496 lines
14 KiB
Django/Jinja
496 lines
14 KiB
Django/Jinja
# This is a configuration file for Zabbix agent daemon (Unix)
|
|
# To get more information about Zabbix, visit http://www.zabbix.com
|
|
|
|
############ GENERAL PARAMETERS #################
|
|
|
|
### Option: PidFile
|
|
# Name of PID file.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# PidFile=/tmp/zabbix_agentd.pid
|
|
|
|
PidFile=/var/run/zabbix/zabbix_agentd.pid
|
|
|
|
### Option: LogType
|
|
# Specifies where log messages are written to:
|
|
# system - syslog
|
|
# file - file specified with LogFile parameter
|
|
# console - standard output
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# LogType=file
|
|
|
|
### Option: LogFile
|
|
# Log file name for LogType 'file' parameter.
|
|
#
|
|
# Mandatory: yes, if LogType is set to file, otherwise no
|
|
# Default:
|
|
# LogFile=
|
|
|
|
LogFile={{ zabbix_agent_log_dir }}/zabbix_agentd.log
|
|
|
|
### Option: LogFileSize
|
|
# Maximum size of log file in MB.
|
|
# 0 - disable automatic log rotation.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1024
|
|
# Default:
|
|
# LogFileSize=1
|
|
#
|
|
# The packages install a logrotate directive, so stick to 0
|
|
|
|
LogFileSize=0
|
|
|
|
### Option: DebugLevel
|
|
# Specifies debug level:
|
|
# 0 - basic information about starting and stopping of Zabbix processes
|
|
# 1 - critical information
|
|
# 2 - error information
|
|
# 3 - warnings
|
|
# 4 - for debugging (produces lots of information)
|
|
# 5 - extended debugging (produces even more information)
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-5
|
|
# Default:
|
|
# DebugLevel=3
|
|
DebugLevel={{ zabbix_agent_debuglevel }}
|
|
|
|
### Option: SourceIP
|
|
# Source IP address for outgoing connections.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# SourceIP=
|
|
SourceIP={{ zabbix_agent_source_ip }}
|
|
### Option: EnableRemoteCommands
|
|
# Whether remote commands from Zabbix server are allowed.
|
|
# 0 - not allowed
|
|
# 1 - allowed
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# EnableRemoteCommands=0
|
|
EnableRemoteCommands={{ zabbix_agent_enable_remotecommands }}
|
|
|
|
### Option: LogRemoteCommands
|
|
# Enable logging of executed shell commands as warnings.
|
|
# 0 - disabled
|
|
# 1 - enabled
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# LogRemoteCommands=0
|
|
LogRemoteCommands={{ zabbix_agent_log_remotecommands }}
|
|
|
|
##### Passive checks related
|
|
|
|
### Option: Server
|
|
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
|
|
# Incoming connections will be accepted only from the hosts listed here.
|
|
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
|
|
# and '::/0' will allow any IPv4 or IPv6 address.
|
|
# '0.0.0.0/0' can be used to allow any IPv4 address.
|
|
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
|
|
#
|
|
# Mandatory: yes, if StartAgents is not explicitly set to 0
|
|
# Default:
|
|
# Server=
|
|
|
|
{% if zabbix_agent_passive_checks_status == "enabled" %}
|
|
Server=127.0.0.1,{{ zabbix_server_allowed_hosts }}
|
|
{% else %}
|
|
Server=127.0.0.1
|
|
{% endif %}
|
|
|
|
### Option: ListenPort
|
|
# Agent will listen on this port for connections from the server.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1024-32767
|
|
# Default:
|
|
# ListenPort=10050
|
|
ListenPort={{ zabbix_agent_tcp_port }}
|
|
|
|
### Option: ListenIP
|
|
# List of comma delimited IP addresses that the agent should listen on.
|
|
# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# ListenIP=0.0.0.0
|
|
ListenIP={{ zabbix_agent_listen_ip }}
|
|
|
|
### Option: StartAgents
|
|
# Number of pre-forked instances of zabbix_agentd that process passive checks.
|
|
# If set to 0, disables passive checks and the agent will not listen on any TCP port.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-100
|
|
# Default:
|
|
# StartAgents=3
|
|
{% if zabbix_agent_passive_checks_status == "enabled" %}
|
|
StartAgents={{ zabbix_agent_start_agents}}
|
|
{% else %}
|
|
StartAgents=0
|
|
{% endif %}
|
|
|
|
##### Active checks related
|
|
|
|
### Option: ServerActive
|
|
# List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks.
|
|
# If port is not specified, default port is used.
|
|
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
|
|
# If port is not specified, square brackets for IPv6 addresses are optional.
|
|
# If this parameter is not specified, active checks are disabled.
|
|
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# ServerActive=
|
|
|
|
ServerActive={{ zabbix_server_active_hosts }}
|
|
|
|
### Option: Hostname
|
|
# Unique, case sensitive hostname.
|
|
# Required for active checks and must match hostname as configured on the server.
|
|
# Value is acquired from HostnameItem if undefined.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# Hostname=
|
|
|
|
Hostname={{ zabbix_agent_hostname }}
|
|
|
|
### Option: HostnameItem
|
|
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
|
|
# Does not support UserParameters or aliases.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# HostnameItem=system.hostname
|
|
|
|
### Option: HostMetadata
|
|
# Optional parameter that defines host metadata.
|
|
# Host metadata is used at host auto-registration process.
|
|
# An agent will issue an error and not start if the value is over limit of 255 characters.
|
|
# If not defined, value will be acquired from HostMetadataItem.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-255 characters
|
|
# Default:
|
|
# HostMetadata=
|
|
{% if zabbix_authentication_method == "psk" %}
|
|
HostMetadata={{ ansible_system }} {{ zabbix_psk_string }}
|
|
{% else %}
|
|
HostMetadata={{ ansible_system }}
|
|
{% endif %}
|
|
|
|
### Option: HostMetadataItem
|
|
# Optional parameter that defines an item used for getting host metadata.
|
|
# Host metadata is used at host auto-registration process.
|
|
# During an auto-registration request an agent will log a warning message if
|
|
# the value returned by specified item is over limit of 255 characters.
|
|
# This option is only used when HostMetadata is not defined.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# HostMetadataItem=
|
|
|
|
### Option: RefreshActiveChecks
|
|
# How often list of active checks is refreshed, in seconds.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 60-3600
|
|
# Default:
|
|
# RefreshActiveChecks=120
|
|
|
|
### Option: BufferSend
|
|
# Do not keep data longer than N seconds in buffer.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-3600
|
|
# Default:
|
|
# BufferSend=5
|
|
|
|
### Option: BufferSize
|
|
# Maximum number of values in a memory buffer. The agent will send
|
|
# all collected data to Zabbix Server or Proxy if the buffer is full.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 2-65535
|
|
# Default:
|
|
# BufferSize=100
|
|
|
|
### Option: MaxLinesPerSecond
|
|
# Maximum number of new lines the agent will send per second to Zabbix Server
|
|
# or Proxy processing 'log' and 'logrt' active checks.
|
|
# The provided value will be overridden by the parameter 'maxlines',
|
|
# provided in 'log' or 'logrt' item keys.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-1000
|
|
# Default:
|
|
# MaxLinesPerSecond=20
|
|
|
|
############ ADVANCED PARAMETERS #################
|
|
|
|
### Option: Alias
|
|
# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
|
|
# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
|
|
# Different Alias keys may reference the same item key.
|
|
# For example, to retrieve the ID of user 'zabbix':
|
|
# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
|
|
# Now shorthand key zabbix.userid may be used to retrieve data.
|
|
# Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
|
|
#
|
|
# Mandatory: no
|
|
# Range:
|
|
# Default:
|
|
|
|
### Option: Timeout
|
|
# Spend no more than Timeout seconds on processing
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-30
|
|
# Default:
|
|
# Timeout=3
|
|
Timeout={{ zabbix_agent_processing_timeout }}
|
|
|
|
### Option: AllowRoot
|
|
# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
|
|
# will try to switch to the user specified by the User configuration option instead.
|
|
# Has no effect if started under a regular user.
|
|
# 0 - do not allow
|
|
# 1 - allow
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
AllowRoot=0
|
|
|
|
### Option: User
|
|
# Drop privileges to a specific, existing user on the system.
|
|
# Only has effect if run as 'root' and AllowRoot is disabled.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
User=zabbix
|
|
|
|
### Option: Include
|
|
# You may include individual files or all files in a directory in the configuration file.
|
|
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# Include=
|
|
|
|
Include={{ zabbix_agent_include_conf_dir }}/*.conf
|
|
|
|
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
|
|
# Include=/usr/local/etc/zabbix_agentd.conf.d/
|
|
# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
|
|
|
|
####### USER-DEFINED MONITORED PARAMETERS #######
|
|
|
|
### Option: UnsafeUserParameters
|
|
# Allow all characters to be passed in arguments to user-defined parameters.
|
|
# The following characters are not allowed:
|
|
# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
|
|
# Additionally, newline characters are not allowed.
|
|
# 0 - do not allow
|
|
# 1 - allow
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1
|
|
# Default:
|
|
UnsafeUserParameters=0
|
|
|
|
### Option: UserParameter
|
|
# User-defined parameter to monitor. There can be several user-defined parameters.
|
|
# Format: UserParameter=<key>,<shell command>
|
|
# See 'zabbix_agentd' directory for examples.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# UserParameter=
|
|
|
|
####### LOADABLE MODULES #######
|
|
|
|
### Option: LoadModulePath
|
|
# Full path to location of agent modules.
|
|
# Default depends on compilation options.
|
|
# To see the default path run command "zabbix_agentd --help".
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# LoadModulePath=${libdir}/modules
|
|
|
|
### Option: LoadModule
|
|
# Module to load at agent startup. Modules are used to extend functionality of the agent.
|
|
# Formats:
|
|
# LoadModule=<module.so>
|
|
# LoadModule=<path/module.so>
|
|
# LoadModule=</abs_path/module.so>
|
|
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
|
|
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
|
|
# It is allowed to include multiple LoadModule parameters.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# LoadModule=
|
|
|
|
####### TLS-RELATED PARAMETERS #######
|
|
|
|
### Option: TLSConnect
|
|
# How the agent should connect to server or proxy. Used for active checks.
|
|
# Only one value can be specified:
|
|
# unencrypted - connect without encryption
|
|
# psk - connect using TLS and a pre-shared key
|
|
# cert - connect using TLS and a certificate
|
|
#
|
|
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
|
|
# Default:
|
|
# TLSConnect=unencrypted
|
|
TLSConnect={{ zabbix_authentication_method }}
|
|
|
|
### Option: TLSAccept
|
|
# What incoming connections to accept.
|
|
# Multiple values can be specified, separated by comma:
|
|
# unencrypted - accept connections without encryption
|
|
# psk - accept connections secured with TLS and a pre-shared key
|
|
# cert - accept connections secured with TLS and a certificate
|
|
#
|
|
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
|
|
# Default:
|
|
# TLSAccept=unencrypted
|
|
TLSAccept={{ zabbix_authentication_method }}
|
|
|
|
### Option: TLSCAFile
|
|
# Full pathname of a file containing the top-level CA(s) certificates for
|
|
# peer certificate verification.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCAFile=
|
|
|
|
### Option: TLSCRLFile
|
|
# Full pathname of a file containing revoked certificates.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCRLFile=
|
|
|
|
### Option: TLSServerCertIssuer
|
|
# Allowed server certificate issuer.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSServerCertIssuer=
|
|
|
|
### Option: TLSServerCertSubject
|
|
# Allowed server certificate subject.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSServerCertSubject=
|
|
|
|
### Option: TLSCertFile
|
|
# Full pathname of a file containing the agent certificate or certificate chain.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCertFile=
|
|
|
|
### Option: TLSKeyFile
|
|
# Full pathname of a file containing the agent private key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSKeyFile=
|
|
|
|
### Option: TLSPSKIdentity
|
|
# Unique, case sensitive string used to identify the pre-shared key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSPSKIdentity=
|
|
{% if zabbix_authentication_method == "psk" %}
|
|
TLSPSKIdentity={{ zabbix_psk_identity }}
|
|
|
|
### Option: TLSPSKFile
|
|
# Full pathname of a file containing the pre-shared key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSPSKFile=
|
|
TLSPSKFile={{ zabbix_agent_psk_file }}
|
|
{% endif %}
|
|
####### For advanced users - TLS ciphersuite selection criteria #######
|
|
|
|
### Option: TLSCipherCert13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for certificate-based encryption.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherCert13=
|
|
|
|
### Option: TLSCipherCert
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for certificate-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
|
|
# Example for OpenSSL:
|
|
# EECDH+aRSA+AES128:RSA+aRSA+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherCert=
|
|
|
|
### Option: TLSCipherPSK13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for PSK-based encryption.
|
|
# Example:
|
|
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherPSK13=
|
|
|
|
### Option: TLSCipherPSK
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for PSK-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
|
|
# Example for OpenSSL:
|
|
# kECDHEPSK+AES128:kPSK+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherPSK=
|
|
|
|
### Option: TLSCipherAll13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
|
|
# Example:
|
|
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherAll13=
|
|
|
|
### Option: TLSCipherAll
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
|
|
# Example for OpenSSL:
|
|
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherAll=
|