- Agents >
- Monitoring Agent >
- Monitoring Agent Configuration
Monitoring Agent Configuration¶
On this page
This page describes possible settings for Monitoring Agent. These values are set after first launching Ops Manager and not through manual editing of these files. See Ops Manager Configuration Settings for the Ops Manager settings and their values.
Warning
Do not edit these settings for a Monitoring Agent that is managed by an Automation Agent. If you do, the Automation Agent can overwrite any changes you make. If you are not using the Automation Agent, you must edit these settings manually.
Configuration File Location on Each Platform¶
The location of the Monitoring Agent configuration file depends on your platform:
Platform | Installation Method | Config File Path |
---|---|---|
RHEL, CentOS, Amazon Linux and Ubuntu | package manager | /etc/mongodb-mms/monitoring-agent.config |
macOS or other Linux distributions | tar |
<install-directory>/monitoring-agent.config |
Windows | msi |
C:\MMSData\Monitoring\monitoring-agent.config |
Settings¶
Ops Manager provides default values for many of the Monitoring Agent Configuration settings.
Important
You must set the mmsApiKey
value.
Connection Settings¶
For the Monitoring Agent to communicate with the Ops Manager servers, these connection settings are required:
-
mmsGroupId
¶ Type: string
Specifies the ID of your Ops Manager project. The project ID is displayed in the Project Settings page (Settings > Project Settings).
This setting is usually set when the Automation Agent is installed and is required to bind the server to a project.
Server Pool
Do not set if adding the server to a server pool. To add the server to a server pool, set
serverPoolKey
,serverPoolPropertiesFile
, andserverPoolStateFile
instead.Server Pools deprecated as of Ops Manager 4.0
As of Ops Manager 4.0, server pools are deprecated and disabled by default.
-
mmsApiKey
¶ Type: string
Specifies the Ops Manager agent API key of your Ops Manager project.
You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project’s agents can use any of the keys. For more information, see Manage Agent API Keys.
To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab.
Important
When you generate an Agent API key, Ops Manager displays it one time only. You must copy it and store it in a secure place. Ops Manager will never display the full key again.
This setting is usually set when the Monitoring Agent is installed and it is required.
-
mmsBaseUrl
¶ Type: string
Specifies the URL of the Ops Manager Application.
Logging Settings¶
-
logFile
¶ Type: string
Specifies the absolute path to the log file. If this is not specified, the log writes to standard error (
stderr
) on UNIX- and Linux-based systems and to the Event Log on Windows systems.
-
maxLogFileSizeBytes
¶ Type: integer
Specifies the maximum size, in bytes, of a log file before the logs are rotated. If unspecified, the Monitoring Agent does not rotate logs based on file size. This is optional.
-
maxLogFileDurationHrs
¶ Type: float
Specifies the number of hours after which the log file is rotated. This is optional and only supported on UNIX- and Linux-based systems.
Note
You can manually rotate the Monitoring Agent logs. Issue a user signal 1 kill command for the Monitoring Agent process:
This rotates the Monitoring Agent log file.
HTTP Proxy Settings¶
-
httpProxy
¶ Type: string
Specifies the URL of an HTTP proxy server the Monitoring Agent can use.
MongoDB Kerberos Settings¶
Specify these settings if the Monitoring Agent authenticates to hosts using Kerberos. To configure Kerberos, see Configure the Monitoring Agent for Kerberos.
-
krb5Principal
¶ Type: string
Specifies the Kerberos principal the Monitoring Agent uses.
-
krb5Keytab
¶ Type: string
Specifies the absolute path to Kerberos principal’s
keytab
file.
-
krb5ConfigLocation
¶ Type: string
Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.
-
gssapiServiceName
¶ Type: string
Specifies the service name with the
gssapiServiceName
option.By default, MongoDB uses
mongodb
as its service name.
Note
Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent
automatically when Kerberos is enabled. If you want to override the
location of the
Kerberos Credential Cache,
you must set the KRB5CCNAME
environment variable to the desired
file name and path before running the agent.
MongoDB SSL Settings¶
Specify these settings when the Monitoring Agent connects to MongoDB deployments using SSL. See Configure Monitoring Agent for SSL for more information.
-
useSslForAllConnections
¶ Type: boolean
Specifies whether or not to encrypt all connections to MongoDB deployments using SSL.
Caution
Setting this to
true
overrides any per-host SSL settings configured in the Ops Manager interface.
-
sslClientCertificate
¶ Type: string
Specifies the absolute path to the private key, client certificate, and optional intermediate certificates in
PEM
format. The Monitoring Agent uses the client certificate to connect to any configured MongoDB deployment that uses SSL and requires a client certificate (run with the--sslCAFile
option).Example
If you want to connect to a MongoDB deployment that uses both SSL and certificate validation using the mongo shell:
You must set these options in your Monitoring Agent configuration file:
-
sslClientCertificatePassword
¶ Type: string
Specifies the password needed to decrypt the private key in the
sslClientCertificate
file. This setting is required when the client certificatePEM
file is encrypted.
-
sslTrustedServerCertificates
¶ Type: string
Specifies the absolute path that contains the trusted CA certificates in
PEM
format. These certificates verify the server certificate returned from any MongoDB deployments running with SSL.
-
sslRequireValidServerCertificates
¶ Type: boolean
Specifies whether the Monitoring Agent should validate the SSL certificates presented by the MongoDB databases.
By default, the
sslRequireValidServerCertificates
setting istrue
, and a valid trusted certificate is required to connect to MongoDB instances using SSL.When the Monitoring Agent is managed by the Automation Agent, this setting cannot be set to
false
. However, you can setsslRequireValidServerCertificates
tofalse
if you install and configure the Monitoring Agent manually. WhensslRequireValidServerCertificates
isfalse
, you do not need to set thesslTrustedServerCertificates
setting because Ops Manager will not verify the certificates.Warning
Setting
sslRequireValidServerCertificates
tofalse
makes connections between the Monitoring Agent and MongoDB databases susceptible to man-in-the-middle attacks. SettingsslRequireValidServerCertificates
tofalse
is recommended only for testing and not for production.
Ops Manager Server SSL Settings¶
Specify the settings the Monitoring Agent uses when communicating with Ops Manager using SSL.
-
sslTrustedMMSServerCertificate
¶ Type: string
Specifies the absolute path that contains the trusted CA certificates in
PEM
format. The Monitoring Agent uses this certificate to verify that the agent is communicating with the designated Ops Manager instance.By default, the Monitoring Agent uses the trusted root CAs installed on the system.
If the agent cannot find the trusted root CAs, configure these settings manually.
If the Ops Manager instance uses a self-signed SSL certificate, you must specify a
sslTrustedMMSServerCertificate
value.
-
sslRequireValidMMSServerCertificates
¶ Type: boolean
Specifies if the Monitoring Agent should validate SSL certificates from Ops Manager.
Warning
Setting this option to false
disables certificate verification
and makes connections between the Monitoring Agent and Ops Manager
susceptible to man-in-the-middle attacks. Setting this option to
false
is only recommended for testing purposes.
-
sslServerClientCertificate
¶ Type: string
Specifies the path to the file containing the client’s private key, certificate, and optional intermediate certificates in
PEM
format. The Monitoring Agent uses the client certificate when connecting to Ops Manager over SSL if Ops Manager requires client certificates, such as when Ops Manager runs withClient Certificate Mode
set toRequired for Agents Only
orRequired for All Requests
.See also
See
Client Certificate Mode
in Ops Manager Configuration Settings for how to specify this setting in the Ops Manager Application.
-
sslServerClientCertificatePassword
¶ Specifies the password needed to decrypt the private key in the
sslServerClientCertificate
file. This setting is required when the client certificatePEM
file is encrypted.
Munin Settings¶
Important
As of Automation Agent 2.7.0, hardware monitoring using
munin-node
is deprecated.
To find out how to configure munin-node
, see
Configure Hardware Monitoring with munin-node .
-
enableMunin
¶ Type: boolean
Specifies whether or not the Monitoring Agent collects hardware statistics via Munin-node.
false
Monitoring Agent does not collect hardware statistics. true
Monitoring Agent collects hardware statistics.
Deprecated Settings¶
MongoDB Authentication Settings¶
If all monitored MongoDB deployments use the same MONGODB-CR
credentials, you may use these settings. Setting the username and
password in the configuration file overrides any configuration in the
Ops Manager Application.
See Required Access for Monitoring Agent for information on the privileges needed for this user.
-
globalAuthUsername
¶ Type: string
Specifies the MongoDB username that the Monitoring Agent uses to connect.
Warning
This value overrides all other usernames configured for the Monitoring Agent.
-
globalAuthPassword
¶ Type: string
Specifies the password for the
globalAuthUsername
user.Warning
This value overrides all other passwords configured for the Monitoring Agent.