Monit Updates and Release Notes

This page summaries changes made in Monit since version 5.7.0. Please see the commit log for a detailed list of changes and commits leading up to the various releases below. Use the issue tracker to report new issues or feature requests

Version 5.33.0

Released on Feb 11 2023
  • New: Added click-jacking protection headers to Monit HTTP GUI (the SAMEORIGIN iframe is allowed).
  • Fixed: Issue #1035: If the start, stop or restart program statement contains the equal sign, which is not followed by a space character, the configuration is not parsed correctly.
  • Fixed: Issue #1047: If the MariaDB server doesn't allow access to the host, from which Monit test is running, Monit reported: Invalid handshake packet sequence id -- not MySQL protocol.
  • Fixed: Add the missing responsetime option to the ping test.

Version 5.32.0

Released on Mar 23 2022
  • Fixed: Issue #1028: If the Monit statefile was removed, the monit start <service> action for services with onreboot nostart option started the service, but did not enable monitoring of said service. The same problem occurred if a new onreboot nostart service was added, even if the statefile did exist.
  • Fixed: Issue #1029: The generic protocol test truncated received data if the response contained zeros.
  • Fixed: PAM authentication: Users with a valid password for a disabled account could still login to Monit. Thanks to Youssef Rebahi-Gilbert.
  • Fixed: The Monit HTTP interface could be blocked by sending a request with an infinite stream of HTTP headers. Thanks to Youssef Rebahi-Gilbert for report.

Version 5.31.0

Released on Feb 10 2022
  • New: Issue #1021: Add support for Linux OpenZFS 2.x I/O statistics.
  • New: Issue #555: Add support for FreeBSD ZFS I/O statistics for FreeBSD 12.x or later.
  • Fixed: Issue #1025: If Monit 5.30.0 CLI action was executed for a non-existent service name, the error message was not reported properly. Thanks to Lutz Mader for fix.
  • Fixed: Issue #1026: If Monit reload was requested during the optional start delay interval, Monit still waited for the delay to pass and performed one test cycle with the old configuration, before the reload was performed. Monit will reload the configuration immediately now.
  • New precompiled binaries: Added binaries for musl-based Linux distributions, such as Alpine Linux.

Version 5.30.0

Released on Jan 12 2022
  • New: Add a read-only option to the set httpd statement. The option can be used on the TCP socket, the unix socket, or both. Example for setting the TCP socket in the read-only mode (for connections from other hosts) and the unix socket in the read-write mode (for local Monit CLI actions, like service restart, status, etc.):
    set httpd
        port 2812
            read-only
            allow 192.168.1.0/24
        unixsocket /run/monit.socket
    
    Thanks to Christian Goettsche for contributing this feature.
  • Changed: Issue #1011: The include statement was limited to 512 files, increase the limit to 1024 files.
  • Fixed: The disk read and write bytes didn't show up in M/Monit for Monit 5.27.0 or later.
  • Fixed: Issue #998: Monit 5.29.0 may fail to compile on platforms without the monotonic clock support. Thanks to Lutz Mader.
  • Fixed: Issue #1002: 32-bit Linux machines with more then 4GB of RAM reported wrong system memory size and swap size values.
  • Fixed: Issue #1005: When the port statement was used with the generic protocol test and the target server returned zeros in response, Monit >= 5.20.0 may crash.
  • Fixed: Issue #1009: When one executes an action via the Monit HTML GUI (uses a POST request), the Monit HTTP server will redirect the browser back to the base URL, so the browser won't perform the POST request again on an automatic page refresh, which is performed to poll for status changes.
  • Fixed: Issue #1015: The set httpd statement supports only one address option. Display warning if multiple address options are used.

Version 5.29.0

Released on Aug 24 2021
  • New: Issue #715: The PostgreSQL protocol test has been improved and now supports authentication with username, password and database when testing connection. Example:
    if failed port 5432 
        protocol pgsql username "username" password "12345" database "test" 
    then alert
    
    Previous Monit versions used hardcoded credentials when testing connection to postgresql (user=root and database=root). This could trigger thousands of messages like this in the postgresql log:
    root@root FATAL:  password authentication failed for user "root"
    root@root DETAIL:  Role "root" does not exist.
    
    Note: Monit will continue to use the hardcoded credentials (for backward compatibility) unless username and password are set.
  • New: Issue #973: You can now test program output using a regular expression. Syntax:
    IF CONTENT [!]= <regex> THEN action
    
    Example:
    check program disk0_smart with path "/usr/sbin/nvme smart-log /dev/nvme0"
        if content != "critical_warning[ ]+: 0" then alert
    
  • New: Issue #974: Monit CLI: Added support for the -g (group) option to the report command. Example:
    monit -g database report
    
  • Fixed: Issue #991 (Monit 5.28.1 regression): MacOS: Monit didn't compile on MacOS 10.13 or older. Thanks to Lutz Mader.
  • Fixed: Issue #994 (Monit 5.28.1 regression): The check program statement with every did not work properly.
  • Fixed: Issue #995: Monit start delay was vulnerable to time jumps when Monit is waiting for the delay to pass. Thanks to Daniel Crowe.
  • Fixed: Issue #975: Monit CLI: Monit did not report a warning if -s, -p, -l, -g or -c command-line options were specified multiple times and silently used the last value only. Monit will generate a warning now.
  • Fixed: Issue #972: Monit GUI: The log view had no size limit when reading the Monit log file and could block the browser if the log file was large.
  • Fixed: Issue #955: If more than one every statement is used in a check-service context only the last value is (silently) used. We now report a warning in this case.

Version 5.28.1

Released on Jul 30 2021
  • New: Issue #979: If filesystem mount flags changed, show both old and new value. Originally only the new value was reported.
  • Fixed: Issue #960: The memory usage may report wrong value if system memory size changed after Monit start. The problem was frequent on KVM/LXC containers where MemTotal is dynamicaly updated.
  • Fixed: Issue #965: Monit CLI: if a custom configuration file was used with the -c option, and the file cannot be read by Monit, an AssertException was thrown. Monit will report normal error instead of the exception now.
  • Fixed: Issue #966: Monit CLI: The service name pattern was changed to case-sensitive in Monit 5.28.0. Revert the behaviour back to case-insensitive.
  • Fixed: Issue #971: The LINK UP and LINK DOWN tests now support short form of the optional ELSE condition, in addition to the verbose ELSE IF <SUCCEEDED|FAILED> form.
  • Fixed: Issue #976: The space free test recovery always reported value in percent, regardless of the test setting. If the test uses absolute limit, Monit will report absolute space usage now.
  • Fixed: Issue #986: Services checks with custom schedule (the EVERY statement) did set the data collection timestamp even if the monitoring was skipped in the given cycle. The timestamp is now updated only when the check was performed.
  • Fixed: Issue #990: Monit built with libressl may crash during verification of the expired SSL certificate.
  • Fixed: Issue #968: Systemd and upstart templates: templates used to set the path to the configuration file in the sysconfdir, which is optionally set via the configure script during the compilation. The path wasn't fully expanded in the template though, so it was invalid. The template doesn't specify the explicit path now and lets Monit search for the configuration file in all supported locations (including the sysconfdir).
  • Changed: Issue #984: The permission check of the SSL PEM key file allows group read permissions now (originally Monit enforced that the file is readable only by the file owner).

Version 5.28.0

Released on Mar 29 2021
  • Deprecated: Monit IF FAILED LINK test was renamed to IF LINK DOWN. The old syntax is deprecated, but still works for backward compatibility.
  • New: Added IF LINK UP network interface test, which allows to monitor network interface that is by default down, and trigger action, when the interface is enabled. Example:
    if link up then "/usr/bin/monit start backup"
    
    Notes: When link up test is used, the link errors tests are ignored, as these tests share the same event type and would reset the status. Also, mixing link up and link down in the same check network is not supported.
  • New: Monit can now watch offline TCP/UDP ports and perform action on successful connection. It can be used as a security check, e.g. if a service like mysql should not be publicly available, or to perform custom actions to initialize the service that depends on the one that was just started. Thanks to Christian Goettsche for patch. Example:
    if succeeded port 443 protocol https then exec "/bin/monit start myclient"
    if succeeded host example.org port 3306 protocol mysql then alert
    
  • New: Monit can watch unix sockets that doesn't exist or are offline and perform action on successful connection. Example:
    if succeeded unixsocket /var/run/mysql.sock protocol mysql then exec "/bin/myscript.sh initdb"
    
  • New: Monit can ping hosts that are supposed to be offline and perform action when they become available. Example:
    if succeeded ping then alert
    
  • New: Issue #915: Add support for sevice name regular expressions in monit CLI status, summary, start, stop, restart, unmonitor, monitor commands. Examples:
    monit status myservice  # exact match
    monit status "data.*"   # pattern which will match all services whos name contain "data" substring
    
  • New: Issue #718: Add support for response time monitoring to TCP/UDP ports, unix sockets and ping. Example for ping and port test:
    if failed ping responsetime < 50 ms then alert
    if failed port 443 protocol https and responsetime < 50 ms then alert
    if failed port 443 protocol https and responsetime < 50 ms then alert
    
  • Fixed: Issue #961: If a service depends on some other service, which is member of the same service group, the service group restart would restart the child service twice.
  • Fixed: Minor memory leak when uptime test is used an monit is reloaded.

Version 5.27.2

Released on Jan 18 2021
  • Fixed: Issue #931. The "if does exist" test with unmonitor or stop action did not work properly
  • Fixed: Issue #937: If the filesystem check uses mountpoint instead of device and multiple devices are defined for the same filesystem with mismatch between /etc/mtab and device name in path, Monit reported error and disk activity was not reported.
  • Fixed: Issue #948. Cookie validation problem, Invalid CSRF Token, if the request was more then 1024 bytes. Increased request size to 8kB.
  • Fixed: Disk activity statistics if procfs fallback was used instead of sysfs
  • Fixed: LXC container: Monit could ignore the "start delay" option of the set daemon statement when the container was rebooted, but not the host (the LXC container's boot time is not virtualized and inherited from the host).
  • Changed: Monit in debug mode no longer logs open errors about procfs /proc//io and /proc//fd if monit is not running as root. These errors are common as linux doesn't allow to read such files if the process belongs to a different user. These errors are now only logged in extra verbose mode (-vv option).

Version 5.27.1

Released on Oct 24 2020
  • Fixed: Issue #932. Require that the program in a 'check program' statement exist on Monit startup.
  • Fixed: Issue #916: Linux: Monit procmatch failed to show all matching processes if a non-root user ran Monit. Thanks to Lutz Mader for fix.
  • Fixed: Linux: The CAP_SYS_RESOURCE capability was needed to be able to monitor filedescriptors usage of other processes if Monit was not started as root. Thanks to Christian Goettsche for report.
  • Fixed: Issue #920: On AIX, NetBSD, Solaris, Monit 5.27.0 logged "Cannot test filesdescriptors usage as the statistics is not available on this system" every cycle even if no filedescriptors test was used in Monit's configuration.
  • Fixed: Issue #926: Linux: Remove trailing white space from collected process name
  • Fixed: Issue #928: Fixed a race condition in Monit's HTTP interface on reload when SIGHUP were sent many times to the Monit process . Thanks to Andy Spitzer for patch.
  • Fixed: Improved cross-compile support. Thanks to Christian Goettsche and Helmut Grohne for patch.
  • Fixed: Monit could crash when sending heartbeat status to M/Monit.
  • Fixed: If SSL certificate verification failed and certificate valid days test was enabled, Monit could report the following false positive: certificate expiry in 0 days matches check limit
  • Changed: Use ISO 8601 format timestamp in log files

Version 5.27.0

Released on Jun 29 2020
  • New: The SSL version: auto now defaults to TLSv1.2 and TLSv1.3 only. If you need to enable TLSv1.0 or TLSv1.1, you have to explicitly enable it via the SSL option, example:
    set ssl {
        version: tlsv11
    }
    
  • New: Support for MySQL TLS encryption. Example:
    if failed port 3306 protocol mysqls then alert
    
  • New: Issue #839: Support for MySQL 8.x default authentication method, caching_sha2_password. If unsecure (non-TLS) connection is used, it is also possible to verify the server's RSA key checksum to protect against man-in-the-middle attacks. Example:
    check host mymachine with address 127.0.0.1
        if failed
            port 3306
            protocol mysql
            username monit
            password mypassword123
            rsakey checksum 29e512c06275a1b3f4617f8cb9ca583d642386fe
        then alert
    
  • New: The username in the mysql protocol test was limited to 16 bytes, this limit was removed.
  • New: Linux: Support for monitoring a process's filedescriptor usage. Thanks to Marcel Baur and Lutz Mader. Example:
    check process myproc with pidfile /var/run/myproc.pid
        if filedescriptors >= 90% then alert
        if filedescriptors >= 99% then restart
        if total filedescriptors > 5000 then alert
    
  • New: Linux, OpenBSD, FreeBSD, DragonflyBSD, MacOS: Added support for monitoring of system-wide filedescriptors usage. Example:
    check system $HOST
        if filedescriptors >= 90% then alert
    
  • New: You can now set a list of allowed TLS protocols (originally only one was allowed). Also added an option to exclude protocols (put - in front of the protocol name to disable it). Exclude list example:
     set ssl {
        version: auto -sslv2 -sslv3 -tlsv1 -tlsv11
     }
    
  • New: Optionally split certificate chain and key for the Monit HTTPS interface. Thanks to Lutz Mader for patch. (The original pemfile with all certificates in one pem file is still supported). Example:
    set httpd
        port 2812
        with ssl {
            pemchain: /etc/ssl/certs/monit.chain.pem
            pemkey: /etc/ssl/certs/monit.key.pem
        }
        allow myuser:mypassword
    
  • New: Linux: Enable monitoring of per-process disk read and write I/O operations. Example:
    check process foobar matching "myprocess"
        if disk read activity > 500 operations/s then alert
        if disk write activity > 500 operations/s then alert
    
  • New: Linux: Added generic per-process I/O activity monitoring. Example:
    if read activity > 1 mb/s then alert
    if write activity > 1 mb/s then alert
    
  • New: Issue #889: Linux: monitor detailed CPU statistics for nice, hardirq, softirq, steal, guest, guestnice. The statistics for nice was originally included in the cpu (user) statistics, but it now has its own counter.
  • New: FreeBSD, OpenBSD, NetBSD, DragonflyBSD MacOS: Added CPU nice and interrupt usage statistics.
  • New: Issue #877: Linux: Added support for VxFS filesystem statistics. Thanks to Lutz Mader for patch.
  • New: Issue #894: Added year to the timestamp when monit logs to its own log file.
  • New: Issue #908: Add STARTTLS support to the IMAPS protocol test on port 143. Example:
    if failed port 143 protocol imaps then alert
    
  • Fixed: Issue #519: Monit could crash if a file check with restart on content match was used and this file had dependant services.
  • Fixed: Issue #867: If Monit was linked with musl libc, it could crash when executing programs. Thanks to Rich Felker for report.
  • Fixed: Monit incorrectly added CPU wait% to system CPU usage (the CPU is idle when it's in the wait state, waiting for the I/O to complete).
  • Fixed: The per-process I/O statistics on Linux, AIX, DragonflyBSD, NetBSD and Solaris always displayed 0 activity.
  • Fixed: Issue #843: Linux: Monit reported wrong memory usage in LXC container if the ZFS filesystem was used. Monit now use MemAvailable on Linux when calculating memory usage for more accurate statistics. Thanks to Joe LeVeque for patch.
  • Fixed: Issue #831: The HTTP protocol test returned unknown transfer encoding HTTP error if either the content or checksum test was used and the HTTP server didn't set the Content-Length header nor used chunked transfer encoding.
  • Fixed: Issue #880: If Monit was linked with AddresSanitizer, it could crash when it generates an MD5 hash. Thanks to Lutz Mader for patch.
  • Fixed: Issue #879: The HTML interface didn't escape strings that are part of Monit's configuration file. Thanks to Hanno Boeck for report.
  • Fixed: Issue #872: Monit's procmatch table can now display pids with up to 8 digits. Previously, pids where truncated after 5 digist.
  • Fixed: Issue #891: The repeat option to an action was limited to 256 cycles.
  • Fixed: Issue #851: Linux and AIX: The length of the string that describes the process name and its arguments was limited to 4kB, so monit procmatch might not find the process if the string was longer and unique after 4Kb. This limit has been removed on Linux and raised on AIX to 8kB.
  • Fixed: Issue #840: Network check: superfluous alerts if link is down. Thanks to Lonnie Abelbeck.
  • Fixed: MacOS: Only the first 16 characters of the process name was displayed for privileged processes, so the pattern based process check and Monit's procmatch could miss some processes.
  • Fixed: Issue #886: Monit's command-line options are now position independent.
  • Fixed: If Monit is linked with AddresSanitizer and a custom configuration file was passed via the -c option, monit could crash.
  • Fixed: MQTT protocol test.
  • Fixed: Issue #907: The onreboot nostart had no effect when a service was newly added to Monit's configuration or the statefile was removed.
  • Fixed: The PostgreSQL test was flapping with the following error if connection via unix socket was used: PGSQL: connection terminator write error -- Broken pipe
  • Plus many more internal fixes and improvements

Version 5.26.0

Released on Jul 06 2019
  • New: Allow any characters including space in a service name if the name is enclosed in quotes.
  • New: The load average test has a new option; per core to test load average per CPU core. That is, loadavg/cores. This makes it possible to write the same test regardless of the number of CPU cores on a specific machine. If the per core option is omitted, the test will check the total load average across all cores. Example:
    if loadavg(1m) per core > 2 then alert
    if loadavg(1m) > 8 then alert # same test on a 4 core system
    if loadavg(1m) > 18 then alert # same test on a 9 core system
    
  • New: Added MQTT protocol test. Syntax:
    IF FAILED
        PORT <number>
        PROTOCOL MQTT [USERNAME <string> PASSWORD <string>]
    THEN ALERT
    
    Example:
    check process mosquitto with pidfile /var/run/mosquitto.pid
        start program = "/sbin/start mosquitto"
        stop program = "/sbin/stop mosquitto"
        if failed port 1883 protocol mqtt then alert
    
  • New: Pre-built Monit binaries are now linked with OpenSSL 1.1.1 and have TLSv1.3 support enabled.
  • Update: We no longer provide pre-built Monit binaries for 32-bit platforms (except on ARM). Note: The Monit source code fully supports 32-bit platforms, but you will have to build Monit yourself on these platforms.
  • Fixed: Wrong free value (-1) on filesystem with missing free inodes statistics (such as CEPH).
  • Fixed: Issue #829: Start delay is now in effect just on first Monit start after machine reboot.
  • Fixed: TLSv1.3 support detection during compile time

Version 5.25.3

Released on Mar 05 2019
  • Fixed: Issue #619: The HTTP protocol test may log SSL read errors and the content/checksum test may fail when the server sends chunked encoded response.
  • Fixed: Issue #749: $HOST doesn't work in the "name" part of the "from:" in mail-format message
  • Fixed: Issue #759: The "stop" action for "check program" had no effect if the "every" statement was used to skip monitoring in some cycles.
  • Fixed: Issue #763: if the ping test target is a hostname which resolves to multiple IPs, Monit didn't try the next IP if the first one failed and returned error.
  • Fixed: Issue #764: Monit may crash if "unmonitor" or "stop" action was triggered by some test
  • Fixed: Issue #769: Monit CLI status command doesn't work if only read-only credentials is present in the 'set httpd' statement.
  • Fixed: Issue #784: Radius protocol test regression from 5.25.2. Thanks to Jason Young for patch.
  • Fixed: Issue #790: check process: The exec action's environment contains invalid value for MONIT_PROCESS_* variables.
  • Fixed: The CPU user/system/wait statistics may show negative value if the system counter jumps back or wraps.
  • Fixed: XSS vulnerabilitty: HTML escape the log file content when viewed via Monit GUI. Thanks to Zack Flack for report.
  • Fixed: Buffer over-read vulnerability in URL decoding for specially crafted URLs. Thanks to Zack Flack for report.

Version 5.25.2

Released on May 29 2018
  • New: Issue #123: Added a bash completion script for monit command-line. The script is not installed by default, if you want to enable bash completion for monit, copy system/bash/monit to /etc/bash_completion.d/ or where your bash installation put completion scripts. The script can complete monit actions, service names, service group names, procmatch pattern and command-line options.
  • Fixed: Issue #693: If the space usage test was used with an absolute value and the monitored filesystem was not mounted on boot, monit would stop with an error during configuration parsing.
  • Fixed: Issue #699: Slow Monit reload when triggered in the middle of a poll cycle.
  • Fixed: Linux: If a process is terminated when Monit collects process information, calculation of resource usage could become incorrect. Thanks to Joshua Griffiths for patch.
  • Fixed: Collect system statistics even if process statistics failed (independent)
  • Fixed: Reduce the state file related overhead

Version 5.25.1

Released on Nov 17 2017
  • Fixed: Issue #688: Linux: Monit may crash if the monitored process stopped (5.25.0 regression).

Version 5.25.0

Released on Nov 07 2017
  • New: Issue #507: Linux: Implement support for monitoring Linux Security Modules (LSM) labels for processes. Thanks to Christian Goettsche. Example for SELinux:
    check process ntpd matching "ntpd"
        if failed security attribute "system_u:system_r:ntpd_t:s0" then alert
    
    Example for AppArmor:
    check process ntpd matching "ntpd"
        if failed security attribute "/usr/sbin/ntpd (enforce)" then alert
    
  • Fixed: Issue #657: total cpu usage calculation for processes with children.
  • Fixed: Issue #672: FreeBSD: Support I/O statistics for RAID and encrypted partitions.
  • Fixed: Issue #676: Process CPU usage is reported always as 0.0% in the first cycle after process start
  • Fixed: Issue #680: Port test: If the protocol check failed, the SSL certificate expiration test returned false positive error.
  • Fixed: Issue #685: SIP protocol test: maxforward 0 doesn't work
  • Fixed: MacOS: Support disk I/O monitoring for APFS
  • Fixed: MacOS: Fix platform name and version for MacOS High Sierra

Version 5.24.0

Released on Sep 24 2017
  • New: Issue #175: Allow specifying the ownership and permissions for Monit's HTTPD Unix Socket.
  • New: Issue #652: Support TLS version 1.3 if supported by the underlying SSL library. Use TLSV13 in the monitrc config file
  • New: Explicit enable or disable IPv6 at compile time via: configure --with-ipv6 or configure --without-ipv6 option. Support for IPv6 is enabled by default
  • Fixed: Issue #624: Make fail2ban protocol test backward compatible with older protocol versions.
  • Fixed: Issue #634: check program output.
  • Fixed: Issue #640: SSL CACERTIFICATEPATH option.
  • Fixed: Issue #649: Monit initialization would fail if open() returned an unexpected file descriptor. The problem was observed when Monit was executed in STAF test environment. Thanks to Alan Somers for patch.
  • Fixed: Issue #666: FreeBSD: Support statistics for filesystems mounted via a labeled device.
  • Fixed: color output for rxvt terminal.

Version 5.23.0

Released on Jun 07 2017
  • New: Spamassassin protocol test added. Example:
    check process spamd with pidfile /var/run/spamassassin.pid
       start program = "/etc/init.d/spamassassin start"
       stop  program = "/etc/init.d/spamassassin stop"
       if failed port 783 protocol spamassassin then alert
    
  • New: Fail2ban protocol test added. Example:
    check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
       start program = "/etc/init.d/fail2ban start"
       stop program = "/etc/init.d/fail2ban stop"
       if failed unixsocket /var/run/fail2ban/fail2ban.sock protocol fail2ban then alert
    
  • New: Issue #594: Systemd template for Monit: Added documentation reference.
  • Fixed: Issue #601: The Monit web interface highlighted non-SSL TCP port tests with red, even though there was no error.
  • Fixed: Issue #602: Linux: When checking root filesystem via a mountpoint "/", Monit may alert that the filesystem flags changed if the system has a rootfs overlay mount.
  • Fixed: Issue #603: Support existence/nonexistence test for filesystem check.
  • Fixed: Issue #614: Monit may crash if total memory test is used in check system context. The total memory test is for process checks only (includes children memory total) and will produce syntax error if used in system check now.
  • Fixed: Issue #616: If no filedescriptors limit is set when Monit starts, Monit may freeze for a long time during startup and when executing start/stop methods or program checks.
  • Fixed: The check program may timeout if the executed program produced very large output. Thanks to Artur Molchanov for patch.
  • Fixed: *BSD: If device parsing for UFS filesystem failed, skip the I/O monitoring only and continue monitoring the space/inode usage. Thanks to Daniel Bilik for patch.
  • Fixed: Keep the action-pending status until the action is finished.

Version 5.22.0

Released on Apr 19 2017
  • New: Linux: Added support for monitoring ZFS disk activity.
  • New: Issue #500: Added option to explicit specify if the HTTP method HEAD or GET should be used in a HTTP protocol test. If not specified, HEAD will be used unless a content or a checksum test is also specified, in which case GET is used instead. The default is normally what you want, but now you have the option to specificially use GET instead of HEAD. Example:
    check host example with address example.com
        # If "method GET" is omitted, HEAD will be used here
        if failed port 443 protocol https method GET then alert
    
  • New: Issue #582: File, Directory, Fifo checks: Added support for explicit testing access, change and modification time properties. If the type is not specified, the original timestamp test is performed, which checks the latest of ctime and mtime. It is also possible to use newer and older operators in the test now. Short syntax:
    IF <ATIME | MTIME | CTIME | TIME[STAMP]> <operator> <value> THEN <action>
    
    This example uses the new mtime property to test if a file was updated within the last hour:
    check file x with path /path/to/x
          if mtime is older than 1 hour then alert
    
  • New: Renamed the statement, set logfile <path|syslog> to set log <path|syslog>. The logfile form is deprecated, but kept for backward compatibility.
  • Fixed: Linux: If the monitored filesystem was not found in /proc/diskstat, Monit could leak filedescriptors.
  • Fixed: Issue #487: Solaris on SPARC: Monit didn't trigger an event if a protocol test failed.
  • Fixed: Issue #566: Systemd template for Monit: Added StandardOutput=null option to prevent systemd to duplicate Monit log output.
  • Fixed: Issue #568: Monit cross-compilation
  • Fixed: Issue #569: configure --without-zlib
  • Fixed: Issue #570: If the connection test required STARTTLS, the certificate valid days test was broken.
  • Fixed: Issue #584: Compile on MacOSX 10.6.x - 10.9.x.
  • Fixed: Issue #586: HTTP protocol test: Allow using a request string in addition to path, to monitor e.g. a HTTP proxy. Example for testing Squid:
    if failed port 3128 protocol http request "cache_object://localhost/utilization" then alert
    
  • Fixed: Issue #588: If connection or ping test repetition is set, log partial failures with warning priority instead of error.
  • Fixed: Issue #593: Linux: Support rootfs ramdisk.
  • Fixed: Connection retry was broken and performed the test only once with no retry on error.
  • Fixed: Linux: Subtract ZFS ARC size from the system memory usage.
  • Fixed: SSL certificate validity test and checksum test didn't work for self-signed certificates.

Version 5.21.0

Released on Mar 07 2017
  • New: We have added a set of new tests that you can use to monitor and check the performance of your file-systems and disks. Disk i/o metrics are also displayed in the Monit GUI and CLI. M/Monit 3.7.0 can be used to view statistics and charts.
    check filesystem disk1 with path /dev/sda1
        if read rate > 1 MB/s for 5 cycles then alert
        if read rate > 500 operations/s for 5 cycles then alert
        if write rate > 1 MB/s for 5 cycles then alert
        if write rate > 500 operations/s for 5 cycles then alert
        # Service Time is the time taken to complete a read or a write operation
        if service time > 100 milliseconds for 5 cycles then alert
    
  • New: We have also added disk i/o tests and metrics for each process. Available metrics depends on the platform. Example for Linux and MacOS (bytes-per-second metric):
    check process nginx matching "nginx"
        if disk read > 10 MB/s for 10 cycles then alert
        if disk write > 1 MB/s for 10 cycles then alert
    
    Example for AIX, DragonFlyBSD, FreeBSD, NetBSD, OpenBSD and Solaris (operations-per-second metric):
    check process mysql matching "mysqld"
        if disk read > 8192 operations/s for 10 cycles then alert
        if disk write > 4096 operations/s for 10 cycles then alert
    
  • New: You can now use NFS/CIFS/SSHFS/etc. connection strings as path for filesystem checks. Examples:
    check filesystem mynfs with path "192.168.1.123:/home/myuser"
    check filesystem mycifs with path "//192.168.1.123/documents"
    check filesystem mysshfs with path "myuser@192.168.1.123:/home/myuser"
    
  • New: Report filesystem type in status output
  • New: Extended existence test to not only test if an object does not exist, but also the inverse, to test if an object does exist. This can be used to test if a file exist when it should not as we do in this example:
    check file x with path /some/path/x
        if exist then alert
    
    In this example we do the opposite and alert if file 'x' does not exist:
    check file x with path /some/path/x
        if does not exist then alert
    
    In the latter case we do not need to write the test explicitely as it is added automatically (if no existence test exists) and we can just write:
    check file x with path /some/path/x
    
    The existence test is available for process, file, filesystem, fifo and directory checks. You can, for example, use this to test if a process that should not run, is running and stop it. In this example we remove all vmware processes from the system. (VMware is great, this is just an example):
    check process vmware matching "vmware"
        if exist then exec "/usr/bin/pkill -9 vmware"
    
  • New: You can now set the SSL/TLS version to be used by the Monit HTTP interface. The syntax follows the general SSL/TLS options settings, which was introduced in Monit 5.15. Example:
    set httpd port 2812
        with ssl {
           pemfile: /etc/ssl/certs/monit.pem
           version: TLSv12
        }
        allow admin:monit
    
  • New: Issue #509: It is now possible to set the SSL/TLS ciphers Monit's HTTP server should use. Example (using Monit's default ciphers string):
    set httpd port 2812
        with ssl {
            ciphers: "ALL:!DES:!3DES:!RC4:!aNULL:!LOW:!EXP:!IDEA:!MD5:@STRENGTH"
        }
    
  • New: The certificate minimum valid days test now triggers the timestamp event instead of connection event.
  • New: M/Monit: show MacOS version instead of Darwin kernel version.
  • New: Show textual representation of filesystem flags instead of numeric.
  • Fixed: Previous Monit versions may be unable to detect that a filesystem is not mounted if the mount point was used as a filesystem sub-path. Monit didn't require an exact match in the mount table and allowed a subdirectory or even a regular file to be used as the filesystem path. An exact mount point path is now required so Monit can check if the filesystem is mounted. This fix does not affect configuration for block/character device.
  • Fixed: Issue #488: Ping test could fail if the machine performs other ping tests with a small payload.
  • Fixed: Issue #543: Ping test could timeout prematurely on machines with heavy ICMP traffic.
  • Fixed: Issue #495: Position independent CSRF cookie value.
  • Fixed: Issue #496: Allow overriding the HTTP Accept header
  • Fixed: Issue #501: check program could fail if the parent service was not monitored on every cycle and multiple services depended on it.
  • Fixed: Issue #510: The global set ssl options had no effect on the Monit HTTP server. Now it does. You can also use a local set ssl statement with set httpd to override global ssl settings. This is useful, for example, to use different ciphers for the Monit HTTP server than those used with outbound network tests.
  • Fixed: Issue #515: Gzip compression could fail if the response body was empty and the zlib version was less than or equal to 1.2.3.
  • Fixed: Issue #537: Monit HTTP server would not start if no network interface was available
  • Fixed: Issue #547: If a file check is unmonitored or stopped, the file read position is now set to the end of the file if monitoring is enabled again. This ensures that Monit does not alert on file content that was added while the file was un-monitored.
  • Fixed: Issue #549: Mailserver on port 587 didn't work with STARTTLS.
  • Fixed: Issue #560: Monit could miss filesystem changed flags if those changes were triggered by the kernel.
  • Fixed: Monit HTTP GUI: Safari could fail to load the Monit status page over https.
  • Fixed: If a network connection timed out, Monit reported incorrect error: Resource temporarily unavailable.

Version 5.20.0

Released on Oct 21 2016
  • New: Added gzip compression support to the HTTP GUI.
  • New: Added gzip compression when communicating with M/Monit. Requires M/Monit 3.6.0 or later.
  • New: Issue #448: Added global set onreboot <start | nostart | laststate> statement which allows to set a default service startup policy (the default is onreboot start).
  • New: Added new timeout options to the set limits statement:
    programTimeout:    300 seconds # default timeout for check program
    stopTimeout:       30 seconds  # default timeout for service stop
    startTimeout:      30 seconds  # default timeout for service start
    restartTimeout:    30 seconds  # default timeout for service restart
    
  • New: The cpu, memory, swap, inode and space tests now allows using decimal values when testing percent usage.
  • New: Issue #457: Set the HOME environment variable when executing program as other user.
  • Fixed: CSRF vulnerability (CVE-2016-7067). This issue was reported to Monit by Adith Sudhakar.
  • Fixed: Monit HTTP: Also listen on IPv6 interfaces if no address is specified (Linux specific issue).
  • Fixed: Monit HTTP: Support CIDR mask 0 to explicit allow any IP-address (e.g. allow 0.0.0.0/0). Can be useful when testing Monit, but remember to remove in production.
  • Fixed: HTTP protocol tests can now connect to and test an IPv6 host.
  • Fixed: Support communicating with M/Monit over IPv6 (requires M/Monit 3.6.0 or later).
  • Fixed: Issue #438: Silently ignore empty directories when include /path/* is used.
  • Fixed: Issue #441: Incomplete logging of restart action.
  • Fixed: Issue #444: Send/Expect protocol test: The expect statement escape zero ('\0') which made the expect data shorter than expected when comparing.
  • Fixed: Issue #460: Added support for compiling with OpenSSL 1.1.0.
  • Fixed: Issue #467: Testing unixsocket failed if the socket was an UDP Unix socket.
  • Fixed: Issue #468: If a filesystem does not exist, Monit now triggers a nonexist event instead of a data event, so it is possible to override the default action using if does not exist then <action>.
  • Fixed: Issue #480: FreeBSD: Subtract ZFS ARC size from the system memory usage.
  • Fixed: Issue #486: Handle actions for services with [?&=/] characters in their name.
  • Fixed: Network check on Solaris 10.
  • Fixed: Monit HTTP: Set HTML page encoding to UTF-8 to support UTF-8 formatted check program output.
  • Fixed: If a check program test was disabled by a stop/unmonitor action, do not start the program again.

Version 5.19.0

Released on Aug 08 2016
  • New: Issue #421: Monit HTTP: support for IPv6 added.
  • New: Monit HTTP GUI: it is now possible to listen on both TCP and unix sockets. Previously this was mutually exclusive.
  • New: Issue #380: apache-status protocol test: Added support for Basic authentication with username and password. Example:
    if failed port 80 protocol apache-status username myuser password 123456
        loglimit > 10% or
        dnslimit < 50%
    then alert
    
  • New: Added Basic Authentication support to the HTTP protocol test. Example:
    if failed 
        port 80 
        protocol http username myuser password 123456 
    then alert
    
  • Fixed: Issue #379: A Linux system with lots of interrupts could disable Monit's process and system resource checks.
  • Fixed: Issue #388: Local alert did not override global set alert for the same recipient.
  • Fixed: Issue #393: Incorrect hostname in email alerts.
  • Fixed: Issue #396: Disable console colors if output (stdout) is not a terminal.
  • Fixed: Issue #400: Clarify network tests documentation.
  • Fixed: Issue #403: Do not require that the system's name is resolvable in DNS.
  • Fixed: Issue #420: Monit will now check a service on startup and then wait x cycles if every x cycles is used. Previously, Monit waited until x cycles had elapsed before checking
  • Fixed: Issue #431: Changed charset in emails to UTF-8. This makes it possible to localize alert messages in other languages than those supported by ISO Latin 1 which we used before.
  • Fixed: Return syntax error if send/expect is used with other protocol tests. This test is exclusive.
  • Fixed: Solaris: Subtract ZFS ARC size from the system memory usage, so monit can display memory used by applications (ZFS ARC will return memory to the system when needed).

Version 5.18.0

Released on May 26 2016
  • New: Monit console commands now output text in tables and in colors. Your terminal must support UTF-8 and colors. For best rendering of tables, we recommend using a fixed width font in your terminal such as Menlo for non-ascii fonts. Please see this FAQ entry to learn how to setup your console to support UTF-8 character encoding.
    If you would like to disable colors and tables, use the -B command-line switch to Monit or add set terminal batch in the Monit configuration file.
  • New: Issue #340: A new CLI command was added for succinct reporting and to make it easy to query Monit from scripts: monit report [options]. Without option, prints a short overview of the state of all services managed by Monit:
    $ monit report
    up:            11 (39.3%)
    down:          16 (57.1%)
    initialising:   0 (0.0%)
    unmonitored:    1 (3.6%)
    total:         28 services
    
    With option, prints the number of services in that state. This can be used in a script as follows:
    $ u=$(monit report up)
    $ d=$(monit report down)
    $ t=$(monit report total)
    $ echo "${u} up, ${d} down of total ${t} services"
    56 up, 1 down of total 57 services
    
  • New: Issue #344: Environment variable MONIT_SERVICE was added to check program scripts. The variable contains the name of the service (from monitrc) for which the program is executed.
  • New: A new onreboot statement was added for controlling how individual services startup on reboot.
    check process apache with pidfile /var/run/httpd.pid
          onreboot laststate
          start program = ...
    
    The following modes are supported:
    start
    Always start the service automatically after reboot. This is the default mode
    nostart
    Never start the service automatically after reboot
    laststate
    Persistent service state across reboot, i.e. a service stopped before reboot will remain stopped after reboot
    Thanks to Guillaume François for suggesting the onreboot name and mode names.
  • New: The old mode statement is reduced to active and passive. Where active mode provides automatic restart of service on error, while passive does not, and only provide alerts. Active mode is the default mode. The third mode, manual, is deprecated and replaced by onreboot laststate. The manual mode is still supported for backward compatibility.
  • New: Test for checking system uptime. Can be used to test the uptime of the system (boot time) and perform an action. Example:
    check system $HOST
        if uptime > 180 days then alert
    
  • New: Added >= and <= as operators for use in comparison tests.
  • New: All errors will be listed if a service has multiple errors. Previously, Monit displayed only the last error.
  • Fixed: Added missing mode statement support to system, status and network checks.
  • Fixed: If a check program script or a start,stop or restart program timed out, monit would kill it, but leave a zombie behind. Thanks to Guillem Jover for patch.
  • Fixed: Issue #166: In the Web-interface, the system status page has new entries for system boot time and monit uptime. Console commands also display the uptime of the Monit server. Removed the confusing monit's own uptime from the start page.
  • Fixed: Issue #335: The send/expect test now provides context of the failed pattern in the error message.
  • Fixed: Issue #336: check program timeout parsing issue with as uid
  • Fixed: Issue #350: If a check program used the every statement, the evaluation of the exit value was deferred until the next cycle which matched the every-statement. Monit now collects the exit value on the next cycle and kills the program if timed out.
  • Fixed: Issue #351: Duplicate allow statements was seen by Monit as an error and Monit refused to start. Monit now emits a warning instead.
  • Fixed: Issue #354: If the event queue directory hold other files (like monit state file), monit will not log this as an error anymore. Just a warning when debug mode is enabled.
  • Fixed: Issue #358: Drop the last started output for check program. It could be confused with the time when the service itself was started. The data collected timestamp provides the same information and is more clear.
  • Fixed: Issue #360: Improved include files recursive loop detection which was introduced in the fix for issue #270. This had the unwanted side-effect that templates files with common config fragments could only be included once.
  • Fixed: Issue #367: When a process was restarted, monit showed the process as running, but no process info, such as PID, was displayed until the service was validated.
  • Fixed: Issue #370: Support greetings up to 512 characters for the IMAP protocol test.
  • Fixed: Issue #372: In the GUI, show full path, including arguments, for programs used by check program.
  • Fixed: If the pattern based process check finds multiple matching processes, it will now select the process with the highest uptime (oldest). Previously the first matching process was selected.
  • Fixed: RPM package template.

Version 5.17.1

Released on March 7 2016
  • Fixed: Issue #331: Monit crashed when trying to deliver alert by mail if monit set alert was configured, but the set mail-format statement was missing (regression in Monit 5.17).

Version 5.17.0

Released on March 3 2016
  • New: Extended the SMTP protocol test to support STARTTLS in addition to SMTPS. Thanks to Robert Nelson for initial patch. Example:
    if failed port 25 protocol smtps then alert
  • New: The SMTP protocol test can now, optionally, perform authentication during testing. Just add username and password if you want to test that authentication also works. We recommend using smtps if authentication is to be performed to encrypt the communication. Example:
    if failed
       port 25
       protocol smtps
       username user
       password secret
    then alert
    
  • New: Issue #271: Support extended e-mail format when specyfing from and reply-to addresses. That is, instead of just the email address you can also specify the name of the user. The sender's name is optional, but if used, requires that the subsequent email-address is enclosed in brackets as in this example:
    set mail-format {
        from: "Number Six" <monit@$HOST>
        reply-to: support@domain.com
    }
    
  • New: Issue #330: A new environment variable MONIT_PROGRAM_STATUS was added to check program to allow scripts called from exec to access the check programs last exit status.
  • Fixed: Issue #270: The include statement now check if a file has already been included to prevent circular or recursive inclusion of files.
  • Fixed: Issue #278: Reinitialize supplementary user groups in an exec action when executing as a different user.
  • Fixed: Issue #316: The value in if changed checksum and if changed timestamp has been made persistent across Monit restart/reload. If the value changes while Monit is stopped, Monit will now notice. Thanks to Duke Bartholomew for fix.
  • Fixed: Related to Issue #316 above, we now also save file size, filesystem flags, file/directory/fifo/filesystem permissions, network link speed so the last known values will be persistent and if changed tests will work as expected across a Monit restart/reload.
  • Fixed: Issue #318: favicon did not display properly in the Browser when Monit was behind a reverse HTTP proxy.
  • Fixed: Issue #327: Monit CLI actions like monit monitor all could fail if you had more than ~ 50 services in your config file.
  • Fixed: Issue #329: The send/expect protocol test returned error if the target server sent more data than the buffer limit.
  • Fixed: On 32-bit platforms with more then 4GB of RAM, Monit reported incorrect system and swap memory values (regression in Monit 5.16).
  • Fixed: Save state on exit when monit is executed in non-deamon mode.

Version 5.16.0

Released on February 4 2016
  • New: Added a new statement for overriding default limits used by Monit. In most situations the default values are fine, but if needed, below are the limits you can currently modify in Monit. For more details, see the Limits section in the Monit manual.
    set limits {
        programOutput:     512 B,    # program's output limit
        sendExpectBuffer:  256 B,    # limit for send/expect protocol test
        fileContentBuffer: 512 B,    # limit for file content test (line)
        httpContentBuffer: 1 MB,     # limit for HTTP content test
        networkTimeout:    5 seconds # timeout for network I/O
    }
    
  • New: Issue #276: Allow specific source address for port and ping tests. Example:
    if failed ping via address "192.168.1.10" then alert
    if failed port 80 via address "192.168.1.10" then alert
    
  • New: Issue #205: Enhanced process check with a new thread counts test. Example:
    if threads > 21 then alert
  • New: Issue #280: Timestamp tests now reports both the old and the new (changed) timestamp in alerts.
  • New: Issue #299: Show the last output of the program check when running monit status from the console.
  • New: Issue #275: monit --version now shows the compile-time features that were enabled at build time.
  • New: Issue #282: Added support for setting a custom URL path with apache-status protocol test.
  • New: Changed responsetime for port and unixsocket tests to microseconds precision.
  • New: The syntax for file content test was changed from
    IF [NOT] MATCH <pattern>
    to
    IF CONTENT < "=" | "!=" > <pattern>
    The old syntax is deprecated, but still supported for backward compatibility.
  • New: Added support for DragonFly BSD. Thanks to Daniel Bilik.
  • Fixed: Issue #230: In short: You can now check a process' CPU usage in a more natural way as a percentage between 0-100 on a multi-core system. For instance, to check if a single-threaded application like node.js has gotten stuck on 100% CPU,
    if cpu usage = 100% for 2 cycles then alert
    In detail: Calculating a process CPU usage has been normalised to take into account the number of threads in use by the process. Previously Monit calculated process CPU usage as a fraction over available CPU cores. For instance, if you wanted to check if a single-threaded application used 100% CPU you had to check for 25% CPU utilization on a 4 core machine (100/4). Likewise, in top terminology, a multi-threaded application could use up to 400% CPU on the same machine. Monit now calculates CPU usage based on number of threads vs. available CPU cores. If a process has one thread, 100% CPU usage is the same as 100% utilization of one CPU core. If it has 2 threads, 100% CPU usage is reported when it uses 2 CPU cores 100%, etc. If a process has more threads than the machine's available CPU cores then 100% CPU usage corresponds to the utilization of all available CPU cores.
  • Fixed: The exec action is now executed only once on state change, the same way as the alert action. The new repeat option can be used to repeat the exec action after a given number of cycles if the error persists. Syntax:
    if <test> then exec <script> [repeat every [x] cycle(s)]
    
    If you want the old behaviour, use "repeat every cycle". Example:
    if failed port 1234 then exec "/usr/bin/myscript.sh" repeat every cycle
    
  • Fixed: The HTTP protocol-test now uses HEAD instead of GET if no content check is set. That is, if you only want to test the response status for a given URL and not the content of the response. This should make the test faster and save bandwidth.
  • Fixed: OS X 10.11; re-introduced process cpu and memory usage statistics. This was disabled in Monit 5.15 as the System Integrity Protection (SIP) scheme introduced in OS X 10.11 prevented the statistics collector code in Monit from working. We've found a work-around and have modified Monit to work with SIP.
  • Fixed: When the Monit daemon is running, the console command monit validate will now pass the command through to the Monit daemon instead of running the command itself in its own context. This ensures that the run-time state of services are respected when the command is issued.
  • Fixed: An issue (#60) where the process match check could report false positives.
  • Fixed: An issue (#214) where Monit could use the CPU a bit more than we liked when performing process match check. We now cache the PID on first-run which makes Monit low on CPU usage also when scanning for mathing processes on the system.
  • Fixed: Issue #279: monit status displayed a file's timestamp in kilobytes
  • Fixed: Issue #283: Monitor and unmonitor events falsely described the monitor/unmonitor action as failed even though it succeeded.
  • Fixed: Issue #285: Compilation of Monit on Linux with musl libc library.
  • Fixed: Issue #288: The exit value when running monit status or monit summary is now properly set to 1 if an error occurs.
  • Fixed: Issue #289: Document the start delay option in the Monit manual.
  • Fixed: Issue #293: monit commands with a service group option will now return an error if the group does not exist.
  • Fixed: Issue #303: Support more then 511 characters in file content match test. See also the Limits section in the Monit manual.
  • Fixed: Issue #305: Do not set the port number in HTTP Host header for https URL scheme (port 443).
  • Fixed: Issue #308: The send/expect protocol test could not handle a response that started with a high end byte (>0x7F). Thanks to Robert Nelson for fix.
  • Fixed: Issue #309: AIX: Check process via pattern was limited to 80 characters.
  • Fixed: Issue #310: Linux LXC container connection and ping tests showed a failure.
  • Fixed: Issue #315: If file, filesystem, directory or fifo tests triggered an unmonitor, stop or restart action, the tests which followed could fail as the collected data were reset to zero during unmonitor/stop/restart. The status also showed wrong values for uid, gid, permission and timestamp during that cycle.
  • Fixed: If restart was used with if changed checksum, the test did not update to the new checksum in which case subsequent cycles would always fail the test.
  • Fixed: Emit a warning if the monit configuration file contains a directive for including a non-existing file.
  • Fixed: Do not wait unecessary for process start if start/restart failed.
  • Fixed: The ping test could freeze Monit for some time if the target host was down.
  • Fixed: To prevent timing attack when performing authentication, Monit now uses a constant time string comparison function. Thanks to Noah Kantrowitz for report.
  • Fixed: If the port test was skipped (while the process is starting), mark the state as init. Previously monit status was set to connection error.
  • Fixed: AIX per-process CPU usage statistics.
  • Note: The maximum length of password and hashes used in Monit for authentication have been limited to 64 characters. This is a side-effect of Monit switching to use a constant time string comparison function when performing authentication.
  • Note: The default limit for program output has been changed from 1kB to 512B. You can override this limit if needed, using the new set limits statement.

Version 5.15.0

Released on October 22 2015
  • New: Added a statement for setting global or local SSL/TLS options. For more details, see the SSL Options section in the Monit manual. Syntax:
    set ssl options {
            verify:            <enable|disable>
            selfsigned:        <allow|reject>
            version:           <auto|sslv2|sslv3|tlsv1|tlsv11|tlsv12>
            clientpemfile:     <path>
            cacertificatefile: <path>
            cacertificatepath: <path>
    }
    
  • New: Added option to verify SSL server certificates. This was not available in previous Monit versions. Verifying server certificate is off by default for backward compatibility. Self-signed certificates are also not trusted by default and you have to explicitly allow them if you want to trust them. Here is an example which enable server certificate verification and allow self-signed certificates for all SSL connections made through Monit:
    set ssl options {
        verify: enable
        selfsigned: allow
    }
    
  • New: Support SSL client certificate authentication for SSL connections. Example:
    set ssl option {clientpemfile: /etc/ssl/myclient.pem}
  • New: To just connect using SSL/TLS without specifying a protocol, you can now use SSL instead of the former type TCPSSL statement (which is deprecated). Syntax:
    [using] <SSL>
    Example:
    if failed port 9999 using ssl {selfsigned: allow} then alert
  • New: SSL certificate expiration test. Monit can send an alert if the SSL certificate is about to expire within a given number of days. This can be used to get a notification when it is time to renew your SSL certificate. Syntax:
    CERTIFICATE VALID > number DAY(S)
    Example:
    if failed
       port 443
       protocol https
       and certificate valid > 30 days
    then alert
    
  • New: Extended SSL certificate fingerprint (checksum) test with the SHA1 hash type in addition to the existing MD5 test. The checksum statement will automatically determine the cipher to use based on the hash string length, but if you prefer, you can explicit use the MD5 or SHA1 keyword for self-documenting purposes. The checksum syntax has changed to become more general and the previous certmd5 statement, although still supported, is now deprecated. You can optionally use the equal or the = operator to make the statement more verbose. The certificate checksum test is also supported in the set mmonit and set mailserver context. Syntax:
    CERTIFICATE CHECKSUM [MD5 | SHA1] [= | equal] <hash>
    Example:
    if failed
       port 443
       protocol https
       and certificate checksum = "1ED948A6F4258ACAB964227EF4EB19FCC453B0F8"
    then alert
    
  • New: Extended the ping test to optionally allow setting a packet size (default is 64 bytes):
    if failed ping size 256 then alert
    
  • New: The ping tests now report network response time in milliseconds rather than in seconds.
  • New: PAM and SSL support are now optional when building Monit RPM. Default is with
    rpmbuild -tb monit-5.15.tar.gz --without-pam --without-ssl
    
  • Fixed: Issue #233: The File content match test will move the read-cursor to the end of the file the first time a file is added to Monit.
  • Fixed: Issue #231: Support for OpenSSL 0.9.8
  • Fixed: Issue #228: Abbreviated file permission error message (otherwise the message, which was rather long, could get truncated in logs and become unintelligible).
  • Fixed: Issue #241: Only add the User-Agent HTTP header if it is not already set. Also allow single quotes in addition to double quotes around header values.
  • Fixed: Issue #221: If a check host statement contains no if-tests, emit a more comprehensible error message.
  • Fixed: Issue #223: Do not log "Error reading pid from ..." for non-process checks on stop/restart.
  • Fixed: Issue #226: Monit could freeze for a period when performing a ping test.
  • Fixed: Issue #248: Do not cascade start action to dependant services if only parent start was requested.
  • Fixed: Issue #249: Implement hard dependency between services. If a service depends on another service, it will not start until the parent service check returns no errors. For example, if Apache depends on MySQL, Monit will not start Apache until MySQL is confirmed up and running and passes all its tests. Previously, Monit would start MySQL, but not wait for MySQL to be confirmed up and running before it started Apache.
  • Fixed: Issue #254: The HTTP protocol test paused Monit for a few seconds if a content match test was used and the server sent a response using chunked encoding.
  • Fixed: Issue #255: Monit no longer exit if it fails to fork. This is debatable, but for Monit's use-case we think it is better to try and continue.
  • Fixed: Issue #261: Monit leaked file descriptors if program execution failed. Don't forget the shebang #! at the beginning of your script
  • Fixed: Issue #264: Monit stopped on reload if the control file did not end with an empty newline.
  • Fixed: Issue #266: With OS X El Capitan, Apple introduced a new System Integrity Protection policy (SIP) which, among other things, block the system call, task_for_pid. We now check to see if SIP is enabled and if it is, we do not call task_for_pid so as not to unnecessary fill system logs with errors. This also means that Monit, on El Capitan, can no longer check a process memory and CPU usage as task_for_pid was needed to get this information.
  • Fixed: Issue #267: Executing a command with a timeout larger than 2147 seconds would fail on 32-bit systems.
  • Fixed: Mask out SSLv3_client_method() in case SSLv3 support is not available
  • Fixed: SSL SNI is optional, so do not log as error if not supported by server
  • Fixed: SSL client certificate authentication with Monit's HTTP interface
  • Fixed: Access to resources via secondary group membership when executing a program with a different UID
  • Fixed: Slow start/stop/restart/monitor/unmonitor actions on FreeBSD

Version 5.14.0

Released on 9 June 2015
  • New: Enable HTTP Strict Transport Security (HSTS), ECDH ciphers and disable IDEA ciphers on Monit HTTP interface if TLS/SSL is used.
  • New: Simpler system-wide cpu usage test (total of user%, system%, wait%). Example:
    if cpu usage > 99% then alert
  • New: Issue #202: Added options for the command-line commands monit status and monit summary to only print status for a named service or a named service group. For example, to only print the status of the apache service:
    monit status apache
    Likewise, to only print the status of services in the www group:
    monit -g www status
    Printing the status of all services is the same as before:
    monit status
  • New: Issue #208: Log client address in case of HTTP request errors
  • New: Issue #206: Report Monit version in the start/stop (instance) message
  • Fixed: Issue #98: MySQL test might produce "HOST blocked because of too many connection errors". To solve this problem, the MySQL protocol test in Monit had to be re-implemented to authenticate proper with MySQL. By default, we attempt an anonymous login, using an empty username. That is, if the check only specify protocol mysql, Monit will attempt an anonymous login to MySQL
    if failed port 3306 protocol mysql then alert
    This might or might not generate an error entry in your MySQL log file depending on your server configuration. Because the new protocol test supports MySQL authentication, you can silence such errors by login proper to the MySQL server. To do so, you will need to specify a username and a password (in clear-text) which Monit can use.
    if failed 
        port 3306 
        protocol mysql username myuser password mypassword
    then alert
    The new MySQL protocol test in Monit is now a small and almost a general MySQL client in itself. This means that future releases of Monit can expand on this and execute user defined queries and check the result, or check key performance numbers from MySQL such as slow queries etc.

Version 5.13.0

Released on 5 May 2015
  • New: Issue #187: Added support for free space and free inodes monitoring as an inverse alternative to current space/inodes consumption monitoring. Both forms, with absolute number of bytes and with percent are supported. For example, to check and alert if a filesystem has less than 10GB left or less than 5% of free space left:
    if space free < 10 GB then alert
    
    if space free < 5% then alert
    
  • New: Issue #190: Added support for Server Name Indication to support testing connection to name based virtual SSL servers.
  • Security: SSL/TLS compression has been disabled, as well as RC4 and DES ciphers.
  • Fixed: Monit will no longer try to check hostnames on start-up to start faster, in case DNS is not available at start time.
  • Fixed: Filesystem uid, gid and permission as reported by monit status command.
  • Fixed: Issue #179: If the monit CLI command failed, the error description could contain HTML in addition to plaintext.
  • Fixed: Issue #186: RPM will now preserve an existing monitrc configuration file on update.
  • Fixed: Issue #188: OS X system memory usage statistics included wrongly inactive memory (i.e. memory that is available for reuse).
  • Fixed: FreeBSD, OpenBSD, NetBSD: System memory usage statistics did not include the wired part (kernel memory).

Version 5.12.2

Released on 23 March 2015
  • Fixed: Issue #169: Monit could freeze if an error occurred during SSL read or write.
  • Fixed: Issue #170: If Monit was started with the HTTP interface disabled, the CLI could crashed when executing a command.
  • Fixed: Network check: support for IP alias [Linux and Solaris]

Version 5.12.1

Released on 9 March 2015
  • New: allow selecting IPv4 or IPv6 explicit for port and ping tests. If a host name is used instead of an IP-address and the host name resolve to more than one IP-address, Monit will try to connect to the first available address (be it IPv4 or IPv6). If the connection fails, Monit will try the next address and so on until a connection succeed or until there are no more addresses left to try. Likewise, if the machine supports both IPv4 and IPv6, the system will return at least two addresses for the host, respectively. If you wish to only test one IP-protocol or both, you can now specify this.
    Ping examples:
    check host example.com with address example.com
          if failed ping  then alert  # IPv4 or IPv6
          if failed ping4 then alert  # IPv4 only
          if failed ping6 then alert  # IPv6 only
    
    Port examples:
    check host example.com with address example.com
          if failed port 22      then alert  # IPv4 or IPv6
          if failed port 22 ipv4 then alert  # IPv4 only
          if failed port 22 ipv6 then alert  # IPv6 only
    
  • Fixed: Issue #154: The Upstart script needed to stop Monit earlier in the shutdown sequence when the system stops to prevent a possible race conditions [Linux]
  • Fixed: Issue #155: Monit may crash if the hostname of the system failed to resolve.
  • Fixed: Issue #157: UDP connection test could fail on a dual-stack host (IPv4 and IPv6) if the UDP service listens on IPv4 only.
  • Fixed: Issue #161: Only show first line of program output in the Monit dashboard.
  • Fixed: Monit skipped the connection test if no start program was specified.

Version 5.12.0

Released on 25 February 2015
  • New: Support for IPv6 hosts testing. Example:
    check host example.host with address "2001:db8::1234"
            if failed ping then alert
            if failed port 80 then alert
    
  • New: Issue #133 Monit HTTP interface now supports Unix Socket as an alternative to TCP port for easier deployment on virtualization platforms which share the IP address for containers, such as Docker. Thanks to Alberto Miorin for suggesting this feature. Example:
    set httpd
            unixsocket /var/run/monit.sock
            allow user:password
    
  • New: The space usage test now ignore reserved blocks. Previously, Monit excluded reserved blocks from the free space, so it reported 100% usage as soon as all non-super user accessible blocks were allocated, whereas the filesystem may still have some space available for root user (usually 1-5%). The space usage test value will now match the output of utilities like df.
  • New: File permission change test added. Thanks to Ulrich Windl for suggesting this feature. Syntax:
    if changed permission then ACTION
    
  • New: Support for multiple existence tests (in process, file, directory and fifo check contexts):
    if does not exist then alert
    if does not exist 3 times in 5 cycles then stop
    
  • New: Support for multiple fsflag tests (in filesystem check context):
    if changed fsflags then alert
    if changed fsflags for 10 cycles then exec "/usr/bin/script.sh"
    
  • New: Monit's HTTP interface now provides even more details about failed HTTP requests
  • Fixed: Issue #142: Fix speed monitoring for 10Gb/s+ interfaces [Linux]
  • Fixed: Issue #147: Network total upload and download values could be invalid for certain time frames. Thanks to Jochen Ott for report and analysis.
  • Fixed: Issue #138: Handle Network counter wraps on 32-bit systems [Linux, FreeBSD, OS X]. Thanks to Lonnie Abelbeck for reporting and investigating this issue.
  • Fixed: Monitoring of bonded network interfaces [Linux]. Thanks to Rachid El Mousaoui for reporting this issue.
  • Fixed: Network change test could trigger false link capacity (4294967295 Mb/s) and duplex (half-duplex) events [Linux]
  • Fixed: Display the network link capacity as N/A in Monit's HTTP interface if the link type has no capacity property. Thanks to Ulrich Windl for suggestion.
  • Fixed: The connection test now tries to connect to all IP addresses in succession if a hostname was used and it resolves to multiple IP addresses. The connection test will only fail if connecting to all addresses failed.
  • Fixed: Issue #143: The ping test may block longer than timeout and the value reported was in milliseconds rather than in seconds. Thanks to Vlad Glagolev for reporting this issue.
  • Fixed: Issue #144: Mask frames per RFC-6455 in the WebSocket protocol test
  • Fixed: Issue #146: Monit would not start if the checksum test was used for a non-existing file. Thanks to Aaron Echols for reporting this issue.
  • Fixed: Issue #150: The pattern based process check may not match if the command line is longer than 1024 characters [Linux]. We now test up to 4Kb. If this is not enough, please consider your regular expression or investigate if you maybe can use a shorter command line to start your process. Thanks to Grzegorz Dubicki for reporting this issue.
  • Fixed: Issue #152: Prevent exceeding the event queue quota. Thanks to Pawel Burdzy for report and analysis.
  • Fixed: The "monit validate" command now returns exit value 1 only if an error was detected, otherwise 0
  • Fixed: Correct Monit's uptime report if system time jumped. Thanks to Rory Toma for reporting this issue.
  • Fixed: Plus many other small fixes

Version 5.11.0

Released on 23 December 2014
  • New: Monit now supports monitoring of network interfaces. Such as if the interface is up or down, capacity changes, saturation, current upload and download bandwidth usage and total data transfers within the last 24 hours. The following example list the tests that can be utilized. The manual has more information and here are some slides (use right arrow-key).
    check network eth0 with interface eth0
          if failed link then restart
          if changed link then alert
          if saturation > 80% then alert
          if upload > 500 kB/s then alert
          if download > 1 MB/s then alert
          if upload > 1000 packets/s then alert
          if download > 1000 packets/s then alert
          if total upload > 1 GB in last hour then alert
          if total download > 100 GB in last 5 hours then alert
    
  • New: Sieve protocol test implemented. Usage:
    if failed port 2000 protocol sieve then alert
    
  • New: The PID and PPID change tests are no longer implicit and automatically executed. These tests are used to test if a Process ID was changed for a monitored process outside of Monit's control. If you want to test for process PID/PPID changes, you must now add this test explicit. The reason is so you do not get an alert for PID changes unless you ask for them.
    if changed pid then alert
    if changed ppid then alert
    
  • New: Multiple PID and PPID tests can now be used. Example:
    if changed PID then alert
    if changed PID 3 times in 5 cycles then stop
    
  • Fixed: If the not every <cron> option matched, the test was skipped only once per minute.
  • Fixed: If ping is not allowed (insufficient permissions), display value as N/A instead of negative response time.
  • Fixed: Issue #114: If the the test is on hold due to the every option schedule, display last status instead of Waiting.
  • Fixed: Issue #115: The CLI/GUI reported port timeout value in milliseconds instead of seconds.
  • Fixed: Issue #136: changed memory kilobytes total title to memory total as the unit is dynamic since Monit 5.9.
  • Fixed: OpenBSD: don't narrow the 64-bit time_t on 32-bit build (Y2038 problem).

Version 5.10.0

Released on 29 October 2014
  • New: Redis protocol test added. The following example demonstrate how to ping and test if a Redis server is up and running and alert if it is not
    check host redis.host with address 192.168.0.23
          if failed port 6379 protocol redis then alert
  • New: MongoDB protocol test added. Configuration example to ping and test if a MongoDB server is up and running and alert if it is not
    check host mongo.host with address 192.168.0.24
          if failed port 27017 protocol mongodb then alert
  • New: Changes due to vulnerabilities in SSLv2 and SSLv3. See CVE-2014-3566 aka "POODLE". Monit HTTP GUI with SSL enabled no longer allows SSLv2 and SSLv3 methods, only TLS methods are supported. Likewise, SSL connection tests in SSLAUTO mode (default) will only use TLS. You can still use SSLv2 or SSLv3 to test old servers, but you will explicitly need to select the vulnerable SSL version using type tcpssl SSLV2 or type tcpssl SSLV3.
  • Fixed: Issue #101: Manual-mode monitored services state may not be restored if the monitoring state was changed by user right before the system died.
  • Fixed: Issue #104: Keep umask Monit was started with when executing start/stop/restart programs, check programs and creating files.
  • Fixed: Issue #107: Support multi-line response in the LMTP protocol test.
  • Fixed: Support TLSv1.1 and TLSv1.2 when FIPS is enabled.

Version 5.9.0

Released on 23 Sep 2014
  • New: Output from your check program script is now displayed in Monit’s UI. In the dashboard, only the first line is displayed. In the service details page, up to 1kB is displayed and if output goes over several lines, a mono-spaced font is used to retain formatting.
  • New: Aggregate and use human friendly units for memory, swap and space usage values in the User Interface. Instead of displaying 2097152 bytes we now display 2MB etc.
  • New: Support monitoring of filesystems by generic device strings such as sshfs on Linux or ZFS filesystems on Solaris. Monit config example
    check filesystem transmit with path "TransmitFS/sftp#02C13FCA"
          if space usage > 80% then alert
  • New: You can now send HTTP headers with the HTTP protocol test. The syntax is http headers [name:value, name:value,..] where each name:value pair is separated with ','. The statement must come before the request statement. This statement can be used to send any HTTP header, for instance, a cookie or a host header. In a check host context, using this statement might look like
    check host mmonit.com with address mmonit.com
      if failed
         port 80 protocol http
         with http headers [host: mmonit.com, Cache-Control: no-cache, 
              Cookie: csrftoken=nj1bI3CnMCaiNv4beqo8ZaCfAQQvpgLH]
         and request /monit/ with content = "Monit [0-9.]+"
      then alert
    This statement deprecate the old hostheader statement, which was used to only set the HTTP host header
  • New: Program check now supports exit status change monitoring. Syntax
    check program foobar with path /usr/local/myscript.sh
          if changed status then alert
    This is useful if the actual exit status is not important, just that it changed. For instance if your program implements some kind of "state-machine" and changes the exit status for each new step and you want to get an alert when this happens.
  • New: Added option to run check program as a different user and/or group. To change uid or gid, Monit must run as root. Config example:
    check program ls with path "/bin/ls -lrt /tmp" as uid "www"
          if status != 0 then alert
  • New: Changed name of ICMP ECHO statement to Ping which is the more common name used for a network ping. To ping a host you can simply write
    check host mmonit.com with address mmonit.com
          if failed ping then alert
  • New: Simplified HTTP and SMTP protocol test with SSL. Instead of writing
    if failed
       port 443 with type TCPSSL tlsv1 protocol http
    then alert
    You can now write
    if failed
       port 443 with protocol https
    then alert
    The SSL version is auto-detected. The old statement can still be used if SSL version needs to be specified.
  • Fixed: Issue #59, Issue #88: Some systems with upstart (e.g. RHEL/CentOS) had problems with Monit's restart action which consists of a stop/start sequence. Monit now waits synchronously for the process to exit on stop and for the process to start on start
  • Fixed: Issue #54: MySQL protocol test. Anonymous login is no longer attempted so the MySQL server does not log a failed login attempt if anonymous login is turned off (recommended).
  • Fixed: Issue #64: Resets counter once a service has successfully restarted
  • New: Issue #84. You can now test for '\0' in an expect string. We escape '\0' as "\0", that is, a '\' followed by the ASCII value for 0 (48). For instance, here is how to test for an expect string that starts with NUL followed by any number of characters: expect "^[\\]0.*".
  • Fixed: Issue #55: Only run cron style checks once per minute. Minute is the lowest resolution in the cron string, but if poll-cycle time is lower than one minute the check could run several times in a minute
  • Fixed: Issue #78: Include open slots in Apache status check calculations
  • Fixed: Issue #57: Inode usage check and space usage check now show correct result for large filesystems on 32-bit platforms.
  • Fixed: Issue #70: Removed newline in Monit's $ENV strings
  • Fixed: Issue #72: Monit no longer requires a start, stop or restart program defined for a check.
  • Fixed: P.R. #17: Bug fix, missing "check file" target files result in error "Invalid checksum" sha1 has a string length of 40. Thanks to Michael Schenck.
  • Fixed: P.R. #18: Add missing space in the timeout text in UI. Thanks to Christian Rinjes.
  • Fixed: Issue #71: Subtract SLAB reclaimable memory from the system memory usage on Linux
  • Fixed: Support TLSv1.1 and TLSv1.2 in "set mailserver"
  • Fixed: Sporadic "PPID changed from 0 to ..." alert after process restart
  • Fixed: PID/PPID changed events were sometimes triggered after program restart
  • Fixed: Linux: filesystem space usage on some network based filesystems such as sshfs
  • Fixed: Automatically reload Monit if ID was reset using --resetid CLI option. If Monit's ID file is missing on Monit quit it is no longer recreated with current runtime ID. This allow resetting Monit's ID without having to stop Monit first.
  • Fixed: Improved speed of send/expect protocol test
  • Fixed: Fixed SMTP protocol test to check the response code

Version 5.8.1

Released on 12 May 2014
  • Fixed: Monit XML may be invalid if port check with custom HTTP protocol request contains ampersand. Thanks to Markus Juenemann for report.
  • Fixed: Monit 5.8 added extra socket poll time which showed up as plus ~ 0.5 sec in M/Monit's port response charts. This release removes this extra poll time which is not needed.
  • Fixed: If the process is not running, do not call stop program during restart (back to Monit 5.6 behavior).
  • Fixed: Do graceful TCP close for TCP/UDP port test instead of RST.
  • Fixed: Fix the "start/stop/restart program not defined" error for non-process service types.
  • Fixed: FreeBSD jail system memory usage report.
  • Fixed: Monit 5.8 crash (issue #37)

Version 5.8.0

Released on 27 Mar 2014
  • New: Monit previously purged the environment so sub-processes started by Monit only had a spartan PATH set and no other environment variables to speak off. The rationale for this functionality was security and control over the path and other env variables. Unfortunately, this created a lot of problems when programs or scripts started by Monit depended on env. vars. With this release Monit no longer purge the environment before starting a new processes. Instead, the environment Monit had at startup is made available to sub-processes
  • New: Command line option to view Monit ID -i/--id
  • New: Command line option to reset Monit ID -r/--resetid
  • New: Client support for using TLS version 1.1 and 1.2. A recent 1.x version of OpenSSL is required and of course that the server speaks this TLS version. At this time, not many does. Example:
    if failed 
       port 443 with type TCPSSL tlsv11 
       protocol http
    then alert
  • New: Process UID, EUID and GID tests. Allows to test if the process is running as a given user. Example:
    check process syslog with pidfile /var/run/rsyslogd.pid
          if failed uid  "syslog" then alert
          if failed euid "syslog" then alert
          if failed gid  "syslog" then alert
  • New: WebSocket protocol test for testing web-socket servers. Example:
    check host websocket.org with address "echo.websocket.org"
          if failed 
             port 80 protocol websocket
             host "echo.websocket.org"
             request "/"
             origin "http://www.websocket.com"
             version 13
          then alert
  • New: Simplified HTTP protocol test to allow testing content without creating an URL object. It is now possible to write in a more natural way,
    check host mmonit.com with address mmonit.com
          if failed 
             port 80 protocol http
             and request /monit/ with content = "Monit [0-9.]+"
          then alert
  • New: The HTTP protocol test now support testing HTTP status code returned by the server by using status <operator> <number>
    if failed 
       port 80 protocol http
       and status < 400
    then alert
    Inverse test. Return error if a page does exist:
    if failed 
       port 80 protocol http
       request "/some/page"
       status = 404
    then alert
  • Fixed: Cleaned up, restructured and simplified the Monit manual.
  • Fixed: Unix Socket test now use the communication type (TCP or UDP) specified in port statement. Previously TCP was always used.
  • Fixed: Improved test to check if a socket was connected. Since we use non-blocking connect, we now poll a few ms to avoid "connection failed, XXX is not ready for i|o" errors which could occur, especially on high latency networks or long distance connect.
  • Fixed: Simplified if-statements reported in UI
  • Fixed: Ignore lines starting with '#' in an 'allow htpasswd' file. Thanks to Michael Bakker for reporting this issue
  • Fixed: Show service restart program on Monit startup in debug mode. Thanks to Michael Bakker for reporting this issue

Version 5.7.0

Released on 20 Feb 2014
  • New: Merged pull-request from Philippe Kueck:
    1. Handle sockets (unix domain) as regular files when checking timestamp
    2. Use mysql 4.1 protocol in MySQL check, required for checking mysql-proxy
    3. Skip connection checks during startup timeout
  • New: Arguments added to 'check program'. Arguments are whitespace separated strings. For instance:
    check program list-files with path "/bin/ls -l -r -t /tmp" 
          if status != 0 then alert
  • New: Implemented restart as an optional service action. When Monit is called to restart a service, it previously called the stop program registered with the service and then the start program. Now, if a restart program is registered with the service, this will be called instead, otherwise Monit falls back to its old behavior. Example:
    check process apache with pidfile /var/run/httpd.pid
          start   = "/usr/sbin/apachectl start"
          stop    = "/usr/sbin/apachectl stop"
          restart = "/usr/sbin/apachectl restart" <- New
  • New: Improved communication with M/Monit. Thanks to Hippo Lin. For scalability purpose, this Monit version should only be used with M/Monit version 3.1 or later.
  • Fixed: Monit could stop due to an assert if an error occurred during MTA connection close
  • Fixed: Make the Memcache protocol test faster
  • Fixed: Solaris zone: fix system memory usage report
  • Fixed: Use SSL chiper list with server instead of relying on default