Chef cookbook to install chef-logmon and chef-worker inside your chef environment.
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

#NOTES Checkout the documentation on the wiki for a step by step intallation.

You will need to have the following packages installed before the monitor can work:

  • private-chef-11.0.2-1.el6.x86_64.rpm
  • opscode-manage-1.1.0-1.el6.x86_64.rpm


Attribute prefix is: ['chef_monitor']

Key Type Description Default
['download_path'] string Download dir for storing the files "/opt/chef-monitor/orgs"
['install_dir'] string Install dir for the tools "/opt/chef-monitor"
['client_key'] string Path to client pem file for authentication "/opt/chef-monitor/monitor.pem"
['node_name'] string Client name for authentication "monitor"
['mq_server'] string IP address or name of the RabbitMQ Server ""
['mq_queue'] string Queue name for the RabbitMQ Server "chef_monitor_tasks"
['mon_file'] string Path to the nginx access logfile to monitor "/var/log/opscode/nginx/access.log"
['chef_url'] string IP address or name of the chef server ""
['log_dir'] string Directory for the log files "/var/log/chef-monitor"
['pid_dir'] string Directory for the pid files "/var/run/chef-monitor"
['emaildomain'] string Your domain name ""
['project'] string Your project name, used in the emailsubject "CHEF_PROD"
['orgs'] hash Your organizations that you want to monitor "{ "org": { "tag": "ORG", "mailinglist": "" } }"



This will install the chef-monitor gem and the needed configurations on the front-end (web) servers.

No real need to create a role for this, but if you want to do that and override the attributes then you can.


This will install the chef-monitor gem and the needed configurations on the back-end (database or monitoring) servers.

Create a role that contains the cookbook and the following attributes:

Role example:

  "name": "chef_monitor",
  "json_class": "Chef::Role",
  "default_attributes": {
    "chef_monitor": {
      "orgs": {
        "acme": { 
          "tag": "ACME",
          "mailinglist": ""
        "sushicorp": {
          "tag": "SUSHICORP",
          "mailinglist": ""
  "chef_type": "role",
  "run_list": [


This cookbook will configure the chef monitoring tool on your back and frontend servers.
The information here below is needed when you want to configure everything manually.

It has been tested on Centos 6.x


Chef monitor has two executables:

  • chef-logmon (this will be activated on all frontend servers)
  • chef-worker (this will be activated on your monitor/backend server)


When you have Chef in HA mode, your environment will look something like this:

HA Setup

 public zone   |        dmz zone        |       db zone
               |                        |
               |    frontend-server     |               backend-server
               |    webserver01         |          /    dbserver01
               |        |         /
               |                        |        /
  internet     |                        |  vip  <
               |                        |   ^    \
               |    frontend-server     |   |     \     backend-server
               |    webserver02         |   |      \    dbserver02
               |        |   | 
                                  | monitor-server |
                                        keepalived      | monserver01    |
                                                        |  |

When running this environment, I suggest you configure the new monitor server.
The Back-end server and monitor server can also be only one single server.
If you don't have HA mode, then the environment will look something like this:

Single Setup

 public zone   |    cloud server        |
               |                        |
               |    chefserver          |
  internet     |    chefserver01        |
               |        |
               |                        |


The logmon tool will run on every frontend server within your HA environment or on the
chefserver in a more basic environment and is responsible for the following tasks:

  • Tail your NGINX log and record all POST/PUTS/DELETES
  • This information is sent to your Rabbit-MQ server (which comes default with chef)

Basically every change that's being made to chef is registered within RabbitMQ.


The worker tool will run on your monitor server within the HA environment or on the chefserver in a more basic environment and is responsible for the following tasks:

  • Get the messages from RabbitMQ
  • Download the objects from chef that are changed
  • Commit the changes within a GIT repository

In this way every modified object is registered with a GIT commit and a POST-COMMIT script
will email the differences to any configured email address. This POST-COMMIT part is not
within the GEM, but comes with the chef-monitor chef cookbook.


In order to execute both tools, you will need the following configuration settings:

chef_url       ""
node_name      "monitor"
client_key     "/opt/chef-monitor/monitor.pem"
mq_server      ""
mq_queue       "monitor_tasks"
download_path  "/opt/chef-monitor/orgs"
log_dir        "/var/log/chef-monitor"
pid_dir        "/var/run/chef-monitor"
mon_file       "/var/log/opscode/nginx/access.log"

Save these settings into /opt/chef-monitor/config.rb (the cookbook will do this for you)
Make sure your monitor user is created on your chef server and has enough rights to download
all objects within your organization that you want to monitor.

Create a directory within your [download_path] with the same name as your organization.
Initialize this directory with the following commands:

git init  
touch dummy  
git add .
git commit -am "enable git control"

Add some git configuration settings for the POST-COMMIT script and chef-monitor tools.

git config hooks.mailinglist
git config hooks.emailprefix <YOUR_ORGANIZATION>
git config hooks.emaildomain

Set the project name within the gitrepo, so you can identify your chef environment.

echo MYCHEF > ./.git/description


After these settings, you should be able to run the tools:
On all your frontend servers:

chef-logmon run -- -C /opt/chef-monitor/config.rb     #<run interactive>
chef-logmon start -- -C /opt/chef-monitor/config.rb   #<run as service>
chef-logmon stop                                      #<stop service>

On your monitor server:

chef-worker run -- -C /opt/chef-monitor/config.rb     #<run interactive>
chef-worker start -- -C /opt/chef-monitor/config.rb   #<run as service>
chef-worker stop                                      #<stop service>