"
Very basic adding alerts on certificate fail, to know before your users and before its an issue.
There were about two topics on this which are closed and no actual answer.
Prequisites:
Have working ACME setup
Get monit service to work and send mail (there are many howtos on this)
What to do:
In monit settings Create a new test in "Service Test Settings":
Name: Acme_failed
condition: content = "failed"
Action: Alert
Create new in monit "Service Settings"
Name: Acme_failed
type: File
Path: /var/log/system/latest.log
Tests: select the test you created: "Acme_failed", you can probably add here all tests that look in the general log to this setting.
In the monit "Alert Settings" edit your working alert or create a new working one.
Events: Add "Content failed"
Thats it, don't forget to save and apply to everything (i alwas fail on this LOL)
Just an example of my Mail format in the alert:
reply-to: opnsense@xxxxx.co
From: FireWall <xxxx@xxxxx.co>
Subject: OPNSense $HOST Alerts $SERVICE
Message:
$HOST
$EVENT
$SERVICE
$DATE
$DESCRIPTION
$ACTION
Yes i know looking for "failed" in the general logs could be an issue, but i'm only getting alerts on ACME "failed" so worse case i will get something else which have failed which i don't know even exist, thats good as long as i'm not spammed with "failed" email alerts.
You can probably have some regexp that will look for ACME and failed.
There were about two topics on this which are closed and no actual answer.
Prequisites:
Have working ACME setup
Get monit service to work and send mail (there are many howtos on this)
What to do:
In monit settings Create a new test in "Service Test Settings":
Name: Acme_failed
condition: content = "failed"
Action: Alert
Create new in monit "Service Settings"
Name: Acme_failed
type: File
Path: /var/log/system/latest.log
Tests: select the test you created: "Acme_failed", you can probably add here all tests that look in the general log to this setting.
In the monit "Alert Settings" edit your working alert or create a new working one.
Events: Add "Content failed"
Thats it, don't forget to save and apply to everything (i alwas fail on this LOL)
Just an example of my Mail format in the alert:
reply-to: opnsense@xxxxx.co
From: FireWall <xxxx@xxxxx.co>
Subject: OPNSense $HOST Alerts $SERVICE
Message:
$HOST
$EVENT
$SERVICE
$DATE
$DESCRIPTION
$ACTION
Yes i know looking for "failed" in the general logs could be an issue, but i'm only getting alerts on ACME "failed" so worse case i will get something else which have failed which i don't know even exist, thats good as long as i'm not spammed with "failed" email alerts.
You can probably have some regexp that will look for ACME and failed.
