You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1016 lines
28 KiB
1016 lines
28 KiB
# This is a configuration file for Zabbix proxy daemon
|
|
# To get more information about Zabbix, visit http://www.zabbix.com
|
|
|
|
############ GENERAL PARAMETERS #################
|
|
|
|
### Option: ProxyMode
|
|
# Proxy operating mode.
|
|
# 0 - proxy in the active mode
|
|
# 1 - proxy in the passive mode
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# ProxyMode=0
|
|
|
|
### Option: Server
|
|
# If ProxyMode is set to active mode:
|
|
# IP address or DNS name (address:port) or cluster (address:port;address2:port) of Zabbix server to get configuration data from and send data to.
|
|
# If port is not specified, default port is used.
|
|
# Cluster nodes need to be separated by semicolon.
|
|
# If ProxyMode is set to passive mode:
|
|
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server.
|
|
# Incoming connections will be accepted only from the addresses listed here.
|
|
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
|
|
# and '::/0' will allow any IPv4 or IPv6 address.
|
|
# '0.0.0.0/0' can be used to allow any IPv4 address.
|
|
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
|
|
#
|
|
# Mandatory: yes
|
|
# Default:
|
|
# Server=
|
|
|
|
Server=127.0.0.1
|
|
|
|
### Option: Hostname
|
|
# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
|
|
# Value is acquired from HostnameItem if undefined.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# Hostname=
|
|
|
|
Hostname=Zabbix proxy
|
|
|
|
### Option: HostnameItem
|
|
# Item used for generating Hostname if it is undefined.
|
|
# Ignored if Hostname is defined.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# HostnameItem=system.hostname
|
|
|
|
### Option: ListenPort
|
|
# Listen port for trapper.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1024-32767
|
|
# Default:
|
|
# ListenPort=10051
|
|
|
|
### Option: SourceIP
|
|
# Source IP address for outgoing connections.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# SourceIP=
|
|
|
|
### Option: LogType
|
|
# Specifies where log messages are written to:
|
|
# system - syslog
|
|
# file - file specified with LogFile parameter
|
|
# console - standard output
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# LogType=file
|
|
|
|
### Option: LogFile
|
|
# Log file name for LogType 'file' parameter.
|
|
#
|
|
# Mandatory: yes, if LogType is set to file, otherwise no
|
|
# Default:
|
|
# LogFile=
|
|
|
|
LogFile=/tmp/zabbix_proxy.log
|
|
|
|
### Option: LogFileSize
|
|
# Maximum size of log file in MB.
|
|
# 0 - disable automatic log rotation.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1024
|
|
# Default:
|
|
# LogFileSize=1
|
|
|
|
### Option: DebugLevel
|
|
# Specifies debug level:
|
|
# 0 - basic information about starting and stopping of Zabbix processes
|
|
# 1 - critical information
|
|
# 2 - error information
|
|
# 3 - warnings
|
|
# 4 - for debugging (produces lots of information)
|
|
# 5 - extended debugging (produces even more information)
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-5
|
|
# Default:
|
|
# DebugLevel=3
|
|
|
|
### Option: EnableRemoteCommands
|
|
# Whether remote commands from Zabbix server are allowed.
|
|
# 0 - not allowed
|
|
# 1 - allowed
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# EnableRemoteCommands=0
|
|
|
|
### Option: LogRemoteCommands
|
|
# Enable logging of executed shell commands as warnings.
|
|
# 0 - disabled
|
|
# 1 - enabled
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# LogRemoteCommands=0
|
|
|
|
### Option: PidFile
|
|
# Name of PID file.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# PidFile=/tmp/zabbix_proxy.pid
|
|
|
|
### Option: SocketDir
|
|
# IPC socket directory.
|
|
# Directory to store IPC sockets used by internal Zabbix services.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# SocketDir=/tmp
|
|
|
|
### NOTE: Support for Oracle DB is deprecated since Zabbix 7.0 and will be removed in future versions.
|
|
|
|
### Option: DBHost
|
|
# Database host name.
|
|
# If set to localhost, socket is used for MySQL.
|
|
# If set to empty string, socket is used for PostgreSQL.
|
|
# If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see
|
|
# the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# DBHost=localhost
|
|
|
|
### Option: DBName
|
|
# Database name.
|
|
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
|
|
# If the Net Service Name connection method is used to connect to Oracle database, specify the service name from
|
|
# the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to
|
|
# empty string.
|
|
# Warning: do not attempt to use the same database Zabbix server is using.
|
|
#
|
|
# Mandatory: yes
|
|
# Default:
|
|
# DBName=
|
|
|
|
DBName=zabbix_proxy
|
|
|
|
### Option: DBSchema
|
|
# Schema name. Used for PostgreSQL.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# DBSchema=
|
|
|
|
### Option: DBUser
|
|
# Database user. Ignored for SQLite.
|
|
#
|
|
# Default:
|
|
# DBUser=
|
|
|
|
DBUser=zabbix
|
|
|
|
### Option: DBPassword
|
|
# Database password. Ignored for SQLite.
|
|
# Comment this line if no password is used.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# DBPassword=
|
|
|
|
### Option: DBSocket
|
|
# Path to MySQL socket.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# DBSocket=
|
|
|
|
# Option: DBPort
|
|
# Database port when not using local socket. Ignored for SQLite.
|
|
# If the Net Service Name connection method is used to connect to Oracle database, the port number from the
|
|
# tnsnames.ora file will be used. The port number set here will be ignored.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# DBPort=
|
|
|
|
### Option: AllowUnsupportedDBVersions
|
|
# Allow proxy to work with unsupported database versions.
|
|
# 0 - do not allow
|
|
# 1 - allow
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# AllowUnsupportedDBVersions=0
|
|
|
|
######### PROXY SPECIFIC PARAMETERS #############
|
|
|
|
### Option: ProxyLocalBuffer
|
|
# Proxy will keep data locally for N hours, even if the data have already been synced with the server.
|
|
# This parameter may be used if local data will be used by third party applications.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-720
|
|
# Default:
|
|
# ProxyLocalBuffer=0
|
|
|
|
### Option: ProxyOfflineBuffer
|
|
# Proxy will keep data for N hours in case if no connectivity with Zabbix Server.
|
|
# Older data will be lost.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-720
|
|
# Default:
|
|
# ProxyOfflineBuffer=1
|
|
|
|
### Option: ProxyBufferMode
|
|
# Specifies history, discovery and auto registration data storage mechanism:
|
|
# disk - data are stored in database and uploaded from database
|
|
# memory - data are stored in memory and uploaded from memory.
|
|
# If buffer runs out of memory the old data will be discarded.
|
|
# On shutdown the buffer is discarded.
|
|
# hybrid - the proxy buffer normally works like in memory mode until it runs out of memory or
|
|
# the oldest record exceeds the configured age. If that happens the buffer is flushed
|
|
# to database and it works like in disk mode until all data have been uploaded and
|
|
# it starts working with memory again. On shutdown the memory buffer is flushed
|
|
# to database.
|
|
#
|
|
# Mandatory: no
|
|
# Values: disk, memory, hybrid
|
|
# Default:
|
|
# ProxyBufferMode=disk
|
|
|
|
ProxyBufferMode=hybrid
|
|
|
|
### Option: ProxyMemoryBufferSize
|
|
# Size of shared memory cache for collected history, discovery and auto registration data, in bytes.
|
|
# If enabled (not zero) proxy will keep history discovery and auto registration data in memory unless
|
|
# cache is full or stored records are older than defined ProxyMemoryBufferAge.
|
|
# This parameter cannot be used together with ProxyLocalBuffer parameter.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0,128K-2G
|
|
# Default:
|
|
# ProxyMemoryBufferSize=0
|
|
|
|
ProxyMemoryBufferSize=16M
|
|
|
|
### Option: ProxyMemoryBufferAge
|
|
# Maximum age of data in proxy memory buffer, in seconds.
|
|
# When enabled (not zero) and records in proxy memory buffer are older, then it forces proxy buffer
|
|
# to switch to database mode until all records are uploaded to server.
|
|
# This parameter must be less or equal to ProxyOfflineBuffer parameter.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0,600-864000
|
|
# Default:
|
|
# ProxyMemoryBufferAge=0
|
|
|
|
### Option: ConfigFrequency - Deprecated, use ProxyConfigFrequency
|
|
# How often proxy retrieves configuration data from Zabbix Server in seconds.
|
|
# For a proxy in the passive mode this parameter will be ignored.
|
|
# Mandatory: no
|
|
|
|
### Option: ProxyConfigFrequency
|
|
# How often proxy retrieves configuration data from Zabbix Server in seconds.
|
|
# For a proxy in the passive mode this parameter will be ignored.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-3600*24*7
|
|
# Default:
|
|
# ProxyConfigFrequency=10
|
|
|
|
### Option: DataSenderFrequency
|
|
# Proxy will send collected data to the Server every N seconds.
|
|
# For a proxy in the passive mode this parameter will be ignored.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-3600
|
|
# Default:
|
|
# DataSenderFrequency=1
|
|
|
|
############ ADVANCED PARAMETERS ################
|
|
|
|
### Option: StartPollers
|
|
# Number of pre-forked instances of pollers.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartPollers=5
|
|
|
|
### Option: StartAgentPollers
|
|
# Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartAgentPollers=1
|
|
|
|
### Option: StartHTTPAgentPollers
|
|
# Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartHTTPAgentPollers=1
|
|
|
|
### Option: StartSNMPPollers
|
|
# Number of pre-forked instances of asynchronous SNMP pollers. Also see MaxConcurrentChecksPerPoller.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartSNMPPollers=1
|
|
|
|
### Option: MaxConcurrentChecksPerPoller
|
|
# Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-1000
|
|
# Default:
|
|
# MaxConcurrentChecksPerPoller=1000
|
|
|
|
### Option: StartIPMIPollers
|
|
# Number of pre-forked instances of IPMI pollers.
|
|
# The IPMI manager process is automatically started when at least one IPMI poller is started.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartIPMIPollers=0
|
|
|
|
### Option: StartPreprocessors
|
|
# Number of pre-started instances of preprocessing workers.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-1000
|
|
# Default:
|
|
# StartPreprocessors=3
|
|
|
|
### Option: StartPollersUnreachable
|
|
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
|
|
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
|
|
# are started.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartPollersUnreachable=1
|
|
|
|
### Option: StartTrappers
|
|
# Number of pre-forked instances of trappers.
|
|
# Trappers accept incoming connections from Zabbix sender and active agents.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartTrappers=5
|
|
|
|
### Option: StartPingers
|
|
# Number of pre-forked instances of ICMP pingers.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartPingers=1
|
|
|
|
### Option: StartDiscoverers
|
|
# Number of pre-started instances of discovery workers.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartDiscoverers=5
|
|
|
|
### Option: StartHTTPPollers
|
|
# Number of pre-forked instances of HTTP pollers.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartHTTPPollers=1
|
|
|
|
### Option: JavaGateway
|
|
# IP address (or hostname) of Zabbix Java gateway.
|
|
# Only required if Java pollers are started.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# JavaGateway=
|
|
|
|
### Option: JavaGatewayPort
|
|
# Port that Zabbix Java gateway listens on.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1024-32767
|
|
# Default:
|
|
# JavaGatewayPort=10052
|
|
|
|
### Option: StartJavaPollers
|
|
# Number of pre-forked instances of Java pollers.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartJavaPollers=0
|
|
|
|
### Option: StartVMwareCollectors
|
|
# Number of pre-forked vmware collector instances.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-250
|
|
# Default:
|
|
# StartVMwareCollectors=0
|
|
|
|
### Option: VMwareFrequency
|
|
# How often Zabbix will connect to VMware service to obtain a new data.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 10-86400
|
|
# Default:
|
|
# VMwareFrequency=60
|
|
|
|
### Option: VMwarePerfFrequency
|
|
# How often Zabbix will connect to VMware service to obtain performance data.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 10-86400
|
|
# Default:
|
|
# VMwarePerfFrequency=60
|
|
|
|
### Option: VMwareCacheSize
|
|
# Size of VMware cache, in bytes.
|
|
# Shared memory size for storing VMware data.
|
|
# Only used if VMware collectors are started.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 256K-2G
|
|
# Default:
|
|
# VMwareCacheSize=8M
|
|
|
|
### Option: VMwareTimeout
|
|
# Specifies how many seconds vmware collector waits for response from VMware service.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-300
|
|
# Default:
|
|
# VMwareTimeout=10
|
|
|
|
### Option: SNMPTrapperFile
|
|
# Temporary file used for passing data from SNMP trap daemon to the proxy.
|
|
# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# SNMPTrapperFile=/tmp/zabbix_traps.tmp
|
|
|
|
### Option: StartSNMPTrapper
|
|
# If 1, SNMP trapper process is started.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1
|
|
# Default:
|
|
# StartSNMPTrapper=0
|
|
|
|
### Option: ListenIP
|
|
# List of comma delimited IP addresses that the trapper should listen on.
|
|
# Trapper will listen on all network interfaces if this parameter is missing.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# ListenIP=0.0.0.0
|
|
|
|
### Option: HousekeepingFrequency
|
|
# How often Zabbix will perform housekeeping procedure (in hours).
|
|
# Housekeeping is removing outdated information from the database.
|
|
# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
|
|
# hours of outdated information are deleted in one housekeeping cycle.
|
|
# To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start.
|
|
# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
|
|
# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
|
|
# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-24
|
|
# Default:
|
|
# HousekeepingFrequency=1
|
|
|
|
### Option: CacheSize
|
|
# Size of configuration cache, in bytes.
|
|
# Shared memory size, for storing hosts and items data.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 128K-64G
|
|
# Default:
|
|
# CacheSize=8M
|
|
|
|
### Option: StartDBSyncers
|
|
# Number of pre-forked instances of DB Syncers.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-100
|
|
# Default:
|
|
# StartDBSyncers=4
|
|
|
|
### Option: HistoryCacheSize
|
|
# Size of history cache, in bytes.
|
|
# Shared memory size for storing history data.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 128K-2G
|
|
# Default:
|
|
# HistoryCacheSize=16M
|
|
|
|
### Option: HistoryIndexCacheSize
|
|
# Size of history index cache, in bytes.
|
|
# Shared memory size for indexing history cache.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 128K-2G
|
|
# Default:
|
|
# HistoryIndexCacheSize=4M
|
|
|
|
### Option: Timeout
|
|
# Specifies how long we wait for agent, SNMP device or external check (in seconds).
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-30
|
|
# Default:
|
|
# Timeout=3
|
|
|
|
Timeout=4
|
|
|
|
### Option: TrapperTimeout
|
|
# Specifies how many seconds trapper may spend processing new data.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-300
|
|
# Default:
|
|
# TrapperTimeout=300
|
|
|
|
### Option: UnreachablePeriod
|
|
# After how many seconds of unreachability treat a host as unavailable.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-3600
|
|
# Default:
|
|
# UnreachablePeriod=45
|
|
|
|
### Option: UnavailableDelay
|
|
# How often host is checked for availability during the unavailability period, in seconds.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-3600
|
|
# Default:
|
|
# UnavailableDelay=60
|
|
|
|
### Option: UnreachableDelay
|
|
# How often host is checked for availability during the unreachability period, in seconds.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-3600
|
|
# Default:
|
|
# UnreachableDelay=15
|
|
|
|
## Option: StartODBCPollers
|
|
# Number of pre-forked ODBC poller instances.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0-1000
|
|
# Default:
|
|
# StartODBCPollers=1
|
|
|
|
### Option: ExternalScripts
|
|
# Full path to location of external scripts.
|
|
# Default depends on compilation options.
|
|
# To see the default path run command "zabbix_proxy --help".
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# ExternalScripts=${datadir}/zabbix/externalscripts
|
|
|
|
### Option: FpingLocation
|
|
# Location of fping.
|
|
# Make sure that fping binary has root ownership and SUID flag set.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# FpingLocation=/usr/sbin/fping
|
|
|
|
### Option: Fping6Location
|
|
# Location of fping6.
|
|
# Make sure that fping6 binary has root ownership and SUID flag set.
|
|
# Make empty if your fping utility is capable to process IPv6 addresses.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# Fping6Location=/usr/sbin/fping6
|
|
|
|
### Option: SSHKeyLocation
|
|
# Location of public and private keys for SSH checks and actions.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# SSHKeyLocation=
|
|
|
|
### Option: LogSlowQueries
|
|
# How long a database query may take before being logged (in milliseconds).
|
|
# Only works if DebugLevel set to 3 or 4.
|
|
# 0 - don't log slow queries.
|
|
#
|
|
# Mandatory: no
|
|
# Range: 1-3600000
|
|
# Default:
|
|
# LogSlowQueries=0
|
|
|
|
LogSlowQueries=3000
|
|
|
|
### Option: TmpDir
|
|
# Temporary directory.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TmpDir=/tmp
|
|
|
|
### Option: AllowRoot
|
|
# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy
|
|
# will try to switch to the user specified by the User configuration option instead.
|
|
# Has no effect if started under a regular user.
|
|
# 0 - do not allow
|
|
# 1 - allow
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# AllowRoot=0
|
|
|
|
### Option: User
|
|
# Drop privileges to a specific, existing user on the system.
|
|
# Only has effect if run as 'root' and AllowRoot is disabled.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# User=zabbix
|
|
|
|
### Option: Include
|
|
# You may include individual files or all files in a directory in the configuration file.
|
|
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# Include=
|
|
|
|
# Include=/usr/local/etc/zabbix_proxy.general.conf
|
|
# Include=/usr/local/etc/zabbix_proxy.conf.d/
|
|
# Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf
|
|
|
|
### Option: SSLCertLocation
|
|
# Location of SSL client certificates.
|
|
# This parameter is used only in web monitoring.
|
|
# Default depends on compilation options.
|
|
# To see the default path run command "zabbix_proxy --help".
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# SSLCertLocation=${datadir}/zabbix/ssl/certs
|
|
|
|
### Option: SSLKeyLocation
|
|
# Location of private keys for SSL client certificates.
|
|
# This parameter is used only in web monitoring.
|
|
# Default depends on compilation options.
|
|
# To see the default path run command "zabbix_proxy --help".
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# SSLKeyLocation=${datadir}/zabbix/ssl/keys
|
|
|
|
### Option: SSLCALocation
|
|
# Location of certificate authority (CA) files for SSL server certificate verification.
|
|
# If not set, system-wide directory will be used.
|
|
# This parameter is used in web monitoring, HTTP agent items and for communication with Vault.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# SSLCALocation=
|
|
|
|
####### LOADABLE MODULES #######
|
|
|
|
### Option: LoadModulePath
|
|
# Full path to location of proxy modules.
|
|
# Default depends on compilation options.
|
|
# To see the default path run command "zabbix_proxy --help".
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# LoadModulePath=${libdir}/modules
|
|
|
|
### Option: LoadModule
|
|
# Module to load at proxy startup. Modules are used to extend functionality of the proxy.
|
|
# Formats:
|
|
# LoadModule=<module.so>
|
|
# LoadModule=<path/module.so>
|
|
# LoadModule=</abs_path/module.so>
|
|
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
|
|
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
|
|
# It is allowed to include multiple LoadModule parameters.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# LoadModule=
|
|
|
|
### Option: StatsAllowedIP
|
|
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
|
|
# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
|
|
# will be accepted.
|
|
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
|
|
# and '::/0' will allow any IPv4 or IPv6 address.
|
|
# '0.0.0.0/0' can be used to allow any IPv4 address.
|
|
# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# StatsAllowedIP=
|
|
StatsAllowedIP=127.0.0.1
|
|
|
|
####### TLS-RELATED PARAMETERS #######
|
|
|
|
### Option: TLSConnect
|
|
# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
|
|
# Only one value can be specified:
|
|
# unencrypted - connect without encryption
|
|
# psk - connect using TLS and a pre-shared key
|
|
# cert - connect using TLS and a certificate
|
|
#
|
|
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
|
|
# Default:
|
|
# TLSConnect=unencrypted
|
|
|
|
### Option: TLSAccept
|
|
# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
|
|
# Multiple values can be specified, separated by comma:
|
|
# unencrypted - accept connections without encryption
|
|
# psk - accept connections secured with TLS and a pre-shared key
|
|
# cert - accept connections secured with TLS and a certificate
|
|
#
|
|
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
|
|
# Default:
|
|
# TLSAccept=unencrypted
|
|
|
|
### Option: TLSCAFile
|
|
# Full pathname of a file containing the top-level CA(s) certificates for
|
|
# peer certificate verification.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCAFile=
|
|
|
|
### Option: TLSCRLFile
|
|
# Full pathname of a file containing revoked certificates.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCRLFile=
|
|
|
|
### Option: TLSServerCertIssuer
|
|
# Allowed server certificate issuer.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSServerCertIssuer=
|
|
|
|
### Option: TLSServerCertSubject
|
|
# Allowed server certificate subject.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSServerCertSubject=
|
|
|
|
### Option: TLSCertFile
|
|
# Full pathname of a file containing the proxy certificate or certificate chain.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCertFile=
|
|
|
|
### Option: TLSKeyFile
|
|
# Full pathname of a file containing the proxy private key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSKeyFile=
|
|
|
|
### Option: TLSPSKIdentity
|
|
# Unique, case sensitive string used to identify the pre-shared key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSPSKIdentity=
|
|
|
|
### Option: TLSPSKFile
|
|
# Full pathname of a file containing the pre-shared key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSPSKFile=
|
|
|
|
####### For advanced users - TLS ciphersuite selection criteria #######
|
|
|
|
### Option: TLSCipherCert13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for certificate-based encryption.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherCert13=
|
|
|
|
### Option: TLSCipherCert
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for certificate-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
|
|
# Example for OpenSSL:
|
|
# EECDH+aRSA+AES128:RSA+aRSA+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherCert=
|
|
|
|
### Option: TLSCipherPSK13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for PSK-based encryption.
|
|
# Example:
|
|
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherPSK13=
|
|
|
|
### Option: TLSCipherPSK
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for PSK-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
|
|
# Example for OpenSSL:
|
|
# kECDHEPSK+AES128:kPSK+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherPSK=
|
|
|
|
### Option: TLSCipherAll13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
|
|
# Example:
|
|
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherAll13=
|
|
|
|
### Option: TLSCipherAll
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
|
|
# Example for OpenSSL:
|
|
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherAll=
|
|
|
|
### Option: DBTLSConnect
|
|
# Setting this option enforces to use TLS connection to database.
|
|
# required - connect using TLS
|
|
# verify_ca - connect using TLS and verify certificate
|
|
# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
|
|
# matches its certificate
|
|
# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
|
|
# "verify_full".
|
|
# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
|
|
# Default is not to set any option and behavior depends on database configuration
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# DBTLSConnect=
|
|
|
|
### Option: DBTLSCAFile
|
|
# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
|
|
# Supported only for MySQL and PostgreSQL
|
|
#
|
|
# Mandatory: no
|
|
# (yes, if DBTLSConnect set to one of: verify_ca, verify_full)
|
|
# Default:
|
|
# DBTLSCAFile=
|
|
|
|
### Option: DBTLSCertFile
|
|
# Full pathname of file containing Zabbix proxy certificate for authenticating to database.
|
|
# Supported only for MySQL and PostgreSQL
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# DBTLSCertFile=
|
|
|
|
### Option: DBTLSKeyFile
|
|
# Full pathname of file containing the private key for authenticating to database.
|
|
# Supported only for MySQL and PostgreSQL
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# DBTLSKeyFile=
|
|
|
|
### Option: DBTLSCipher
|
|
# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2
|
|
# Supported only for MySQL
|
|
#
|
|
# Mandatory no
|
|
# Default:
|
|
# DBTLSCipher=
|
|
|
|
### Option: DBTLSCipher13
|
|
# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol
|
|
# Supported only for MySQL, starting from version 8.0.16
|
|
#
|
|
# Mandatory no
|
|
# Default:
|
|
# DBTLSCipher13=
|
|
|
|
### Option: Vault
|
|
# Specifies vault:
|
|
# HashiCorp - HashiCorp KV Secrets Engine - Version 2
|
|
# CyberArk - CyberArk Central Credential Provider
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# Vault=HashiCorp
|
|
|
|
### Option: VaultToken
|
|
# Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path
|
|
# specified in optional VaultDBPath configuration parameter.
|
|
# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
|
|
#
|
|
# Mandatory: no
|
|
# (yes, if Vault is explicitly set to HashiCorp)
|
|
# Default:
|
|
# VaultToken=
|
|
|
|
### Option: VaultURL
|
|
# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# VaultURL=https://127.0.0.1:8200
|
|
|
|
### Option: VaultDBPath
|
|
# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
|
|
# Keys used for HashiCorp are 'password' and 'username'.
|
|
# Example path:
|
|
# secret/zabbix/database
|
|
# Keys used for CyberArk are 'Content' and 'UserName'.
|
|
# Example query:
|
|
# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database
|
|
# This option can only be used if DBUser and DBPassword are not specified.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# VaultDBPath=
|
|
|
|
### Option: VaultTLSCertFile
|
|
# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
|
|
# If the certificate file contains also the private key, leave the SSL key file field empty. The directory
|
|
# containing this file is specified by configuration parameter SSLCertLocation.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# VaultTLSCertFile=
|
|
|
|
### Option: VaultTLSKeyFile
|
|
# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
|
|
# The directory containing this file is specified by configuration parameter SSLKeyLocation.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# VaultTLSKeyFile=
|
|
|
|
####### For advanced users - TCP-related fine-tuning parameters #######
|
|
|
|
## Option: ListenBacklog
|
|
# The maximum number of pending connections in the queue. This parameter is passed to
|
|
# listen() function as argument 'backlog' (see "man listen").
|
|
#
|
|
# Mandatory: no
|
|
# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
|
|
# Default: SOMAXCONN (hard-coded constant, depends on system)
|
|
# ListenBacklog=
|