- Reference >
- Monitoring Agent >
- Monitoring Agent Configuration
Monitoring Agent Configuration¶
On this page
Warning
Do not edit these settings for a Monitoring Agent that is managed by an Automation Agent. If you do, the Automation Agent will overwrite any changes you make.
Configuration File¶
The location of the Monitoring Agent configuration file depends on your operating system:
RHEL, CentOS, Amazon Linux, and Ubuntu all use a package manager to install the agent. The package manager creates the following agent configuration file:
/etc/mongodb-mms/monitoring-agent.config
OS X, Windows, and other Linux systems use either a
tar
ormsi
file for the installation. The Monitoring Agent stores its configuration in the following file:<installation directory>/monitoring-agent.config
Settings¶
Connection Settings¶
For the Monitoring Agent communication with the Ops Manager servers, the following connection settings are required:
-
mmsApiKey
¶ Type: string
The Ops Manager agent API key for a Ops Manager group. To retrieve the key from the Ops Manager interface, click the Administration tab, then the Agents page, and then the link for your operating system. Ops Manager will display the Ops Manager API key used by your Ops Manager group.
For example:
-
mmsBaseUrl
¶ Type: string
The URL of the Ops Manager Web Server.
Set this to the URL of your Ops Manager HTTP Service. For example:
HTTP Proxy Settings¶
-
httpProxy
¶ New in version 2.3.1.
Type: string
To connect to the Ops Manager HTTP Service via a proxy, specify the URL of the proxy. For example:
MongoDB SSL Settings¶
Specify these settings when the Monitoring Agent is connecting to MongoDB instances with SSL.
-
useSslForAllConnections
¶ Type: boolean
Set to
true
to enable SSL support globally and to use SSL for all MongoDB connections. Setting this totrue
overrides any per-host SSL settings configured in the Ops Manager interface.When
true
, useuseSslForAllConnections
with thesslTrustedServerCertificates
setting to specify the certificates that Ops Manager should accept.Note
If
useSslForAllConnections
istrue
and you setsslRequireValidServerCertificates
tofalse
, Ops Manager will accept any connection regardless of the certificate provided. This is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.
-
sslClientCertificate
¶ Type: string
The path to the private key, client certificate, and optional intermediate certificates in PEM format. The agent will use the client certificate when connecting to any configured MongoDB that uses SSL and requires a client certificate, i.e., that is running using the
--sslCAFile
option.For example, if you would use the following command to connect through the mongo shell to a MongoDB process that uses both SSL and certificate validation:
Then set the following in your Monitoring Agent configuration file:
-
sslClientCertificatePassword
¶ Type: string
The password needed to decrypt the private key in the file specified in
sslClientCertificate
. This setting is necessary only if the client certificate PEM file is encrypted.
-
sslTrustedServerCertificates
¶ Type: string
The path on disk that contains the trusted certificate authority certificates in PEM format. These certificates will verify the server certificate returned from any MongoDB instances running with SSL. For example:
-
sslRequireValidServerCertificates
¶ Type: boolean
Use this option to disable certificate verification by setting this value to
false
. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.
MongoDB Kerberos Settings¶
See Configure the Monitoring Agent for Kerberos
-
krb5Principal
¶ Type: string
The Kerberos principal used by the agent. For example:
-
krb5Keytab
¶ Type: string
The absolute path to Kerberos principal’s keytab file. For example:
-
gsappiServiceName
¶ Type: string
The default service name used by MongoDB is
mongodb
can specify a custom service name with thegssapiServiceName
option.
Ops Manager Server SSL Settings¶
Advanced SSL settings used by the Monitoring Agent when communicating to the Ops Manager HTTP Service.
-
sslTrustedMMSServerCertificate
¶ By default the Monitoring Agent will use the trusted root CAs installed on the system. If the agent cannot find the trusted root CAs, configure these settings manually.
If the Ops Manager HTTP Service uses a self-signed SSL certificate, you must specify
sslTrustedMMSServerCertificate
.The path on disk that contains the trusted certificate authority certificates in PEM format. The agent will use this certificate to verify that the agent is communicating with the designated Ops Manager HTTP Service. For example:
-
sslRequireValidMMSServerCertificates
¶ Type: boolean
You can disable certificate verification by setting this value to
false
. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.
Munin Settings¶
See Configure Hardware Monitoring with munin-node for information on configuring Munin-node.
-
enableMunin
¶ Type: boolean
Set to
false
if you do not with the Monitoring Agent to collect hardware statistics via Munin-node. The default istrue
. If the agent detectsmunin-node
, Ops Manager will collect hardware statistics.
Deprecated Settings¶
MongoDB Authentication Settings¶
If all monitored MongoDB instances use the same MONGODB-CR credentials, you may use these settings. Setting the username and password here will override any configuration in the Ops Manager UI.
See Required Access for Monitoring Agent for information on the privileges needed for this user.
-
globalAuthUsername
¶ Type: string
The MongoDB username that the Monitoring Agent will use to connect. This value overrides all other usernames configured for the Monitoring Agent.
Example:
-
globalAuthPassword
¶ Type: string
The password for the
globalAuthUsername
user. This value overrides all other passwords configured for the Monitoring Agent.Example: