Navigation
This version of the documentation is archived and no longer supported. It will be removed on EOL_DATE. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.
This version of the manual is no longer supported. It will be removed on EOL_DATE.

Monitoring Agent Configuration

This page describes possible settings for Monitoring Agent. These values are set after first launching Ops Manager and not through manual editing of these files. See Ops Manager Configuration Settings for the Ops Manager settings and their values.

Warning

Do not edit these settings for a Monitoring Agent that is managed by an Automation Agent. If you do, the Automation Agent can overwrite any changes you make. If you are not using the Automation Agent, you must edit these settings manually.

Configuration File Location on Each Platform

The location of the Monitoring Agent configuration file depends on your platform:

Platform Installation Method Config File Path
RHEL, CentOS, Amazon Linux and Ubuntu package manager /etc/mongodb-mms/monitoring-agent.config
macOS or other Linux distributions tar <install-directory>/monitoring-agent.config
Windows msi C:\MMSData\Monitoring\monitoring-agent.config

Settings

Ops Manager provides default values for many of the Monitoring Agent Configuration settings.

Important

You must set the mmsApiKey value.

Connection Settings

For the Monitoring Agent to communicate with the Ops Manager servers, these connection settings are required:

mmsGroupId

Type: string

Specifies the ID of your Ops Manager project. The project ID is displayed in the Project Settings page (Settings > Project Settings).

This setting is usually set when the Automation Agent is installed and is required to bind the server to a project.

mmsGroupId=8zvbo2s2asigxvmpnkq5yexf

Server Pool

Do not set if adding the server to a server pool. To add the server to a server pool, set serverPoolKey, serverPoolPropertiesFile, and serverPoolStateFile instead.

Server Pools deprecated as of Ops Manager 4.0

As of Ops Manager 4.0, server pools are deprecated and disabled by default.

mmsApiKey

Type: string

Specifies the Ops Manager agent API key of your Ops Manager project.

You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project’s agents can use any of the keys. For more information, see Manage Agent API Keys.

To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab.

Important

When you generate an Agent API key, Ops Manager displays it one time only. You must copy it and store it in a secure place. Ops Manager will never display the full key again.

This setting is usually set when the Monitoring Agent is installed and it is required.

mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem
mmsBaseUrl

Type: string

Specifies the URL of the Ops Manager Application.

mmsBaseUrl=http://example.com:8080

Logging Settings

logFile

Type: string

Specifies the absolute path to the log file. If this is not specified, the log writes to standard error (stderr) on UNIX- and Linux-based systems and to the Event Log on Windows systems.

maxLogFileSizeBytes

Type: integer

Specifies the maximum size, in bytes, of a log file before the logs are rotated. If unspecified, the Monitoring Agent does not rotate logs based on file size. This is optional.

maxLogFileSizeBytes=536870912
maxLogFileDurationHrs

Type: float

Specifies the number of hours after which the log file is rotated. This is optional and only supported on UNIX- and Linux-based systems.

Note

You can manually rotate the Monitoring Agent logs. Issue a user signal 1 kill command for the Monitoring Agent process:

kill -SIGUSR1 <monitoringAgentID>

This rotates the Monitoring Agent log file.

HTTP Proxy Settings

httpProxy

Type: string

Specifies the URL of an HTTP proxy server the Monitoring Agent can use.

httpProxy=http://proxy.example.com:8080

MongoDB Kerberos Settings

Specify these settings if the Monitoring Agent authenticates to hosts using Kerberos. To configure Kerberos, see Configure the Monitoring Agent for Kerberos.

krb5Principal

Type: string

Specifies the Kerberos principal the Monitoring Agent uses.

krb5Principal=mmsagent/myhost@EXAMPLE.COM
krb5Keytab

Type: string

Specifies the absolute path to Kerberos principal’s keytab file.

krb5Keytab=/path/to/mms-monitoring-agent.keytab
krb5ConfigLocation

Type: string

Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.

krb5ConfigLocation=/path/to/krb_custom.conf
gssapiServiceName

Type: string

Specifies the service name with the gssapiServiceName option.

By default, MongoDB uses mongodb as its service name.

Note

Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent automatically when Kerberos is enabled. If you want to override the location of the Kerberos Credential Cache, you must set the KRB5CCNAME environment variable to the desired file name and path before running the agent.

MongoDB SSL Settings

Specify these settings when the Monitoring Agent connects to MongoDB deployments using SSL. See Configure Monitoring Agent for SSL for more information.

useSslForAllConnections

Type: boolean

Specifies whether or not to encrypt all connections to MongoDB deployments using SSL.

Caution

Setting this to true overrides any per-host SSL settings configured in the Ops Manager interface.

sslClientCertificate

Type: string

Specifies the absolute path to the private key, client certificate, and optional intermediate certificates in PEM format. The Monitoring Agent uses the client certificate to connect to any configured MongoDB deployment that uses SSL and requires a client certificate (run with the --sslCAFile option).

Example

If you want to connect to a MongoDB deployment that uses both SSL and certificate validation using the mongo shell:

mongo --ssl --sslPEMKeyFile /path/to/client.pem --sslCAFile /path/to/ca.pem example.net:27017

You must set these options in your Monitoring Agent configuration file:

sslTrustedServerCertificates=/path/to/ca.pem
sslClientCertificate=/path/to/client.pem
sslClientCertificatePassword

Type: string

Specifies the password needed to decrypt the private key in the sslClientCertificate file. This setting is required when the client certificate PEM file is encrypted.

sslClientCertificatePassword=password
sslTrustedServerCertificates

Type: string

Specifies the absolute path that contains the trusted CA certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with SSL.

sslTrustedServerCertificates=/path/to/ca.pem
sslRequireValidServerCertificates

Type: boolean

Specifies whether the Monitoring Agent should validate the SSL certificates presented by the MongoDB databases.

sslRequireValidServerCertificates=true

By default, the sslRequireValidServerCertificates setting is true, and a valid trusted certificate is required to connect to MongoDB instances using SSL.

When the Monitoring Agent is managed by the Automation Agent, this setting cannot be set to false. However, you can set sslRequireValidServerCertificates to false if you install and configure the Monitoring Agent manually. When sslRequireValidServerCertificates is false, you do not need to set the sslTrustedServerCertificates setting because Ops Manager will not verify the certificates.

Warning

Setting sslRequireValidServerCertificates to false makes connections between the Monitoring Agent and MongoDB databases susceptible to man-in-the-middle attacks. Setting sslRequireValidServerCertificates to false is recommended only for testing and not for production.

Ops Manager Server SSL Settings

Specify the settings the Monitoring Agent uses when communicating with Ops Manager using SSL.

sslTrustedMMSServerCertificate

Type: string

Specifies the absolute path that contains the trusted CA certificates in PEM format. The Monitoring Agent uses this certificate to verify that the agent is communicating with the designated Ops Manager instance.

By default, the Monitoring Agent uses the trusted root CAs installed on the system.

If the agent cannot find the trusted root CAs, configure these settings manually.

If the Ops Manager instance uses a self-signed SSL certificate, you must specify a sslTrustedMMSServerCertificate value.

sslTrustedMMSServerCertificate=/path/to/mms-certs.pem
sslRequireValidMMSServerCertificates

Type: boolean

Specifies if the Monitoring Agent should validate SSL certificates from Ops Manager.

Warning

Setting this option to false disables certificate verification and makes connections between the Monitoring Agent and Ops Manager susceptible to man-in-the-middle attacks. Setting this option to false is only recommended for testing purposes.

sslServerClientCertificate

Type: string

Specifies the path to the file containing the client’s private key, certificate, and optional intermediate certificates in PEM format. The Monitoring Agent uses the client certificate when connecting to Ops Manager over SSL if Ops Manager requires client certificates, such as when Ops Manager runs with Client Certificate Mode set to Required for Agents Only or Required for All Requests.

See also

See Client Certificate Mode in Ops Manager Configuration Settings for how to specify this setting in the Ops Manager Application.

sslServerClientCertificate=/path/to/client.pem
sslServerClientCertificatePassword

Specifies the password needed to decrypt the private key in the sslServerClientCertificate file. This setting is required when the client certificate PEM file is encrypted.

sslServerClientCertificatePassword=password

Munin Settings

Important

As of Automation Agent 2.7.0, hardware monitoring using munin-node is deprecated.

To find out how to configure munin-node, see Configure Hardware Monitoring with munin-node .

enableMunin

Type: boolean

Specifies whether or not the Monitoring Agent collects hardware statistics via Munin-node.

false Monitoring Agent does not collect hardware statistics.
true Monitoring Agent collects hardware statistics.

Deprecated Settings

MongoDB Authentication Settings

If all monitored MongoDB deployments use the same MONGODB-CR credentials, you may use these settings. Setting the username and password in the configuration file overrides any configuration in the Ops Manager Application.

See Required Access for Monitoring Agent for information on the privileges needed for this user.

globalAuthUsername

Type: string

Specifies the MongoDB username that the Monitoring Agent uses to connect.

Warning

This value overrides all other usernames configured for the Monitoring Agent.

globalAuthUsername=mms-monitoring-agent
globalAuthPassword

Type: string

Specifies the password for the globalAuthUsername user.

Warning

This value overrides all other passwords configured for the Monitoring Agent.

globalAuthPassword=password