SIMPLE SOLUTIONS

MUNIN-NODE.CONF(5) - Linux man page online | File formats

Munin-node configuration file.

Chapter
2018-05-11
MUNIN-NODE.CONF(5) Munin Documentation MUNIN-NODE.CONF(5)

NAME

munin-node.conf - Munin-node configuration file

DESCRIPTION

munin-node.conf is the configuration file for "munin-node", the agent that Munin fetches data from. The format is dictated by the use of "Net::Server". A look at "perldoc Net::Server" will give a list of options that the file supports by using the module. This page mainly covers the Munin-specific extensions. The following options are of special interest: allow RE IP based access list is implemented through this. The statement may be repeated many times. It's important to note that it's actually a regular expression after the keyword so to allow localhost it must be written like this: allow ^127\.0\.0\.1$ cidr_allow NETWORK/MASK An alternative to "allow RE". This allows the access list to be specified in CIDR format. For instance, "cidr_allow 192.0.2.0/24" would allow connections from any IP from 192.0.2.1 to 192.0.2.254. And "cidr_allow 127.0.0.1/32" is the equivalent to the example above. Note that the netmask must be provided, even though it's just "/32". This option requires that the "Net::CIDR" Perl module be installed. host IP The IP number of the interface munin-node should listen on. By default munin-node listens to all interfaces. To make munin-node listen only on the localhost interface - making it unavailable from the network do this: host 127.0.0.1 Additional options: host_name <host> If set, overrides the hostname munin-node uses in its 'hello'-negotiation with munin. A "telnet localhost 4949" will show the hostname munin-node is currently using. If munin-node and the main munin installation do not agree on the hostname, munin will skip all the plugins of the machine in question. paranoia <yes|no|true|false|on|off|1|0> If set, checks permissions of plugin files, and only tries to run files owned by root. Default on. ignore_file <regex> Files matching <regex> in the node.d/ and node-conf.d/ directories will be overlooked. tls <value> Can have four values. "paranoid", "enabled", "auto", and "disabled". "Paranoid" and "enabled" require a TLS connection, while "disabled" will not attempt one at all. The current default is "disabled" because "auto" is broken. "Auto" causes bad interaction between munin-update and munin-node if the node is unprepared to go to TLS. If you see data dropouts (gaps in graphs) please try to disable TLS. tls_verify_certificate <value> This directive can be "yes" or "no". It determines if the remote certificate needs to be signed by a CA that is known locally. Default is "no". tls_private_key <value> This directive sets the location of the private key to be used for TLS. Default is /etc/munin/munin-node.pem. The private key and certificate can be stored in the same file. tls_certificate <value> This directive sets the location of the TLS certificate to be used for TLS. Default is /etc/munin/munin-node.pem. The private key and certificate can be stored in the same file. tls_ca_certificate <value> This directive sets the CA certificate to be used to verify the node's certificate, if tls_verify_certificate is set to "yes". Default is /etc/munin/cacert.pem. tls_verify_depth <value> This directive sets how many signings up a chain of signatures TLS is willing to go to reach a known, trusted CA when verifying a certificate. Default is 5. tls_match <value> This directive, if defined, searches a dump of the certificate provided by the remote host for the given regex. The dump of the certificate is two lines of the form: Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email Issuer Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email So, for example, one could match the subject distinguished name by the directive: tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email Note that the fields are dumped in the order they appear in the certificate. It's best to view the dump of the certificate by running munin-update in debug mode and reviewing the logs. Unfortunately, due to the limited functionality of the SSL module in use, it is not possible to provide finer-grained filtering. By default this value is not defined.

EXAMPLE

A pretty normal configuration file: log_level 4 log_file /var/log/munin/munin-node.log port 4949 pid_file /var/run/munin-node.pid background 1 setsid 1 host * user root group root setsid yes ignore_file \.bak$ ignore_file \.rpm(save|new)$ ignore_file ^README$ allow ^127\.0\.0\.1$ ignore_file \.dpkg-(old|new)$ ignore_file \.rpm(save|new)$ See the documentation or Munin homepage <http://munin-monitoring.org/> for more info.

AUTHORS

Jimmy Olsen.
Copyright (C) 2002-2006 Audun Ytterdal, Jimmy Olsen, Dagfin Ilmari MansXker, Nicolai Langfeldt This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This program is released under the GNU General Public License
2.0.37-1ubuntu0.1 2018-05-11 MUNIN-NODE.CONF(5)
Download raw manual
Main page Munin Documentation (+8) 2.0.37-1ubuntu0.1 (+8) № 5 (+2141)
Go top