This page summaries changes made in Monit since version 5.7.0. Please see the commit log for a detailed list of changes and commits leading up to the various releases below. Use the issue tracker to report new issues or feature requests
check directory upload with path /data/upload if hardlink > 32000 then alert
set mmonit https://monit:mypassword@mmonit.foo.bar:8443/collector with hostgroups [ Oslo, "Mail servers" ]
check program myscript with path /usr/local/bin/myscript.sh if content changed then alert if content not changed then alert else ignore
set httpd port 2812 read-only allow 192.168.1.0/24 unixsocket /run/monit.socketThanks to Christian Goettsche for contributing this feature.
if failed port 5432 protocol pgsql username "username" password "12345" database "test" then alertPrevious Monit versions used hardcoded credentials when testing connection to postgresql (user=root and database=root). This could trigger thousands of messages like this in the postgresql log:
root@root FATAL: password authentication failed for user "root" root@root DETAIL: Role "root" does not exist.Note: Monit will continue to use the hardcoded credentials (for backward compatibility) unless username and password are set.
IF CONTENT [!]= <regex> THEN actionExample:
check program disk0_smart with path "/usr/sbin/nvme smart-log /dev/nvme0" if content != "critical_warning[ ]+: 0" then alert
monit -g database report
if link up then "/usr/bin/monit start backup"Notes: When link up test is used, the link errors tests are ignored, as these tests share the same event type and would reset the status. Also, mixing link up and link down in the same check network is not supported.
if succeeded port 443 protocol https then exec "/bin/monit start myclient" if succeeded host example.org port 3306 protocol mysql then alert
if succeeded unixsocket /var/run/mysql.sock protocol mysql then exec "/bin/myscript.sh initdb"
if succeeded ping then alert
monit status myservice # exact match monit status "data.*" # pattern which will match all services whos name contain "data" substring
if failed ping responsetime < 50 ms then alert if failed port 443 protocol https and responsetime < 50 ms then alert if failed port 443 protocol https and responsetime < 50 ms then alert
set ssl { version: tlsv11 }
if failed port 3306 protocol mysqls then alert
check host mymachine with address 127.0.0.1 if failed port 3306 protocol mysql username monit password mypassword123 rsakey checksum 29e512c06275a1b3f4617f8cb9ca583d642386fe then alert
check process myproc with pidfile /var/run/myproc.pid if filedescriptors >= 90% then alert if filedescriptors >= 99% then restart if total filedescriptors > 5000 then alert
check system $HOST if filedescriptors >= 90% then alert
set ssl { version: auto -sslv2 -sslv3 -tlsv1 -tlsv11 }
set httpd port 2812 with ssl { pemchain: /etc/ssl/certs/monit.chain.pem pemkey: /etc/ssl/certs/monit.key.pem } allow myuser:mypassword
check process foobar matching "myprocess" if disk read activity > 500 operations/s then alert if disk write activity > 500 operations/s then alert
if read activity > 1 mb/s then alert if write activity > 1 mb/s then alert
if failed port 143 protocol imaps then alert
if loadavg(1m) per core > 2 then alert if loadavg(1m) > 8 then alert # same test on a 4 core system if loadavg(1m) > 18 then alert # same test on a 9 core system
IF FAILED PORT <number> PROTOCOL MQTT [USERNAME <string> PASSWORD <string>] THEN ALERTExample:
check process mosquitto with pidfile /var/run/mosquitto.pid start program = "/sbin/start mosquitto" stop program = "/sbin/stop mosquitto" if failed port 1883 protocol mqtt then alert
check process ntpd matching "ntpd" if failed security attribute "system_u:system_r:ntpd_t:s0" then alertExample for AppArmor:
check process ntpd matching "ntpd" if failed security attribute "/usr/sbin/ntpd (enforce)" then alert
check process spamd with pidfile /var/run/spamassassin.pid start program = "/etc/init.d/spamassassin start" stop program = "/etc/init.d/spamassassin stop" if failed port 783 protocol spamassassin then alert
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid start program = "/etc/init.d/fail2ban start" stop program = "/etc/init.d/fail2ban stop" if failed unixsocket /var/run/fail2ban/fail2ban.sock protocol fail2ban then alert
check host example with address example.com # If "method GET" is omitted, HEAD will be used here if failed port 443 protocol https method GET then alert
IF <ATIME | MTIME | CTIME | TIME[STAMP]> <operator> <value> THEN <action>This example uses the new mtime property to test if a file was updated within the last hour:
check file x with path /path/to/x if mtime is older than 1 hour then alert
if failed port 3128 protocol http request "cache_object://localhost/utilization" then alert
check filesystem disk1 with path /dev/sda1 if read rate > 1 MB/s for 5 cycles then alert if read rate > 500 operations/s for 5 cycles then alert if write rate > 1 MB/s for 5 cycles then alert if write rate > 500 operations/s for 5 cycles then alert # Service Time is the time taken to complete a read or a write operation if service time > 100 milliseconds for 5 cycles then alert
check process nginx matching "nginx" if disk read > 10 MB/s for 10 cycles then alert if disk write > 1 MB/s for 10 cycles then alertExample for AIX, DragonFlyBSD, FreeBSD, NetBSD, OpenBSD and Solaris (operations-per-second metric):
check process mysql matching "mysqld" if disk read > 8192 operations/s for 10 cycles then alert if disk write > 4096 operations/s for 10 cycles then alert
check filesystem mynfs with path "192.168.1.123:/home/myuser" check filesystem mycifs with path "//192.168.1.123/documents" check filesystem mysshfs with path "myuser@192.168.1.123:/home/myuser"
check file x with path /some/path/x if exist then alertIn this example we do the opposite and alert if file 'x' does not exist:
check file x with path /some/path/x if does not exist then alertIn the latter case we do not need to write the test explicitely as it is added automatically (if no existence test exists) and we can just write:
check file x with path /some/path/xThe existence test is available for process, file, filesystem, fifo and directory checks. You can, for example, use this to test if a process that should not run, is running and stop it. In this example we remove all vmware processes from the system. (VMware is great, this is just an example):
check process vmware matching "vmware" if exist then exec "/usr/bin/pkill -9 vmware"
set httpd port 2812 with ssl { pemfile: /etc/ssl/certs/monit.pem version: TLSv12 } allow admin:monit
set httpd port 2812 with ssl { ciphers: "ALL:!DES:!3DES:!RC4:!aNULL:!LOW:!EXP:!IDEA:!MD5:@STRENGTH" }
programTimeout: 300 seconds # default timeout for check program stopTimeout: 30 seconds # default timeout for service stop startTimeout: 30 seconds # default timeout for service start restartTimeout: 30 seconds # default timeout for service restart
if failed port 80 protocol apache-status username myuser password 123456 loglimit > 10% or dnslimit < 50% then alert
if failed port 80 protocol http username myuser password 123456 then alert
$ monit report up: 11 (39.3%) down: 16 (57.1%) initialising: 0 (0.0%) unmonitored: 1 (3.6%) total: 28 servicesWith option, prints the number of services in that state. This can be used in a script as follows:
$ u=$(monit report up) $ d=$(monit report down) $ t=$(monit report total) $ echo "${u} up, ${d} down of total ${t} services" 56 up, 1 down of total 57 services
check process apache with pidfile /var/run/httpd.pid onreboot laststate start program = ...The following modes are supported:
check system $HOST if uptime > 180 days then alert
if failed port 25 protocol smtps then alert
if failed port 25 protocol smtps username user password secret then alert
set mail-format { from: "Number Six" <monit@$HOST> reply-to: support@domain.com }
set limits { programOutput: 512 B, # program's output limit sendExpectBuffer: 256 B, # limit for send/expect protocol test fileContentBuffer: 512 B, # limit for file content test (line) httpContentBuffer: 1 MB, # limit for HTTP content test networkTimeout: 5 seconds # timeout for network I/O }
if failed ping via address "192.168.1.10" then alert if failed port 80 via address "192.168.1.10" then alert
if threads > 21 then alert
IF [NOT] MATCH <pattern>to
IF CONTENT < "=" | "!=" > <pattern>The old syntax is deprecated, but still supported for backward compatibility.
if cpu usage = 100% for 2 cycles then alertIn detail: Calculating a process CPU usage has been normalised to take into account the number of threads in use by the process. Previously Monit calculated process CPU usage as a fraction over available CPU cores. For instance, if you wanted to check if a single-threaded application used 100% CPU you had to check for 25% CPU utilization on a 4 core machine (100/4). Likewise, in top terminology, a multi-threaded application could use up to 400% CPU on the same machine. Monit now calculates CPU usage based on number of threads vs. available CPU cores. If a process has one thread, 100% CPU usage is the same as 100% utilization of one CPU core. If it has 2 threads, 100% CPU usage is reported when it uses 2 CPU cores 100%, etc. If a process has more threads than the machine's available CPU cores then 100% CPU usage corresponds to the utilization of all available CPU cores.
if <test> then exec <script> [repeat every [x] cycle(s)]If you want the old behaviour, use "repeat every cycle". Example:
if failed port 1234 then exec "/usr/bin/myscript.sh" repeat every cycle
set ssl options { verify: <enable|disable> selfsigned: <allow|reject> version: <auto|sslv2|sslv3|tlsv1|tlsv11|tlsv12> clientpemfile: <path> cacertificatefile: <path> cacertificatepath: <path> }
set ssl options { verify: enable selfsigned: allow }
set ssl option {clientpemfile: /etc/ssl/myclient.pem}
[using] <SSL>Example:
if failed port 9999 using ssl {selfsigned: allow} then alert
CERTIFICATE VALID > number DAY(S)Example:
if failed port 443 protocol https and certificate valid > 30 days then alert
CERTIFICATE CHECKSUM [MD5 | SHA1] [= | equal] <hash>Example:
if failed port 443 protocol https and certificate checksum = "1ED948A6F4258ACAB964227EF4EB19FCC453B0F8" then alert
if failed ping size 256 then alert
rpmbuild -tb monit-5.15.tar.gz --without-pam --without-ssl
if cpu usage > 99% then alert
monit status apacheLikewise, to only print the status of services in the www group:
monit -g www statusPrinting the status of all services is the same as before:
monit status
if failed port 3306 protocol mysql then alertThis might or might not generate an error entry in your MySQL log file depending on your server configuration. Because the new protocol test supports MySQL authentication, you can silence such errors by login proper to the MySQL server. To do so, you will need to specify a username and a password (in clear-text) which Monit can use.
if failed port 3306 protocol mysql username myuser password mypassword then alertThe new MySQL protocol test in Monit is now a small and almost a general MySQL client in itself. This means that future releases of Monit can expand on this and execute user defined queries and check the result, or check key performance numbers from MySQL such as slow queries etc.
if space free < 10 GB then alert
if space free < 5% then alert
check host example.com with address example.com if failed ping then alert # IPv4 or IPv6 if failed ping4 then alert # IPv4 only if failed ping6 then alert # IPv6 onlyPort examples:
check host example.com with address example.com if failed port 22 then alert # IPv4 or IPv6 if failed port 22 ipv4 then alert # IPv4 only if failed port 22 ipv6 then alert # IPv6 only
check host example.host with address "2001:db8::1234" if failed ping then alert if failed port 80 then alert
set httpd unixsocket /var/run/monit.sock allow user:password
if changed permission then ACTION
if does not exist then alert if does not exist 3 times in 5 cycles then stop
if changed fsflags then alert if changed fsflags for 10 cycles then exec "/usr/bin/script.sh"
check network eth0 with interface eth0 if failed link then restart if changed link then alert if saturation > 80% then alert if upload > 500 kB/s then alert if download > 1 MB/s then alert if upload > 1000 packets/s then alert if download > 1000 packets/s then alert if total upload > 1 GB in last hour then alert if total download > 100 GB in last 5 hours then alert
if failed port 2000 protocol sieve then alert
if changed pid then alert if changed ppid then alert
if changed PID then alert if changed PID 3 times in 5 cycles then stop
check host redis.host with address 192.168.0.23 if failed port 6379 protocol redis then alert
check host mongo.host with address 192.168.0.24 if failed port 27017 protocol mongodb then alert
check filesystem transmit with path "TransmitFS/sftp#02C13FCA" if space usage > 80% then alert
check host mmonit.com with address mmonit.com if failed port 80 protocol http with http headers [host: mmonit.com, Cache-Control: no-cache, Cookie: csrftoken=nj1bI3CnMCaiNv4beqo8ZaCfAQQvpgLH] and request /monit/ with content = "Monit [0-9.]+" then alertThis statement deprecate the old hostheader statement, which was used to only set the HTTP host header
check program foobar with path /usr/local/myscript.sh if changed status then alertThis is useful if the actual exit status is not important, just that it changed. For instance if your program implements some kind of "state-machine" and changes the exit status for each new step and you want to get an alert when this happens.
check program ls with path "/bin/ls -lrt /tmp" as uid "www" if status != 0 then alert
check host mmonit.com with address mmonit.com if failed ping then alert
if failed port 443 with type TCPSSL tlsv1 protocol http then alertYou can now write
if failed port 443 with protocol https then alertThe SSL version is auto-detected. The old statement can still be used if SSL version needs to be specified.
if failed port 443 with type TCPSSL tlsv11 protocol http then alert
check process syslog with pidfile /var/run/rsyslogd.pid if failed uid "syslog" then alert if failed euid "syslog" then alert if failed gid "syslog" then alert
check host websocket.org with address "echo.websocket.org" if failed port 80 protocol websocket host "echo.websocket.org" request "/" origin "http://www.websocket.com" version 13 then alert
check host mmonit.com with address mmonit.com if failed port 80 protocol http and request /monit/ with content = "Monit [0-9.]+" then alert
if failed port 80 protocol http and status < 400 then alertInverse test. Return error if a page does exist:
if failed port 80 protocol http request "/some/page" status = 404 then alert
check program list-files with path "/bin/ls -l -r -t /tmp" if status != 0 then alert
check process apache with pidfile /var/run/httpd.pid start = "/usr/sbin/apachectl start" stop = "/usr/sbin/apachectl stop" restart = "/usr/sbin/apachectl restart" <- New