MUNIN-NODE.CONF(5)



MUNIN-NODE.CONF(5)            Munin Documentation           MUNIN-NODE.CONF(5)

NAME
       munin-node.conf - Munin-node configuration file

DESCRIPTION
       munin-node.conf is the configuration file for "munin-node", the agent
       that Munin fetches data from.

       The format is dictated by the use of "Net::Server". A look at "perldoc
       Net::Server" will give a list of options that the file supports by
       using the module.  This page mainly covers the Munin-specific
       extensions.

       The following options are of special interest:

       allow RE
            IP based access list is implemented through this. The statement
            may be repeated many times.  It's important to note that it's
            actually a regular expression after the keyword so to allow
            localhost it must be written like this:

                  allow ^127\.0\.0\.1$

       cidr_allow NETWORK/MASK
            An alternative to "allow RE".  This allows the access list to be
            specified in CIDR format.  For instance, "cidr_allow 192.0.2.0/24"
            would allow connections from any IP from 192.0.2.1 to 192.0.2.254.

            And "cidr_allow 127.0.0.1/32" is the equivalent to the example
            above.  Note that the netmask must be provided, even though it's
            just "/32".

            This option requires that the "Net::CIDR" Perl module be
            installed.

       host IP
            The IP number of the interface munin-node should listen on.  By
            default munin-node listens to all interfaces.  To make munin-node
            listen only on the localhost interface - making it unavailable
            from the network do this:

                  host 127.0.0.1

   Additional options:
       host_name <host>
            If set, overrides the hostname munin-node uses in its
            'hello'-negotiation with munin. A "telnet localhost 4949" will
            show the hostname munin-node is currently using. If munin-node and
            the main munin installation do not agree on the hostname, munin
            will skip all the plugins of the machine in question.

       paranoia <yes|no|true|false|on|off|1|0>
            If set, checks permissions of plugin files, and only tries to run
            files owned by root. Default on.

       ignore_file <regex>
            Files matching <regex> in the node.d/ and node-conf.d/ directories
            will be overlooked.

       tls <value>
            Can have four values. "paranoid", "enabled", "auto", and
            "disabled".  "Paranoid" and "enabled" require a TLS connection,
            while "disabled" will not attempt one at all.

            The current default is "disabled" because "auto" is broken.
            "Auto" causes bad interaction between munin-update and munin-node
            if the node is unprepared to go to TLS.

            If you see data dropouts (gaps in graphs) please try to disable
            TLS.

       tls_verify_certificate <value>
            This directive can be "yes" or "no".  It determines if the remote
            certificate needs to be signed by a CA that is known locally.
            Default is "no".

       tls_private_key <value>
            This directive sets the location of the private key to be used for
            TLS.  Default is /etc/munin/munin-node.pem.  The private key and
            certificate can be stored in the same file.

       tls_certificate <value>
            This directive sets the location of the TLS certificate to be used
            for TLS.  Default is /etc/munin/munin-node.pem.  The private key
            and certificate can be stored in the same file.

       tls_ca_certificate <value>
            This directive sets the CA certificate to be used to verify the
            node's certificate, if tls_verify_certificate is set to "yes".
            Default is /etc/munin/cacert.pem.

       tls_verify_depth <value>
            This directive sets how many signings up a chain of signatures TLS
            is willing to go to reach a known, trusted CA when verifying a
            certificate.  Default is 5.

       tls_match <value>
            This directive, if defined, searches a dump of the certificate
            provided by the remote host for the given regex.  The dump of the
            certificate is two lines of the form:

                    Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
                    Issuer  Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email

            So, for example, one could match the subject distinguished name by
            the directive:

                    tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email

            Note that the fields are dumped in the order they appear in the
            certificate.  It's best to view the dump of the certificate by
            running munin-update in debug mode and reviewing the logs.

            Unfortunately, due to the limited functionality of the SSL module
            in use, it is not possible to provide finer-grained filtering.  By
            default this value is not defined.

EXAMPLE
       A pretty normal configuration file:

               log_level 4
               log_file /var/log/munin/munin-node.log
               port 4949
               pid_file /var/run/munin-node.pid
               background 1
               setsid 1

               host *
               user root
               group root
               setsid yes

               ignore_file \.bak$
               ignore_file \.rpm(save|new)$
               ignore_file ^README$

               allow ^127\.0\.0\.1$

               ignore_file \.dpkg-(old|new)$
               ignore_file \.rpm(save|new)$

       See the documentation or Munin homepage <http://munin-monitoring.org/>
       for more info.

AUTHORS
       Jimmy Olsen.

COPYRIGHT
       Copyright (C) 2002-2006 Audun Ytterdal, Jimmy Olsen, Dagfin Ilmari
       MansXker, Nicolai Langfeldt

       This is free software; see the source for copying conditions. There is
       NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
       PURPOSE.

       This program is released under the GNU General Public License

2.0.63                            2020-06-08                MUNIN-NODE.CONF(5)

Man(1) output converted with man2html
list of all man pages