Monit Updates and Release Notes

This page summaries changes made in Monit since version 5.7.0. Please see the commit log for a detailed list of changes and commits leading up to the various releases below. Use the issue tracker to report new issues or feature requests

Version 5.21.0

Released on Mar 07 2017
  • New: We have added a set of new tests that you can use to monitor and check the performance of your file-systems and disks. Disk i/o metrics are also displayed in the Monit GUI and CLI. M/Monit 3.7.0 can be used to view statistics and charts.
    check filesystem disk1 with path /dev/sda1
        if read rate > 1 MB/s for 5 cycles then alert
        if read rate > 500 operations/s for 5 cycles then alert
        if write rate > 1 MB/s for 5 cycles then alert
        if write rate > 500 operations/s for 5 cycles then alert
        # Service Time is the time taken to complete a read or a write operation
        if service time > 100 milliseconds for 5 cycles then alert
    
  • New: We have also added disk i/o tests and metrics for each process. Available metrics depends on the platform. Example for Linux and MacOS (bytes-per-second metric):
    check process nginx matching "nginx"
        if disk read > 10 MB/s for 10 cycles then alert
        if disk write > 1 MB/s for 10 cycles then alert
    
    Example for AIX, DragonFlyBSD, FreeBSD, NetBSD, OpenBSD and Solaris (operations-per-second metric):
    check process mysql matching "mysqld"
        if disk read > 8192 operations/s for 10 cycles then alert
        if disk write > 4096 operations/s for 10 cycles then alert
    
  • New: You can now use NFS/CIFS/SSHFS/etc. connection strings as path for filesystem checks. Examples:
    check filesystem mynfs with path "192.168.1.123:/home/myuser"
    check filesystem mycifs with path "//192.168.1.123/documents"
    check filesystem mysshfs with path "myuser@192.168.1.123:/home/myuser"
    
  • New: Report filesystem type in status output
  • New: Extended existence test to not only test if an object does not exist, but also the inverse, to test if an object does exist. This can be used to test if a file exist when it should not as we do in this example:
    check file x with path /some/path/x
        if exist then alert
    
    In this example we do the opposite and alert if file 'x' does not exist:
    check file x with path /some/path/x
        if does not exist then alert
    
    In the latter case we do not need to write the test explicitely as it is added automatically (if no existence test exists) and we can just write:
    check file x with path /some/path/x
    
    The existence test is available for process, file, filesystem, fifo and directory checks. You can, for example, use this to test if a process that should not run, is running and stop it. In this example we remove all vmware processes from the system. (VMware is great, this is just an example):
    check process vmware matching "vmware"
        if exist then exec "/usr/bin/pkill -9 vmware"
    
  • New: You can now set the SSL/TLS version to be used by the Monit HTTP interface. The syntax follows the general SSL/TLS options settings, which was introduced in Monit 5.15. Example:
    set httpd port 2812
        with ssl {
           pemfile: /etc/ssl/certs/monit.pem
           version: TLSv12
        }
        allow admin:monit
    
  • New: Issue #509: It is now possible to set the SSL/TLS ciphers Monit's HTTP server should use. Example (using Monit's default ciphers string):
    set httpd port 2812
        with ssl {
            ciphers: "ALL:!DES:!3DES:!RC4:!aNULL:!LOW:!EXP:!IDEA:!MD5:@STRENGTH"
        }
    
  • New: The certificate minimum valid days test now triggers the timestamp event instead of connection event.
  • New: M/Monit: show MacOS version instead of Darwin kernel version.
  • New: Show textual representation of filesystem flags instead of numeric.
  • Fixed: Previous Monit versions may be unable to detect that a filesystem is not mounted if the mount point was used as a filesystem sub-path. Monit didn't require an exact match in the mount table and allowed a subdirectory or even a regular file to be used as the filesystem path. An exact mount point path is now required so Monit can check if the filesystem is mounted. This fix does not affect configuration for block/character device.
  • Fixed: Issue #488: Ping test could fail if the machine performs other ping tests with a small payload.
  • Fixed: Issue #543: Ping test could timeout prematurely on machines with heavy ICMP traffic.
  • Fixed: Issue #495: Position independent CSRF cookie value.
  • Fixed: Issue #496: Allow overriding the HTTP Accept header
  • Fixed: Issue #501: check program could fail if the parent service was not monitored on every cycle and multiple services depended on it.
  • Fixed: Issue #510: The global set ssl options had no effect on the Monit HTTP server. Now it does. You can also use a local set ssl statement with set httpd to override global ssl settings. This is useful, for example, to use different ciphers for the Monit HTTP server than those used with outbound network tests.
  • Fixed: Issue #515: Gzip compression could fail if the response body was empty and the zlib version was less than or equal to 1.2.3.
  • Fixed: Issue #537: Monit HTTP server would not start if no network interface was available
  • Fixed: Issue #547: If a file check is unmonitored or stopped, the file read position is now set to the end of the file if monitoring is enabled again. This ensures that Monit does not alert on file content that was added while the file was un-monitored.
  • Fixed: Issue #549: Mailserver on port 587 didn't work with STARTTLS.
  • Fixed: Issue #560: Monit could miss filesystem changed flags if those changes were triggered by the kernel.
  • Fixed: Monit HTTP GUI: Safari could fail to load the Monit status page over https.
  • Fixed: If a network connection timed out, Monit reported incorrect error: Resource temporarily unavailable.

Version 5.20.0

Released on Oct 21 2016
  • New: Added gzip compression support to the HTTP GUI.
  • New: Added gzip compression when communicating with M/Monit. Requires M/Monit 3.6.0 or later.
  • New: Issue #448: Added global set onreboot <start | nostart | laststate> statement which allows to set a default service startup policy (the default is onreboot start).
  • New: Added new timeout options to the set limits statement:
    programTimeout:    300 seconds # default timeout for check program
    stopTimeout:       30 seconds  # default timeout for service stop
    startTimeout:      30 seconds  # default timeout for service start
    restartTimeout:    30 seconds  # default timeout for service restart
    
  • New: The cpu, memory, swap, inode and space tests now allows using decimal values when testing percent usage.
  • New: Issue #457: Set the HOME environment variable when executing program as other user.
  • Fixed: CSRF vulnerability (CVE-2016-7067). This issue was reported to Monit by Adith Sudhakar.
  • Fixed: Monit HTTP: Also listen on IPv6 interfaces if no address is specified (Linux specific issue).
  • Fixed: Monit HTTP: Support CIDR mask 0 to explicit allow any IP-address (e.g. allow 0.0.0.0/0). Can be useful when testing Monit, but remember to remove in production.
  • Fixed: HTTP protocol tests can now connect to and test an IPv6 host.
  • Fixed: Support communicating with M/Monit over IPv6 (requires M/Monit 3.6.0 or later).
  • Fixed: Issue #438: Silently ignore empty directories when include /path/* is used.
  • Fixed: Issue #441: Incomplete logging of restart action.
  • Fixed: Issue #444: Send/Expect protocol test: The expect statement escape zero ('\0') which made the expect data shorter than expected when comparing.
  • Fixed: Issue #460: Added support for compiling with OpenSSL 1.1.0.
  • Fixed: Issue #467: Testing unixsocket failed if the socket was an UDP Unix socket.
  • Fixed: Issue #468: If a filesystem does not exist, Monit now triggers a nonexist event instead of a data event, so it is possible to override the default action using if does not exist then <action>.
  • Fixed: Issue #480: FreeBSD: Subtract ZFS ARC size from the system memory usage.
  • Fixed: Issue #486: Handle actions for services with [?&=/] characters in their name.
  • Fixed: Network check on Solaris 10.
  • Fixed: Monit HTTP: Set HTML page encoding to UTF-8 to support UTF-8 formatted check program output.
  • Fixed: If a check program test was disabled by a stop/unmonitor action, do not start the program again.

Version 5.19.0

Released on Aug 08 2016
  • New: Issue #421: Monit HTTP: support for IPv6 added.
  • New: Monit HTTP GUI: it is now possible to listen on both TCP and unix sockets. Previously this was mutually exclusive.
  • New: Issue #380: apache-status protocol test: Added support for Basic authentication with username and password. Example:
    if failed port 80 protocol apache-status username myuser password 123456
        loglimit > 10% or
        dnslimit < 50%
    then alert
    
  • New: Added Basic Authentication support to the HTTP protocol test. Example:
    if failed 
        port 80 
        protocol http username myuser password 123456 
    then alert
    
  • Fixed: Issue #379: A Linux system with lots of interrupts could disable Monit's process and system resource checks.
  • Fixed: Issue #388: Local alert did not override global set alert for the same recipient.
  • Fixed: Issue #393: Incorrect hostname in email alerts.
  • Fixed: Issue #396: Disable console colors if output (stdout) is not a terminal.
  • Fixed: Issue #400: Clarify network tests documentation.
  • Fixed: Issue #403: Do not require that the system's name is resolvable in DNS.
  • Fixed: Issue #420: Monit will now check a service on startup and then wait x cycles if every x cycles is used. Previously, Monit waited until x cycles had elapsed before checking
  • Fixed: Issue #431: Changed charset in emails to UTF-8. This makes it possible to localize alert messages in other languages than those supported by ISO Latin 1 which we used before.
  • Fixed: Return syntax error if send/expect is used with other protocol tests. This test is exclusive.
  • Fixed: Solaris: Subtract ZFS ARC size from the system memory usage, so monit can display memory used by applications (ZFS ARC will return memory to the system when needed).

Version 5.18.0

Released on May 26 2016
  • New: Monit console commands now output text in tables and in colors. Your terminal must support UTF-8 and colors. For best rendering of tables, we recommend using a fixed width font in your terminal such as Menlo for non-ascii fonts. Please see this FAQ entry to learn how to setup your console to support UTF-8 character encoding.
    If you would like to disable colors and tables, use the -B command-line switch to Monit or add set terminal batch in the Monit configuration file.
  • New: Issue #340: A new CLI command was added for succinct reporting and to make it easy to query Monit from scripts: monit report [options]. Without option, prints a short overview of the state of all services managed by Monit:
    $ monit report
    up:            11 (39.3%)
    down:          16 (57.1%)
    initialising:   0 (0.0%)
    unmonitored:    1 (3.6%)
    total:         28 services
    
    With option, prints the number of services in that state. This can be used in a script as follows:
    $ u=$(monit report up)
    $ d=$(monit report down)
    $ t=$(monit report total)
    $ echo "${u} up, ${d} down of total ${t} services"
    56 up, 1 down of total 57 services
    
  • New: Issue #344: Environment variable MONIT_SERVICE was added to check program scripts. The variable contains the name of the service (from monitrc) for which the program is executed.
  • New: A new onreboot statement was added for controlling how individual services startup on reboot.
    check process apache with pidfile /var/run/httpd.pid
          onreboot laststate
          start program = ...
    
    The following modes are supported:
    start
    Always start the service automatically after reboot. This is the default mode
    nostart
    Never start the service automatically after reboot
    laststate
    Persistent service state across reboot, i.e. a service stopped before reboot will remain stopped after reboot
    Thanks to Guillaume François for suggesting the onreboot name and mode names.
  • New: The old mode statement is reduced to active and passive. Where active mode provides automatic restart of service on error, while passive does not, and only provide alerts. Active mode is the default mode. The third mode, manual, is deprecated and replaced by onreboot laststate. The manual mode is still supported for backward compatibility.
  • New: Test for checking system uptime. Can be used to test the uptime of the system (boot time) and perform an action. Example:
    check system $HOST
        if uptime > 180 days then alert
    
  • New: Added >= and <= as operators for use in comparison tests.
  • New: All errors will be listed if a service has multiple errors. Previously, Monit displayed only the last error.
  • Fixed: Added missing mode statement support to system, status and network checks.
  • Fixed: If a check program script or a start,stop or restart program timed out, monit would kill it, but leave a zombie behind. Thanks to Guillem Jover for patch.
  • Fixed: Issue #166: In the Web-interface, the system status page has new entries for system boot time and monit uptime. Console commands also display the uptime of the Monit server. Removed the confusing monit's own uptime from the start page.
  • Fixed: Issue #335: The send/expect test now provides context of the failed pattern in the error message.
  • Fixed: Issue #336: check program timeout parsing issue with as uid
  • Fixed: Issue #350: If a check program used the every statement, the evaluation of the exit value was deferred until the next cycle which matched the every-statement. Monit now collects the exit value on the next cycle and kills the program if timed out.
  • Fixed: Issue #351: Duplicate allow statements was seen by Monit as an error and Monit refused to start. Monit now emits a warning instead.
  • Fixed: Issue #354: If the event queue directory hold other files (like monit state file), monit will not log this as an error anymore. Just a warning when debug mode is enabled.
  • Fixed: Issue #358: Drop the last started output for check program. It could be confused with the time when the service itself was started. The data collected timestamp provides the same information and is more clear.
  • Fixed: Issue #360: Improved include files recursive loop detection which was introduced in the fix for issue #270. This had the unwanted side-effect that templates files with common config fragments could only be included once.
  • Fixed: Issue #367: When a process was restarted, monit showed the process as running, but no process info, such as PID, was displayed until the service was validated.
  • Fixed: Issue #370: Support greetings up to 512 characters for the IMAP protocol test.
  • Fixed: Issue #372: In the GUI, show full path, including arguments, for programs used by check program.
  • Fixed: If the pattern based process check finds multiple matching processes, it will now select the process with the highest uptime (oldest). Previously the first matching process was selected.
  • Fixed: RPM package template.

Version 5.17.1

Released on March 7 2016
  • Fixed: Issue #331: Monit crashed when trying to deliver alert by mail if monit set alert was configured, but the set mail-format statement was missing (regression in Monit 5.17).

Version 5.17.0

Released on March 3 2016
  • New: Extended the SMTP protocol test to support STARTTLS in addition to SMTPS. Thanks to Robert Nelson for initial patch. Example:
    if failed port 25 protocol smtps then alert
  • New: The SMTP protocol test can now, optionally, perform authentication during testing. Just add username and password if you want to test that authentication also works. We recommend using smtps if authentication is to be performed to encrypt the communication. Example:
    if failed
       port 25
       protocol smtps
       username user
       password secret
    then alert
    
  • New: Issue #271: Support extended e-mail format when specyfing from and reply-to addresses. That is, instead of just the email address you can also specify the name of the user. The sender's name is optional, but if used, requires that the subsequent email-address is enclosed in brackets as in this example:
    set mail-format {
        from: "Number Six" <monit@$HOST>
        reply-to: support@domain.com
    }
    
  • New: Issue #330: A new environment variable MONIT_PROGRAM_STATUS was added to check program to allow scripts called from exec to access the check programs last exit status.
  • Fixed: Issue #270: The include statement now check if a file has already been included to prevent circular or recursive inclusion of files.
  • Fixed: Issue #278: Reinitialize supplementary user groups in an exec action when executing as a different user.
  • Fixed: Issue #316: The value in if changed checksum and if changed timestamp has been made persistent across Monit restart/reload. If the value changes while Monit is stopped, Monit will now notice. Thanks to Duke Bartholomew for fix.
  • Fixed: Related to Issue #316 above, we now also save file size, filesystem flags, file/directory/fifo/filesystem permissions, network link speed so the last known values will be persistent and if changed tests will work as expected across a Monit restart/reload.
  • Fixed: Issue #318: favicon did not display properly in the Browser when Monit was behind a reverse HTTP proxy.
  • Fixed: Issue #327: Monit CLI actions like monit monitor all could fail if you had more than ~ 50 services in your config file.
  • Fixed: Issue #329: The send/expect protocol test returned error if the target server sent more data than the buffer limit.
  • Fixed: On 32-bit platforms with more then 4GB of RAM, Monit reported incorrect system and swap memory values (regression in Monit 5.16).
  • Fixed: Save state on exit when monit is executed in non-deamon mode.

Version 5.16.0

Released on February 4 2016
  • New: Added a new statement for overriding default limits used by Monit. In most situations the default values are fine, but if needed, below are the limits you can currently modify in Monit. For more details, see the Limits section in the Monit manual.
    set limits {
        programOutput:     512 B,    # program's output limit
        sendExpectBuffer:  256 B,    # limit for send/expect protocol test
        fileContentBuffer: 512 B,    # limit for file content test (line)
        httpContentBuffer: 1 MB,     # limit for HTTP content test
        networkTimeout:    5 seconds # timeout for network I/O
    }
    
  • New: Issue #276: Allow specific source address for port and ping tests. Example:
    if failed ping via address "192.168.1.10" then alert
    if failed port 80 via address "192.168.1.10" then alert
    
  • New: Issue #205: Enhanced process check with a new thread counts test. Example:
    if threads > 21 then alert
  • New: Issue #280: Timestamp tests now reports both the old and the new (changed) timestamp in alerts.
  • New: Issue #299: Show the last output of the program check when running monit status from the console.
  • New: Issue #275: monit --version now shows the compile-time features that were enabled at build time.
  • New: Issue #282: Added support for setting a custom URL path with apache-status protocol test.
  • New: Changed responsetime for port and unixsocket tests to microseconds precision.
  • New: The syntax for file content test was changed from
    IF [NOT] MATCH <pattern>
    to
    IF CONTENT < "=" | "!=" > <pattern>
    The old syntax is deprecated, but still supported for backward compatibility.
  • New: Added support for DragonFly BSD. Thanks to Daniel Bilik.
  • Fixed: Issue #230: In short: You can now check a process' CPU usage in a more natural way as a percentage between 0-100 on a multi-core system. For instance, to check if a single-threaded application like node.js has gotten stuck on 100% CPU,
    if cpu usage = 100% for 2 cycles then alert
    In detail: Calculating a process CPU usage has been normalised to take into account the number of threads in use by the process. Previously Monit calculated process CPU usage as a fraction over available CPU cores. For instance, if you wanted to check if a single-threaded application used 100% CPU you had to check for 25% CPU utilization on a 4 core machine (100/4). Likewise, in top terminology, a multi-threaded application could use up to 400% CPU on the same machine. Monit now calculates CPU usage based on number of threads vs. available CPU cores. If a process has one thread, 100% CPU usage is the same as 100% utilization of one CPU core. If it has 2 threads, 100% CPU usage is reported when it uses 2 CPU cores 100%, etc. If a process has more threads than the machine's available CPU cores then 100% CPU usage corresponds to the utilization of all available CPU cores.
  • Fixed: The exec action is now executed only once on state change, the same way as the alert action. The new repeat option can be used to repeat the exec action after a given number of cycles if the error persists. Syntax:
    if <test> then exec <script> [repeat every [x] cycle(s)]
    
    If you want the old behaviour, use "repeat every cycle". Example:
    if failed port 1234 then exec "/usr/bin/myscript.sh" repeat every cycle
    
  • Fixed: The HTTP protocol-test now uses HEAD instead of GET if no content check is set. That is, if you only want to test the response status for a given URL and not the content of the response. This should make the test faster and save bandwidth.
  • Fixed: OS X 10.11; re-introduced process cpu and memory usage statistics. This was disabled in Monit 5.15 as the System Integrity Protection (SIP) scheme introduced in OS X 10.11 prevented the statistics collector code in Monit from working. We've found a work-around and have modified Monit to work with SIP.
  • Fixed: When the Monit daemon is running, the console command monit validate will now pass the command through to the Monit daemon instead of running the command itself in its own context. This ensures that the run-time state of services are respected when the command is issued.
  • Fixed: An issue (#60) where the process match check could report false positives.
  • Fixed: An issue (#214) where Monit could use the CPU a bit more than we liked when performing process match check. We now cache the PID on first-run which makes Monit low on CPU usage also when scanning for mathing processes on the system.
  • Fixed: Issue #279: monit status displayed a file's timestamp in kilobytes
  • Fixed: Issue #283: Monitor and unmonitor events falsely described the monitor/unmonitor action as failed even though it succeeded.
  • Fixed: Issue #285: Compilation of Monit on Linux with musl libc library.
  • Fixed: Issue #288: The exit value when running monit status or monit summary is now properly set to 1 if an error occurs.
  • Fixed: Issue #289: Document the start delay option in the Monit manual.
  • Fixed: Issue #293: monit commands with a service group option will now return an error if the group does not exist.
  • Fixed: Issue #303: Support more then 511 characters in file content match test. See also the Limits section in the Monit manual.
  • Fixed: Issue #305: Do not set the port number in HTTP Host header for https URL scheme (port 443).
  • Fixed: Issue #308: The send/expect protocol test could not handle a response that started with a high end byte (>0x7F). Thanks to Robert Nelson for fix.
  • Fixed: Issue #309: AIX: Check process via pattern was limited to 80 characters.
  • Fixed: Issue #310: Linux LXC container connection and ping tests showed a failure.
  • Fixed: Issue #315: If file, filesystem, directory or fifo tests triggered an unmonitor, stop or restart action, the tests which followed could fail as the collected data were reset to zero during unmonitor/stop/restart. The status also showed wrong values for uid, gid, permission and timestamp during that cycle.
  • Fixed: If restart was used with if changed checksum, the test did not update to the new checksum in which case subsequent cycles would always fail the test.
  • Fixed: Emit a warning if the monit configuration file contains a directive for including a non-existing file.
  • Fixed: Do not wait unecessary for process start if start/restart failed.
  • Fixed: The ping test could freeze Monit for some time if the target host was down.
  • Fixed: To prevent timing attack when performing authentication, Monit now uses a constant time string comparison function. Thanks to Noah Kantrowitz for report.
  • Fixed: If the port test was skipped (while the process is starting), mark the state as init. Previously monit status was set to connection error.
  • Fixed: AIX per-process CPU usage statistics.
  • Note: The maximum length of password and hashes used in Monit for authentication have been limited to 64 characters. This is a side-effect of Monit switching to use a constant time string comparison function when performing authentication.
  • Note: The default limit for program output has been changed from 1kB to 512B. You can override this limit if needed, using the new set limits statement.

Version 5.15.0

Released on October 22 2015
  • New: Added a statement for setting global or local SSL/TLS options. For more details, see the SSL Options section in the Monit manual. Syntax:
    set ssl options {
            verify:            <enable|disable>
            selfsigned:        <allow|reject>
            version:           <auto|sslv2|sslv3|tlsv1|tlsv11|tlsv12>
            clientpemfile:     <path>
            cacertificatefile: <path>
            cacertificatepath: <path>
    }
    
  • New: Added option to verify SSL server certificates. This was not available in previous Monit versions. Verifying server certificate is off by default for backward compatibility. Self-signed certificates are also not trusted by default and you have to explicitly allow them if you want to trust them. Here is an example which enable server certificate verification and allow self-signed certificates for all SSL connections made through Monit:
    set ssl options {
        verify: enable
        selfsigned: allow
    }
    
  • New: Support SSL client certificate authentication for SSL connections. Example:
    set ssl option {clientpemfile: /etc/ssl/myclient.pem}
  • New: To just connect using SSL/TLS without specifying a protocol, you can now use SSL instead of the former type TCPSSL statement (which is deprecated). Syntax:
    [using] <SSL>
    Example:
    if failed port 9999 using ssl {selfsigned: allow} then alert
  • New: SSL certificate expiration test. Monit can send an alert if the SSL certificate is about to expire within a given number of days. This can be used to get a notification when it is time to renew your SSL certificate. Syntax:
    CERTIFICATE VALID > number DAY(S)
    Example:
    if failed
       port 443
       protocol https
       and certificate valid > 30 days
    then alert
    
  • New: Extended SSL certificate fingerprint (checksum) test with the SHA1 hash type in addition to the existing MD5 test. The checksum statement will automatically determine the cipher to use based on the hash string length, but if you prefer, you can explicit use the MD5 or SHA1 keyword for self-documenting purposes. The checksum syntax has changed to become more general and the previous certmd5 statement, although still supported, is now deprecated. You can optionally use the equal or the = operator to make the statement more verbose. The certificate checksum test is also supported in the set mmonit and set mailserver context. Syntax:
    CERTIFICATE CHECKSUM [MD5 | SHA1] [= | equal] <hash>
    Example:
    if failed
       port 443
       protocol https
       and certificate checksum = "1ED948A6F4258ACAB964227EF4EB19FCC453B0F8"
    then alert
    
  • New: Extended the ping test to optionally allow setting a packet size (default is 64 bytes):
    if failed ping size 256 then alert
    
  • New: The ping tests now report network response time in milliseconds rather than in seconds.
  • New: PAM and SSL support are now optional when building Monit RPM. Default is with
    rpmbuild -tb monit-5.15.tar.gz --without-pam --without-ssl
    
  • Fixed: Issue #233: The File content match test will move the read-cursor to the end of the file the first time a file is added to Monit.
  • Fixed: Issue #231: Support for OpenSSL 0.9.8
  • Fixed: Issue #228: Abbreviated file permission error message (otherwise the message, which was rather long, could get truncated in logs and become unintelligible).
  • Fixed: Issue #241: Only add the User-Agent HTTP header if it is not already set. Also allow single quotes in addition to double quotes around header values.
  • Fixed: Issue #221: If a check host statement contains no if-tests, emit a more comprehensible error message.
  • Fixed: Issue #223: Do not log "Error reading pid from ..." for non-process checks on stop/restart.
  • Fixed: Issue #226: Monit could freeze for a period when performing a ping test.
  • Fixed: Issue #248: Do not cascade start action to dependant services if only parent start was requested.
  • Fixed: Issue #249: Implement hard dependency between services. If a service depends on another service, it will not start until the parent service check returns no errors. For example, if Apache depends on MySQL, Monit will not start Apache until MySQL is confirmed up and running and passes all its tests. Previously, Monit would start MySQL, but not wait for MySQL to be confirmed up and running before it started Apache.
  • Fixed: Issue #254: The HTTP protocol test paused Monit for a few seconds if a content match test was used and the server sent a response using chunked encoding.
  • Fixed: Issue #255: Monit no longer exit if it fails to fork. This is debatable, but for Monit's use-case we think it is better to try and continue.
  • Fixed: Issue #261: Monit leaked file descriptors if program execution failed. Don't forget the shebang #! at the beginning of your script
  • Fixed: Issue #264: Monit stopped on reload if the control file did not end with an empty newline.
  • Fixed: Issue #266: With OS X El Capitan, Apple introduced a new System Integrity Protection policy (SIP) which, among other things, block the system call, task_for_pid. We now check to see if SIP is enabled and if it is, we do not call task_for_pid so as not to unnecessary fill system logs with errors. This also means that Monit, on El Capitan, can no longer check a process memory and CPU usage as task_for_pid was needed to get this information.
  • Fixed: Issue #267: Executing a command with a timeout larger than 2147 seconds would fail on 32-bit systems.
  • Fixed: Mask out SSLv3_client_method() in case SSLv3 support is not available
  • Fixed: SSL SNI is optional, so do not log as error if not supported by server
  • Fixed: SSL client certificate authentication with Monit's HTTP interface
  • Fixed: Access to resources via secondary group membership when executing a program with a different UID
  • Fixed: Slow start/stop/restart/monitor/unmonitor actions on FreeBSD

Version 5.14.0

Released on 9 June 2015
  • New: Enable HTTP Strict Transport Security (HSTS), ECDH ciphers and disable IDEA ciphers on Monit HTTP interface if TLS/SSL is used.
  • New: Simpler system-wide cpu usage test (total of user%, system%, wait%). Example:
    if cpu usage > 99% then alert
  • New: Issue #202: Added options for the command-line commands monit status and monit summary to only print status for a named service or a named service group. For example, to only print the status of the apache service:
    monit status apache
    Likewise, to only print the status of services in the www group:
    monit -g www status
    Printing the status of all services is the same as before:
    monit status
  • New: Issue #208: Log client address in case of HTTP request errors
  • New: Issue #206: Report Monit version in the start/stop (instance) message
  • Fixed: Issue #98: MySQL test might produce "HOST blocked because of too many connection errors". To solve this problem, the MySQL protocol test in Monit had to be re-implemented to authenticate proper with MySQL. By default, we attempt an anonymous login, using an empty username. That is, if the check only specify protocol mysql, Monit will attempt an anonymous login to MySQL
    if failed port 3306 protocol mysql then alert
    This might or might not generate an error entry in your MySQL log file depending on your server configuration. Because the new protocol test supports MySQL authentication, you can silence such errors by login proper to the MySQL server. To do so, you will need to specify a username and a password (in clear-text) which Monit can use.
    if failed 
        port 3306 
        protocol mysql username myuser password mypassword
    then alert
    The new MySQL protocol test in Monit is now a small and almost a general MySQL client in itself. This means that future releases of Monit can expand on this and execute user defined queries and check the result, or check key performance numbers from MySQL such as slow queries etc.

Version 5.13.0

Released on 5 May 2015
  • New: Issue #187: Added support for free space and free inodes monitoring as an inverse alternative to current space/inodes consumption monitoring. Both forms, with absolute number of bytes and with percent are supported. For example, to check and alert if a filesystem has less than 10GB left or less than 5% of free space left:
    if space free < 10 GB then alert
    
    if space free < 5% then alert
    
  • New: Issue #190: Added support for Server Name Indication to support testing connection to name based virtual SSL servers.
  • Security: SSL/TLS compression has been disabled, as well as RC4 and DES ciphers.
  • Fixed: Monit will no longer try to check hostnames on start-up to start faster, in case DNS is not available at start time.
  • Fixed: Filesystem uid, gid and permission as reported by monit status command.
  • Fixed: Issue #179: If the monit CLI command failed, the error description could contain HTML in addition to plaintext.
  • Fixed: Issue #186: RPM will now preserve an existing monitrc configuration file on update.
  • Fixed: Issue #188: OS X system memory usage statistics included wrongly inactive memory (i.e. memory that is available for reuse).
  • Fixed: FreeBSD, OpenBSD, NetBSD: System memory usage statistics did not include the wired part (kernel memory).

Version 5.12.2

Released on 23 March 2015
  • Fixed: Issue #169: Monit could freeze if an error occurred during SSL read or write.
  • Fixed: Issue #170: If Monit was started with the HTTP interface disabled, the CLI could crashed when executing a command.
  • Fixed: Network check: support for IP alias [Linux and Solaris]

Version 5.12.1

Released on 9 March 2015
  • New: allow selecting IPv4 or IPv6 explicit for port and ping tests. If a host name is used instead of an IP-address and the host name resolve to more than one IP-address, Monit will try to connect to the first available address (be it IPv4 or IPv6). If the connection fails, Monit will try the next address and so on until a connection succeed or until there are no more addresses left to try. Likewise, if the machine supports both IPv4 and IPv6, the system will return at least two addresses for the host, respectively. If you wish to only test one IP-protocol or both, you can now specify this.
    Ping examples:
    check host example.com with address example.com
          if failed ping  then alert  # IPv4 or IPv6
          if failed ping4 then alert  # IPv4 only
          if failed ping6 then alert  # IPv6 only
    
    Port examples:
    check host example.com with address example.com
          if failed port 22      then alert  # IPv4 or IPv6
          if failed port 22 ipv4 then alert  # IPv4 only
          if failed port 22 ipv6 then alert  # IPv6 only
    
  • Fixed: Issue #154: The Upstart script needed to stop Monit earlier in the shutdown sequence when the system stops to prevent a possible race conditions [Linux]
  • Fixed: Issue #155: Monit may crash if the hostname of the system failed to resolve.
  • Fixed: Issue #157: UDP connection test could fail on a dual-stack host (IPv4 and IPv6) if the UDP service listens on IPv4 only.
  • Fixed: Issue #161: Only show first line of program output in the Monit dashboard.
  • Fixed: Monit skipped the connection test if no start program was specified.

Version 5.12.0

Released on 25 February 2015
  • New: Support for IPv6 hosts testing. Example:
    check host example.host with address "2001:db8::1234"
            if failed ping then alert
            if failed port 80 then alert
    
  • New: Issue #133 Monit HTTP interface now supports Unix Socket as an alternative to TCP port for easier deployment on virtualization platforms which share the IP address for containers, such as Docker. Thanks to Alberto Miorin for suggesting this feature. Example:
    set httpd
            unixsocket /var/run/monit.sock
            allow user:password
    
  • New: The space usage test now ignore reserved blocks. Previously, Monit excluded reserved blocks from the free space, so it reported 100% usage as soon as all non-super user accessible blocks were allocated, whereas the filesystem may still have some space available for root user (usually 1-5%). The space usage test value will now match the output of utilities like df.
  • New: File permission change test added. Thanks to Ulrich Windl for suggesting this feature. Syntax:
    if changed permission then ACTION
    
  • New: Support for multiple existence tests (in process, file, directory and fifo check contexts):
    if does not exist then alert
    if does not exist 3 times in 5 cycles then stop
    
  • New: Support for multiple fsflag tests (in filesystem check context):
    if changed fsflags then alert
    if changed fsflags for 10 cycles then exec "/usr/bin/script.sh"
    
  • New: Monit's HTTP interface now provides even more details about failed HTTP requests
  • Fixed: Issue #142: Fix speed monitoring for 10Gb/s+ interfaces [Linux]
  • Fixed: Issue #147: Network total upload and download values could be invalid for certain time frames. Thanks to Jochen Ott for report and analysis.
  • Fixed: Issue #138: Handle Network counter wraps on 32-bit systems [Linux, FreeBSD, OS X]. Thanks to Lonnie Abelbeck for reporting and investigating this issue.
  • Fixed: Monitoring of bonded network interfaces [Linux]. Thanks to Rachid El Mousaoui for reporting this issue.
  • Fixed: Network change test could trigger false link capacity (4294967295 Mb/s) and duplex (half-duplex) events [Linux]
  • Fixed: Display the network link capacity as N/A in Monit's HTTP interface if the link type has no capacity property. Thanks to Ulrich Windl for suggestion.
  • Fixed: The connection test now tries to connect to all IP addresses in succession if a hostname was used and it resolves to multiple IP addresses. The connection test will only fail if connecting to all addresses failed.
  • Fixed: Issue #143: The ping test may block longer than timeout and the value reported was in milliseconds rather than in seconds. Thanks to Vlad Glagolev for reporting this issue.
  • Fixed: Issue #144: Mask frames per RFC-6455 in the WebSocket protocol test
  • Fixed: Issue #146: Monit would not start if the checksum test was used for a non-existing file. Thanks to Aaron Echols for reporting this issue.
  • Fixed: Issue #150: The pattern based process check may not match if the command line is longer than 1024 characters [Linux]. We now test up to 4Kb. If this is not enough, please consider your regular expression or investigate if you maybe can use a shorter command line to start your process. Thanks to Grzegorz Dubicki for reporting this issue.
  • Fixed: Issue #152: Prevent exceeding the event queue quota. Thanks to Pawel Burdzy for report and analysis.
  • Fixed: The "monit validate" command now returns exit value 1 only if an error was detected, otherwise 0
  • Fixed: Correct Monit's uptime report if system time jumped. Thanks to Rory Toma for reporting this issue.
  • Fixed: Plus many other small fixes

Version 5.11.0

Released on 23 December 2014
  • New: Monit now supports monitoring of network interfaces. Such as if the interface is up or down, capacity changes, saturation, current upload and download bandwidth usage and total data transfers within the last 24 hours. The following example list the tests that can be utilized. The manual has more information and here are some slides (use right arrow-key).
    check network eth0 with interface eth0
          if failed link then restart
          if changed link then alert
          if saturation > 80% then alert
          if upload > 500 kB/s then alert
          if download > 1 MB/s then alert
          if upload > 1000 packets/s then alert
          if download > 1000 packets/s then alert
          if total upload > 1 GB in last hour then alert
          if total download > 100 GB in last 5 hours then alert
    
  • New: Sieve protocol test implemented. Usage:
    if failed port 2000 protocol sieve then alert
    
  • New: The PID and PPID change tests are no longer implicit and automatically executed. These tests are used to test if a Process ID was changed for a monitored process outside of Monit's control. If you want to test for process PID/PPID changes, you must now add this test explicit. The reason is so you do not get an alert for PID changes unless you ask for them.
    if changed pid then alert
    if changed ppid then alert
    
  • New: Multiple PID and PPID tests can now be used. Example:
    if changed PID then alert
    if changed PID 3 times in 5 cycles then stop
    
  • Fixed: If the not every <cron> option matched, the test was skipped only once per minute.
  • Fixed: If ping is not allowed (insufficient permissions), display value as N/A instead of negative response time.
  • Fixed: Issue #114: If the the test is on hold due to the every option schedule, display last status instead of Waiting.
  • Fixed: Issue #115: The CLI/GUI reported port timeout value in milliseconds instead of seconds.
  • Fixed: Issue #136: changed memory kilobytes total title to memory total as the unit is dynamic since Monit 5.9.
  • Fixed: OpenBSD: don't narrow the 64-bit time_t on 32-bit build (Y2038 problem).

Version 5.10.0

Released on 29 October 2014
  • New: Redis protocol test added. The following example demonstrate how to ping and test if a Redis server is up and running and alert if it is not
    check host redis.host with address 192.168.0.23
          if failed port 6379 protocol redis then alert
  • New: MongoDB protocol test added. Configuration example to ping and test if a MongoDB server is up and running and alert if it is not
    check host mongo.host with address 192.168.0.24
          if failed port 27017 protocol mongodb then alert
  • New: Changes due to vulnerabilities in SSLv2 and SSLv3. See CVE-2014-3566 aka "POODLE". Monit HTTP GUI with SSL enabled no longer allows SSLv2 and SSLv3 methods, only TLS methods are supported. Likewise, SSL connection tests in SSLAUTO mode (default) will only use TLS. You can still use SSLv2 or SSLv3 to test old servers, but you will explicitly need to select the vulnerable SSL version using type tcpssl SSLV2 or type tcpssl SSLV3.
  • Fixed: Issue #101: Manual-mode monitored services state may not be restored if the monitoring state was changed by user right before the system died.
  • Fixed: Issue #104: Keep umask Monit was started with when executing start/stop/restart programs, check programs and creating files.
  • Fixed: Issue #107: Support multi-line response in the LMTP protocol test.
  • Fixed: Support TLSv1.1 and TLSv1.2 when FIPS is enabled.

Version 5.9.0

Released on 23 Sep 2014
  • New: Output from your check program script is now displayed in Monit’s UI. In the dashboard, only the first line is displayed. In the service details page, up to 1kB is displayed and if output goes over several lines, a mono-spaced font is used to retain formatting.
  • New: Aggregate and use human friendly units for memory, swap and space usage values in the User Interface. Instead of displaying 2097152 bytes we now display 2MB etc.
  • New: Support monitoring of filesystems by generic device strings such as sshfs on Linux or ZFS filesystems on Solaris. Monit config example
    check filesystem transmit with path "TransmitFS/sftp#02C13FCA"
          if space usage > 80% then alert
  • New: You can now send HTTP headers with the HTTP protocol test. The syntax is http headers [name:value, name:value,..] where each name:value pair is separated with ','. The statement must come before the request statement. This statement can be used to send any HTTP header, for instance, a cookie or a host header. In a check host context, using this statement might look like
    check host mmonit.com with address mmonit.com
      if failed
         port 80 protocol http
         with http headers [host: mmonit.com, Cache-Control: no-cache, 
              Cookie: csrftoken=nj1bI3CnMCaiNv4beqo8ZaCfAQQvpgLH]
         and request /monit/ with content = "Monit [0-9.]+"
      then alert
    This statement deprecate the old hostheader statement, which was used to only set the HTTP host header
  • New: Program check now supports exit status change monitoring. Syntax
    check program foobar with path /usr/local/myscript.sh
          if changed status then alert
    This is useful if the actual exit status is not important, just that it changed. For instance if your program implements some kind of "state-machine" and changes the exit status for each new step and you want to get an alert when this happens.
  • New: Added option to run check program as a different user and/or group. To change uid or gid, Monit must run as root. Config example:
    check program ls with path "/bin/ls -lrt /tmp" as uid "www"
          if status != 0 then alert
  • New: Changed name of ICMP ECHO statement to Ping which is the more common name used for a network ping. To ping a host you can simply write
    check host mmonit.com with address mmonit.com
          if failed ping then alert
  • New: Simplified HTTP and SMTP protocol test with SSL. Instead of writing
    if failed
       port 443 with type TCPSSL tlsv1 protocol http
    then alert
    You can now write
    if failed
       port 443 with protocol https
    then alert
    The SSL version is auto-detected. The old statement can still be used if SSL version needs to be specified.
  • Fixed: Issue #59, Issue #88: Some systems with upstart (e.g. RHEL/CentOS) had problems with Monit's restart action which consists of a stop/start sequence. Monit now waits synchronously for the process to exit on stop and for the process to start on start
  • Fixed: Issue #54: MySQL protocol test. Anonymous login is no longer attempted so the MySQL server does not log a failed login attempt if anonymous login is turned off (recommended).
  • Fixed: Issue #64: Resets counter once a service has successfully restarted
  • New: Issue #84. You can now test for '\0' in an expect string. We escape '\0' as "\0", that is, a '\' followed by the ASCII value for 0 (48). For instance, here is how to test for an expect string that starts with NUL followed by any number of characters: expect "^[\\]0.*".
  • Fixed: Issue #55: Only run cron style checks once per minute. Minute is the lowest resolution in the cron string, but if poll-cycle time is lower than one minute the check could run several times in a minute
  • Fixed: Issue #78: Include open slots in Apache status check calculations
  • Fixed: Issue #57: Inode usage check and space usage check now show correct result for large filesystems on 32-bit platforms.
  • Fixed: Issue #70: Removed newline in Monit's $ENV strings
  • Fixed: Issue #72: Monit no longer requires a start, stop or restart program defined for a check.
  • Fixed: P.R. #17: Bug fix, missing "check file" target files result in error "Invalid checksum" sha1 has a string length of 40. Thanks to Michael Schenck.
  • Fixed: P.R. #18: Add missing space in the timeout text in UI. Thanks to Christian Rinjes.
  • Fixed: Issue #71: Subtract SLAB reclaimable memory from the system memory usage on Linux
  • Fixed: Support TLSv1.1 and TLSv1.2 in "set mailserver"
  • Fixed: Sporadic "PPID changed from 0 to ..." alert after process restart
  • Fixed: PID/PPID changed events were sometimes triggered after program restart
  • Fixed: Linux: filesystem space usage on some network based filesystems such as sshfs
  • Fixed: Automatically reload Monit if ID was reset using --resetid CLI option. If Monit's ID file is missing on Monit quit it is no longer recreated with current runtime ID. This allow resetting Monit's ID without having to stop Monit first.
  • Fixed: Improved speed of send/expect protocol test
  • Fixed: Fixed SMTP protocol test to check the response code

Version 5.8.1

Released on 12 May 2014
  • Fixed: Monit XML may be invalid if port check with custom HTTP protocol request contains ampersand. Thanks to Markus Juenemann for report.
  • Fixed: Monit 5.8 added extra socket poll time which showed up as plus ~ 0.5 sec in M/Monit's port response charts. This release removes this extra poll time which is not needed.
  • Fixed: If the process is not running, do not call stop program during restart (back to Monit 5.6 behavior).
  • Fixed: Do graceful TCP close for TCP/UDP port test instead of RST.
  • Fixed: Fix the "start/stop/restart program not defined" error for non-process service types.
  • Fixed: FreeBSD jail system memory usage report.
  • Fixed: Monit 5.8 crash (issue #37)

Version 5.8.0

Released on 27 Mar 2014
  • New: Monit previously purged the environment so sub-processes started by Monit only had a spartan PATH set and no other environment variables to speak off. The rationale for this functionality was security and control over the path and other env variables. Unfortunately, this created a lot of problems when programs or scripts started by Monit depended on env. vars. With this release Monit no longer purge the environment before starting a new processes. Instead, the environment Monit had at startup is made available to sub-processes
  • New: Command line option to view Monit ID -i/--id
  • New: Command line option to reset Monit ID -r/--resetid
  • New: Client support for using TLS version 1.1 and 1.2. A recent 1.x version of OpenSSL is required and of course that the server speaks this TLS version. At this time, not many does. Example:
    if failed 
       port 443 with type TCPSSL tlsv11 
       protocol http
    then alert
  • New: Process UID, EUID and GID tests. Allows to test if the process is running as a given user. Example:
    check process syslog with pidfile /var/run/rsyslogd.pid
          if failed uid  "syslog" then alert
          if failed euid "syslog" then alert
          if failed gid  "syslog" then alert
  • New: WebSocket protocol test for testing web-socket servers. Example:
    check host websocket.org with address "echo.websocket.org"
          if failed 
             port 80 protocol websocket
             host "echo.websocket.org"
             request "/"
             origin "http://www.websocket.com"
             version 13
          then alert
  • New: Simplified HTTP protocol test to allow testing content without creating an URL object. It is now possible to write in a more natural way,
    check host mmonit.com with address mmonit.com
          if failed 
             port 80 protocol http
             and request /monit/ with content = "Monit [0-9.]+"
          then alert
  • New: The HTTP protocol test now support testing HTTP status code returned by the server by using status <operator> <number>
    if failed 
       port 80 protocol http
       and status < 400
    then alert
    Inverse test. Return error if a page does exist:
    if failed 
       port 80 protocol http
       request "/some/page"
       status = 404
    then alert
  • Fixed: Cleaned up, restructured and simplified the Monit manual.
  • Fixed: Unix Socket test now use the communication type (TCP or UDP) specified in port statement. Previously TCP was always used.
  • Fixed: Improved test to check if a socket was connected. Since we use non-blocking connect, we now poll a few ms to avoid "connection failed, XXX is not ready for i|o" errors which could occur, especially on high latency networks or long distance connect.
  • Fixed: Simplified if-statements reported in UI
  • Fixed: Ignore lines starting with '#' in an 'allow htpasswd' file. Thanks to Michael Bakker for reporting this issue
  • Fixed: Show service restart program on Monit startup in debug mode. Thanks to Michael Bakker for reporting this issue

Version 5.7.0

Released on 20 Feb 2014
  • New: Merged pull-request from Philippe Kueck:
    1. Handle sockets (unix domain) as regular files when checking timestamp
    2. Use mysql 4.1 protocol in MySQL check, required for checking mysql-proxy
    3. Skip connection checks during startup timeout
  • New: Arguments added to 'check program'. Arguments are whitespace separated strings. For instance:
    check program list-files with path "/bin/ls -l -r -t /tmp" 
          if status != 0 then alert
  • New: Implemented restart as an optional service action. When Monit is called to restart a service, it previously called the stop program registered with the service and then the start program. Now, if a restart program is registered with the service, this will be called instead, otherwise Monit falls back to its old behavior. Example:
    check process apache with pidfile /var/run/httpd.pid
          start   = "/usr/sbin/apachectl start"
          stop    = "/usr/sbin/apachectl stop"
          restart = "/usr/sbin/apachectl restart" <- New
  • New: Improved communication with M/Monit. Thanks to Hippo Lin. For scalability purpose, this Monit version should only be used with M/Monit version 3.1 or later.
  • Fixed: Monit could stop due to an assert if an error occurred during MTA connection close
  • Fixed: Make the Memcache protocol test faster
  • Fixed: Solaris zone: fix system memory usage report
  • Fixed: Use SSL chiper list with server instead of relying on default