Subversion Repositories configs

Rev

Rev 194 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
192 - 1
# This is a configuration file for Zabbix agent daemon (Unix)
2
# To get more information about Zabbix, visit http://www.zabbix.com
3
 
4
############ GENERAL PARAMETERS #################
5
 
6
### Option: PidFile
7
#	Name of PID file.
8
#
9
# Mandatory: no
10
# Default:
11
# PidFile=/tmp/zabbix_agentd.pid
12
 
13
PidFile=/var/run/zabbix/zabbix_agentd.pid
14
 
15
### Option: LogType
16
#	Specifies where log messages are written to:
17
#		system  - syslog
18
#		file    - file specified with LogFile parameter
19
#		console - standard output
20
#
21
# Mandatory: no
22
# Default:
23
# LogType=file
24
 
25
### Option: LogFile
26
#	Log file name for LogType 'file' parameter.
27
#
28
# Mandatory: yes, if LogType is set to file, otherwise no
29
# Default:
30
# LogFile=
31
 
32
LogFile=/var/log/zabbix/zabbix_agentd.log
33
 
34
### Option: LogFileSize
35
#	Maximum size of log file in MB.
36
#	0 - disable automatic log rotation.
37
#
38
# Mandatory: no
39
# Range: 0-1024
40
# Default:
41
# LogFileSize=1
42
 
43
LogFileSize=0
44
 
45
### Option: DebugLevel
46
#	Specifies debug level:
47
#	0 - basic information about starting and stopping of Zabbix processes
48
#	1 - critical information
49
#	2 - error information
50
#	3 - warnings
51
#	4 - for debugging (produces lots of information)
52
#	5 - extended debugging (produces even more information)
53
#
54
# Mandatory: no
55
# Range: 0-5
56
# Default:
57
# DebugLevel=3
58
 
59
### Option: SourceIP
60
#	Source IP address for outgoing connections.
61
#
62
# Mandatory: no
63
# Default:
64
# SourceIP=
65
 
66
### Option: AllowKey
67
#	Allow execution of item keys matching pattern.
68
#	Multiple keys matching rules may be defined in combination with DenyKey.
69
#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
70
#	Parameters are processed one by one according their appearance order.
71
#	If no AllowKey or DenyKey rules defined, all keys are allowed.
72
#
73
# Mandatory: no
74
 
75
### Option: DenyKey
76
#	Deny execution of items keys matching pattern.
77
#	Multiple keys matching rules may be defined in combination with AllowKey.
78
#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
79
#	Parameters are processed one by one according their appearance order.
80
#	If no AllowKey or DenyKey rules defined, all keys are allowed.
81
#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
82
#
83
# Mandatory: no
84
# Default:
85
# DenyKey=system.run[*]
86
 
87
### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
88
#	Internal alias for AllowKey/DenyKey parameters depending on value:
89
#	0 - DenyKey=system.run[*]
90
#	1 - AllowKey=system.run[*]
91
#
92
# Mandatory: no
93
AllowKey=system.run[*]
94
 
95
### Option: LogRemoteCommands
96
#	Enable logging of executed shell commands as warnings.
97
#	0 - disabled
98
#	1 - enabled
99
#
100
# Mandatory: no
101
# Default:
102
# LogRemoteCommands=0
103
 
104
##### Passive checks related
105
 
106
### Option: Server
107
#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
108
#	Incoming connections will be accepted only from the hosts listed here.
109
#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
110
#	and '::/0' will allow any IPv4 or IPv6 address.
111
#	'0.0.0.0/0' can be used to allow any IPv4 address.
112
#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
113
#
114
# Mandatory: yes, if StartAgents is not explicitly set to 0
115
# Default:
116
# Server=
117
 
118
Server=127.0.0.1,10.192.25.0/24,::1
119
 
120
### Option: ListenPort
121
#	Agent will listen on this port for connections from the server.
122
#
123
# Mandatory: no
124
# Range: 1024-32767
125
# Default:
126
# ListenPort=10050
127
 
128
### Option: ListenIP
129
#	List of comma delimited IP addresses that the agent should listen on.
130
#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
131
#
132
# Mandatory: no
133
# Default:
134
# ListenIP=0.0.0.0
135
 
136
### Option: StartAgents
137
#	Number of pre-forked instances of zabbix_agentd that process passive checks.
138
#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
139
#
140
# Mandatory: no
141
# Range: 0-100
142
# Default:
143
# StartAgents=3
144
 
145
##### Active checks related
146
 
147
### Option: ServerActive
148
#	List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks.
149
#	If port is not specified, default port is used.
150
#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
151
#	If port is not specified, square brackets for IPv6 addresses are optional.
152
#	If this parameter is not specified, active checks are disabled.
153
#	Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
154
#
155
# Mandatory: no
156
# Default:
157
# ServerActive=
158
 
159
ServerActive=127.0.0.1
160
 
161
### Option: Hostname
162
#	List of comma delimited unique, case sensitive hostnames.
163
#	Required for active checks and must match hostnames as configured on the server.
164
#	Value is acquired from HostnameItem if undefined.
165
#
166
# Mandatory: no
167
# Default:
168
# Hostname=
169
 
170
Hostname=homeserver8
171
 
172
### Option: HostnameItem
173
#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
174
#	Does not support UserParameters or aliases.
175
#
176
# Mandatory: no
177
# Default:
178
# HostnameItem=system.hostname
179
 
180
### Option: HostMetadata
181
#	Optional parameter that defines host metadata.
182
#	Host metadata is used at host auto-registration process.
183
#	An agent will issue an error and not start if the value is over limit of 255 characters.
184
#	If not defined, value will be acquired from HostMetadataItem.
185
#
186
# Mandatory: no
187
# Range: 0-255 characters
188
# Default:
189
# HostMetadata=
190
 
191
### Option: HostMetadataItem
192
#	Optional parameter that defines an item used for getting host metadata.
193
#	Host metadata is used at host auto-registration process.
194
#	During an auto-registration request an agent will log a warning message if
195
#	the value returned by specified item is over limit of 255 characters.
196
#	This option is only used when HostMetadata is not defined.
197
#
198
# Mandatory: no
199
# Default:
200
# HostMetadataItem=
201
 
202
### Option: HostInterface
203
#	Optional parameter that defines host interface.
204
#	Host interface is used at host auto-registration process.
205
#	An agent will issue an error and not start if the value is over limit of 255 characters.
206
#	If not defined, value will be acquired from HostInterfaceItem.
207
#
208
# Mandatory: no
209
# Range: 0-255 characters
210
# Default:
211
# HostInterface=
212
 
213
### Option: HostInterfaceItem
214
#	Optional parameter that defines an item used for getting host interface.
215
#	Host interface is used at host auto-registration process.
216
#	During an auto-registration request an agent will log a warning message if
217
#	the value returned by specified item is over limit of 255 characters.
218
#	This option is only used when HostInterface is not defined.
219
#
220
# Mandatory: no
221
# Default:
222
# HostInterfaceItem=
223
 
224
### Option: RefreshActiveChecks
225
#	How often list of active checks is refreshed, in seconds.
226
#
227
# Mandatory: no
228
# Range: 60-3600
229
# Default:
230
# RefreshActiveChecks=120
231
 
232
### Option: BufferSend
233
#	Do not keep data longer than N seconds in buffer.
234
#
235
# Mandatory: no
236
# Range: 1-3600
237
# Default:
238
# BufferSend=5
239
 
240
### Option: BufferSize
241
#	Maximum number of values in a memory buffer. The agent will send
242
#	all collected data to Zabbix Server or Proxy if the buffer is full.
243
#
244
# Mandatory: no
245
# Range: 2-65535
246
# Default:
247
# BufferSize=100
248
 
249
### Option: MaxLinesPerSecond
250
#	Maximum number of new lines the agent will send per second to Zabbix Server
251
#	or Proxy processing 'log' and 'logrt' active checks.
252
#	The provided value will be overridden by the parameter 'maxlines',
253
#	provided in 'log' or 'logrt' item keys.
254
#
255
# Mandatory: no
256
# Range: 1-1000
257
# Default:
258
# MaxLinesPerSecond=20
259
 
260
############ ADVANCED PARAMETERS #################
261
 
262
### Option: Alias
263
#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
264
#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
265
#	Different Alias keys may reference the same item key.
266
#	For example, to retrieve the ID of user 'zabbix':
267
#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
268
#	Now shorthand key zabbix.userid may be used to retrieve data.
269
#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
270
#
271
# Mandatory: no
272
# Range:
273
# Default:
274
 
275
### Option: Timeout
276
#	Spend no more than Timeout seconds on processing
277
#
278
# Mandatory: no
279
# Range: 1-30
280
# Default:
281
# Timeout=3
282
 
283
### Option: AllowRoot
284
#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
285
#	will try to switch to the user specified by the User configuration option instead.
286
#	Has no effect if started under a regular user.
287
#	0 - do not allow
288
#	1 - allow
289
#
290
# Mandatory: no
291
# Default:
292
# AllowRoot=0
293
 
294
### Option: User
295
#	Drop privileges to a specific, existing user on the system.
296
#	Only has effect if run as 'root' and AllowRoot is disabled.
297
#
298
# Mandatory: no
299
# Default:
300
# User=zabbix
301
# NOTE: This option is overriden by settings in systemd service file!
302
 
303
### Option: Include
304
#	You may include individual files or all files in a directory in the configuration file.
305
#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
306
#
307
# Mandatory: no
308
# Default:
309
# Include=
310
 
311
Include=/etc/zabbix/zabbix_agentd.d/*.conf
312
 
313
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
314
# Include=/usr/local/etc/zabbix_agentd.conf.d/
315
# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
316
 
317
####### USER-DEFINED MONITORED PARAMETERS #######
318
 
319
### Option: UnsafeUserParameters
320
#	Allow all characters to be passed in arguments to user-defined parameters.
321
#	The following characters are not allowed:
322
#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
323
#	Additionally, newline characters are not allowed.
324
#	0 - do not allow
325
#	1 - allow
326
#
327
# Mandatory: no
328
# Range: 0-1
329
# Default:
330
# UnsafeUserParameters=0
331
 
332
### Option: UserParameter
333
#	User-defined parameter to monitor. There can be several user-defined parameters.
334
#	Format: UserParameter=<key>,<shell command>
335
#	See 'zabbix_agentd' directory for examples.
336
#
337
# Mandatory: no
338
# Default:
339
# UserParameter=
340
UserParameter=mysql.ping[*], mysqladmin -u'zbx_monitor' -p'HcRvV8L^eY' -h"$1" -P"$2" ping
341
UserParameter=mysql.get_status_variables[*], mysql -u'zbx_monitor' -p'HcRvV8L^eY' -h"$1" -P"$2" -sNX -e "show global status"
342
UserParameter=mysql.version[*], mysqladmin -u'zbx_monitor' -p'HcRvV8L^eY' -s -h"$1" -P"$2" version
343
UserParameter=mysql.db.discovery[*], mysql -u'zbx_monitor' -p'HcRvV8L^eY' -h"$1" -P"$2" -sN -e "show databases"
344
UserParameter=mysql.dbsize[*], mysql -u'zbx_monitor' -p'HcRvV8L^eY' -h"$1" -P"$2" -sN -e "SELECT COALESCE(SUM(DATA_LENGTH + INDEX_LENGTH),0) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='$3'"
345
UserParameter=mysql.replication.discovery[*], mysql -u'zbx_monitor' -p'HcRvV8L^eY' -h"$1" -P"$2" -sNX -e "show slave status"
346
UserParameter=mysql.slave_status[*], mysql -u'zbx_monitor' -p'HcRvV8L^eY' -h"$1" -P"$2" -sNX -e "show slave status"
347
 
195 - 348
#UserParameter=spam.hour,find /var/virusmails/spam/ -name "spam*" -type f -amin -60|wc -l
349
#UserParameter=virus.hour,find /var/virusmails/virus/ -name "virus*" -type f -amin -60|wc -l
350
#UserParameter=banned.hour,find /var/virusmails/banned/ -name "banned*" -type f -amin -60|wc -l
351
#UserParameter=badh.hour,find /var/virusmails/badh/ -name "badh*" -type f -amin -60|wc -l
192 - 352
 
195 - 353
UserParameter=zabbix.mysqlsize,mysql zabbix -uroot -puwe2592 -e 'show table status' | perl -lane '$size += $F[6]+$F[8];END{print $size}'
192 - 354
 
193 - 355
UserParameter=check_apc_ups.load,/usr/sbin/apcaccess | grep LOADPCT | cut -f4 -d" "
356
UserParameter=check_apc_ups.bcharge,/usr/sbin/apcaccess | grep BCHARGE | cut -f4 -d" "
357
UserParameter=check_apc_ups.time,/usr/sbin/apcaccess | grep TIMELEFT | cut -f3 -d" "
358
UserParameter=check_apc_ups.status,/usr/sbin/apcaccess | grep STATUS | cut -f5- -d" "
359
 
192 - 360
UserParameter=rsnapshot.total_files,awk '{a += $2} END{print a}' /tmp/rsnapshot.daily
361
UserParameter=rsnapshot.trans_files,awk '{a += $3} END{print a}' /tmp/rsnapshot.daily
362
UserParameter=rsnapshot.total_size,awk '{a += $4} END{print a}' /tmp/rsnapshot.daily
363
UserParameter=rsnapshot.trans_size,awk '{a += $5} END{print a}' /tmp/rsnapshot.daily
364
UserParameter=rsnapshot.list_gen_time,awk '{a += $6} END{print a}' /tmp/rsnapshot.daily
365
UserParameter=rsnapshot.file_trans_time,awk '{a += $8} END{print a}' /tmp/rsnapshot.daily
366
 
367
UserParameter=pfmailq,mailq | grep -v "Mail queue is empty" | grep -c '^[0-9A-Z]'
368
 
369
UserParameter=sensor.core0,sudo /usr/bin/sensors | grep "Core 0" | awk '{ print $3+0 }'
370
UserParameter=sensor.core1,sudo /usr/bin/sensors | grep "Core 1" | awk '{ print $3+0 }'
371
UserParameter=sensor.core2,sudo /usr/bin/sensors | grep "Core 2" | awk '{ print $3+0 }'
372
UserParameter=sensor.core3,sudo /usr/bin/sensors | grep "Core 3" | awk '{ print $3+0 }'
373
 
374
UserParameter=rsyslogd.cpu,ps auxw|grep rsyslogd|grep -v grep| awk '{s+=$3} END {print s}'
375
 
194 - 376
#UserParameter=hdd.sda.wear_leveling_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sda Wear_Leveling_Count
377
#UserParameter=hdd.sda.read_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sda CRC_Error_Count
378
#UserParameter=hdd.sda.write_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sda Uncorrectable_Error_Cnt
379
#UserParameter=hdd.sda.reallocated_sector_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sda Reallocated_Sector_Ct
380
#UserParameter=hdd.sda.power_on_hours,sudo /usr/local/sbin/get_smart_value.sh /dev/sda Power_On_Hours
381
#UserParameter=hdd.sda.temperature,sudo /usr/local/sbin/get_smart_value.sh /dev/sda Temperature_Cel
382
#UserParameter=hdd.sdb.wear_leveling_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sdb Wear_Leveling_Count
383
#UserParameter=hdd.sdb.read_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sdb CRC_Error_Count
384
#UserParameter=hdd.sdb.write_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sdb Uncorrectable_Error_Cnt
385
#UserParameter=hdd.sdb.reallocated_sector_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sdb Reallocated_Sector_Ct
386
#UserParameter=hdd.sdb.power_on_hours,sudo /usr/local/sbin/get_smart_value.sh /dev/sdb Power_On_Hours
387
#UserParameter=hdd.sdb.temperature,sudo /usr/local/sbin/get_smart_value.sh /dev/sdb Temperature_Cel
388
#UserParameter=hdd.sdc.read_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sdc Raw_Read_Error_Rate
389
#UserParameter=hdd.sdc.reallocated_sector_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sdc Reallocated_Sector_Ct
390
#UserParameter=hdd.sdc.power_on_hours,sudo /usr/local/sbin/get_smart_value.sh /dev/sdc Power_On_Hours
391
#UserParameter=hdd.sdc.temperature,sudo /usr/local/sbin/get_smart_value.sh /dev/sdc Temperature_Celsius
392
#UserParameter=hdd.sdd.read_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sdd Raw_Read_Error_Rate
393
#UserParameter=hdd.sdd.reallocated_sector_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sdd Reallocated_Sector_Ct
394
#UserParameter=hdd.sdd.power_on_hours,sudo /usr/local/sbin/get_smart_value.sh /dev/sdd Power_On_Hours
395
#UserParameter=hdd.sdd.temperature,sudo /usr/local/sbin/get_smart_value.sh /dev/sdd Temperature_Celsius
396
#UserParameter=hdd.sde.read_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sde Raw_Read_Error_Rate
397
#UserParameter=hdd.sde.reallocated_sector_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sde Reallocated_Sector_Ct
398
#UserParameter=hdd.sde.power_on_hours,sudo /usr/local/sbin/get_smart_value.sh /dev/sde Power_On_Hours
399
#UserParameter=hdd.sde.temperature,sudo /usr/local/sbin/get_smart_value.sh /dev/sde Temperature_Celsius
400
#UserParameter=hdd.sdf.read_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sdf Raw_Read_Error_Rate
401
#UserParameter=hdd.sdf.reallocated_sector_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sdf Reallocated_Sector_Ct
402
#UserParameter=hdd.sdf.power_on_hours,sudo /usr/local/sbin/get_smart_value.sh /dev/sdf Power_On_Hours
403
#UserParameter=hdd.sdf.temperature,sudo /usr/local/sbin/get_smart_value.sh /dev/sdf Temperature_Celsius
404
#UserParameter=hdd.sdg.read_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sdg Raw_Read_Error_Rate
405
#UserParameter=hdd.sdg.reallocated_sector_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sdg Reallocated_Sector_Ct
406
#UserParameter=hdd.sdg.power_on_hours,sudo /usr/local/sbin/get_smart_value.sh /dev/sdg Power_On_Hours
407
#UserParameter=hdd.sdg.temperature,sudo /usr/local/sbin/get_smart_value.sh /dev/sdg Temperature_Celsius
408
#UserParameter=hdd.sdh.read_error_rate,sudo /usr/local/sbin/get_smart_value.sh /dev/sdh Raw_Read_Error_Rate
409
#UserParameter=hdd.sdh.reallocated_sector_count,sudo /usr/local/sbin/get_smart_value.sh /dev/sdh Reallocated_Sector_Ct
410
#UserParameter=hdd.sdh.power_on_hours,sudo /usr/local/sbin/get_smart_value.sh /dev/sdh Power_On_Hours
411
#UserParameter=hdd.sdh.temperature,sudo /usr/local/sbin/get_smart_value.sh /dev/sdh Temperature_Celsius
192 - 412
 
413
### Option: UserParameterDir
414
#	Directory to execute UserParameter commands from. Only one entry is allowed.
415
#	When executing UserParameter commands the agent will change the working directory to the one
416
#	specified in the UserParameterDir option.
417
#	This way UserParameter commands can be specified using the relative ./ prefix.
418
#
419
# Mandatory: no
420
# Default:
421
# UserParameterDir=
422
 
423
####### LOADABLE MODULES #######
424
 
425
### Option: LoadModulePath
426
#	Full path to location of agent modules.
427
#	Default depends on compilation options.
428
#	To see the default path run command "zabbix_agentd --help".
429
#
430
# Mandatory: no
431
# Default:
432
# LoadModulePath=${libdir}/modules
433
 
434
### Option: LoadModule
435
#	Module to load at agent startup. Modules are used to extend functionality of the agent.
436
#	Formats:
437
#		LoadModule=<module.so>
438
#		LoadModule=<path/module.so>
439
#		LoadModule=</abs_path/module.so>
440
#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
441
#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
442
#	It is allowed to include multiple LoadModule parameters.
443
#
444
# Mandatory: no
445
# Default:
446
# LoadModule=
447
 
448
####### TLS-RELATED PARAMETERS #######
449
 
450
### Option: TLSConnect
451
#	How the agent should connect to server or proxy. Used for active checks.
452
#	Only one value can be specified:
453
#		unencrypted - connect without encryption
454
#		psk         - connect using TLS and a pre-shared key
455
#		cert        - connect using TLS and a certificate
456
#
457
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
458
# Default:
459
# TLSConnect=unencrypted
460
 
461
### Option: TLSAccept
462
#	What incoming connections to accept.
463
#	Multiple values can be specified, separated by comma:
464
#		unencrypted - accept connections without encryption
465
#		psk         - accept connections secured with TLS and a pre-shared key
466
#		cert        - accept connections secured with TLS and a certificate
467
#
468
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
469
# Default:
470
# TLSAccept=unencrypted
471
 
472
### Option: TLSCAFile
473
#	Full pathname of a file containing the top-level CA(s) certificates for
474
#	peer certificate verification.
475
#
476
# Mandatory: no
477
# Default:
478
# TLSCAFile=
479
 
480
### Option: TLSCRLFile
481
#	Full pathname of a file containing revoked certificates.
482
#
483
# Mandatory: no
484
# Default:
485
# TLSCRLFile=
486
 
487
### Option: TLSServerCertIssuer
488
#		Allowed server certificate issuer.
489
#
490
# Mandatory: no
491
# Default:
492
# TLSServerCertIssuer=
493
 
494
### Option: TLSServerCertSubject
495
#		Allowed server certificate subject.
496
#
497
# Mandatory: no
498
# Default:
499
# TLSServerCertSubject=
500
 
501
### Option: TLSCertFile
502
#	Full pathname of a file containing the agent certificate or certificate chain.
503
#
504
# Mandatory: no
505
# Default:
506
# TLSCertFile=
507
 
508
### Option: TLSKeyFile
509
#	Full pathname of a file containing the agent private key.
510
#
511
# Mandatory: no
512
# Default:
513
# TLSKeyFile=
514
 
515
### Option: TLSPSKIdentity
516
#	Unique, case sensitive string used to identify the pre-shared key.
517
#
518
# Mandatory: no
519
# Default:
520
# TLSPSKIdentity=
521
 
522
### Option: TLSPSKFile
523
#	Full pathname of a file containing the pre-shared key.
524
#
525
# Mandatory: no
526
# Default:
527
# TLSPSKFile=
528
 
529
####### For advanced users - TLS ciphersuite selection criteria #######
530
 
531
### Option: TLSCipherCert13
532
#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
533
#	Override the default ciphersuite selection criteria for certificate-based encryption.
534
#
535
# Mandatory: no
536
# Default:
537
# TLSCipherCert13=
538
 
539
### Option: TLSCipherCert
540
#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
541
#	Override the default ciphersuite selection criteria for certificate-based encryption.
542
#	Example for GnuTLS:
543
#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
544
#	Example for OpenSSL:
545
#		EECDH+aRSA+AES128:RSA+aRSA+AES128
546
#
547
# Mandatory: no
548
# Default:
549
# TLSCipherCert=
550
 
551
### Option: TLSCipherPSK13
552
#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
553
#	Override the default ciphersuite selection criteria for PSK-based encryption.
554
#	Example:
555
#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
556
#
557
# Mandatory: no
558
# Default:
559
# TLSCipherPSK13=
560
 
561
### Option: TLSCipherPSK
562
#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
563
#	Override the default ciphersuite selection criteria for PSK-based encryption.
564
#	Example for GnuTLS:
565
#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
566
#	Example for OpenSSL:
567
#		kECDHEPSK+AES128:kPSK+AES128
568
#
569
# Mandatory: no
570
# Default:
571
# TLSCipherPSK=
572
 
573
### Option: TLSCipherAll13
574
#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
575
#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
576
#	Example:
577
#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
578
#
579
# Mandatory: no
580
# Default:
581
# TLSCipherAll13=
582
 
583
### Option: TLSCipherAll
584
#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
585
#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
586
#	Example for GnuTLS:
587
#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
588
#	Example for OpenSSL:
589
#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
590
#
591
# Mandatory: no
592
# Default:
593
# TLSCipherAll=