Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
MUNIN-NODE.CONF(5)	      Munin Documentation	    MUNIN-NODE.CONF(5)

NAME
       munin-node.conf - Munin-node configuration file

DESCRIPTION
       munin-node.conf is the configuration file for "munin-node", the agent
       that Munin fetches data from.

       The format is dictated by the use of "Net::Server". A look at "perldoc
       Net::Server" will give a	list of	options	that the file supports by
       using the module.  This page mainly covers the Munin-specific
       extensions.

       The following options are of special interest:

       allow RE
	    IP	based  access  list is implemented through this. The statement
	    may	be repeated many times.	 It's  important  to  note  that  it's
	    actually  a	 regular  expression  after  the  keyword  so to allow
	    localhost it must be written like this:

		  allow	^127\.0\.0\.1$

       cidr_allow NETWORK/MASK
	    An alternative to "allow RE".  This	allows the access list	to  be
	    specified in CIDR format.  For instance, "cidr_allow 192.0.2.0/24"
	    would allow	connections from any IP	from 192.0.2.1 to 192.0.2.254.

	    And	 "cidr_allow  127.0.0.1/32"  is	 the equivalent	to the example
	    above.  Note that the netmask must be provided, even  though  it's
	    just "/32".

	    This   option   requires  that  the	 "Net::CIDR"  Perl  module  be
	    installed.

       host IP
	    The	IP number of the interface munin-node should  listen  on.   By
	    default  munin-node	listens	to all interfaces.  To make munin-node
	    listen only	on the localhost interface  -  making  it  unavailable
	    from the network do	this:

		  host 127.0.0.1

   Additional options:
       host_name <host>
	    If	 set,	overrides   the	  hostname   munin-node	 uses  in  its
	    'hello'-negotiation	with munin. A  "telnet	localhost  4949"  will
	    show the hostname munin-node is currently using. If	munin-node and
	    the	 main  munin  installation do not agree	on the hostname, munin
	    will skip all the plugins of the machine in	question.

       paranoia	<yes|no|true|false|on|off|1|0>
	    If set, checks permissions of plugin files,	and only tries to  run
	    files owned	by root. Default on.

       ignore_file <regex>
	    Files matching <regex> in the node.d/ and node-conf.d/ directories
	    will be overlooked.

       tls <value>
	    Can	  have	 four	values.	 "paranoid",  "enabled",  "auto",  and
	    "disabled".	 "Paranoid" and	"enabled" require  a  TLS  connection,
	    while "disabled" will not attempt one at all.

	    The	 current  default  is  "disabled"  because  "auto"  is broken.
	    "Auto" causes bad interaction between munin-update and  munin-node
	    if the node	is unprepared to go to TLS.

	    If	you  see  data dropouts	(gaps in graphs) please	try to disable
	    TLS.

       tls_verify_certificate <value>
	    This directive can be "yes"	or "no".  It determines	if the	remote
	    certificate	 needs	to  be	signed	by a CA	that is	known locally.
	    Default is "no".

       tls_private_key <value>
	    This directive sets	the location of	the private key	to be used for
	    TLS.  Default is /usr/local/etc/munin/munin-node.pem.  The private
	    key	and certificate	can be stored in the same file.

       tls_certificate <value>
	    This directive sets	the location of	the TLS	certificate to be used
	    for	TLS.   Default	is  /usr/local/etc/munin/munin-node.pem.   The
	    private key	and certificate	can be stored in the same file.

       tls_ca_certificate <value>
	    This  directive  sets  the CA certificate to be used to verify the
	    node's certificate,	if tls_verify_certificate  is  set  to	"yes".
	    Default is /usr/local/etc/munin/cacert.pem.

       tls_verify_depth	<value>
	    This directive sets	how many signings up a chain of	signatures TLS
	    is	willing	 to  go	 to reach a known, trusted CA when verifying a
	    certificate.  Default is 5.

       tls_match <value>
	    This directive, if defined,	searches a  dump  of  the  certificate
	    provided  by the remote host for the given regex.  The dump	of the
	    certificate	is two lines of	the form:

		    Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
		    Issuer  Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email

	    So,	for example, one could match the subject distinguished name by
	    the	directive:

		    tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email

	    Note that the fields are dumped in the order they  appear  in  the
	    certificate.   It's	 best  to  view	the dump of the	certificate by
	    running munin-update in debug mode and reviewing the logs.

	    Unfortunately, due to the limited functionality of the SSL	module
	    in use, it is not possible to provide finer-grained	filtering.  By
	    default this value is not defined.

EXAMPLE
       A pretty	normal configuration file:

	       log_level 4
	       log_file	/var/log/munin/munin-node.log
	       port 4949
	       pid_file	/var/run/munin-node.pid
	       background 1
	       setsid 1

	       host *
	       user root
	       group root
	       setsid yes

	       ignore_file \.bak$
	       ignore_file \.rpm(save|new)$
	       ignore_file ^README$

	       allow ^127\.0\.0\.1$

	       ignore_file \.dpkg-(old|new)$
	       ignore_file \.rpm(save|new)$

       See  the	documentation or Munin homepage	<http://munin-monitoring.org/>
       for more	info.

AUTHORS
       Jimmy Olsen.

COPYRIGHT
       Copyright (C) 2002-2006 Audun  Ytterdal,	 Jimmy	Olsen,	Dagfin	Ilmari
       MansXker, Nicolai Langfeldt

       This  is	free software; see the source for copying conditions. There is
       NO warranty; not	even for MERCHANTABILITY or FITNESS FOR	 A  PARTICULAR
       PURPOSE.

       This program is released	under the GNU General Public License

2.0.76				  2024-05-17		    MUNIN-NODE.CONF(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=munin-node.conf&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help