1MUNIN-NODE.CONF(5)            Munin Documentation           MUNIN-NODE.CONF(5)
2
3
4

NAME

6       munin-node.conf - Munin-node configuration file
7

DESCRIPTION

9       munin-node.conf is the configuration file for "munin-node", the agent
10       that Munin fetches data from.
11
12       The format is dictated by the use of "Net::Server". A look at "perldoc
13       Net::Server" will give a list of options that the file supports by
14       using the module.  This page mainly covers the Munin-specific
15       extensions.
16
17       The following options are of special interest:
18
19       allow RE
20            IP based access list is implemented through this. The statement
21            may be repeated many times.  It's important to note that it's
22            actually a regular expression after the keyword so to allow
23            localhost it must be written like this:
24
25                  allow ^127\.0\.0\.1$
26
27       cidr_allow NETWORK/MASK
28            An alternative to "allow RE".  This allows the access list to be
29            specified in CIDR format.  For instance, "cidr_allow 192.0.2.0/24"
30            would allow connections from any IP from 192.0.2.1 to 192.0.2.254.
31
32            And "cidr_allow 127.0.0.1/32" is the equivalent to the example
33            above.  Note that the netmask must be provided, even though it's
34            just "/32".
35
36            This option requires that the "Net::CIDR" Perl module be
37            installed.
38
39       host IP
40            The IP number of the interface munin-node should listen on.  By
41            default munin-node listens to all interfaces.  To make munin-node
42            listen only on the localhost interface - making it unavailable
43            from the network do this:
44
45                  host 127.0.0.1
46
47   Additional options:
48       host_name <host>
49            If set, overrides the hostname munin-node uses in its
50            'hello'-negotiation with munin. A "telnet localhost 4949" will
51            show the hostname munin-node is currently using. If munin-node and
52            the main munin installation do not agree on the hostname, munin
53            will skip all the plugins of the machine in question.
54
55       paranoia <yes|no|true|false|on|off|1|0>
56            If set, checks permissions of plugin files, and only tries to run
57            files owned by root. Default on.
58
59       ignore_file <regex>
60            Files matching <regex> in the node.d/ and node-conf.d/ directories
61            will be overlooked.
62
63       tls <value>
64            Can have four values. "paranoid", "enabled", "auto", and
65            "disabled".  "Paranoid" and "enabled" require a TLS connection,
66            while "disabled" will not attempt one at all.
67
68            The current default is "disabled" because "auto" is broken.
69            "Auto" causes bad interaction between munin-update and munin-node
70            if the node is unprepared to go to TLS.
71
72            If you see data dropouts (gaps in graphs) please try to disable
73            TLS.
74
75       tls_verify_certificate <value>
76            This directive can be "yes" or "no".  It determines if the remote
77            certificate needs to be signed by a CA that is known locally.
78            Default is "no".
79
80       tls_private_key <value>
81            This directive sets the location of the private key to be used for
82            TLS.  Default is /etc/munin/munin-node.pem.  The private key and
83            certificate can be stored in the same file.
84
85       tls_certificate <value>
86            This directive sets the location of the TLS certificate to be used
87            for TLS.  Default is /etc/munin/munin-node.pem.  The private key
88            and certificate can be stored in the same file.
89
90       tls_ca_certificate <value>
91            This directive sets the CA certificate to be used to verify the
92            node's certificate, if tls_verify_certificate is set to "yes".
93            Default is /etc/munin/cacert.pem.
94
95       tls_verify_depth <value>
96            This directive sets how many signings up a chain of signatures TLS
97            is willing to go to reach a known, trusted CA when verifying a
98            certificate.  Default is 5.
99
100       tls_match <value>
101            This directive, if defined, searches a dump of the certificate
102            provided by the remote host for the given regex.  The dump of the
103            certificate is two lines of the form:
104
105                    Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
106                    Issuer  Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email
107
108            So, for example, one could match the subject distinguished name by
109            the directive:
110
111                    tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
112
113            Note that the fields are dumped in the order they appear in the
114            certificate.  It's best to view the dump of the certificate by
115            running munin-update in debug mode and reviewing the logs.
116
117            Unfortunately, due to the limited functionality of the SSL module
118            in use, it is not possible to provide finer-grained filtering.  By
119            default this value is not defined.
120

EXAMPLE

122       A pretty normal configuration file:
123
124               log_level 4
125               log_file /var/log/munin/munin-node.log
126               port 4949
127               pid_file /var/run/munin-node.pid
128               background 1
129               setsid 1
130
131               host *
132               user root
133               group root
134               setsid yes
135
136               ignore_file \.bak$
137               ignore_file \.rpm(save|new)$
138               ignore_file ^README$
139
140               allow ^127\.0\.0\.1$
141
142               ignore_file \.dpkg-(old|new)$
143               ignore_file \.rpm(save|new)$
144
145       See the documentation or Munin homepage <http://munin-monitoring.org/>
146       for more info.
147

AUTHORS

149       Jimmy Olsen.
150
152       Copyright (C) 2002-2006 Audun Ytterdal, Jimmy Olsen, Dagfin Ilmari
153       MansXker, Nicolai Langfeldt
154
155       This is free software; see the source for copying conditions. There is
156       NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
157       PURPOSE.
158
159       This program is released under the GNU General Public License
160
161
162
1632.0.51                            2019-10-19                MUNIN-NODE.CONF(5)
Impressum