#;
#; /etc/mon.conf
#; Sample mon configuration file.
#;
#; +----------------------------------------------------+
#; | Author: DePaul University Computer Security Team |
#; | WWW: |
#; | SMTP: |
#; +----------------------------------------------------+
#;
#; Copyright (c) 2003. DePaul University. All Rights Reserved.
#;
#; Platform: Tested on the following platforms:
#; OpenBSD 3.3 w/ Mon 0.99
#;
#; Notes: You'll need fping and a plethora of Perl modules
#; from CPAN. ntp.monitor is available as part of a
#; contrib from the main mon distribution site.
#;
#;
#; Revised: $Id: mon.conf,v 1.1.1.1 2003/09/25 19:23:57 epancer Exp $
#;
##############################################################################
#; Global options.
##############################################################################
cfbasedir = /etc
alertdir = /usr/local/share/mon/alert
authfile = /dev/null
mondir = /usr/local/share/mon
statedir = /var/db/mon
logdir = /var/log/mon
dtlogfile = /var/log/mon/dt.log
dtlogging = yes
pidfile = /var/run/mon.pid
maxprocs = 20
histlength = 10000
historicfile = /var/log/mon/history.log
randstart = 120s
##############################################################################
#; Hostgroup definitions, seperated by blank lines.
#; Make sure /etc/resolv.conf has your subdomains in it!
##############################################################################
hostgroup www www wwwtest
hostgroup fs fileserver
hostgroup gw 10.41.19.1 gw1.example.net
hostgroup shell shell1 shell2 vpn1
hostgroup mx mx1 mx2 mx3 a.mx.example.net
hostgroup dns 10.40.17.41 10.43.1.15 10.46.62.99
hostgroup ntp ntp1 ntp2 a.ntp.example.net
hostgroup default default
##############################################################################
#; Watch entries, seperated by blank lines.
##############################################################################
#; The default service group
watch default
service default
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 1h
upalert mail.alert -S "service restored" admin@example.org
#; Our web servers.
watch www
service wwwmon
description monitor www services
interval 5m
monitor http_t.monitor -l /var/log/mon/www.log -T 15.0 -t 100
period wd {Sun-Sat}
alert mail.alert -S admin@example.org
alertafter 3 20m
alertevery 1h
upalert mail.alert -S "wwwmon/www: ok" admin@example.org
upalertafter 15m
#; Shell servers - check if they're up.
watch shell
service shellicmp
description monitor shell servers with icmp
interval 1m
monitor fping.monitor
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 30m
alertafter 3 7m
upalert mail.alert -S "shellmon/shell: ok" admin@example.org
upalertafter 10m
period LOGFILE: wd {Sun-Sat}
alert file.alert -d /var/log/mon shellicmp.log
service shellssh
description check ssh on shell servers
interval 8m
monitor tcp.monitor -p 22
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 90m
alertafter 2 30m
upalert mail.alert -S "shellssh/shell: ok" admin@example.org
upalertafter 20m
period LOGFILE: wd {Sun-Sat}
#; Upstream routers
watch gw
service gwicmp
description icmp checks of critical network devices
interval 2m
monitor fping.monitor
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 60m
alertafter 3 10m
upalert mail.alert -S "gwicmp/gw: ok" admin@example.org
upalertafter 20m
period LOGFILE: wd {Sun-Sat}
alert file.alert -d /var/log/mon gw.log
#; Mail servers
watch mx
service mxmon
description monitor mx servers
interval 5m
monitor smtp.monitor -t 10
period wd {Sun-Sat}
alert mail.alert admin@example.org 3125551212@some.offsite.pager
alertevery 90m
alertafter 3 20m
upalert mail.alert -S "mxmon/mx: ok" admin@example.org
upalertafter 10m
period LOGFILE: wd {Sun-Sat}
alert file.alert -d /var/log/mon mx.log
#; Watch local disk space on the file server.
watch fs
service fsmon
description file system storage monitoring
interval 5m
monitor freespace.monitor /:20% /home:10% /var:15% /usr:20% /usr/local:20% /tmp:10%;;
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 2h
upalert mail.alert -S "fsmon/fs: ok" admin@example.org
upalertafter 10m
period LOGFILE: wd {Sun-Sat}
alert file.alert -d /var/log/mon fsmon.log
#; DNS Servers.
watch dns
service dnsicmp
description ping the dns servers
interval 4m
monitor fping.monitor
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 1h
alertafter 3 16m
upalert mail.alert -S "dnsicmp/dns: ok" admin@example.org
upalertafter 10m
period LOGFILE: wd {Sun-Sat}
alert file.alert -d /var/log/mon dns.log
service dnsmon
description check dns zones name servers
interval 10m
monitor dns.monitor -zone example.org -zone int.example.org -master 10.40.17.41 10.43.1.15 10.46.62.99
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 2h
alertafter 2 1h
upalert mail.alert -S "dpudns/dpudns-a: ok" admin@example.org
upalertafter 20m
period LOGFILE: wd {Sun-Sat}
alert file.alert -d /var/log/mon dns.log
#; Network Time Servers
watch ntp
service ntpicmp
description icmp monitoring of ntp servers
interval 5m
monitor fping.monitor
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 2h
alertafter 3 20m
upalert mail.alert -S "ntpicmp/ntp: ok" admin@example.org
upalertafter 10m
period LOGFILE: wd {Sun-Sat}
alert file.alert -d /var/log/mon ntp.log
service ntpmon
description check ntp servers status
interval 5m
monitor ntp.monitor -s 3
period wd {Sun-Sat}
alert mail.alert admin@example.org
alertevery 2h
alertafter 3 25m
upalert mail.alert -S "ntpmon/ntp: ok" admin@example.org
upalertafter 10m
period LOGFILE: wd {Sun-Sat}
alert file.alert -d /var/log/mon ntp.log
#;
# vim: ts=8 sw=8 nowrap
#;