recovered -+\& # later -+\& if failed checksum then exec "/watch/dog" -+\& else if recovered then alert -+.Ve -+.PP -+.Vb 2 -+\& include /etc/monit/mysql.monitrc -+\& include /etc/monit/mail/*.monitrc -+.Ve -+.PP -+This example illustrate a service entry for monitoring the apache -+web server process as well as related files. The meaning of the -+various statements will be explained in the following sections. -+.SH "LOGGING" -+.IX Header "LOGGING" -+monit will log status and error messages to a log file. Use the -+\&\fIset logfile\fR statement in the monitrc control file. To setup -+monit to log to its own logfile, use e.g. \fIset logfile -+/var/log/monit.log\fR. If \fBsyslog\fR is given as a value for the -+\&\fI\-l\fR command-line switch (or the keyword \fIset logfile syslog\fR -+is found in the control file) monit will use the \fBsyslog\fR system -+daemon to log messages. The priority is assigned to each message -+based on the context. To turn off logging, simply do not set -+the logfile in the control file (and of course, do not use the \-l -+switch) -+.SH "DAEMON MODE" -+.IX Header "DAEMON MODE" -+The \fI\-d interval\fR command-line switch runs monit in daemon -+mode. You must specify a numeric argument which is a polling -+interval in seconds. -+.PP -+In daemon mode, monit detaches from the console, puts itself in -+the background and runs continuously, monitoring each specified -+service and then goes to sleep for the given poll interval. -+.PP -+.Vb 1 -+\& Simply invoking -+.Ve -+.PP -+.Vb 1 -+\& monit \-d 300 -+.Ve -+.PP -+will poll all services described in your \fI~/.monitrc\fR file every -+5 minutes. -+.PP -+It is strongly recommended to set the poll interval in your -+~/.monitrc file instead, by using \fIset daemon \f(BIn\fI\fR, where \fBn\fR -+is an integer number of seconds. If you do this, monit will -+always start in daemon mode (as long as no action arguments are -+given). -+.PP -+Monit makes a per-instance lock-file in daemon mode. If you need -+more monit instances, you will need more configuration files, -+each pointing to its own lock\-file. -+.PP -+Calling \fImonit\fR with a monit daemon running in the background -+sends a wake-up signal to the daemon, forcing it to check -+services immediately. -+.PP -+The \fIquit\fR argument will kill a running daemon process instead -+of waking it up. -+.SH "INIT SUPPORT" -+.IX Header "INIT SUPPORT" -+Monit can run and be controlled from \fIinit\fR. If monit should -+crash, \fIinit\fR will re-spawn a new monit process. Using init to -+start monit is probably the best way to run monit if you want to -+be certain that you always have a running monit daemon on your -+system. (It's obvious, but never the less worth to stress; Make -+sure that the control file does not have any syntax errors before -+you start monit from init. Also, make sure that if you run monit -+from init, that you do not start monit from a startup scripts as -+well). -+.PP -+To setup monit to run from init, you can either use the 'set -+init' statement in monit's control file or use the \-I option from -+the command line and here is what you must add to /etc/inittab: -+.PP -+.Vb 2 -+\& # Run monit in standard run\-levels -+\& mo:2345:respawn:/usr/local/bin/monit \-Ic /etc/monitrc -+.Ve -+.PP -+After you have modified init's configuration file, you can run -+the following command to re-examine /etc/inittab and start monit: -+.PP -+.Vb 1 -+\& telinit q -+.Ve -+.PP -+For systems without telinit: -+.PP -+.Vb 1 -+\& kill \-1 1 -+.Ve -+.PP -+If monit is used to monitor services that are also started at -+boot time (e.g. services started via \s-1SYSV\s0 init rc scripts or via -+inittab) then, in some cases, a race condition could occur. That -+is; if a service is slow to start, monit can assume that the -+service is not running and possibly try to start it and raise an -+alert, while, in fact the service is already about to start or -+already in its startup sequence. Please see the \s-1FAQ\s0 for solutions -+to this problem. -+.SH "INCLUDE FILES" -+.IX Header "INCLUDE FILES" -+The monit control file, \fImonitrc\fR, can include additional -+configuration files. This feature helps to maintain a certain -+structure or to place repeating settings into one file. Include -+statements can be placed at virtually any spot. The syntax is the -+following: -+.PP -+.Vb 1 -+\& INCLUDE globstring -+.Ve -+.PP -+The globstring is any kind of string as defined in \fIglob\fR\|(7). -+Thus, you can refer to a single file or you can load several -+files at once. In case you want to use whitespace in your string -+the globstring need to be embedded into quotes (') or double -+quotes ("). For example, -+.PP -+.Vb 1 -+\& INCLUDE "/etc/monit/monit configuration files/printer.*.monitrc" -+.Ve -+.PP -+loads any file matching the single globstring. If the globstring -+matches a directory instead of a file, it is silently ignored. -+.PP -+\&\fI\s-1INCLUDE\s0\fR statements in included files are parsed as in the main -+control file. -+.PP -+If the globstring matches several results, the files are included -+in a non sorted manner. If you need to rely on a certain order, -+you might need to use single \fIinclude\fR statements. -+.SH "GROUP SUPPORT" -+.IX Header "GROUP SUPPORT" -+Service entries in the control file, \fImonitrc\fR, can be grouped -+together by the \fIgroup\fR statement. The syntax is simply (keyword -+in capital): -+.PP -+.Vb 1 -+\& GROUP groupname -+.Ve -+.PP -+With this statement it is possible to group similar service -+entries together and manage them as a whole. Monit provides -+functions to start, stop and restart a group of services, like -+so: -+.PP -+To start a group of services from the console: -+.PP -+.Vb 1 -+\& monit \-g <groupname> start -+.Ve -+.PP -+To stop a group of services: -+.PP -+.Vb 1 -+\& monit \-g <groupname> stop -+.Ve -+.PP -+To restart a group of services: -+.PP -+.Vb 1 -+\& monit \-g <groupname> restart -+.Ve -+.SH "MONITORING MODE" -+.IX Header "MONITORING MODE" -+Monit supports three monitoring modes per service: \fIactive\fR, -+\&\fIpassive\fR and \fImanual\fR. See also the example section below for -+usage of the mode statement. -+.PP -+In \fIactive\fR mode, monit will monitor a service and in case of -+problems monit will act and raise alerts, start, stop or restart -+the service. Active mode is the default mode. -+.PP -+In \fIpassive\fR mode, monit will passively monitor a service and -+specifically \fBnot\fR try to fix a problem, but it will still raise -+alerts in case of a problem. -+.PP -+For use in clustered environments there is also a \fImanual\fR -+mode. In this mode, monit will enter \fIactive\fR mode \fBonly\fR if a -+service was brought under monit's control, for example by -+executing the following command in the console: -+.PP -+.Vb 2 -+\& monit start sybase -+\& (monit will call sybase's start method and enable monitoring) -+.Ve -+.PP -+If a service was not started by monit or was stopped or disabled -+for example by: -+.PP -+.Vb 2 -+\& monit stop sybase -+\& (monit will call sybase's stop method and disable monitoring) -+.Ve -+.PP -+monit will not monitor the service. This allows for having -+services configured in monitrc and start it with monit only if it -+should run. This feature can be used to build a simple failsafe -+cluster. To see how, read more about how to setup a cluster with -+monit using the \fIheartbeat\fR system in the examples sections -+below. -+.SH "ALERT MESSAGES" -+.IX Header "ALERT MESSAGES" -+Monit will raise an email alert in the following situations: -+.PP -+.Vb 14 -+\& o A service timed out -+\& o A service does not exist -+\& o A service related data access problem -+\& o A service related program execution problem -+\& o A service is of invalid object type -+\& o A icmp problem -+\& o A port connection problem -+\& o A resource statement match -+\& o A file checksum problem -+\& o A file size problem -+\& o A file/directory timestamp problem -+\& o A file/directory/device permission problem -+\& o A file/directory/device uid problem -+\& o A file/directory/device gid problem -+.Ve -+.PP -+Monit will send an alert each time a monitored object changed. -+This involves: -+.PP -+.Vb 5 -+\& o Monit started, stopped or reloaded -+\& o A file checksum changed -+\& o A file size changed -+\& o A file content match -+\& o A file/directory timestamp changed -+.Ve -+.PP -+You use the alert statement to notify monit that you want alert -+messages sent to an email address. If you do not specify an alert -+statement, monit will not send alert messages. -+.PP -+There are two forms of alert statement: -+.PP -+.Vb 2 -+\& o Global \- common for all services -+\& o Local \- per service -+.Ve -+.PP -+In both cases you can use more than one alert statement. In other -+words, you can send many different emails to many different -+addresses. (in case you now got a new business idea: monit is not -+really suitable for sending spam). -+.PP -+Recipients in the global and in the local lists are alerted when -+a service failed, recovered or changed. If the same email address -+is in the global and in the local list, monit will send only one -+alert. Local (per service) defined alert email addresses override -+global addresses in case of a conflict. Finally, you may choose -+to only use a global alert list (recommended), a local per -+service list or both. -+.PP -+It is also possible to disable the global alerts localy for -+particular service(s) and recipients. -+.Sh "Setting a global alert statement" -+.IX Subsection "Setting a global alert statement" -+If a change occurred on a monitored services, monit will send an -+alert to all recipients in the global list who have registered -+interest for the event type. Here is the syntax for the global -+alert statement: -+.IP "\s-1SET\s0 \s-1ALERT\s0 mail-address [ [\s-1NOT\s0] {events}] [\s-1MAIL\-FORMAT\s0 {mail\-format}] [\s-1REMINDER\s0 number]" 4 -+.IX Item "SET ALERT mail-address [ [NOT] {events}] [MAIL-FORMAT {mail-format}] [REMINDER number]" -+.PP -+Simply using the following in the global section of monitrc: -+.PP -+.Vb 1 -+\& set alert foo@bar -+.Ve -+.PP -+will send a default email to the address foo@bar whenever an -+event occurred on any service. Such an event may be that a -+service timed out, a service was doesn't exist or a service does -+exist (on recovery) and so on. If you want to send alert messages -+to more email addresses, add a \fIset alert 'email'\fR statement for -+each address. -+.PP -+For explanations of the \fIevents, MAIL-FORMAT and \s-1REMINDER\s0\fR -+keywords above, please see below. -+.PP -+When you want to enable global alert recipient which will receive -+all event alerts except some type, you can also use the \s-1NOT\s0 negation -+option ahead of events list which allows you to set the recipient -+for \*(L"all but specified events\*(R" (see bellow for more details). -+.Sh "Setting a local alert statement" -+.IX Subsection "Setting a local alert statement" -+Each service can also have its own recipient list. -+.IP "\s-1ALERT\s0 mail-address [ [\s-1NOT\s0] {events}] [\s-1MAIL\-FORMAT\s0 {mail\-format}] [\s-1REMINDER\s0 number]" 4 -+.IX Item "ALERT mail-address [ [NOT] {events}] [MAIL-FORMAT {mail-format}] [REMINDER number]" -+.PP -+or -+.IP "\s-1NOALERT\s0 mail-address" 4 -+.IX Item "NOALERT mail-address" -+.PP -+If you only want an alert message sent for certain events for -+certain service(s), for example only for timeout events or only -+if a service died, then postfix the alert-statement with a filter -+block: -+.PP -+.Vb 3 -+\& check process myproc with pidfile /var/run/my.pid -+\& alert foo@bar only on { timeout, nonexist } -+\& ... -+.Ve -+.PP -+(\fIonly\fR and \fIon\fR are noise keywords, ignored by monit. As a -+side note; Noise keywords are used in the control file grammar to -+make an entry resemble English and thus make it easier to read -+(or, so goes the philosophy). The full set of available noise -+keywords are listed below in the Control File section). -+.PP -+You can also set the alert to send all events except specified -+using the list negation \- the word \fInot\fR ahead of the event -+list. For example when you want to receive alerts for all events -+except the monit instance related, you can write (note that the -+noise words 'but' and 'on' are optional): -+.PP -+.Vb 3 -+\& check system myserver -+\& alert foo@bar but not on { instance } -+\& ... -+.Ve -+.PP -+instead of: -+.PP -+.Vb 13 -+\& alert foo@bar on { change -+\& checksum -+\& data -+\& exec -+\& gid -+\& icmp -+\& invalid -+\& match -+\& nonexist -+\& permission -+\& size -+\& timeout -+\& timestamp } -+.Ve -+.PP -+This will enable all alerts for foo@bar, except the monit instance -+related alerts. -+.PP -+Event filtering can be used to send a mail to different email -+addresses depending on the events that occurred. For instance: -+.PP -+.Vb 3 -+\& alert foo@bar { nonexist, timeout, resource, icmp, connection } -+\& alert security@bar on { checksum, permission, uid, gid } -+\& alert manager@bar -+.Ve -+.PP -+This will send an alert message to foo@bar whenever a nonexist, -+timeout, resource or connection problem occurs and a message to -+security@bar if a checksum, permission, uid or gid problem -+occurs. And finally, a message to manager@bar whenever any error -+event occurs. -+.PP -+This is the list of events you can use in a mail\-filter: \fIuid, -+gid, size, nonexist, data, icmp, instance, invalid, exec, -+changed, timeout, resource, checksum, match, timestamp, -+connection, permission\fR -+.PP -+You can also disable the alerts localy using the \s-1NOALERT\s0 statement. -+This is useful for example when you have lot of services monitored, -+used the global alert statement, but don't want to receive alerts -+for some minor subset of services: -+.PP -+.Vb 1 -+\& noalert appadmin@bar -+.Ve -+.PP -+For example when you will place the noalert statement to the -+\&'check system', the given user won't receive the system related -+alerts (such as monit instance started/stopped/reloaded alert, -+system overloaded alert, etc.) but will receive the alerts for -+all other monitored services. -+.PP -+The following example will alert foo@bar on all events on all -+services by default, except the service mybar which will send an -+alert only on timeout. The trick is based on the fact that local -+definition of the same recipient overrides the global setting -+(including registered events and mail format): -+.PP -+.Vb 1 -+\& set alert foo@bar -+.Ve -+.PP -+.Vb 4 -+\& check process myfoo with pidfile /var/run/myfoo.pid -+\& ... -+\& check process mybar with pidfile /var/run/mybar.pid -+\& alert foo@bar only on { timeout } -+.Ve -+.PP -+The 'instance' alert type report events related to monit -+internals, such as when a monit instance was started, stopped or -+reloaded. -+.PP -+If the \s-1MTA\s0 (mailserver) for sending alerts is not available, -+monit \fIcan\fR queue events on the local file-system until the \s-1MTA\s0 -+recover. Monit will then post queued events in order with their -+original timestamp so the events are not lost. This feature is -+most useful if monit is used together with e.g. m/monit and when -+event history is important. -+.Sh "Alert message layout" -+.IX Subsection "Alert message layout" -+monit provides a default mail message layout that is short and to -+the point. Here's an example of a standard alert mail sent by -+monit: -+.PP -+.Vb 4 -+\& From: monit@tildeslash.com -+\& Subject: monit alert \-\- Does not exist apache -+\& To: hauk@tildeslash.com -+\& Date: Thu, 04 Sep 2003 02:33:03 +0200 -+.Ve -+.PP -+.Vb 1 -+\& Does not exist Service apache -+.Ve -+.PP -+.Vb 3 -+\& Date: Thu, 04 Sep 2003 02:33:03 +0200 -+\& Action: restart -+\& Host: www.tildeslash.com -+.Ve -+.PP -+.Vb 2 -+\& Your faithful employee, -+\& monit -+.Ve -+.PP -+If you want to, you can change the format of this message with -+the optional \fImail-format\fR statement. The syntax for this -+statement is as follows: -+.PP -+.Vb 7 -+\& mail\-format { -+\& from: monit@localhost -+\& subject: $SERVICE $EVENT at $DATE -+\& message: Monit $ACTION $SERVICE at $DATE on $HOST: $DESCRIPTION. -+\& Yours sincerely, -+\& monit -+\& } -+.Ve -+.PP -+Where the keyword \fIfrom:\fR is the email address monit should -+pretend it is sending from. It does not have to be a real mail -+address, but it must be a proper formated mail address, on the -+form: name@domain. The keyword \fIsubject:\fR is for the email -+subject line. The subject must be on only \fIone\fR line. The -+\&\fImessage:\fR keyword denotes the mail body. If used, this keyword -+should always be the last in a mail-format statement. The mail -+body can be as long as you want and must \fBnot\fR contain the '}' -+character. -+.PP -+All of these format keywords are optional but you must provide at -+least one. Thus if you only want to change the from address monit -+is using you can do: -+.PP -+.Vb 1 -+\& set alert foo@bar with mail\-format { from: bofh@bar.baz } -+.Ve -+.PP -+From the previous example you will notice that some special \f(CW$XXX\fR -+variables was used. If used, they will be substituted and -+expanded into the text with these values: -+.IP "* \fI$EVENT\fR" 4 -+.IX Item "$EVENT" -+.Vb 2 -+\& A string describing the event that occurred. The values are -+\& fixed and are: -+.Ve -+.Sp -+.Vb 19 -+\& Event: | Failure state: | Recovery state: -+\& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- -+\& CHANGED | "Changed" | "Changed back" -+\& CHECKSUM | "Checksum failed" | "Checksum passed" -+\& CONNECTION| "Connection failed" | "Connection passed" -+\& DATA | "Data access error" | "Data access succeeded" -+\& EXEC | "Execution failed" | "Execution succeeded" -+\& GID | "GID failed" | "GID passed" -+\& ICMP | "ICMP failed" | "ICMP passed" -+\& INSTANCE | "Monit instance changed"| "Monit instance changed not" -+\& INVALID | "Invalid type" | "Type passed" -+\& MATCH | "Regex match" | "No regex match" -+\& NONEXIST | "Does not exist" | "Exists" -+\& PERMISSION| "Permission failed" | "Permission passed" -+\& RESOURCE | "Resource limit matched"| "Resource limit passed" -+\& SIZE | "Size failed" | "Size passed" -+\& TIMEOUT | "Timeout" | "Timeout recovery" -+\& TIMESTAMP | "Timestamp failed" | "Timestamp passed" -+\& UID | "UID failed" | "UID passed" -+.Ve -+.IP "* \fI$SERVICE\fR" 4 -+.IX Item "$SERVICE" -+.Vb 1 -+\& The service entry name in monitrc -+.Ve -+.IP "* \fI$DATE\fR" 4 -+.IX Item "$DATE" -+.Vb 1 -+\& The current time and date (RFC 822 date style). -+.Ve -+.IP "* \fI$HOST\fR" 4 -+.IX Item "$HOST" -+.Vb 1 -+\& The name of the host monit is running on -+.Ve -+.IP "* \fI$ACTION\fR" 4 -+.IX Item "$ACTION" -+.Vb 2 -+\& The name of the action which was done. Action names are fixed -+\& and are: -+.Ve -+.Sp -+.Vb 9 -+\& Action: | Name: -+\& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- -+\& ALERT | "alert" -+\& EXEC | "exec" -+\& MONITOR | "monitor" -+\& RESTART | "restart" -+\& START | "start" -+\& STOP | "stop" -+\& UNMONITOR| "unmonitor" -+.Ve -+.IP "* \fI$DESCRIPTION\fR" 4 -+.IX Item "$DESCRIPTION" -+.Vb 1 -+\& The description of the error condition -+.Ve -+.Sh "Setting a global mail format" -+.IX Subsection "Setting a global mail format" -+It is possible to set a standard mail format with the -+following global set-statement (keywords are in capital): -+.IP "\s-1SET\s0 MAIL-FORMAT {mail\-format}" 4 -+.IX Item "SET MAIL-FORMAT {mail-format}" -+.PP -+Format set with this statement will apply to every alert -+statement that does \fInot\fR have its own specified mail\-format. -+This statement is most useful for setting a default from address -+for messages sent by monit, like so: -+.PP -+.Vb 1 -+\& set mail\-format { from: monit@foo.bar.no } -+.Ve -+.Sh "Setting a error reminder" -+.IX Subsection "Setting a error reminder" -+Monit by default sends just one error notification when the -+service failed and another one when it has recovered. If you want -+to be notified more then once in the case that the service -+remains failed, you can use the reminder option of alert -+statement (keywords are in capital): -+.IP "\s-1ALERT\s0 ... [\s-1WITH\s0] \s-1REMINDER\s0 [\s-1ON\s0] number [\s-1CYCLES\s0]" 4 -+.IX Item "ALERT ... [WITH] REMINDER [ON] number [CYCLES]" -+.PP -+For example if you want to be notified each tenth cycle when the -+service remains failed, you can use: -+.PP -+.Vb 1 -+\& alert foo@bar with reminder on 10 cycles -+.Ve -+.PP -+If you want to be notified on each failed cycle, you can use: -+.PP -+.Vb 1 -+\& alert foo@bar with reminder on 1 cycle -+.Ve -+.Sh "Setting a mail server for alert messages" -+.IX Subsection "Setting a mail server for alert messages" -+The mail server monit should use to send alert messages is -+defined with a global set statement (keywords are in capital and -+optional statements in [brackets]): -+.PP -+.Vb 2 -+\& SET MAILSERVER {host name [PORT port]|ip\-address [PORT port]}+ -+\& [with TIMEOUT X SECONDS] -+.Ve -+.PP -+The port statement allows to use \s-1SMTP\s0 servers other then those -+listening on port 25. If omitted, port 25 is used for the -+connection. -+.PP -+As you can see, it is possible to set several \s-1SMTP\s0 servers. If -+monit cannot connect to the first server in the list it will try -+the second server and so on. Monit has a default 5 seconds -+connection timeout and if the \s-1SMTP\s0 server is slow, monit could -+timeout when connecting or reading from the server. You can use -+the optional timeout statement to explicit set the timeout to a -+higher value if needed. Here is an example for setting several -+mail servers: -+.PP -+.Vb 2 -+\& set mailserver mail.tildeslash.com, mail.foo.bar port 10025, -+\& localhost with timeout 15 seconds -+.Ve -+.PP -+Here monit will first try to connect to the server -+\&\*(L"mail.tildeslash.com\*(R", if this server is down monit will try -+\&\*(L"mail.foo.bar\*(R" on port 10025 and finally \*(L"localhost\*(R". We do also -+set an explicit connect and read timeout; If monit cannot connect -+to the first \s-1SMTP\s0 server in the list within 15 seconds it will -+try the next server and so on. The \fIset mailserver ..\fR statement -+is optional and if not defined monit defaults to use localhost as -+the \s-1SMTP\s0 server. -+.Sh "Event queue" -+.IX Subsection "Event queue" -+Monit provide optionally queueing of event alerts that cannot be -+sent. For example, if no mail-server is available at the moment, -+monit can store events in a queue and try to reprocess them at -+the next cycle. As soon as the mail-server recover, monit will -+post the queued events. The queue is persistent across monit -+restarts and provided that the back-end filesystem is persistent -+too, across system restart as well. -+.PP -+By default, the queue is disabled and if the alert handler fails, -+monit will simply drop the alert message. To enable the event -+queue, add the following statement to the monit control file: -+.PP -+.Vb 1 -+\& SET EVENTQUEUE BASEDIR <path> [SLOTS <number>] -+.Ve -+.PP -+The <path> is the path to the directory where events will be -+stored. Optionally if you want to limit the queue size (maximum -+events count), use the slots option. If the slots option is not -+used, monit will store as many events as the backend filesystem -+allows. -+.PP -+Example: -+.PP -+.Vb 3 -+\& set eventqueue -+\& basedir /var/monit -+\& slots 5000 -+.Ve -+.PP -+The events are stored in binary format, one file per event. The -+file size is ca. 130 bytes or a bit more (depending on the -+message length). The file name is composed of the unix timestamp, -+underscore and the service name, for example: -+.PP -+.Vb 1 -+\& /var/monit/1131269471_apache -+.Ve -+.PP -+If you are running more then one monit instance on the same -+machine, you \fBmust\fR use separated event queue directories to -+avoid sending wrong alerts to the wrong addresses. -+.PP -+If you want to purge the queue by hand (remove queued -+event\-files), monit should be stopped before the removal. -+.SH "SERVICE TIMEOUT" -+.IX Header "SERVICE TIMEOUT" -+\&\fBmonit\fR provides a service timeout mechanism for situations -+where a service simply refuses to start or respond over a longer -+period. In cases like this, and particularly if monit's poll-cycle -+is low, monit will simply increase the machine load by trying to -+restart the service. -+.PP -+The timeout mechanism monit provides is based on two variables, -+i.e. the number the service has been started and the number of -+poll\-cycles. For example, if a service had \fIx\fR restarts within -+\&\fIy\fR poll-cycles (where \fIx\fR <= \fIy\fR) then monit will timeout and -+not (re)start the service on the next cycle. If a timeout occurs -+monit will send you an alert message if you have register -+interest for this event. -+.PP -+The syntax for the timeout statement is as follows (keywords -+are in capital): -+.IP "\s-1IF\s0 \s-1NUMBER\s0 \s-1RESTART\s0 \s-1NUMBER\s0 \s-1CYCLE\s0(S) \s-1THEN\s0 \s-1TIMEOUT\s0" 4 -+.IX Item "IF NUMBER RESTART NUMBER CYCLE(S) THEN TIMEOUT" -+.PP -+Where the first number is the number of service restarts and the -+second, the number of poll\-cycles. If the number of cycles was -+reached without a timeout, the service start-counter is reset to -+zero. This provides some granularity to catch exceptional cases -+and do a service timeout, but let occasional service start and -+restarts happen without having an accumulated timeout. -+.PP -+Here is an example where monit will timeout (not check the -+service) if the service was restarted 2 times within 3 cycles: -+.PP -+.Vb 1 -+\& if 2 restarts within 3 cycles then timeout -+.Ve -+.PP -+To have monit check the service again after a timeout, run 'monit -+monitor service' from the command line. This will remove the -+timeout lock in the daemon and make the daemon start and check -+the service again. -+.SH "SERVICE TESTS" -+.IX Header "SERVICE TESTS" -+Monit provides several tests you may utilize in a service entry -+to test a service. Basically here are two classes of tests: -+variable and constant object tests. -+.PP -+Constant object tests are related to failed/passed state. In the -+case of error, monit will watch whether the failed parameter will -+recover \- in such case it will handle recovery related -+action. General format: -+.IP "\s-1IF\s0 <\s-1TEST\s0> [[<X>] [\s-1TIMES\s0 \s-1WITHIN\s0] <Y> \s-1CYCLES\s0] \s-1THEN\s0 \s-1ACTION\s0 [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] [\s-1TIMES\s0 \s-1WITHIN\s0] <Y> \s-1CYCLES\s0] \s-1THEN\s0 \s-1ACTION\s0]" 4 -+.IX Item "IF <TEST> [[<X>] [TIMES WITHIN] <Y> CYCLES] THEN ACTION [ELSE IF PASSED [[<X>] [TIMES WITHIN] <Y> CYCLES] THEN ACTION]" -+.PP -+For constant object tests if the <\s-1TEST\s0> should validate to true, -+then the selected action is executed each cycle the condition -+remains true. The value for comparison is constant. Recovery -+action is evaluated only once (on failed\->passed state change -+only). The '\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0' part is optional \- if omitted, -+monit will do alert action on recovery by default. The alert is -+delivered only once on each state change unless overridden by -+\&'reminder' alert option. -+.PP -+Variable object tests begins with '\s-1IF\s0 \s-1CHANGED\s0' statement and -+serves for monitoring of object, which property can change legally -+\&\- monit watches whether the value will change again. You can use -+it just for alert or to involve some automatic action, as for -+example to reload monitored process after its configuration file -+was changed. Variable tests are supported for 'checksum', -+\&'size', 'pid, 'ppid' and 'timestamp' tests only, if you consider -+that other tests can be useful in variable form too, please let -+us know. -+.IP "\s-1IF\s0 \s-1CHANGED\s0 <\s-1TEST\s0> [[<X>] [\s-1TIMES\s0 \s-1WITHIN\s0] <Y> \s-1CYCLES\s0] \s-1THEN\s0 \s-1ACTION\s0" 4 -+.IX Item "IF CHANGED <TEST> [[<X>] [TIMES WITHIN] <Y> CYCLES] THEN ACTION" -+.PP -+For variable object tests if the <\s-1TEST\s0> should validate to true, -+then the selected action is executed once and monit will watch -+for another change. The value for comparison is a variable where -+the last result becomes the actual value, which is compared in -+future cycles. The alert is delivered each time the condition -+becomes true. -+.PP -+You can restrict the event ratio needed to change the state: -+.IP "... [[<X>] [\s-1TIMES\s0 \s-1WITHIN\s0] <Y> \s-1CYCLES\s0] ..." 4 -+.IX Item "... [[<X>] [TIMES WITHIN] <Y> CYCLES] ..." -+.PP -+This part is optional and is supported by all testing rules. -+It defines how many event occurrences during how many cycles -+are needed to trigger the following action. You can use it -+in several ways \- the core syntax is: -+.PP -+.Vb 1 -+\& [<X>] <Y> CYCLES -+.Ve -+.PP -+It is possible to use filling words which give the rule better -+first-sight sense. You can use any filling words such as: \s-1FOR\s0, -+\&\s-1TIMES\s0, \s-1WITHIN\s0, thus for example: -+.PP -+.Vb 1 -+\& if failed port 80 for 3 times within 5 cycles then alert -+.Ve -+.PP -+or -+.PP -+.Vb 1 -+\& if failed port 80 for 10 cycles then unmonitor -+.Ve -+.PP -+When you don't specify the <X>, it equals to <Y> by default, -+thus the rule applies when <Y> consecutive cycles of inverse -+event occurred (relatively to the current service state). -+.PP -+When you omit it at all, monit will by default change state -+on first inverse event, which is equivalent to this notation: -+.PP -+.Vb 1 -+\& 1 times within 1 cycles -+.Ve -+.PP -+It is possible to use this option for failed, passed/recovered -+or changed rules. More complex examples: -+.PP -+.Vb 7 -+\& check device rootfs with path /dev/hda1 -+\& if space usage > 80% 5 times within 15 cycles -+\& then alert -+\& else if passed for 10 cycles then alert -+\& if space usage > 90% for 5 cycles then -+\& exec '/try/to/free/the/space' -+\& if space usage > 99% then exec '/stop/processess' -+.Ve -+.PP -+Note that the maximal cycles count which can be used in the rule -+is limited by the size of 'long long' data type on your platform. -+This provides 64 cycles on usual platforms currently. In the case -+that you use unsupported value, the configuration parser will -+tell you the limits during monit startup. -+.PP -+You must select an action to be executed from this list: -+.IP "\(bu" 4 -+\&\fB\s-1ALERT\s0\fR sends the user an alert event on each state change (for -+constant object tests) or on each change (for variable object -+tests). -+.IP "\(bu" 4 -+\&\fB\s-1RESTART\s0\fR restarts the service \fIand\fR sends an alert. Restart is -+conducted by first calling the service's registered stop method -+and then the service's start method. -+.IP "\(bu" 4 -+\&\fB\s-1START\s0\fR starts the service by calling the service's registered -+start method \fIand\fR send an alert. -+.IP "\(bu" 4 -+\&\fB\s-1STOP\s0\fR stops the service by calling the service's registered -+stop method \fIand\fR send an alert. If monit stops a service it -+will not be checked by monit anymore nor restarted again -+later. To reactivate monitoring of the service again you must -+explicitly enable monitoring from the web interface or from the -+console, e.g. 'monit monitor apache'. -+.IP "\(bu" 4 -+\&\fB\s-1EXEC\s0\fR may be used to execute an arbitrary program \fIand\fR send -+an alert. If you choose this action you must state the program to -+be executed and if the program require arguments you must enclose -+the program and its arguments in a quoted string. You may -+optionally specify the uid and gid the executed program should -+switch to upon start. For instance: -+.Sp -+.Vb 2 -+\& exec "/usr/local/tomcat/bin/startup.sh" -+\& as uid nobody and gid nobody -+.Ve -+.Sp -+This may be useful if the program to be started cannot change to -+a lesser privileged user and group. This is typically needed for -+Java Servers. Remember, if monit is run by the superuser, then -+all programs executed by monit will be started with superuser -+privileges unless the uid and gid extension was used. -+.IP "\(bu" 4 -+\&\fB\s-1MONITOR\s0\fR will enable monitoring of the service \fIand\fR send -+an alert. -+.IP "\(bu" 4 -+\&\fB\s-1UNMONITOR\s0\fR will disable monitoring of the service \fIand\fR send -+an alert. The service will not be checked by monit anymore nor -+restarted again later. To reactivate monitoring of the service -+you must explicitly enable monitoring from monit's web interface -+or from the console using the monitor argument. -+.Sh "\s-1RESOURCE\s0 \s-1TESTING\s0" -+.IX Subsection "RESOURCE TESTING" -+Monit can examine how much system resources a services are -+using. This test may only be used within a system or process -+service entry in the monit control file. -+.PP -+Depending on the system or process characteristics, services -+can be stopped or restarted and alerts can be generated. Thus -+it is possible to utilize systems which are idle and to spare -+system under high load. -+.PP -+The full syntax for the resource-statements used for resource -+testing is as follows (keywords are in capital and optional -+statements in [brackets]), -+.IP "\s-1IF\s0 resource operator value [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF resource operator value [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+\&\fIresource\fR is a choice of \*(L"\s-1CPU\s0\*(R", \*(L"\s-1CPU\s0([user|system|wait])\*(R", -+\&\*(L"\s-1MEMORY\s0\*(R", \*(L"\s-1CHILDREN\s0\*(R", \*(L"\s-1TOTALMEMORY\s0\*(R", \*(L"\s-1LOADAVG\s0([1min|5min|15min])\*(R". -+Some resources can be used inside of system service container, -+some in process service container and some in both: -+.PP -+System only resource tests: -+.PP -+\&\s-1CPU\s0([user|system|wait]) is the percent of time that the system -+spend in user or system/kernel space. Some systems such as linux -+2.6 supports 'wait' indicator as well. -+.PP -+Process only resource tests: -+.PP -+\&\s-1CPU\s0 is the \s-1CPU\s0 usage of the process and its children in -+parts of hundred (percent). -+.PP -+\&\s-1CHILDREN\s0 is the number of child processes of the process. -+.PP -+\&\s-1TOTALMEMORY\s0 is the memory usage of the process and its child -+processes in either percent or as an amount (Byte, kB, \s-1MB\s0, \s-1GB\s0). -+.PP -+System and process resource tests: -+.PP -+\&\s-1MEMORY\s0 is the memory usage of the system or in the process context -+of the process without its child processes in either percent -+(of the systems total) or as an amount (Byte, kB, \s-1MB\s0, \s-1GB\s0). -+.PP -+\&\s-1LOADAVG\s0([1min|5min|15min]) refers to the system's load average. -+The load average is the number of processes in the system run -+queue, averaged over the specified time period. -+.PP -+\&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation, -+\&\*(L"gt\*(R", \*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", -+\&\*(L"less\*(R", \*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not -+specified, default is \s-1EQUAL\s0). -+.PP -+\&\fIvalue\fR is either an integer or a real number (except for -+\&\s-1CHILDREN\s0). For \s-1CPU\s0, \s-1MEMORY\s0 and \s-1TOTALMEMORY\s0 you need to specify a -+\&\fIunit\fR. This could be \*(L"%\*(R" or if applicable \*(L"B\*(R" (Byte), \*(L"kB\*(R" -+(1024 Byte), \*(L"\s-1MB\s0\*(R" (1024 KiloByte) or \*(L"\s-1GB\s0\*(R" (1024 MegaByte). -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+To calculate the cycles, a counter is raised whenever the -+expression above is true and it is lowered whenever it is false -+(but not below 0). All counters are reset in case of a restart. -+.PP -+The following is an example to check that the \s-1CPU\s0 usage of a -+service is not going beyond 50% during five poll cycles. If it -+does, monit will restart the service: -+.PP -+.Vb 1 -+\& if cpu is greater than 50% for 5 cycles then restart -+.Ve -+.PP -+See also the example section below. -+.Sh "\s-1FILE\s0 \s-1CHECKSUM\s0 \s-1TESTING\s0" -+.IX Subsection "FILE CHECKSUM TESTING" -+The checksum statement may only be used in a file service -+entry. If specified in the control file, monit will compute -+a md5 or sha1 checksum for a file. -+.PP -+The checksum test in constant form is used to verify that a -+file does not change. Syntax (keywords are in capital): -+.IP "\s-1IF\s0 \s-1FAILED\s0 [MD5|SHA1] \s-1CHECKSUM\s0 [\s-1EXPECT\s0 checksum] [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF FAILED [MD5|SHA1] CHECKSUM [EXPECT checksum] [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+The checksum test in variable form is used to watch for -+file changes. Syntax (keywords are in capital): -+.IP "\s-1IF\s0 \s-1CHANGED\s0 [MD5|SHA1] \s-1CHECKSUM\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action" 4 -+.IX Item "IF CHANGED [MD5|SHA1] CHECKSUM [[<X>] <Y> CYCLES] THEN action" -+.PP -+The choice of \s-1MD5\s0 or \s-1SHA1\s0 is optional. \s-1MD5\s0 features a 256 bit -+and \s-1SHA1\s0 a 320 bit checksum. If this option is omitted monit -+tries to guess the method from the \s-1EXPECT\s0 string or uses \s-1MD5\s0 as -+default. -+.PP -+\&\fIexpect\fR is optional and if used it specifies a md5 or sha1 -+string monit should expect when testing a file's checksum. If -+\&\fIexpect\fR is used, monit will not compute an initial checksum for -+the file, but instead use the string you submit. For example: -+.PP -+.Vb 3 -+\& if failed checksum and -+\& expect the sum 8f7f419955cefa0b33a2ba316cba3659 -+\& then alert -+.Ve -+.PP -+You can, for example, use the \s-1GNU\s0 utility \fI\fImd5sum\fI\|(1)\fR or -+\&\fI\fIsha1sum\fI\|(1)\fR to create a checksum string for a file and -+use this string in the expect\-statement. -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+The checksum statement in variable form may be used to check a -+file for changes and if changed, do a specified action. For -+instance to reload a server if its configuration file was -+changed. The following illustrate this for the apache web server: -+.PP -+.Vb 3 -+\& check file httpd.conf path /usr/local/apache/conf/httpd.conf -+\& if changed sha1 checksum -+\& then exec "/usr/local/apache/bin/apachectl graceful" -+.Ve -+.PP -+If you plan to use the checksum statement for security reasons, -+(a very good idea, by the way) and to monitor a file or files -+which should not change, then please use constant form and also -+read the \s-1DEPENDENCY\s0 \s-1TREE\s0 section below to see a detailed example -+on how to do this properly. -+.PP -+Monit can also test the checksum for files on a remote host via -+the \s-1HTTP\s0 protocol. See the \s-1CONNECTION\s0 \s-1TESTING\s0 section below. -+.Sh "\s-1TIMESTAMP\s0 \s-1TESTING\s0" -+.IX Subsection "TIMESTAMP TESTING" -+The timestamp statement may only be used in a file, fifo or directory -+service entry. -+.PP -+The timestamp test in constant form is used to verify various -+timestamp conditions. Syntax (keywords are in capital): -+.IP "\s-1IF\s0 \s-1TIMESTAMP\s0 [[operator] value [unit]] [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF TIMESTAMP [[operator] value [unit]] [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+The timestamp statement in variable form is simply to test an -+existing file or directory for timestamp changes and if changed, -+execute an action. Syntax (keywords are in capital): -+.IP "\s-1IF\s0 \s-1CHANGED\s0 \s-1TIMESTAMP\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action" 4 -+.IX Item "IF CHANGED TIMESTAMP [[<X>] <Y> CYCLES] THEN action" -+.PP -+\&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation, -+\&\*(L"\s-1GT\s0\*(R", \*(L"\s-1LT\s0\*(R", \*(L"\s-1EQ\s0\*(R", \*(L"\s-1NE\s0\*(R" in shell sh notation and \*(L"\s-1GREATER\s0\*(R", -+\&\*(L"\s-1LESS\s0\*(R", \*(L"\s-1EQUAL\s0\*(R", \*(L"\s-1NOTEQUAL\s0\*(R" in human readable form (if not -+specified, default is \s-1EQUAL\s0). -+.PP -+\&\fIvalue\fR is a time watermark. -+.PP -+\&\fIunit\fR is either \*(L"\s-1SECOND\s0\*(R", \*(L"\s-1MINUTE\s0\*(R", \*(L"\s-1HOUR\s0\*(R" or \*(L"\s-1DAY\s0\*(R" (it is also -+possible to use \*(L"\s-1SECONDS\s0\*(R", \*(L"\s-1MINUTES\s0\*(R", \*(L"\s-1HOURS\s0\*(R", or \*(L"\s-1DAYS\s0\*(R"). -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+The variable timestamp statement is useful for checking a file -+for changes and then execute an action. This version was written -+particularly with configuration files in mind. For instance, if -+you monitor the apache web server you can use this statement to -+reload apache if the \fIhttpd.conf\fR (apache's configuration file) -+was changed. Like so: -+.PP -+.Vb 3 -+\& check file httpd.conf with path /usr/local/apache/conf/httpd.conf -+\& if changed timestamp -+\& then exec "/usr/local/apache/bin/apachectl graceful" -+.Ve -+.PP -+The constant timestamp version is useful for monitoring systems -+able to report its state by changing the timestamp of certain -+state files. For instance the \fIiPlanet Messaging server stored -+process\fR system updates the timestamp of: -+.PP -+.Vb 3 -+\& o stored.ckp -+\& o stored.lcu -+\& o stored.per -+.Ve -+.PP -+If a task should fail, the system keeps the timestamp. To report -+stored problems you can use the following statements: -+.PP -+.Vb 2 -+\& check file stored.ckp with path /msg\-foo/config/stored.ckp -+\& if timestamp > 1 minute then alert -+.Ve -+.PP -+.Vb 2 -+\& check file stored.lcu with path /msg\-foo/config/stored.lcu -+\& if timestamp > 5 minutes then alert -+.Ve -+.PP -+.Vb 2 -+\& check file stored.per with path /msg\-foo/config/stored.per -+\& if timestamp > 1 hour then alert -+.Ve -+.PP -+As mentioned above, you can also use the timestamp statement for -+monitoring directories for changes. If files are added or removed -+from a directory, its timestamp is changed: -+.PP -+.Vb 2 -+\& check directory mydir path /foo/directory -+\& if timestamp > 1 hour then alert -+.Ve -+.PP -+or -+.PP -+.Vb 2 -+\& check directory myotherdir path /foo/secure/directory -+\& if timestamp < 1 hour then alert -+.Ve -+.PP -+The following example is a hack for restarting a process after a -+certain time. Sometimes this is a necessary workaround for some -+third-party applications, until the vendor fix a problem: -+.PP -+.Vb 3 -+\& check file server.pid path /var/run/server.pid -+\& if timestamp > 7 days -+\& then exec "/usr/local/server/restart\-server" -+.Ve -+.Sh "\s-1FILE\s0 \s-1SIZE\s0 \s-1TESTING\s0" -+.IX Subsection "FILE SIZE TESTING" -+The size statement may only be used in a file service entry. -+If specified in the control file, monit will compute a size -+for a file. -+.PP -+The size test in constant form is used to verify various -+size conditions. Syntax (keywords are in capital): -+.IP "\s-1IF\s0 \s-1SIZE\s0 [[operator] value [unit]] [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF SIZE [[operator] value [unit]] [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+The size statement in variable form is simply to test an existing -+file for size changes and if changed, execute an action. Syntax -+(keywords are in capital): -+.IP "\s-1IF\s0 \s-1CHANGED\s0 \s-1SIZE\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action" 4 -+.IX Item "IF CHANGED SIZE [[<X>] <Y> CYCLES] THEN action" -+.PP -+\&\fIoperator\fR is a choice of \*(L"<\*(R", \*(L">\*(R", \*(L"!=\*(R", \*(L"==\*(R" in C notation, -+\&\*(L"\s-1GT\s0\*(R", \*(L"\s-1LT\s0\*(R", \*(L"\s-1EQ\s0\*(R", \*(L"\s-1NE\s0\*(R" in shell sh notation and \*(L"\s-1GREATER\s0\*(R", -+\&\*(L"\s-1LESS\s0\*(R", \*(L"\s-1EQUAL\s0\*(R", \*(L"\s-1NOTEQUAL\s0\*(R" in human readable form (if not -+specified, default is \s-1EQUAL\s0). -+.PP -+\&\fIvalue\fR is a size watermark. -+.PP -+\&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\s0\*(R",\*(L"\s-1MB\s0\*(R",\*(L"\s-1GB\s0\*(R" or long alternatives -+\&\*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R". If it is not -+specified, \*(L"byte\*(R" unit is assumed by default. -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+The variable size test form is useful for checking a file for -+changes and send an alert or execute an action. Monit will -+register the size of the file at startup and monitor the file for -+changes. As soon as the value changed, monit will do specified -+action, reset the registered value to new result and continue to -+monitor, whether the size changed again. -+.PP -+One example of use for this statement is to conduct security -+checks, for instance: -+.PP -+.Vb 2 -+\& check file su with path /bin/su -+\& if changed size then exec "/sbin/ifconfig eth0 down" -+.Ve -+.PP -+which will \*(L"cut the cable\*(R" and stop a possible intruder from -+compromising the system further. This test is just one of many -+you may use to increase the security awareness on a system. If -+you plan to use monit for security reasons we recommend that you -+use this test in combination with other supported tests like -+checksum, timestamp, and so on. -+.PP -+The constant size test form may be useful in similar or different -+contexts. It can, for instance, be used to test if a certain file -+size was exceeded and then alert you or monit may execute a -+certain action specified by you. An example is to use this -+statement to rotate log files after they have reached a certain -+size or to check that a database file does not grow beyond a -+specified threshold. -+.PP -+To rotate a log file: -+.PP -+.Vb 3 -+\& check file myapp.log with path /var/log/myapp.log -+\& if size > 50 MB then -+\& exec "/usr/local/bin/rotate /var/log/myapp.log myapp" -+.Ve -+.PP -+where /usr/local/bin/rotate may be a simple script, such as: -+.PP -+.Vb 3 -+\& #/bin/bash -+\& /bin/mv $1 $1.`date +%y\-%m\-%d` -+\& /usr/bin/pkill \-HUP $2 -+.Ve -+.PP -+Or you may use this statement to trigger the \fIlogrotate\fR\|(8) -+program, to do an \*(L"emergency\*(R" rotate. Or to send an alert if a -+file becomes a known bottleneck if it grows behind a certain size -+because of limits in a database engine: -+.PP -+.Vb 2 -+\& check file mydb with path /data/mydatabase.db -+\& if size > 1 GB then alert -+.Ve -+.PP -+This is a more restrictive form of the first example where the -+size is explicitly defined (note that the real su size is system -+dependent): -+.PP -+.Vb 2 -+\& check file su with path /bin/su -+\& if size != 95564 then exec "/sbin/ifconfig eth0 down" -+.Ve -+.Sh "\s-1FILE\s0 \s-1CONTENT\s0 \s-1TESTING\s0" -+.IX Subsection "FILE CONTENT TESTING" -+The match statement allows you to test the content of a text -+file by using regular expressions. This is a great feature if -+you need to periodically test files, such as log files, for -+certain patterns. If a pattern match, monit defaults to -+raise an alert, other actions are also possible. -+.PP -+The syntax (keywords in capital) for using this function is: -+.IP "\s-1IF\s0 [\s-1NOT\s0] \s-1MATCH\s0 {regex|path} [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action" 4 -+.IX Item "IF [NOT] MATCH {regex|path} [[<X>] <Y> CYCLES] THEN action" -+.PP -+\&\fIregex\fR is a string containing the extended regular expression. -+See also \fIregex\fR\|(7). -+.PP -+\&\fIpath\fR is an absolute path to a file containing extended -+regular expression on every line. See also \fIregex\fR\|(7). -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+You can use the \fI\s-1NOT\s0\fR statement to invert a match. -+.PP -+The content is only being checked every cycle. If content is -+being added and removed between two checks they are unnoticed. -+.PP -+On startup the read position is set to the end of the file -+and monit continue to scan to the end of file on each cycle. -+But if the file size should decrease or inode change the read -+position is set to the start of the file. -+.PP -+Only lines ending with a newline character are inspected. Thus, -+lines are being ignored until they have been completed with this -+character. Also note that only the first 511 characters of a -+line are inspected. -+.IP "\s-1IGNORE\s0 [\s-1NOT\s0] \s-1MATCH\s0 {regex|path}" 4 -+.IX Item "IGNORE [NOT] MATCH {regex|path}" -+.PP -+Lines matching an \fI\s-1IGNORE\s0\fR are not inspected during later -+evaluations. \fI\s-1IGNORE\s0 \s-1MATCH\s0\fR has always precedence over -+\&\fI\s-1IF\s0 \s-1MATCH\s0\fR. -+.PP -+All \fI\s-1IGNORE\s0 \s-1MATCH\s0\fR statements are evaluated first, in the -+order of their appearance. Thereafter, all the \fI\s-1IF\s0 \s-1MATCH\s0\fR -+statements are evaluated. -+.PP -+A real life example might look like this: -+.PP -+.Vb 7 -+\& check file syslog with path /var/log/syslog -+\& ignore match -+\& "^\ew{3} [ :0\-9]{11} [._[:alnum:]\-]+ monit\e[[0\-9]+\e]:" -+\& ignore match /etc/monit/ignore.regex -+\& if match -+\& "^\ew{3} [ :0\-9]{11} [._[:alnum:]\-]+ mrcoffee\e[[0\-9]+\e]:" -+\& if match /etc/monit/active.regex then alert -+.Ve -+.Sh "\s-1FILESYSTEM\s0 \s-1FLAGS\s0 \s-1TESTING\s0" -+.IX Subsection "FILESYSTEM FLAGS TESTING" -+monit tests the filesystem flags of devices for change. This -+test is implicit and monit will send alert in the case of -+failure by default. -+.PP -+You may override the default action using below rule (it may only -+be used within a device service entry in the monit control file). -+.PP -+This test is useful for detecting changes of the filesystem flags -+such as when the filesystem became read-only based on disk errors -+or the mount flags were changed (such as nosuid). Each platform -+provides different flags set. \s-1POSIX\s0 defined the \s-1RDONLY\s0 and \s-1NOSUID\s0 -+flags which should work on all platforms. Some platforms (such as -+FreeBSD) present another flags in addition. -+.PP -+The syntax for the fsflags statement is: -+.IP "\s-1IF\s0 \s-1CHANGED\s0 \s-1FSFLAGS\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action" 4 -+.IX Item "IF CHANGED FSFLAGS [[<X>] <Y> CYCLES] THEN action" -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+Example: -+.PP -+.Vb 3 -+\& check device rootfs with path / -+\& if changed fsflags then exec "/my/script" -+\& alert root@localhost -+.Ve -+.Sh "\s-1SPACE\s0 \s-1TESTING\s0" -+.IX Subsection "SPACE TESTING" -+Monit can test devices/file systems and check for space -+usage. This test may only be used within a device service entry -+in the monit control file. -+.PP -+Monit will check a device's total space usage. If you only want -+to check available space for non\-superuser, you must set the -+watermark appropriately (i.e. total space minus reserved blocks -+for the superuser). -+.PP -+You can obtain (and set) the superuser's reserved blocks size, -+for example by using the tune2fs utility on Linux. On Linux 5% of -+available blocks are reserved for the superuser by default. To -+list the reserved blocks for the superuser: -+.PP -+.Vb 4 -+\& [root@berry monit]# tune2fs \-l /dev/hda1| grep "Reserved block" -+\& Reserved block count: 319994 -+\& Reserved blocks uid: 0 (user root) -+\& Reserved blocks gid: 0 (group root) -+.Ve -+.PP -+On solaris 10% of the blocks are reserved. You can also use -+tunefs on solaris to change values on a live filesystem. -+.PP -+The full syntax for the space statement is: -+.IP "\s-1IF\s0 \s-1SPACE\s0 operator value unit [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF SPACE operator value unit [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+\&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", -+\&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", -+\&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, -+default is \s-1EQUAL\s0). -+.PP -+\&\fIunit\fR is a choice of \*(L"B\*(R",\*(L"\s-1KB\s0\*(R",\*(L"\s-1MB\s0\*(R",\*(L"\s-1GB\s0\*(R", \*(L"%\*(R" or long -+alternatives \*(L"byte\*(R", \*(L"kilobyte\*(R", \*(L"megabyte\*(R", \*(L"gigabyte\*(R", -+\&\*(L"percent\*(R". -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.Sh "\s-1INODE\s0 \s-1TESTING\s0" -+.IX Subsection "INODE TESTING" -+If supported by the file\-system, you can use monit to test for -+inodes usage. This test may only be used within a device service -+entry in the monit control file. -+.PP -+If the device becomes unavailable, monit will call the entry's -+registered start method, if it is defined and if monit is running -+in active mode. If monit runs in passive mode or the start -+methods is not defined, monit will just send an error alert. -+.PP -+The syntax for the inode statement is: -+.IP "\s-1IF\s0 \s-1INODE\s0(S) operator value [unit] [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF INODE(S) operator value [unit] [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+\&\fIoperator\fR is a choice of \*(L"<\*(R",\*(L">\*(R",\*(L"!=\*(R",\*(L"==\*(R" in c notation, \*(L"gt\*(R", -+\&\*(L"lt\*(R", \*(L"eq\*(R", \*(L"ne\*(R" in shell sh notation and \*(L"greater\*(R", \*(L"less\*(R", -+\&\*(L"equal\*(R", \*(L"notequal\*(R" in human readable form (if not specified, -+default is \s-1EQUAL\s0). -+.PP -+\&\fIunit\fR is optional. If not specified, the value is an absolute -+count of inodes. You can use the \*(L"%\*(R" character or the longer -+alternative \*(L"percent\*(R" as a unit. -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.Sh "\s-1PERMISSION\s0 \s-1TESTING\s0" -+.IX Subsection "PERMISSION TESTING" -+Monit can monitor the permissions. This test may only be used -+within a file, fifo, directory or device service entry in the -+monit control file. -+.PP -+The syntax for the permission statement is: -+.IP "\s-1IF\s0 \s-1FAILED\s0 \s-1PERM\s0(\s-1ISSION\s0) octalnumber [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF FAILED PERM(ISSION) octalnumber [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+\&\fIoctalnumber\fR defines permissions for a file, a directory or a -+device. -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+The web interface will show a permission warning if the test -+failed. -+.PP -+We recommend that you use the \s-1UNMONITOR\s0 action in a permission -+statement. The rationale for this feature is security and that -+monit does not start a possible cracked program or -+script. Example: -+.PP -+.Vb 3 -+\& check file monit.bin with path "/usr/local/bin/monit" -+\& if failed permission 0555 then unmonitor -+\& alert foo@bar -+.Ve -+.PP -+If the test fails, monit will simply send an alert and stop -+monitoring the file and propagate an unmonitor action upward in -+a depend tree. -+.Sh "\s-1UID\s0 \s-1TESTING\s0" -+.IX Subsection "UID TESTING" -+monit can monitor the owner user id (uid). This test may only be -+used within a file, fifo, directory or device service entry in -+the monit control file. -+.PP -+The syntax for the uid statement is: -+.IP "\s-1IF\s0 \s-1FAILED\s0 \s-1UID\s0 user [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF FAILED UID user [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+\&\fIuser\fR defines a user id either in numeric or in string form. -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+The web interface will show a uid warning if the test should -+fail. -+.PP -+We recommend that you use the \s-1UNMONITOR\s0 action in a uid -+statement. The rationale for this feature is security and that -+monit does not start a possible cracked program or -+script. Example: -+.PP -+.Vb 3 -+\& check file passwd with path /etc/passwd -+\& if failed uid root then unmonitor -+\& alert root@localhost -+.Ve -+.PP -+If the test fails, monit will simply send an alert and stop -+monitoring the file and propagate an unmonitor action upward in -+a depend tree. -+.Sh "\s-1GID\s0 \s-1TESTING\s0" -+.IX Subsection "GID TESTING" -+monit can monitor the owner group id (gid). This test may only -+be used within a file, fifo, directory or device service entry -+in the monit control file. -+.PP -+The syntax for the gid statement is: -+.IP "\s-1IF\s0 \s-1FAILED\s0 \s-1GID\s0 user [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF FAILED GID user [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+\&\fIuser\fR defines a group id either in numeric or in string form. -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+The web interface will show a gid warning if the test should -+fail. -+.PP -+We recommend that you use the \s-1UNMONITOR\s0 action in a gid -+statement. The rationale for this feature is security and that -+monit does not start a possible cracked program or -+script. Example: -+.PP -+.Vb 3 -+\& check file shadow with path /etc/shadow -+\& if failed gid root then unmonitor -+\& alert root@localhost -+.Ve -+.PP -+If the test fails, monit will simply send an alert and stop -+monitoring the file and propagate an unmonitor action upward in -+a depend tree. -+.Sh "\s-1PID\s0 \s-1TESTING\s0" -+.IX Subsection "PID TESTING" -+monit tests the process id (pid) of processes for change. This -+test is implicit and monit will send alert in the case of failure -+by default. -+.PP -+You may override the default action using below rule (it may only -+be used within a process service entry in the monit control -+file). -+.PP -+The syntax for the pid statement is: -+.IP "\s-1IF\s0 \s-1CHANGED\s0 \s-1PID\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action" 4 -+.IX Item "IF CHANGED PID [[<X>] <Y> CYCLES] THEN action" -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+This test is useful to detect possible process restarts which -+has occurred in the timeframe between two monit testing cycles. -+In the case that the restart was fast and the process provides -+expected service (i.e. all tests passed) you will be notified -+that the process was replaced. -+.PP -+For example sshd daemon can restart very quickly, thus if someone -+changes its configuration and do sshd restart outside of monit -+control, you will be notified that the process was replaced by -+new instance (or you can optionaly do some other action such as -+preventively stop sshd). -+.PP -+Another example is MySQL Cluster which has its own watchdog with -+process restart ability. You can use monit for redundant -+monitoring. Monit will just send alert in the case that the MySQL -+cluster restarted the node quickly. -+.PP -+Example: -+.PP -+.Vb 3 -+\& check process sshd with pidfile /var/run/sshd.pid -+\& if changed pid then exec "/my/script" -+\& alert root@localhost -+.Ve -+.Sh "\s-1PPID\s0 \s-1TESTING\s0" -+.IX Subsection "PPID TESTING" -+monit tests the process parent id (ppid) of processes for change. -+This test is implicit and monit will send alert in the case of -+failure by default. -+.PP -+You may override the default action using below rule (it may only -+be used within a process service entry in the monit control file). -+.PP -+The syntax for the ppid statement is: -+.IP "\s-1IF\s0 \s-1CHANGED\s0 \s-1PPID\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action" 4 -+.IX Item "IF CHANGED PPID [[<X>] <Y> CYCLES] THEN action" -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+This test is useful for detecting changes of a process parent. -+.PP -+Example: -+.PP -+.Vb 3 -+\& check process myproc with pidfile /var/run/myproc.pid -+\& if changed ppid then exec "/my/script" -+\& alert root@localhost -+.Ve -+.Sh "\s-1CONNECTION\s0 \s-1TESTING\s0" -+.IX Subsection "CONNECTION TESTING" -+Monit is able to perform connection testing via networked ports -+or via Unix sockets. A connection test may only be used within a -+process or within a host service entry in the monit control file. -+.PP -+If a service listens on one or more sockets, monit can connect to -+the port (using either tcp or udp) and verify that the service -+will accept a connection and that it is possible to write and -+read from the socket. If a connection is not accepted or if there -+is a problem with socket read/write, monit will assume that -+something is wrong and execute a specified action. If monit is -+compiled with openssl, then ssl based network services can also -+be tested. -+.PP -+The full syntax for the statement used for connection testing is -+as follows (keywords are in capital and optional statements in -+[brackets]), -+.IP "\s-1IF\s0 \s-1FAILED\s0 [host] port [type] [protocol|{send/expect}+] [timeout] [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF FAILED [host] port [type] [protocol|{send/expect}+] [timeout] [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+or for Unix sockets, -+.IP "\s-1IF\s0 \s-1FAILED\s0 [unixsocket] [type] [protocol|{send/expect}+] [timeout] [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action [\s-1ELSE\s0 \s-1IF\s0 \s-1PASSED\s0 [[<X>] <Y> \s-1CYCLES\s0] \s-1THEN\s0 action]" 4 -+.IX Item "IF FAILED [unixsocket] [type] [protocol|{send/expect}+] [timeout] [[<X>] <Y> CYCLES] THEN action [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action]" -+.PP -+\&\fBhost:HOST hostname\fR. Optionally specify the host to connect to. -+If the host is not given then localhost is assumed if this test -+is used inside a process entry. If this test was used inside a -+remote host entry then the entry's remote host is assumed. -+Although \fIhost\fR is intended for testing name based virtual host -+in a \s-1HTTP\s0 server running on local or remote host, it does allow -+the connection statement to be used to test a server running on -+another machine. This may be useful; For instance if you use -+Apache httpd as a front-end and an application-server as the -+back-end running on another machine, this statement may be used -+to test that the back-end server is running and if not raise an -+alert. -+.PP -+\&\fBport:PORT number\fR. The port number to connect to -+.PP -+\&\fBunixsocket:UNIXSOCKET \s-1PATH\s0\fR. Specifies the path to a Unix -+socket. Servers based on Unix sockets, always runs on the local -+machine and does not use a port. -+.PP -+\&\fBtype:TYPE {TCP|UDP|TCPSSL}\fR. Optionally specify the socket type -+monit should use when trying to connect to the port. The -+different socket types are; \s-1TCP\s0, \s-1UDP\s0 or \s-1TCPSSL\s0, where \s-1TCP\s0 is a -+regular stream based socket, \s-1UDP\s0 is a datagram socket and \s-1TCPSSL\s0 -+specify that monit should use a \s-1TCP\s0 socket with \s-1SSL\s0 when -+connecting to a port. The default socket type is \s-1TCP\s0. If \s-1TCPSSL\s0 -+is used you may optionally specify the \s-1SSL/TLS\s0 protocol to be -+used and the md5 sum of the server's certificate. The \s-1TCPSSL\s0 -+options are: -+.PP -+.Vb 1 -+\& TCPSSL [SSLAUTO|SSLV2|SSLV3|TLSV1] [CERTMD5 md5sum] -+.Ve -+.PP -+\&\fBproto(col):PROTO {protocols}\fR. Optionally specify the protocol -+monit should speak when a connection is established. At the -+moment monit knows how to speak: -+ \fIAPACHE-STATUS\fR -+ \fI\s-1DNS\s0\fR -+ \fI\s-1DWP\s0\fR -+ \fI\s-1FTP\s0\fR -+ \fI\s-1HTTP\s0\fR -+ \fI\s-1IMAP\s0\fR -+ \fI\s-1CLAMAV\s0\fR -+ \fI\s-1LDAP2\s0\fR -+ \fI\s-1LDAP3\s0\fR -+ \fI\s-1MYSQL\s0\fR -+ \fI\s-1NNTP\s0\fR -+ \fI\s-1NTP3\s0\fR -+ \fI\s-1POP\s0\fR -+ \fIPOSTFIX-POLICY\fR -+ \fI\s-1RDATE\s0\fR -+ \fI\s-1RSYNC\s0\fR -+ \fI\s-1SMTP\s0\fR -+ \fI\s-1SSH\s0\fR -+ \fI\s-1TNS\s0\fR -+ \fI\s-1PGSQL\s0\fR -+If you have compiled monit with ssl support, monit can also speak -+the \s-1SSL\s0 variants such as: -+ \fI\s-1HTTPS\s0\fR -+ \fI\s-1FTPS\s0\fR -+ \fI\s-1POPS\s0\fR -+ \fI\s-1IMAPS\s0\fR -+To use the \s-1SSL\s0 protocol support you need to define the socket as -+\&\s-1SSL\s0 and use the general protocol name (for example in the case of -+\&\s-1HTTPS\s0) : -+ \s-1TYPE\s0 \s-1TCPSSL\s0 \s-1PROTOCOL\s0 \s-1HTTP\s0 -+If the server's protocol is not found in this list, simply do not -+specify the protocol and monit will utilize a default test, -+including testing if it is possible to read and write to the -+port. This default test is in most cases more than good enough to -+deduce if the server behind the port is up or not. -+.PP -+The protocol statement is: -+.PP -+.Vb 1 -+\& [PROTO(COL) {name} [REQUEST {"/path"} [with CHECKSUM checksum]] -+.Ve -+.PP -+As you can see, you may specify a request after the protocol, at -+the moment only the \s-1HTTP\s0 protocol supports the request option. -+See also below for an example. -+.PP -+In addition to the standard protocols, the \fIAPACHE-STATUS\fR -+protocol is a test of a specific server type, rather than a -+generic protocol. Server performance is examined using the status -+page generated by Apache's mod_status, which is expected to be at -+its default address of http://www.example.com/server\-status. -+Currently the \fIAPACHE-STATUS\fR protocol examines the percentage -+of Apache child processes which are -+.PP -+.Vb 10 -+\& o logging (loglimit) -+\& o closing connections (closelimit) -+\& o performing DNS lookups (dnslimit) -+\& o in keepalive with a client (keepalivelimit) -+\& o replying to a client (replylimit) -+\& o receiving a request (requestlimit) -+\& o initialising (startlimit) -+\& o waiting for incoming connections (waitlimit) -+\& o gracefully closing down (gracefullimit) -+\& o performing cleanup procedures (cleanuplimit) -+.Ve -+.PP -+Each of these quantities can be compared against a value relative -+to the total number of active Apache child processes. If the -+comparison expression is true the chosen action is performed. -+.PP -+The apache-status protocol statement is formally defined as -+(keywords in uppercase): -+.PP -+.Vb 1 -+\& PROTO(COL) {limit} OP PERCENT [OR {limit} OP PERCENT]* -+.Ve -+.PP -+where {limit} is one or more of: loglimit, closelimit, dnslimit, -+keepalivelimit, replylimit, requestlimit, startlimit, waitlimit -+gracefullimit or cleanuplimit. The operator \s-1OP\s0 is one of: -+[<|=|>]. -+.PP -+You can combine all of these test into one expression or you can -+choose to test a certain limit. If you combine the limits you -+must or' them together using the \s-1OR\s0 keyword. -+.PP -+Here's an example were we test for a loglimit more than 10 -+percent, a dnslimit over 25 percent and a wait limit less than 20 -+percent of processes. See also more examples below in the example -+section. -+.PP -+.Vb 5 -+\& protocol apache\-status -+\& loglimit > 10% or -+\& dnslimit > 50% or -+\& waitlimit < 20% -+\& then alert -+.Ve -+.PP -+Obviously, do not use this test unless the httpd server you are -+testing is Apache Httpd and mod_status is activated on the -+server. -+.PP -+\&\fBsend/expect: {SEND|EXPECT} \*(L"string\*(R" ...\fR. If monit does not -+support the protocol spoken by the server, you can write your own -+protocol-test using \fIsend\fR and \fIexpect\fR strings. The \fI\s-1SEND\s0\fR -+statement sends a string to the server port and the \fI\s-1EXPECT\s0\fR -+statement compares a string read from the server with the string -+given in the expect statement. If your system supports \s-1POSIX\s0 -+regular expressions, you can use regular expressions in the -+expect string, see \fIregex\fR\|(7) to learn more about the types of -+regular expressions you can use in an expect string. Otherwise -+the string is used as it is. The send/expect statement is: -+.PP -+.Vb 1 -+\& [{SEND|EXPECT} "string"]+ -+.Ve -+.PP -+Note that monit will send a string as it is, and you \fBmust\fR -+remember to include \s-1CR\s0 and \s-1LF\s0 in the string sent to the server if -+the protocol expect such characters to terminate a string (most -+text based protocols used over Internet does). Likewise monit -+will read up to 256 bytes from the server and use this string -+when comparing the expect string. If the server sends strings -+terminated by \s-1CRLF\s0, (i.e. \*(L"\er\en\*(R") you \fImay\fR remember to add the -+same terminating characters to the string you expect from the -+server. -+.PP -+You can use non-printable characters in a send string if -+needed. Use the hex notation, \e0xHEXHEX to send any char in the -+range \e0x00\-\e0xFF, that is, 0\-255 in decimal. This may be useful -+when testing some network protocols, particularly those over -+\&\s-1UDP\s0. An example, to test a quake 3 server you can use the -+following, -+.PP -+.Vb 2 -+\& send "\e0xFF\e0xFF\e0xFF\e0xFFgetstatus" -+\& expect "sv_floodProtect|sv_maxPing" -+.Ve -+.PP -+Finally, send/expect can be used with any socket type, such as -+\&\s-1TCP\s0 sockets, \s-1UNIX\s0 sockets and \s-1UDP\s0 sockets. -+.PP -+\&\fBtimeout:with \s-1TIMEOUT\s0 x \s-1SECONDS\s0\fR. Optionally specifies the -+connect and read timeout for the connection. If monit cannot -+connect to the server within this time it will assume that the -+connection failed and execute the specified action. The default -+connect timeout is 5 seconds. -+.PP -+\&\fIaction\fR is a choice of \*(L"\s-1ALERT\s0\*(R", \*(L"\s-1RESTART\s0\*(R", \*(L"\s-1START\s0\*(R", \*(L"\s-1STOP\s0\*(R", -+\&\*(L"\s-1EXEC\s0\*(R", \*(L"\s-1MONITOR\s0\*(R" or \*(L"\s-1UNMONITOR\s0\*(R". -+.PP -+Connection testing using the \s-1URL\s0 notation -+.IX Subsection "Connection testing using the URL notation" -+.PP -+You can test a \s-1HTTP\s0 server using the compact \s-1URL\s0 syntax. This -+test also allow you to use \s-1POSIX\s0 regular expressions to test the -+content returned by the \s-1HTTP\s0 server. -+.PP -+The full syntax for the \s-1URL\s0 statement is as follows (keywords are -+in capital and optional statements in [brackets]): -+.PP -+.Vb 5 -+\& IF FAILED URL ULR\-spec -+\& [CONTENT {==|!=} "regular\-expression"] -+\& [TIMEOUT number SECONDS] [[<X>] <Y> CYCLES] -+\& THEN action -+\& [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action] -+.Ve -+.PP -+Where URL-spec is an \s-1URL\s0 on the standard form as specified in \s-1RFC\s0 -+2396: -+.PP -+.Vb 1 -+\& <protocol>://<authority><path>?<query> -+.Ve -+.PP -+Here is an example on an \s-1URL\s0 where all components are used: -+.PP -+.Vb 1 -+\& http://user:password@www.foo.bar:8080/document/?querystring#ref -+.Ve -+.PP -+If a username and password is included in the \s-1URL\s0 monit will -+attempt to login at the server using \fBBasic Authentication\fR. -+.PP -+Testing the content returned by the server is optional. If used, -+you can test if the content \fBmatch\fR or does \fBnot match\fR a -+regular expression. Here's an example on how the \s-1URL\s0 statement -+can be used in a \fIcheck service\fR: -+.PP -+.Vb 5 -+\& check host FOO with address www.foo.bar -+\& if failed url -+\& http://user:password@www.foo.bar:8080/?querystring -+\& and content == 'action="j_security_check"' -+\& then ... -+.Ve -+.PP -+Monit will look at the content-length header returned by the -+server and download this amount before testing the content. That -+is, if the content-length is more than 1Mb or this header is not -+set by the server monit will default to download up to 1 Mb and -+not more. -+.PP -+Only the http(s) protocol is supported in an \s-1URL\s0 statement. If -+the protocol is \fBhttps\fR monit will use \s-1SSL\s0 when connecting to -+the server. -+.PP -+Remote host ping test -+.IX Subsection "Remote host ping test" -+.PP -+In addition monit can perform \s-1ICMP\s0 Echo tests in remote host -+checks. The icmp test may only be used in a check host entry and -+monit must run with super user privileges, that is, the root user -+must run monit. The reason is that the icmp test utilize a raw -+socket to send the icmp packet and only the super user is allowed -+to create a raw socket. -+.PP -+The full syntax for the \s-1ICMP\s0 Echo statement used for ping testing -+is as follows (keywords are in capital and optional statements in -+[brackets]): -+.PP -+.Vb 5 -+\& IF FAILED ICMP TYPE ECHO -+\& [COUNT number] [WITH] [TIMEOUT number SECONDS] -+\& [[<X>] <Y> CYCLES] -+\& THEN action -+\& [ELSE IF PASSED [[<X>] <Y> CYCLES] THEN action] -+.Ve -+.PP -+The rules for action and timeout are the same as those mentioned -+above in the \s-1CONNECTION\s0 \s-1TESTING\s0 section. The count parameter -+specifies how many consecutive echo requests will be send to the -+host in one cycle. In the case that no reply came within timeout -+frame, monit reports error. When at least one reply was received, -+the test will pass. Monit sends by default three echo requests in -+one cycle to prevent the random packet loss from generating false -+alarm (i.e. up to 66% packet loss is tolerated). You can set the -+count option to different value, which can serve as error ratio. -+For example in the case that you require 100% ping success, you -+can set the count to 1 (i.e. just one attempt will be send, when -+the packet was lost, then error will be reported). -+.PP -+An icmp ping test is useful for testing if a host is up, before -+testing ports at the host. If an icmp ping test is used in a -+check host entry, this test is run first and if the ping test -+should fail we assume that the connection to the host is down and -+monit does \fInot\fR continue to test any ports. Here's an example: -+.PP -+.Vb 6 -+\& check host xyzzy with address xyzzy.org -+\& if failed icmp type echo count 5 with timeout 15 seconds -+\& then alert -+\& if failed port 80 proto http then alert -+\& if failed port 443 type TCPSSL proto http then alert -+\& alert foo@bar -+.Ve -+.PP -+In this case, if the icmp test should fail you will get \fIone\fR -+alert and only one alert as long as the host is down, and equally -+important, monit will \fInot\fR test port 80 and port 443. Likewise -+if the icmp ping test should succeed (again) monit will continue -+to test both port 80 and 443. -+.PP -+Keep in mind though that some firewalls can block icmp packages -+and thus render the test useless. -+.PP -+Examples -+.IX Subsection "Examples" -+.PP -+To check a port connection and receive an alert if monit cannot -+connect to the port, use the following statement: -+.PP -+.Vb 1 -+\& if failed port 80 then alert -+.Ve -+.PP -+In this case the machine in question is assumed to be the default -+host. For a process entry it's \fIlocalhost\fR and for a remote host -+entry it's the \fIaddress\fR of the remote host. Monit will conduct -+a tcp connection to the host at port 80 and use tcp by default. -+If you want to connect with udp, you can specify this after the -+port\-statement; -+.PP -+.Vb 1 -+\& if failed port 53 type udp protocol dns then alert -+.Ve -+.PP -+Monit will stop trying to connect to the port after 5 seconds and -+assume that the server behind the port is down. You may increase -+or decrease the connect timeout by explicit add a connection -+timeout. In the following example the timeout is increased to 15 -+seconds and if monit cannot connect to the server within 15 -+seconds the test will fail and an alert message is sent. -+.PP -+.Vb 1 -+\& if failed port 80 with timeout 15 seconds then alert -+.Ve -+.PP -+If a server is listening to a Unix socket the following statement -+can be used: -+.PP -+.Vb 1 -+\& if failed unixsocket /var/run/sophie then alert -+.Ve -+.PP -+A Unix socket is used by some servers for fast (interprocess) -+communication on localhost only. A Unix socket is specified by a -+path and in the example above the path, /var/run/sophie, -+specifies a Unix socket. -+.PP -+If your machine answers for several virtual hosts you can prefix -+the port statement with a host-statement like so: -+.PP -+.Vb 3 -+\& if failed host www.sol.no port 80 then alert -+\& if failed host 80.69.226.133 port 443 then alert -+\& if failed host kvasir.sol.no port 80 then alert -+.Ve -+.PP -+And as mentioned above, if you do not specify a host\-statement, -+\&\fIlocalhost\fR or \fIaddress\fR is assumed. -+.PP -+Monit also knows how to speak some of the more popular Internet -+protocols. So, besides testing for connections, monit can also -+speak with the server in question to verify that the server -+works. For example, the following is used to test a http server: -+.PP -+.Vb 2 -+\& if failed host www.tildeslash.com port 80 proto http -+\& then restart -+.Ve -+.PP -+Some protocols also support a request statement. This statement -+can be used to ask the server for a special document entity. -+.PP -+Currently \fBonly\fR the \fI\s-1HTTP\s0\fR protocol module supports the -+request statement, such as: -+.PP -+.Vb 3 -+\& if failed host www.myhost.com port 80 protocol http -+\& and request "/data/show.php?a=b&c=d" -+\& then restart -+.Ve -+.PP -+The request must contain an \s-1URI\s0 string specifying a document from -+the http server. The string will be \s-1URL\s0 encoded by monit before -+it sends the request to the http server, so it's okay to use \s-1URL\s0 -+unsafe characters in the request. If the request statement isn't -+specified, the default web server page will be requested. -+.PP -+You can also test the checksum for documents returned by a http -+server. You can use either \s-1MD5\s0 sums: -+.PP -+.Vb 4 -+\& if failed port 80 protocol http -+\& and request "/page.html" -+\& with checksum 8f7f419955cefa0b33a2ba316cba3659 -+\& then alert -+.Ve -+.PP -+Or you can use \s-1SHA1\s0 sums: -+.PP -+.Vb 4 -+\& if failed port 80 protocol http -+\& and request "/page.html" -+\& with checksum e428302e260e0832007d82de853aa8edf19cd872 -+\& then alert -+.Ve -+.PP -+monit will compute a checksum (either \s-1MD5\s0 or \s-1SHA1\s0 is used, -+depending on length of the hash) for the document (in the above -+case, /page.html) and compare the computed checksum with the -+expected checksum. If the sums does not match then the if-tests -+action is performed, in this case alert. Note that monit will -+\&\fBnot\fR test the checksum for a document if the server does not -+set the \s-1HTTP\s0 \fIContent-Length\fR header. A \s-1HTTP\s0 server should set -+this header when it server a static document (i.e. a file). A -+server will often use chunked transfer encoding instead when -+serving dynamic content (e.g. a document created by a CGI-script -+or a Servlet), but to test the checksum for dynamic content is -+not very useful. There are no limitation on the document size, -+but keep in mind that monit will use time to download the -+document over the network so it's probably smart not to ask monit -+to compute a checksum for documents larger than 1Mb or so, -+depending on you network connection of course. Tip; If you get a -+checksum error even if the document has the correct sum, the -+reason may be that the download timed out. In this case, explicit -+set a longer timeout than the default 5 seconds. -+.PP -+As mentioned above, if the server protocol is not supported by -+monit you can write your own protocol test using send/expect -+strings. Here we show a protocol test using send/expect for an -+imaginary \*(L"Ali Baba and the Forty Thieves\*(R" protocol: -+.PP -+.Vb 6 -+\& if failed host cave.persia.ir port 4040 -+\& send "Open, Sesame!\er\en" -+\& expect "Please enter the cave\er\en" -+\& send "Shut, Sesame!\er\en" -+\& expect "See you later [A\-Za\-z ]+\er\en" -+\& then restart -+.Ve -+.PP -+The \fI\s-1TCPSSL\s0\fR statement can optionally test the md5 sum of the -+server's certificate. You must state the md5 certificate string -+you expect the server to deliver and upon a connect to the -+server, the server's actual md5 sum certificate string is tested. -+Any other symbol but [A\-Fa\-f0\-9] is being ignored in that sting. -+Thus it is possible to copy and paste the output of e.g. openssl. -+If they do not match, the connection test fails. If the ssl -+version handshake does not work properly you can also force a -+specific ssl version, as we demonstrate in this example: -+.PP -+.Vb 10 -+\& if failed host shop.sol.no port 443 -+\& type TCPSSL SSLV3 # Force monit to use ssl version 3 -+\& # We expect the server to return this md5 certificate sum -+\& # as either 12\-34\-56\-78\-90\-AB\-CD\-EF\-12\-34\-56\-78\-90\-AB\-CD\-EF -+\& # or e.g. 1234567890ABCDEF1234567890ABCDEF -+\& # or e.g. 1234567890abcdef1234567890abcdef -+\& # what ever come in more handy (see text above) -+\& CERTMD5 12\-34\-56\-78\-90\-AB\-CD\-EF\-12\-34\-56\-78\-90\-AB\-CD\-EF -+\& protocol http -+\& then restart -+.Ve -+.PP -+Here's an example where a connection test is used inside a -+process entry: -+.PP -+.Vb 4 -+\& check process apache with pidfile /var/run/apache.pid -+\& start program = "/etc/init.d/httpd start" -+\& stop program = "/etc/init.d/httpd stop" -+\& if failed host www.tildeslash.com port 80 then restart -+.Ve -+.PP -+Here, a connection test is used in a remote host entry: -+.PP -+.Vb 2 -+\& check host up2date with address ftp.redhat.com -+\& if failed port 21 and protocol ftp then alert -+.Ve -+.PP -+Since we did not explicit specify a host in the above test, monit -+will connect to port 21 at ftp.redhat.com. Apropos, the host -+address can be specified as a dotted \s-1IP\s0 address string or as -+hostname in the \s-1DNS\s0. The following is exactly[*] the same test, -+but here an ip address is used instead: -+.PP -+.Vb 2 -+\& check host up2date with address 66.187.232.30 -+\& if failed port 21 and protocol ftp then alert -+.Ve -+.PP -+[*] Well, not quite, since we specify an ip-address directly we -+will bypass any \s-1DNS\s0 round-robin setup, but that's another story. -+.PP -+For more examples, see the example section below. -+.SH "MONIT HTTPD" -+.IX Header "MONIT HTTPD" -+If specified in the control file, monit will start a monit daemon -+with http support. From a Browser you can then start and stop -+services, disable or enable service monitoring as well as view -+the status of each service. Also, if monit logs to its own file, -+you can view the content of this logfile in a Browser. -+.PP -+The control file statement for starting a monit daemon with http -+support is a global set\-statement: -+.IP "set httpd port 2812" 4 -+.IX Item "set httpd port 2812" -+.PP -+And you can use this \s-1URL\s0, \fIhttp://localhost:2812/\fR, to access -+the daemon from a browser. The port number, in this case 2812, -+can be any number that you are allowed to bind to. -+.PP -+If you have compiled monit with openssl, you can also start the -+httpd server with ssl support, using the following expression: -+.PP -+.Vb 3 -+\& set httpd port 2812 -+\& ssl enable -+\& pemfile /etc/certs/monit.pem -+.Ve -+.PP -+And you can use this \s-1URL\s0, \fIhttps://localhost:2812/\fR, to access -+the monit web server over an ssl encrypted connection. -+.PP -+The pemfile, in the example above, holds both the server's -+private key and certificate. This file should be stored in a safe -+place on the filesystem and should have strict permissions, that -+is, no more than 0700. -+.PP -+In addition, if you want to check for client certificates you can -+use the \s-1CLIENTPEMFILE\s0 statement. In this case, a connecting -+client has to provided a certificate known by monit in order to -+connect. This file also needs to have all necessary \s-1CA\s0 -+certificates. A configuration could look like: -+.PP -+.Vb 4 -+\& set httpd port 2812 -+\& ssl enable -+\& pemfile /etc/certs/monit.pem -+\& clientpemfile /etc/certs/monit\-client.pem -+.Ve -+.PP -+By default self signed client certificates are not allowed. If -+you want to use a self signed certificate from a client it has to -+be allowed explicitly with the \s-1ALLOWSELFCERTIFICATION\s0 statement. -+.PP -+For more information on how to use monit with \s-1SSL\s0 and for more -+information about certificates and generating pem files, please -+consult the \s-1README\s0.SSL file accompanying the software. -+.PP -+If you only want the http server to accept connect requests to -+one host addresses you can specify the bind address either as an -+\&\s-1IP\s0 number string or as a hostname. In the following example we -+bind the http server to the loopback device. In other words the -+http server will only be reachable from localhost: -+.PP -+.Vb 1 -+\& set httpd port 2812 and use the address 127.0.0.1 -+.Ve -+.PP -+or -+.PP -+.Vb 1 -+\& set httpd port 2812 and use the address localhost -+.Ve -+.PP -+If you do not use the \s-1ADDRESS\s0 statement the http server will -+accept connections on any/all local addresses. -+.PP -+It is possible to hide monit's httpd server version, which -+usually is available in httpd header responses and in error -+pages. -+.PP -+.Vb 3 -+\& set httpd port 2812 -+\& ... -+\& signature {enable|disable} -+.Ve -+.PP -+Use \fIdisable\fR to hide the server signature \- monit will only -+report its name (e.g. 'monit' instead of for example 'monit -+4.2'). By default the version signature is enabled. It is worth -+to stress that this option provides no security advantage and -+falls into the \*(L"security through obscurity\*(R" category. -+.PP -+If you remove the httpd statement from the config file, monit -+will stop the httpd server on configuration reload. Likewise if -+you change the port number, monit will restart the http server -+using the new specified port number. -+.PP -+The status page displayed by the monit web server is -+automatically refreshed with the same poll time set for the monit -+daemon. -+.PP -+\&\fBNote:\fR -+.PP -+We strongly recommend that you start monit with http support (and -+bind the server to localhost, only, unless you are behind a -+firewall). The built-in web-server is small and does not use much -+resources, and more \fIimportantly\fR, monit can use the http server -+for interprocess communication between a monit client and a monit -+daemon. -+.PP -+For instance, you \fImust\fR start a monit daemon with http support -+if you want to be able to use the following console commands. -+(That is; most of the available console commands). -+.PP -+.Vb 12 -+\& 'monit stop all' -+\& 'monit start all' -+\& 'monit stop service' -+\& 'monit start service' -+\& 'monit restart service' -+\& 'monit monitor service' -+\& 'monit unmonitor service' -+\& 'monit \-g groupname stop all' -+\& 'monit \-g groupname start all' -+\& 'monit \-g groupname restart all' -+\& 'monit \-g groupname monitor all' -+\& 'monit \-g groupname unmonitor all' -+.Ve -+.PP -+If a monit daemon is running in the background we will ask the -+daemon (via the \s-1HTTP\s0 protocol) to execute the above commands. -+That is, the daemon is requested to start and stop the services. -+This ensures that a daemon will not restart a service that you -+requested to stop and that (any) timeout lock will be removed -+from a service when you start it. -+.Sh "Monit \s-1HTTPD\s0 Authentication" -+.IX Subsection "Monit HTTPD Authentication" -+monit supports two types of authentication schema's for -+connecting to the httpd server, (three, if you count \s-1SSL\s0 client -+certificate validation). Both schema's can be used together or by -+itself. You \fBmust\fR choose at least one. -+.PP -+Host and network allow list -+.IX Subsection "Host and network allow list" -+.PP -+The http server maintains an access-control list of hosts and -+networks allowed to connect to the server. You can add as many -+hosts as you want to, but only hosts with a valid domain name or -+its \s-1IP\s0 address are allowed. If you specify a hostname that does -+not resolve, monit will write an error message in the console and -+not start. Networks require a network \s-1IP\s0 and a netmask to be -+accepted. -+.PP -+The http server will query a name server to check any hosts -+connecting to the server. If a host (client) is trying to connect -+to the server, but cannot be found in the access list or cannot -+be resolved, the server will shutdown the connection to the -+client promptly. -+.PP -+Control file example: -+.PP -+.Vb 6 -+\& set httpd port 2812 -+\& allow localhost -+\& allow my.other.work.machine.com -+\& allow 10.1.1.1 -+\& allow 192.168.1.0/255.255.255.0 -+\& allow 10.0.0.0/8 -+.Ve -+.PP -+Clients, not mentioned in the allow list that tries to connect to -+the server are logged with their ip\-address. -+.PP -+Basic Authentication -+.IX Subsection "Basic Authentication" -+.PP -+This authentication schema is \s-1HTTP\s0 specific and described in more -+detail in \s-1RFC\s0 2617. -+.PP -+In short; a server challenge a client (e.g. a Browser) to send -+authentication information (username and password) and if -+accepted, the server will allow the client access to the -+requested document. -+.PP -+The biggest weakness with Basic Authentication is that the -+username and password is sent in clear-text (i.e. base64 encoded) -+over the network. It is therefor recommended that you do not use -+this authentication method unless you run the monit http server -+with \fIssl\fR support. With ssl support it is completely safe to -+use Basic Authentication since \fBall\fR http data, including Basic -+Authentication headers will be encrypted. -+.PP -+monit will use Basic Authentication if an allow statement -+contains a username and a password separated with a single ':' -+character, like so; \fIallow username:password\fR. The username and -+password must be written in clear\-text. -+.PP -+Alternatively you can use files in \*(L"htpasswd\*(R" format (one -+user:passwd entry per line), like so: \fIallow -+[cleartext|crypt|md5] /path [users]\fR. By default cleartext -+passwords are read. In case the passwords are digested it is -+necessary to specify the cryptographic method. In order to select -+the users their names can be added to the allow statement. -+Otherwise all users are added. -+.PP -+Example: -+.PP -+.Vb 3 -+\& set httpd port 2812 -+\& allow hauk:password -+\& allow md5 /etc/httpd/htpasswd john paul ringo george -+.Ve -+.PP -+If you use this method together with a host list, then only -+clients from the listed hosts will be allowed to connect to the -+monit http server and each client will be asked to provide a -+username and a password. -+.PP -+Example: -+.PP -+.Vb 4 -+\& set httpd port 2812 -+\& allow localhost -+\& allow 10.1.1.1 -+\& allow hauk:password -+.Ve -+.PP -+If you only want to use Basic Authentication, then just provide -+allow entries with username and password, like so: -+.PP -+.Vb 3 -+\& set httpd port 2812 -+\& allow hauk:password -+\& allow admin:password -+.Ve -+.PP -+Finally it is possible to define some users as read\-only. A -+read-only user can read the monit web pages but will \fInot\fR get -+access to push-buttons and cannot change a service from the web -+interface. -+.PP -+.Vb 3 -+\& set httpd port 2812 -+\& allow admin:password -+\& allow hauk:password read\-only -+.Ve -+.PP -+A user is set to read-only by using the \fIread-only\fR keyword -+\&\fBafter\fR username:password. In the above example the user \fIhauk\fR -+is defined as a read-only user, while the \fIadmin\fR user has all -+access rights. -+.PP -+\&\s-1NB\s0! a monit client will use the \fIfirst\fR username:password pair -+in an allow list and you should \fBnot\fR define the first user as a -+read-only user. If you do, monit console commands will not work. -+.PP -+If you use Basic Authentication it is a good idea to set the -+access permission for the control file (~/.monitrc) to only -+readable and writable for the user running monit, because the -+password is written in clear\-text. (Use this command, /bin/chmod -+600 ~/.monitrc). In fact, since monit \fBversion 3.0\fR, monit will -+complain and exit if the control file is readable by others. -+.PP -+Clients trying to connect to the server but supply the wrong -+username and/or password are logged with their ip\-address. -+.PP -+If the monit command line interface is being used at least one -+cleartext password is necessary. Otherwise, the monit command -+line interface will not be able to connect to the monit daemon -+server. -+.SH "DEPENDENCIES" -+.IX Header "DEPENDENCIES" -+If specified in the control file, monit can do dependency -+checking before start, stop, monitoring or unmonitoring of -+services. The dependency statement may be used within any service -+entries in the monit control file. -+.PP -+The syntax for the depend statement is simply: -+.IP "\s-1DEPENDS\s0 on service[, service [,...]]" 4 -+.IX Item "DEPENDS on service[, service [,...]]" -+.PP -+Where \fBservice\fR is a service entry name, for instance \fBapache\fR -+or \fBdatafs\fR. -+.PP -+You may add more than one service name of any type or use more -+than one depend statement in an entry. -+.PP -+Services specified in a \fIdepend\fR statement will be checked -+during stop/start/monitor/unmonitor operations. If a service is -+stopped or unmonitored it will stop/unmonitor any services that -+depends on itself. Likewise, if a service is started, it will -+first stop any services that depends on itself and after it is -+started, start all depending services again. If the service is to -+be monitored (enable monitoring), all services which this service -+depends on will be monitored before enabling monitoring of this -+service. -+.PP -+Here is an example where we set up an apache service entry to -+depend on the underlying apache binary. If the binary should -+change an alert is sent and apache is not monitored anymore. The -+rationale is security and that monit should not execute a -+possibly cracked apache binary. -+.PP -+.Vb 7 -+\& (1) check process apache -+\& (2) with pidfile "/usr/local/apache/logs/httpd.pid" -+\& (3) ... -+\& (4) depends on httpd -+\& (5) -+\& (6) check file httpd with path /usr/local/apache/bin/httpd -+\& (7) if failed checksum then unmonitor -+.Ve -+.PP -+The first entry is the process entry for apache shown before -+(abbreviated for clarity). The fourth line sets up a dependency -+between this entry and the service entry named httpd in line 6. A -+depend tree works as follows, if an action is conducted in a -+lower branch it will propagate upward in the tree and for every -+dependent entry execute the same action. In this case, if the -+checksum should fail in line 7 then an unmonitor action is -+executed and the apache binary is not checked anymore. But since -+the apache process entry depends on the httpd entry this entry -+will also execute the unmonitor action. In short, if the checksum -+test for the httpd binary file should fail, both the check file -+httpd entry and the check process apache entry is set in -+un-monitoring mode. -+.PP -+A dependency tree is a general construct and can be used between -+all types of service entries and span many levels and propagate -+any supported action (except the exec action which will not -+propagate upward in a dependency tree for obvious reasons). -+.PP -+Here is another different example. Consider the following common -+server setup: -+.PP -+.Vb 2 -+\& WEB\-SERVER \-> APPLICATION\-SERVER \-> DATABASE \-> FILESYSTEM -+\& (a) (b) (c) (d) -+.Ve -+.PP -+You can set dependencies so that the web-server depends on the -+application server to run before the web-server starts and the -+application server depends on the database server and the -+database depends on the file-system to be mounted before it -+starts. See also the example section below for examples using the -+depend statement. -+.PP -+Here we describe how monit will function with the above -+dependencies: -+.IP "If no servers are running" 4 -+.IX Item "If no servers are running" -+monit will start the servers in the following order: \fId\fR, \fIc\fR, -+\&\fIb\fR, \fIa\fR -+.IP "If all servers are running" 4 -+.IX Item "If all servers are running" -+When you run 'monit stop all' this is the stop order: \fIa\fR, \fIb\fR, -+\&\fIc\fR, \fId\fR. If you run 'monit stop d' then \fIa\fR, \fIb\fR and \fIc\fR -+are also stopped because they depend on \fId\fR and finally \fId\fR is -+stopped. -+.IP "If \fIa\fR does not run" 4 -+.IX Item "If a does not run" -+When monit runs it will start \fIa\fR -+.IP "If \fIb\fR does not run" 4 -+.IX Item "If b does not run" -+When monit runs it will first stop \fIa\fR then start \fIb\fR and -+finally start \fIa\fR again. -+.IP "If \fIc\fR does not run" 4 -+.IX Item "If c does not run" -+When monit runs it will first stop \fIa\fR and \fIb\fR then start \fIc\fR -+and finally start \fIb\fR then \fIa\fR. -+.IP "If \fId\fR does not run" 4 -+.IX Item "If d does not run" -+When monit runs it will first stop \fIa\fR, \fIb\fR and \fIc\fR then start -+\&\fId\fR and finally start \fIc\fR, \fIb\fR then \fIa\fR. -+.IP "If the control file contains a depend loop." 4 -+.IX Item "If the control file contains a depend loop." -+A depend loop is for example; a\->b and b\->a or a\->b\->c\->a. -+.Sp -+When monit starts it will check for such loops and complain and -+exit if a loop was found. It will also exit with a complaint if a -+depend statement was used that does not point to a service in the -+control file. -+.SH "THE RUN CONTROL FILE" -+.IX Header "THE RUN CONTROL FILE" -+The preferred way to set up monit is to write a \fI.monitrc\fR file -+in your home directory. When there is a conflict between the -+command-line arguments and the arguments in this file, the -+command-line arguments take precedence. To protect the security -+of your control file and passwords the control file must have -+permissions \fIno more than 0700\fR (u=xrw,g=,o=); monit will -+complain and exit otherwise. -+.Sh "Run Control Syntax" -+.IX Subsection "Run Control Syntax" -+Comments begin with a '#' and extend through the end of the line. -+Otherwise the file consists of a series of service entries or -+global option statements in a free\-format, token-oriented syntax. -+.PP -+There are three kinds of tokens: grammar keywords, numbers (i.e. -+decimal digit sequences) and strings. Strings can be either -+quoted or unquoted. A quoted string is bounded by double quotes -+and may contain whitespace (and quoted digits are treated as a -+string). An unquoted string is any whitespace-delimited token, -+containing characters and/or numbers. -+.PP -+On a semantic level, the control file consists of two types of -+entries: -+.IP "1. Global set-statements" 4 -+.IX Item "1. Global set-statements" -+A global set-statement starts with the keyword \fIset\fR and the -+item to configure. -+.IP "2. One or more service entry statements." 4 -+.IX Item "2. One or more service entry statements." -+Each service entry consists of the keywords `check', followed by -+the service type. Each entry requires a <unique> descriptive -+name, which may be freely chosen. This name is used by monit -+to refer to the service internally and in all interactions -+with the user. -+.PP -+Currently, six types of check statements are supported: -+.IP "1. \s-1CHECK\s0 \s-1PROCESS\s0 <unique name> \s-1PIDFILE\s0 <path>" 4 -+.IX Item "1. CHECK PROCESS <unique name> PIDFILE <path>" -+<path> is the absolute path to the program's pidfile. If the -+pidfile does not exist or does not contain the pid number of a -+running process, monit will call the entry's start method if -+defined, If monit runs in passive mode or the start methods is -+not defined, monit will just send alerts on errors. -+.IP "2. \s-1CHECK\s0 \s-1FILE\s0 <unique name> \s-1PATH\s0 <path>" 4 -+.IX Item "2. CHECK FILE <unique name> PATH <path>" -+<path> is the absolute path to the file. If the file does not -+exist or disappeared, monit will call the entry's start method if -+defined, if <path> does not point to a regular file type (for -+instance a directory), monit will disable monitoring of this -+entry. If monit runs in passive mode or the start methods is not -+defined, monit will just send alerts on errors. -+.IP "3. \s-1CHECK\s0 \s-1FIFO\s0 <unique name> \s-1PATH\s0 <path>" 4 -+.IX Item "3. CHECK FIFO <unique name> PATH <path>" -+<path> is the absolute path to the fifo. If the fifo does not -+exist or disappeared, monit will call the entry's start method if -+defined, if <path> does not point to a fifo type (for -+instance a directory), monit will disable monitoring of this -+entry. If monit runs in passive mode or the start methods is not -+defined, monit will just send alerts on errors. -+.IP "4. \s-1CHECK\s0 \s-1DEVICE\s0 <unique name> \s-1PATH\s0 <path>" 4 -+.IX Item "4. CHECK DEVICE <unique name> PATH <path>" -+<path> is the path to the device block special file, mount point, -+file or a directory which is part of a filesystem. It is -+recommended to use a block special file directly (for example -+/dev/hda1 on Linux or /dev/dsk/c0t0d0s1 on Solaris, etc.) If you -+use a mount point (for example /data), be careful, because if the -+device is unmounted the test will still be true because the mount -+point exist. -+.Sp -+If the device becomes unavailable, monit will call the entry's -+start method if defined. if <path> does not point to a device, -+monit will disable monitoring of this entry. If monit runs in -+passive mode or the start methods is not defined, monit will just -+send alerts on errors. -+.IP "5. \s-1CHECK\s0 \s-1DIRECTORY\s0 <unique name> \s-1PATH\s0 <path>" 4 -+.IX Item "5. CHECK DIRECTORY <unique name> PATH <path>" -+<path> is the absolute path to the directory. If the directory -+does not exist or disappeared, monit will call the entry's start -+method if defined, if <path> does not point to a directory, monit -+will disable monitoring of this entry. If monit runs in passive -+mode or the start methods is not defined, monit will just send -+alerts on errors. -+.IP "6. \s-1CHECK\s0 \s-1HOST\s0 <unique name> \s-1ADDRESS\s0 <host address>" 4 -+.IX Item "6. CHECK HOST <unique name> ADDRESS <host address>" -+The host address can be specified as a hostname string or as an -+ip-address string on a dotted decimal format. Such as, -+tildeslash.com or \*(L"64.87.72.95\*(R". -+.IP "7. \s-1CHECK\s0 \s-1SYSTEM\s0 <unique name>" 4 -+.IX Item "7. CHECK SYSTEM <unique name>" -+The system name is usualy hostname, but any descriptive name can be -+used. This test allows to check general system resources such as -+\&\s-1CPU\s0 usage (percent of time spent in user, system and wait), total -+memory usage or load average. -+.PP -+You can use noise keywords like 'if', `and', `with(in)', `has', -+`using', 'use', 'on(ly)', `usage' and `program(s)' anywhere in an -+entry to make it resemble English. They're ignored, but can make -+entries much easier to read at a glance. The punctuation -+characters ';' ',' and '=' are also ignored. Keywords are case -+insensitive. -+.PP -+.Vb 1 -+\& Here are the legal global keywords: -+.Ve -+.PP -+.Vb 50 -+\& Keyword Function -+\& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- -+\& set daemon Set a background poll interval in seconds. -+\& set init Set monit to run from init. monit will not -+\& transform itself into a daemon process. -+\& set logfile Name of a file to dump error\- and status\- -+\& messages to. If syslog is specified as the -+\& file, monit will utilize the syslog daemon -+\& to log messages. This can optionally be -+\& followed by 'facility <facility>' where -+\& facility is 'log_local0' \- 'log_local7' or -+\& 'log_daemon'. If no facility is specified, -+\& LOG_USER is used. -+\& set mailserver The mailserver used for sending alert -+\& notifications. If the mailserver is not -+\& defined, monit will try to use 'localhost' -+\& as the smtp\-server for sending mail. You -+\& can add more mail servers, if monit cannot -+\& connect to the first server it will try the -+\& next server and so on. -+\& set mail\-format Set a global mail format for all alert -+\& messages emitted by monit. -+\& set pidfile Explicit set the location of the monit lock -+\& file. E.g. set pidfile /var/run/xyzmonit.pid. -+\& set statefile Explicit set the location of the file monit -+\& will write state data to. If not set, the -+\& default is $HOME/.monit.state. -+\& set httpd port Activates monit http server at the given -+\& port number. -+\& ssl enable Enables ssl support for the httpd server. -+\& Requires the use of the pemfile statement. -+\& ssl disable Disables ssl support for the httpd server. -+\& It is equal to omitting any ssl statement. -+\& pemfile Set the pemfile to be used with ssl. -+\& clientpemfile Set the pemfile to be used when client -+\& certificates should be checked by monit. -+\& address If specified, the http server will only -+\& accept connect requests to this addresses -+\& This statement is an optional part of the -+\& set httpd statement. -+\& allow Specifies a host or IP address allowed to -+\& connect to the http server. Can also specify -+\& a username and password allowed to connect -+\& to the server. More than one allow statement -+\& are allowed. This statement is also an -+\& optional part of the set httpd statement. -+\& read\-only Set the user defined in username:password -+\& to read only. A read\-only user cannot change -+\& a service from the monit web interface. -+\& include include a file or files matching the globstring -+.Ve -+.PP -+.Vb 1 -+\& Here are the legal service entry keywords: -+.Ve -+.PP -+.Vb 174 -+\& Keyword Function -+\& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- -+\& check Starts an entry and must be followed by the type -+\& of monitored service {device|directory|file|host -+\& process|system} and a descriptive name for the -+\& service. -+\& pidfile Specify the process pidfile. Every -+\& process must create a pidfile with its -+\& current process id. This statement should only -+\& be used in a process service entry. -+\& path Must be followed by a path to the block -+\& special file for filesystem (device), regular -+\& file, directory or a process's pidfile. -+\& group Specify a groupname for a service entry. -+\& start The program used to start the specified -+\& service. Full path is required. This -+\& statement is optional, but recommended. -+\& stop The program used to stop the specified -+\& service. Full path is required. This -+\& statement is optional, but recommended. -+\& pid and ppid These keywords may be used as standalone -+\& statements in a process service entry to -+\& override the alert action for change of -+\& process pid and ppid. -+\& uid and gid These keywords are either 1) an optional part of -+\& a start, stop or exec statement. They may be -+\& used to specify a user id and a group id the -+\& program (process) should switch to upon start. -+\& This feature can only be used if the superuser -+\& is running monit. 2) uid and gid may also be -+\& used as standalone statements in a file service -+\& entry to test a file's uid and gid attributes. -+\& host The hostname or IP address to test the port -+\& at. This keyword can only be used together -+\& with a port statement or in the check host -+\& statement. -+\& port Specify a TCP/IP service port number which -+\& a process is listening on. This statement -+\& is also optional. If this statement is not -+\& prefixed with a host\-statement, localhost is -+\& used as the hostname to test the port at. -+\& type Specifies the socket type monit should use when -+\& testing a connection to a port. If the type -+\& keyword is omitted, tcp is used. This keyword -+\& must be followed by either tcp, udp or tcpssl. -+\& tcp Specifies that monit should use a TCP -+\& socket type (stream) when testing a port. -+\& tcpssl Specifies that monit should use a TCP socket -+\& type (stream) and the secure socket layer (ssl) -+\& when testing a port connection. -+\& udp Specifies that monit should use a UDP socket -+\& type (datagram) when testing a port. -+\& certmd5 The md5 sum of a certificate a ssl forged -+\& server has to deliver. -+\& proto(col) This keyword specifies the type of service -+\& found at the port. monit knows at the moment -+\& how to speak HTTP, SMTP, FTP, POP, IMAP, MYSQL, -+\& NNTP, SSH, DWP, LDAP2, LDAP3, RDATE, NTP3, DNS, -+\& POSTFIX\-POLICY, APACHE\-STATUS, TNS, PGSQL and -+\& RSYNC. -+\& You're welcome to write new protocol test -+\& modules. If no protocol is specified monit will -+\& use a default test which in most cases are good -+\& enough. -+\& request Specifies a server request and must come -+\& after the protocol keyword mentioned above. -+\& \- for http it can contain an URL and an -+\& optional query string. -+\& \- other protocols does not support this -+\& statement yet -+\& send/expect These keywords specify a generic protocol. -+\& Both require a string whether to be sent or -+\& to be matched against (as extended regex if -+\& supported). Send/expect can not be used -+\& together with the proto(col) statement. -+\& unix(socket) Specifies a Unix socket file and used like -+\& the port statement above to test a Unix -+\& domain network socket connection. -+\& URL Specify an URL string which monit will use for -+\& connection testing. -+\& content Optional sub\-statement for the URL statement. -+\& Specifies that monit should test the content -+\& returned by the server against a regular -+\& expression. -+\& timeout x sec. Define a network port connection timeout. Must -+\& be followed by a number in seconds and the -+\& keyword, seconds. -+\& timeout Define a service timeout. Must be followed by -+\& two digits. The first digit is max number of -+\& restarts for the service. The second digit -+\& is the cycle interval to test restarts. -+\& This statement is optional. -+\& alert Specifies an email address for notification -+\& if a service event occurs. Alert can also -+\& be postfixed, to only send a message for -+\& certain events. See the examples above. More -+\& than one alert statement is allowed in an -+\& entry. This statement is also optional. -+\& noalert Specifies an email address which don't want -+\& to receive alerts. This statement is also -+\& optional. -+\& restart, stop These keywords may be used as actions for -+\& unmonitor, various test statements. The exec statement is -+\& start and special in that it requires a following string -+\& exec specifying the program to be execute. You may -+\& also specify an UID and GID for the exec -+\& statement. The program executed will then run -+\& using the specified user id and group id. -+\& mail\-format Specifies a mail format for an alert message -+\& This statement is an optional part of the -+\& alert statement. -+\& checksum Specify that monit should compute and monitor a -+\& file's md5/sha1 checksum. May only be used in a -+\& check file entry. -+\& expect Specifies a md5/sha1 checksum string monit -+\& should expect when testing the checksum. This -+\& statement is an optional part of the checksum -+\& statement. -+\& timestamp Specifies an expected timestamp for a file -+\& or directory. More than one timestamp statement -+\& are allowed. May only be used in a check file or -+\& check directory entry. -+\& changed Part of a timestamp statement and used as an -+\& operator to simply test for a timestamp change. -+\& every Validate this entry only at every n poll cycle. -+\& Useful in daemon mode when the cycle is short -+\& and a service takes some time to start. -+\& mode Must be followed either by the keyword active, -+\& passive or manual. If active, monit will restart -+\& the service if it is not running (this is the -+\& default behavior). If passive, monit will not -+\& (re)start the service if it is not running \- it -+\& will only monitor and send alerts (resource -+\& related restart and stop options are ignored -+\& in this mode also). If manual, monit will enter -+\& active mode only if a service was started under -+\& monit's control otherwise the service isn't -+\& monitored. -+\& cpu Must be followed by a compare operator, a number -+\& with "%" and an action. This statement is used -+\& to check the cpu usage in percent of a process -+\& with its children over a number of cycles. If -+\& the compare expression matches then the -+\& specified action is executed. -+\& mem The equivalent to the cpu token for memory of a -+\& process (w/o children!). This token must be -+\& followed by a compare operator a number with -+\& unit {B|KB|MB|GB|%|byte|kilobyte|megabyte| -+\& gigabyte|percent} and an action. -+\& loadavg Must be followed by [1min,5min,15min] in (), a -+\& compare operator, a number and an action. This -+\& statement is used to check the system load -+\& average over a number of cycles. If the compare -+\& expression matches then the specified action is -+\& executed. -+\& children This is the number of child processes spawn by a -+\& process. The syntax is the same as above. -+\& totalmem The equivalent of mem, except totalmem is an -+\& aggregation of memory, not only used by a -+\& process but also by all its child -+\& processes. The syntax is the same as above. -+\& space Must be followed by a compare operator, a -+\& number, unit {B|KB|MB|GB|%|byte|kilobyte| -+\& megabyte|gigabyte|percent} and an action. -+\& inode(s) Must be followed by a compare operator, integer -+\& number, optionally by percent sign (if not, the -+\& limit is absolute) and an action. -+\& perm(ission) Must be followed by an octal number describing -+\& the permissions. -+\& size Must be followed by a compare operator, a -+\& number, unit {B|KB|MB|GB|byte|kilobyte| -+\& megabyte|gigabyte} and an action. -+\& depends (on) Must be followed by the name of a service this -+\& service depends on. -+.Ve -+.PP -+Here's the complete list of reserved \fBkeywords\fR used by monit: -+.PP -+\&\fIif\fR, \fIthen\fR, \fIelse\fR, \fIset\fR, \fIdaemon\fR, \fIlogfile\fR, -+\&\fIsyslog\fR, \fIaddress\fR, \fIhttpd\fR, \fIssl\fR, \fIenable\fR, \fIdisable\fR, -+\&\fIpemfile\fR, \fIallow\fR, \fIread-only\fR, \fIcheck\fR, \fIinit\fR, \fIcount\fR, -+\&\fIpidfile\fR, \fIstatefile\fR, \fIgroup\fR, \fIstart\fR, \fIstop\fR, \fIuid\fR, -+\&\fIgid\fR, \fIconnection\fR, \fIport(number)\fR, \fIunix(socket)\fR, \fItype\fR, -+\&\fIproto(col)\fR, \fItcp\fR, \fItcpssl\fR, \fIudp\fR, \fIalert\fR, \fInoalert\fR, -+\&\fImail-format\fR, \fIrestart\fR, \fItimeout\fR, \fIchecksum\fR, \fIresource\fR, -+\&\fIexpect\fR, \fIsend\fR, \fImailserver\fR, \fIevery\fR, \fImode\fR, \fIactive\fR, -+\&\fIpassive\fR, \fImanual\fR, \fIdepends\fR, \fIhost\fR, \fIdefault\fR, \fIhttp\fR, -+\&\fIftp\fR, \fIsmtp\fR, \fIpop\fR, \fIntp3\fR, \fInntp\fR, \fIimap\fR, \fIclamav\fR, -+\&\fIssh\fR, \fIdwp\fR, \fIldap2\fR, \fIldap3\fR, \fItns\fR, \fIrequest\fR, \fIcpu\fR, -+\&\fImem\fR, \fItotalmem\fR, \fIchildren\fR, \fIloadavg\fR, \fItimestamp\fR, -+\&\fIchanged\fR, \fIsecond(s)\fR, \fIminute(s)\fR, \fIhour(s)\fR, \fIday(s)\fR, -+\&\fIspace\fR, \fIinode\fR, \fIpid\fR, \fIppid\fR, \fIperm(ission)\fR, \fIicmp\fR, -+\&\fIprocess\fR, \fIfile\fR, \fIdirectory\fR, \fIdevice\fR, \fIsize\fR, -+\&\fIunmonitor\fR, \fIrdate\fR, \fIrsync\fR, \fIdata\fR, \fIinvalid\fR, \fIexec\fR, -+\&\fInonexist\fR, \fIpolicy\fR, \fIreminder\fR, \fIinstance\fR, \fIeventqueue\fR, -+ \fIbasedir\fR, \fIslot(s)\fR, \fIsystem\fR and \fIfailed\fR -+.PP -+And here is a complete list of \fBnoise keywords\fR ignored by -+monit: -+.PP -+\&\fIis\fR, \fIas\fR, \fIare\fR, \fIon(ly)\fR, \fIwith(in)\fR, \fIand\fR, \fIhas\fR, -+\&\fIusing\fR, \fIuse\fR, \fIthe\fR, \fIsum\fR, \fIprogram(s)\fR, \fIthan\fR, \fIfor\fR, -+\&\fIusage\fR, \fIwas\fR, \fIbut\fR. -+.PP -+\&\fBNote:\fR If the \fIstart\fR or \fIstop\fR programs are shell scripts, -+then the script must begin with \f(CW\*(C`#!\*(C'\fR and the remainder of the -+first line must specify an interpreter for the program. E.g. -+\&\f(CW\*(C`#!/bin/sh\*(C'\fR -+.PP -+It's possible to write scripts directly into the \fIstart\fR and -+\&\fIstop\fR entries by using a string of shell\-commands. Like so: -+.PP -+.Vb 2 -+\& start="/bin/bash \-c 'echo $$ > pidfile; exec program'" -+\& stop="/bin/bash \-c 'kill \-s SIGTERM `cat pidfile`'" -+.Ve -+.Sh "\s-1CONFIGURATION\s0 \s-1EXAMPLES\s0" -+.IX Subsection "CONFIGURATION EXAMPLES" -+The simplest form is just the check statement. In this example we -+check to see if the server is running and log a message if not: -+.PP -+.Vb 1 -+\& check process resin with pidfile /usr/local/resin/srun.pid -+.Ve -+.PP -+To have monit start the server if it's not running, add a start -+statement: -+.PP -+.Vb 2 -+\& check process resin with pidfile /usr/local/resin/srun.pid -+\& start program = "/usr/local/resin/bin/srun.sh start" -+.Ve -+.PP -+Here's a more advanced example for monitoring an apache -+web-server listening on the default port number for \s-1HTTP\s0 and -+\&\s-1HTTPS\s0. In this example monit will restart apache if it's not -+accepting connections at the port numbers. The method monit use -+for a process restart is to first execute the stop\-program, wait -+for the process to stop and then execute the start\-program. (If -+monit was unable to stop or start the service a failed alert -+message will be sent if you have requested alert messages to be -+sent). -+.PP -+.Vb 5 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start program = "/etc/init.d/httpd start" -+\& stop program = "/etc/init.d/httpd stop" -+\& if failed port 80 then restart -+\& if failed port 443 with timeout 15 seconds then restart -+.Ve -+.PP -+This example demonstrate how you can run a program as a specified -+user (uid) and with a specified group (gid). Many daemon programs -+will do the uid and gid switch by them self, but for those -+programs that does not (e.g. Java programs), monit's ability to -+start a program as a certain user can be very useful. In this -+example we start the Tomcat Java Servlet Engine as the standard -+\&\fInobody\fR user and group. Please note that monit will only switch -+uid and gid for a program if the super-user is running monit, -+otherwise monit will simply ignore the request to change uid and -+gid. -+.PP -+.Vb 7 -+\& check process tomcat with pidfile /var/run/tomcat.pid -+\& start program = "/etc/init.d/tomcat start" -+\& as uid nobody and gid nobody -+\& stop program = "/etc/init.d/tomcat stop" -+\& # You can also use id numbers instead and write: -+\& as uid 99 and with gid 99 -+\& if failed port 8080 then alert -+.Ve -+.PP -+In this example we use udp for connection testing to check if the -+name-server is running and also use timeout and alert: -+.PP -+.Vb 5 -+\& check process named with pidfile /var/run/named.pid -+\& start program = "/etc/init.d/named start" -+\& stop program = "/etc/init.d/named stop" -+\& if failed port 53 use type udp protocol dns then restart -+\& if 3 restarts within 5 cycles then timeout -+.Ve -+.PP -+The following example illustrate how to check if the service -+\&'sophie' is answering connections on its Unix domain socket: -+.PP -+.Vb 4 -+\& check process sophie with pidfile /var/run/sophie.pid -+\& start program = "/etc/init.d/sophie start" -+\& stop program = "/etc/init.d/sophie stop" -+\& if failed unix /var/run/sophie then restart -+.Ve -+.PP -+In this example we check an apache web-server running on -+localhost that answers for several IP-based virtual hosts or -+vhosts, hence the host statement before port: -+.PP -+.Vb 7 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start "/etc/init.d/httpd start" -+\& stop "/etc/init.d/httpd stop" -+\& if failed host www.sol.no port 80 then alert -+\& if failed host shop.sol.no port 443 then alert -+\& if failed host chat.sol.no port 80 then alert -+\& if failed host www.tildeslash.com port 80 then alert -+.Ve -+.PP -+To make sure that monit is communicating with a http server a -+protocol test can be added: -+.PP -+.Vb 6 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start "/etc/init.d/httpd start" -+\& stop "/etc/init.d/httpd stop" -+\& if failed host www.sol.no port 80 -+\& protocol HTTP -+\& then alert -+.Ve -+.PP -+This example shows a different way to check a webserver using -+the send/expect mechanism: -+.PP -+.Vb 7 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start "/etc/init.d/httpd start" -+\& stop "/etc/init.d/httpd stop" -+\& if failed host www.sol.no port 80 -+\& send "GET / HTTP/1.0\er\enHost: www.sol.no\er\en\er\en" -+\& expect "HTTP/[0\-9\e.]{3} 200 .*\er\en" -+\& then alert -+.Ve -+.PP -+To make sure that Apache is logging successfully (i.e. no more -+than 60 percent of child servers are logging), use its mod_status -+page at www.sol.no/server\-status with this special protocol test: -+.PP -+.Vb 5 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start "/etc/init.d/httpd start" -+\& stop "/etc/init.d/httpd stop" -+\& if failed host www.sol.no port 80 -+\& protocol apache\-status loglimit > 60% then restart -+.Ve -+.PP -+This configuration can be used to alert you if 25 percent or more -+of Apache child processes are stuck performing \s-1DNS\s0 lookups: -+.PP -+.Vb 5 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start "/etc/init.d/httpd start" -+\& stop "/etc/init.d/httpd stop" -+\& if failed host www.sol.no port 80 -+\& protocol apache\-status dnslimit > 25% then alert -+.Ve -+.PP -+Here we use an icmp ping test to check if a remote host is up and -+if not send an alert: -+.PP -+.Vb 3 -+\& check host www.tildeslash.com with address www.tildeslash.com -+\& if failed icmp type echo count 5 with timeout 15 seconds -+\& then alert -+.Ve -+.PP -+In the following example we ask monit to compute and verify the -+checksum for the underlying apache binary used by the start and -+stop programs. If the the checksum test should fail, monitoring -+will be disabled to prevent possibly starting a compromised -+binary: -+.PP -+.Vb 5 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start program = "/etc/init.d/httpd start" -+\& stop program = "/etc/init.d/httpd stop" -+\& if failed host www.tildeslash.com port 80 then restart -+\& depends on apache_bin -+.Ve -+.PP -+.Vb 2 -+\& check file apache_bin with path /usr/local/apache/bin/httpd -+\& if failed checksum then unmonitor -+.Ve -+.PP -+In this example we ask monit to test the checksum for a document -+on a remote server. If the checksum was changed we send an alert: -+.PP -+.Vb 7 -+\& check host tildeslash with address www.tildeslash.com -+\& if failed port 80 protocol http -+\& and request "/monit/dist/monit\-4.0.tar.gz" -+\& with checksum f9d26b8393736b5dfad837bb13780786 -+\& then alert -+\& alert hauk@tildeslash.com with mail\-format {subject: -+\& Aaaalarm! } -+.Ve -+.PP -+Some servers are slow starters, like for example Java based -+Application Servers. So if we want to keep the poll-cycle low -+(i.e. < 60 seconds) but allow some services to take its time to -+start, the \fBevery\fR statement is handy: -+.PP -+.Vb 5 -+\& check process dynamo with pidfile /etc/dynamo.pid -+\& start program = "/etc/init.d/dynamo start" -+\& stop program = "/etc/init.d/dynamo stop" -+\& if failed port 8840 then alert -+\& every 2 cycles -+.Ve -+.PP -+Here is an example where we group together two database entries -+so you can manage them together, e.g.; 'monit \-g database start -+all'. The mode statement is also illustrated in the first entry -+and have the effect that monit will not try to (re)start this -+service if it is not running: -+.PP -+.Vb 5 -+\& check process sybase with pidfile /var/run/sybase.pid -+\& start = "/etc/init.d/sybase start" -+\& stop = "/etc/init.d/sybase stop" -+\& mode passive -+\& group database -+.Ve -+.PP -+.Vb 6 -+\& check process oracle with pidfile /var/run/oracle.pid -+\& start program = "/etc/init.d/oracle start" -+\& stop program = "/etc/init.d/oracle stop" -+\& mode active # Not necessary really, since it's the default -+\& if failed port 9001 then restart -+\& group database -+.Ve -+.PP -+Here is an example to show the usage of the resource checks. It -+will send an alert when the \s-1CPU\s0 usage of the http daemon and its -+child processes raises beyond 60% for over two cycles. Apache is -+restarted if the \s-1CPU\s0 usage is over 80% for five cycles or the -+memory usage over 100Mb for five cycles or if the machines load -+average is more than 10 for 8 cycles: -+.PP -+.Vb 7 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start program = "/etc/init.d/httpd start" -+\& stop program = "/etc/init.d/httpd stop" -+\& if cpu > 60% for 2 cycles then alert -+\& if cpu > 80% for 5 cycles then restart -+\& if mem > 100 MB for 5 cycles then stop -+\& if loadavg(5min) greater than 10.0 for 8 cycles then stop -+.Ve -+.PP -+This examples demonstrate the timestamp statement with exec and -+how you may restart apache if its configuration file was -+changed. -+.PP -+.Vb 3 -+\& check file httpd.conf with path /etc/httpd/httpd.conf -+\& if changed timestamp -+\& then exec "/etc/init.d/httpd graceful" -+.Ve -+.PP -+In this example we demonstrate usage of the extended alert -+statement and a file check dependency: -+.PP -+.Vb 15 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start = "/etc/init.d/httpd start" -+\& stop = "/etc/init.d/httpd stop" -+\& if failed host www.tildeslash.com port 80 then restart -+\& alert admin@bar on {nonexist, timeout} -+\& with mail\-format { -+\& from: bofh@$HOST -+\& subject: apache $EVENT \- $ACTION -+\& message: This event occurred on $HOST at $DATE. -+\& Your faithful employee, -+\& monit -+\& } -+\& if 3 restarts within 5 cycles then timeout -+\& depend httpd_bin -+\& group apache -+.Ve -+.PP -+.Vb 12 -+\& check file httpd_bin with path /usr/local/apache/bin/httpd -+\& if failed checksum -+\& and expect 8f7f419955cefa0b33a2ba316cba3659 -+\& then unmonitor -+\& if failed permission 755 then unmonitor -+\& if failed uid root then unmonitor -+\& if failed gid root then unmonitor -+\& if changed timestamp then alert -+\& alert security@bar on {checksum, timestamp, -+\& permission, uid, gid} -+\& with mail\-format {subject: Alaaarrm! on $HOST} -+\& group apache -+.Ve -+.PP -+In this example, we demonstrate usage of the depend statement. In -+this case, we want to start oracle and apache. However, we've set -+up apache to use oracle as a back end, and if oracle is -+restarted, apache must be restarted as well. -+.PP -+.Vb 4 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start = "/etc/init.d/httpd start" -+\& stop = "/etc/init.d/httpd stop" -+\& depends on oracle -+.Ve -+.PP -+.Vb 4 -+\& check process oracle with pidfile /var/run/oracle.pid -+\& start = "/etc/init.d/oracle start" -+\& stop = "/etc/init.d/oracle stop" -+\& if failed port 9001 then restart -+.Ve -+.PP -+Next, we have 2 services, oracle-import and oracle-export that -+need to be restarted if oracle is restarted, but are independent -+of each other. -+.PP -+.Vb 4 -+\& check process oracle with pidfile /var/run/oracle.pid -+\& start = "/etc/init.d/oracle start" -+\& stop = "/etc/init.d/oracle stop" -+\& if failed port 9001 then restart -+.Ve -+.PP -+.Vb 5 -+\& check process oracle\-import -+\& with pidfile /var/run/oracle\-import.pid -+\& start = "/etc/init.d/oracle\-import start" -+\& stop = "/etc/init.d/oracle\-import stop" -+\& depends on oracle -+.Ve -+.PP -+.Vb 5 -+\& check process oracle\-export -+\& with pidfile /var/run/oracle\-export.pid -+\& start = "/etc/init.d/oracle\-export start" -+\& stop = "/etc/init.d/oracle\-export stop" -+\& depends on oracle -+.Ve -+.PP -+Finally an example with all statements: -+.PP -+.Vb 23 -+\& check process apache with pidfile /var/run/httpd.pid -+\& start program = "/etc/init.d/httpd start" -+\& stop program = "/etc/init.d/httpd stop" -+\& if 3 restarts within 5 cycles then timeout -+\& if failed host www.sol.no port 80 protocol http -+\& and use the request "/login.cgi" -+\& then alert -+\& if failed host shop.sol.no port 443 type tcpssl -+\& protocol http and with timeout 15 seconds -+\& then restart -+\& if cpu is greater than 60% for 2 cycles then alert -+\& if cpu > 80% for 5 cycles then restart -+\& if totalmem > 100 MB then stop -+\& if children > 200 then alert -+\& alert bofh@bar with mail\-format {from: monit@foo.bar.no} -+\& every 2 cycles -+\& mode active -+\& depends on weblogic -+\& depends on httpd.pid -+\& depends on httpd.conf -+\& depends on httpd_bin -+\& depends on datafs -+\& group server -+.Ve -+.PP -+.Vb 6 -+\& check file httpd.pid with path /usr/local/apache/logs/httpd.pid -+\& group server -+\& if timestamp > 7 days then restart -+\& every 2 cycles -+\& alert bofh@bar with mail\-format {from: monit@foo.bar.no} -+\& depends on datafs -+.Ve -+.PP -+.Vb 7 -+\& check file httpd.conf with path /etc/httpd/httpd.conf -+\& group server -+\& if timestamp was changed -+\& then exec "/usr/local/apache/bin/apachectl graceful" -+\& every 2 cycles -+\& alert bofh@bar with mail\-format {from: monit@foo.bar.no} -+\& depends on datafs -+.Ve -+.PP -+.Vb 13 -+\& check file httpd_bin with path /usr/local/apache/bin/httpd -+\& group server -+\& if failed checksum and expect the sum -+\& 8f7f419955cefa0b33a2ba316cba3659 then unmonitor -+\& if failed permission 755 then unmonitor -+\& if failed uid root then unmonitor -+\& if failed gid root then unmonitor -+\& if changed size then alert -+\& if changed timestamp then alert -+\& every 2 cycles -+\& alert bofh@bar with mail\-format {from: monit@foo.bar.no} -+\& alert foo@bar on { checksum, size, timestamp, uid, gid } -+\& depends on datafs -+.Ve -+.PP -+.Vb 12 -+\& check device datafs with path /dev/sdb1 -+\& group server -+\& start program = "/bin/mount /data" -+\& stop program = "/bin/umount /data" -+\& if failed permission 660 then unmonitor -+\& if failed uid root then unmonitor -+\& if failed gid disk then unmonitor -+\& if space usage > 80 % then alert -+\& if space usage > 94 % then stop -+\& if inode usage > 80 % then alert -+\& if inode usage > 94 % then stop -+\& alert root@localhost -+.Ve -+.PP -+.Vb 7 -+\& check host ftp.redhat.com with address ftp.redhat.com -+\& if failed icmp type echo with timeout 15 seconds -+\& then alert -+\& if failed port 21 protocol ftp -+\& then exec "/usr/X11R6/bin/xmessage \-display -+\& :0 ftp connection failed" -+\& alert foo@bar.com -+.Ve -+.PP -+.Vb 7 -+\& check host www.gnu.org with address www.gnu.org -+\& if failed port 80 protocol http -+\& and request "/pub/gnu/bash/bash\-2.05b.tar.gz" -+\& with checksum 8f7f419955cefa0b33a2ba316cba3659 -+\& then alert -+\& alert rms@gnu.org with mail\-format { -+\& subject: The gnu server may be hacked again! } -+.Ve -+.PP -+Note; only the \fBcheck type\fR, \fBpidfile/path/address\fR statements -+are mandatory, the other statements are optional and the order of -+the optional statements is not important. -+.SH "MONIT WITH HEARTBEAT" -+.IX Header "MONIT WITH HEARTBEAT" -+You can download \fIheartbeat\fR from -+http://www.linux\-ha.org/download/. It might be useful to have a -+look at The Heartbeat Getting Started Guide at: -+http://www.linux\-ha.org/GettingStarted.html -+.PP -+\&\fBStarting up a Node\fR -+.PP -+This is the normal start sequence for a cluster\-node. With this -+sequence, there should be no error\-case, which is not handled -+either by heartbeat or by monit. For example, if monit dies, -+initd restarts it. If heartbeat dies, monit restarts it. If the -+node dies, the heartbeat instance on the other node detects it -+and restart the services there. -+.IP "1. initd starts monit with group local" 4 -+.IX Item "1. initd starts monit with group local" -+.PD 0 -+.IP "2. monit starts heartbeat in local group" 4 -+.IX Item "2. monit starts heartbeat in local group" -+.IP "3. heartbeat requests monit to start the node group" 4 -+.IX Item "3. heartbeat requests monit to start the node group" -+.IP "4. monit starts the node group" 4 -+.IX Item "4. monit starts the node group" -+.PD -+.PP -+\&\fBMonit: \f(BI/etc/monitrc\fB\fR -+.PP -+This example describes a cluster with 2 nodes. Services running -+on Node 1 are in the group \fInode1\fR and Node 2 services are in -+the \fInode2\fR group. -+.PP -+The local group entries are mode \fIactive\fR, the node group -+entries are mode \fImanual\fR and controlled by heartbeat. -+.PP -+.Vb 3 -+\& # -+\& # local services on both hosts -+\& # -+.Ve -+.PP -+.Vb 6 -+\& check process heartbeat with pidfile /var/run/heartbeat.pid -+\& start program = "/etc/init.d/heartbeat start" -+\& stop program = "/etc/init.d/heartbeat start" -+\& mode active -+\& alert foo@bar -+\& group local -+.Ve -+.PP -+.Vb 6 -+\& check process postfix with pidfile /var/run/postfix/master.pid -+\& start program = "/etc/init.d/postfix start" -+\& stop program = "/etc/init.d/postfix stop" -+\& mode active -+\& alert foo@bar -+\& group local -+.Ve -+.PP -+.Vb 3 -+\& # -+\& # node1 services -+\& # -+.Ve -+.PP -+.Vb 7 -+\& check process apache with pidfile /var/apache/logs/httpd.pid -+\& start program = "/etc/init.d/apache start" -+\& stop program = "/etc/init.d/apache stop" -+\& depends named -+\& alert foo@bar -+\& mode manual -+\& group node1 -+.Ve -+.PP -+.Vb 6 -+\& check process named with pidfile /var/tmp/named.pid -+\& start program = "/etc/init.d/named start" -+\& stop program = "/etc/init.d/named stop" -+\& alert foo@bar -+\& mode manual -+\& group node1 -+.Ve -+.PP -+.Vb 3 -+\& # -+\& # node2 services -+\& # -+.Ve -+.PP -+.Vb 6 -+\& check process named\-slave with pidfile /var/tmp/named\-slave.pid -+\& start program = "/etc/init.d/named\-slave start" -+\& stop program = "/etc/init.d/named\-slave stop" -+\& mode manual -+\& alert foo@bar -+\& group node2 -+.Ve -+.PP -+.Vb 7 -+\& check process squid with pidfile /var/squid/logs/squid.pid -+\& start program = "/etc/init.d/squid start" -+\& stop program = "/etc/init.d/squid stop" -+\& depends named\-slave -+\& alert foo@bar -+\& mode manual -+\& group node2 -+.Ve -+.PP -+\&\fBinitd: \f(BI/etc/inittab\fB\fR -+.PP -+Monit is started on both nodes with initd. You will need to add -+an entry in \fI/etc/inittab\fR to start monit with the same local -+group heartbeat is member of. -+.PP -+.Vb 2 -+\& #/etc/inittab -+\& mo:2345:respawn:/usr/local/bin/monit \-d 10 \-c /etc/monitrc \-g local -+.Ve -+.PP -+\&\fBheartbeat: \f(BI/etc/ha.d/haresources\fB\fR -+.PP -+When heartbeat starts, heartbeat looks up the node entry and -+start the script \fI/etc/init.d/monit\-node1\fR or -+\&\fI/etc/init.d/monit\-node2\fR. The script calls monit to start the -+specific group per node. -+.PP -+.Vb 3 -+\& # /etc/ha.d/haresources -+\& node1 IPaddr::172.16.100.1 monit\-node1 -+\& node2 IPaddr::172.16.100.2 monit\-node2 -+.Ve -+.PP -+\&\fB\f(BI/etc/init.d/monit\-node1\fB\fR -+.PP -+.Vb 11 -+\& #!/bin/bash -+\& # -+\& # sample script for starting/stopping all services on node1 -+\& # -+\& prog="/usr/local/bin/monit \-g node1" -+\& start() -+\& { -+\& echo \-n $"Starting $prog:" -+\& $prog start all -+\& echo -+\& } -+.Ve -+.PP -+.Vb 6 -+\& stop() -+\& { -+\& echo \-n $"Stopping $prog:" -+\& $prog stop all -+\& echo -+\& } -+.Ve -+.PP -+.Vb 10 -+\& case "$1" in -+\& start) -+\& start;; -+\& stop) -+\& stop;; -+\& *) -+\& echo $"Usage: $0 {start|stop}" -+\& RETVAL=1 -+\& esac -+\& exit $RETVAL -+.Ve -+.Sh "Handling state" -+.IX Subsection "Handling state" -+As mentioned elsewhere, monit save its state to a state file. If -+the monit process should die, upon restart monit will read its -+last known state from this file. This can be a problem if monit -+is used in a cluster, as illustrate in this scenario: -+.IP "1" 4 -+.IX Item "1" -+The active node fails, the second takes over -+.IP "2" 4 -+.IX Item "2" -+After a reboot, the failed node comes back, monit read its state -+file and start all the services (even manual ones) as they were -+running before the failure. This is a problem because services -+will now run on both nodes. -+.PP -+The solution to this problem is to remove the monit.state file in -+a rc-script called at boot time and before monit is started. -+.SH "FILES" -+.IX Header "FILES" -+\&\fI~/.monitrc\fR -+ Default run control file -+.PP -+\&\fI/etc/monitrc\fR -+ If the control file is not found in the default -+ location and /etc contains a \fImonitrc\fR file, this -+ file will be used instead. -+.PP -+\&\fI./monitrc\fR -+ If the control file is not found in either of the -+ previous two locations, and the current working -+ directory contains a \fImonitrc\fR file, this file is -+ used instead. -+.PP -+\&\fI~/.monitrc.pid\fR -+ Lock file to help prevent concurrent runs (non\-root -+ mode). -+.PP -+\&\fI/var/run/monit.pid\fR -+ Lock file to help prevent concurrent runs (root mode, -+ Linux systems). -+.PP -+\&\fI/etc/monit.pid\fR -+ Lock file to help prevent concurrent runs (root mode, -+ systems without /var/run). -+.PP -+\&\fI~/.monit.state\fR -+ monit save its state to this file and utilize -+ information found in this file to recover from -+ a crash. This is a binary file and its content is -+ only of interest to monit. You may set the location -+ of this file in the monit control file or by using -+ the \-s switch when monit is started. -+.SH "ENVIRONMENT" -+.IX Header "ENVIRONMENT" -+No environment variables are used by monit. However, when monit -+execute a script or a program monit will set several environment -+variables which can be utilized by the executable. The following -+and \fIonly\fR the following environment variables are available: -+.IP "\s-1MONIT_EVENT\s0" 4 -+.IX Item "MONIT_EVENT" -+The event that occurred on the service -+.IP "\s-1MONIT_SERVICE\s0" 4 -+.IX Item "MONIT_SERVICE" -+The name of the service (from monitrc) on which the event -+occurred. -+.IP "\s-1MONIT_DATE\s0" 4 -+.IX Item "MONIT_DATE" -+The time and date (rfc 822 style) the event occurred -+.IP "\s-1MONIT_HOST\s0" 4 -+.IX Item "MONIT_HOST" -+The host the event occurred on -+.PP -+The following environment variables are only available for -+process service entries: -+.IP "\s-1MONIT_PROCESS_PID\s0" 4 -+.IX Item "MONIT_PROCESS_PID" -+The process pid. This may be 0 if the process was (re)started, -+.IP "\s-1MONIT_PROCESS_MEMORY\s0" 4 -+.IX Item "MONIT_PROCESS_MEMORY" -+Process memory. This may be 0 if the process was (re)started, -+.IP "\s-1MONIT_PROCESS_CHILDREN\s0" 4 -+.IX Item "MONIT_PROCESS_CHILDREN" -+Process children. This may be 0 if the process was (re)started, -+.IP "\s-1MONIT_PROCESS_CPU_PERCENT\s0" 4 -+.IX Item "MONIT_PROCESS_CPU_PERCENT" -+Process cpu%. This may be 0 if the process was (re)started, -+.PP -+In addition the following spartan \s-1PATH\s0 environment variable is -+available: -+.IP "PATH=/bin:/usr/bin:/sbin:/usr/sbin" 4 -+.IX Item "PATH=/bin:/usr/bin:/sbin:/usr/sbin" -+.PP -+Scripts or programs that depends on other environment variables -+or on a more verbose \s-1PATH\s0 must provide means to set these -+variables by them self. -+.SH "SIGNALS" -+.IX Header "SIGNALS" -+If a monit daemon is running, \s-1SIGUSR1\s0 wakes it up from its sleep -+phase and forces a poll of all services. \s-1SIGTERM\s0 and \s-1SIGINT\s0 will -+gracefully terminate a monit daemon. The \s-1SIGTERM\s0 signal is sent -+to a monit daemon if monit is started with the \fIquit\fR action -+argument. -+.PP -+Sending a \s-1SIGHUP\s0 signal to a running monit daemon will force -+the daemon to reinitialize itself, specifically it will reread -+configuration, close and reopen log files. -+.PP -+Running monit in foreground while a background monit daemon is -+running will wake up the daemon. -+.SH "NOTES" -+.IX Header "NOTES" -+This is a very silent program. Use the \-v switch if you want to -+see what monit is doing, and tail \-f the logfile. Optionally for -+testing purposes; you can start monit with the \-Iv switch. Monit -+will then print debug information to the console, to stop monit -+in this mode, simply press CTRL^C (i.e. \s-1SIGINT\s0) in the same -+console. -+.PP -+The syntax (and parser) of the control file is inspired by Eric -+S. Raymond et al. excellent fetchmail program. Some portions of -+this man page does also receive inspiration from the same -+authors. -+.SH "AUTHORS" -+.IX Header "AUTHORS" -+Jan-Henrik Haukeland <hauk@tildeslash.com>, -+Martin Pala <martinp@tildeslash.com>, -+Christian Hopp <chopp@iei.tu\-clausthal.de>, -+Rory Toma <rory@digeo.com> -+.PP -+See also http://www.tildeslash.com/monit/who.html -+.SH "COPYRIGHT" -+.IX Header "COPYRIGHT" -+Copyright (C) 2000\-2007 by the monit project group. All Rights -+Reserved. This product is distributed in the hope that it will be -+useful, but \s-1WITHOUT\s0 any warranty; without even the implied -+warranty of \s-1MERCHANTABILITY\s0 or \s-1FITNESS\s0 for a particular purpose. -+.SH "SEE ALSO" -+.IX Header "SEE ALSO" -+\&\s-1GNU\s0 text utilities; \fImd5sum\fR\|(1); \fIsha1sum\fR\|(1); \fIopenssl\fR\|(1); \fIglob\fR\|(7); -+\&\fIregex\fR\|(7) diff --git a/sysutils/monit/patches/patch-af b/sysutils/monit/patches/patch-af deleted file mode 100644 index d6b3b32a82e..00000000000 --- a/sysutils/monit/patches/patch-af +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-af,v 1.1.1.1 2007/04/30 20:53:54 heinz Exp $ - -fixes crash on NetBSD due to usage of already destroyed mutex. -See also http://cvs.savannah.gnu.org/viewcvs/monit/log.c?rev=1.33&root=monit&r1=1.33&view=log - ---- log.c.orig 2007-01-03 22:02:06.000000000 +0100 -+++ log.c -@@ -277,7 +277,7 @@ void log_close() { - LogError("%s: Error closing the log file -- %s\n", - prog, STRERROR); - } -- pthread_mutex_destroy(&log_mutex); -+ - LOG= NULL; - - } diff --git a/sysutils/monit/patches/patch-ag b/sysutils/monit/patches/patch-ag deleted file mode 100644 index 21bfebf0a75..00000000000 --- a/sysutils/monit/patches/patch-ag +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-ag,v 1.1.1.1 2007/04/30 20:53:54 heinz Exp $ - -Substitute variables in monit.1.in - ---- configure.ac.orig 2007-02-19 23:39:58.000000000 +0100 -+++ configure.ac -@@ -698,7 +698,7 @@ fi - # ------------------------------------------------------------------------ - - AC_CONFIG_HEADER([config.h]) --AC_CONFIG_FILES([Makefile]) -+AC_CONFIG_FILES([Makefile monit.1]) - AC_OUTPUT - - echo "" diff --git a/sysutils/monit/patches/patch-ah b/sysutils/monit/patches/patch-ah deleted file mode 100644 index e0c4db27379..00000000000 --- a/sysutils/monit/patches/patch-ah +++ /dev/null @@ -1,23 +0,0 @@ -$NetBSD: patch-ah,v 1.1.1.1 2007/04/30 20:53:54 heinz Exp $ - -Generated from configure.ac - ---- configure.orig 2007-02-19 23:43:14.000000000 +0100 -+++ configure -@@ -10797,7 +10797,7 @@ fi - - ac_config_headers="$ac_config_headers config.h" - --ac_config_files="$ac_config_files Makefile" -+ac_config_files="$ac_config_files Makefile monit.1" - - cat >confcache <<\_ACEOF - # This file is a shell script that caches the results of configure -@@ -11354,6 +11354,7 @@ do - case $ac_config_target in - "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; - "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; -+ "monit.1") CONFIG_FILES="$CONFIG_FILES monit.1" ;; - - *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 - echo "$as_me: error: invalid argument: $ac_config_target" >&2;} |