Man Linux: Main Page and Category List


       munin-node.conf - Munin-node configuration file


       Munin-node is the node that Munin fetches data from, graphs, htmlifies
       and optionaly warns nagios about data it gathers. It's designed to let
       it be very easy to graph new datasources.

       "munin-node.conf" is the configuration file for munin-node.

       The format of the file is dictated by the use of Net::Server. A look at
       "perldoc Net::Server" will give a list of options that the file
       supports by using the module.

       The following options are of special interest:

       allow RE
            IP based access list is implemented through this. The statement
            may be repeated many times.  It's important to note that it's
            actually a regular expression after the keyword so to allow
            localhost it must be written like this:

                  allow ^127\.0\.0\.1$

       host IP
            The IP number of the interface munin-node should listen on.  By
            default munin-node listens to all interfaces.  To make munin-node
            listen only on the localhost interface - making it unavailable
            from the network do this:


   Additional options:
       host_name <host>
            If set, overrides the hostname munin-node uses in its
            'hello'-negotiation with munin. A "telnet localhost 4949" will
            show the hostname munin-node is currently using. If munin-node and
            the main munin installation do not agree on the hostname, munin
            will skip all the plugins of the machine in question.

       paranoia <yes|no|true|false|on|off|1|0>
            If set, checks permissions of plugin files, and only tries to run
            files owned by root. Default on.

       ignore_file <regex>
            Files matching <regex> in the node.d/ and node-conf.d/ directories
            will be overlooked.

       tls <value>
            Can have four values. "paranoid", "enabled", "auto", and
            "disabled".  "Paranoid" and "enabled" require a TLS connection,
            while "disabled" will not attempt one at all.

            The current default is "disabled" because "auto" is broken.
            "Auto" causes bad interaction between munin-update and munin-node
            if the node is unprepared to go to TLS.

            If you see data dropouts (gaps in graphs) please try to disable

       tls_verify_certificate <value>
            This directive can be "yes" or "no".  It determines if the remote
            certificate needs to be signed by a CA that is known locally.
            Default is "no".

       tls_private_key <value>
            This directive sets the location of the private key to be used for
            TLS.  Default is @@CONFDIR@@/munin-node.pem.  The private key and
            certificate can be stored in the same file.

       tls_certificate <value>
            This directive sets the location of the TLS certificate to be used
            for TLS.  Default is @@CONFDIR@@/munin-node.pem.  The private key
            and certificate can be stored in the same file.

       tls_ca_certificate <value>
            This directive sets the CA certificate to be used to verify the
            node's certificate, if tls_verify_certificate is set to "yes".
            Default is @@CONFDIR@@/cacert.pem.

       tls_verify_depth <value>
            This directive sets how many signings up a chain of signatures TLS
            is willing to go to reach a known, trusted CA when verifying a
            certificate.  Default is 5.

       tls_match <value>
            This directive, if defined, searches a dump of the certificate
            provided by the remote host for the given regex.  The dump of the
            certificate is two lines of the form:

                    Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email
                    Issuer  Name: /C=c/ST=st/O=o/OU=ou/CN=cn/emailAddress=email

            So, for example, one could match the subject distinguished name by
            the directive:

                    tls_match Subject Name: /C=c/ST=st/L=l/O=o/OU=ou/CN=cn/emailAddress=email

            Note that the fields are dumped in the order they appear in the
            certificate.  It's best to view the dump of the certificate by
            running munin-update in debug mode and reviewing the logs.

            Unfortunately, due to the limited functionality of the SSL module
            in use, it is not possible to provide finer-grained filtering.  By
            default this value is not defined.


       A pretty normal configuration file:

               log_level 4
               log_file /var/log/munin/munin-node.log
               port 4949
               pid_file /var/run/
               background 1
               setsid 1

               host *
               user root
               group root
               setsid yes

               ignore_file \.bak$
               ignore_file \.rpm(save|new)$
               ignore_file ^README$

               allow ^127\.0\.0\.1$

               ignore_file \.dpkg-(old|new)$
               ignore_file \.rpm(save|new)$

       See the documentation or Munin homepage
       <> for more info.


       Jimmy Olsen.


       Copyright (C) 2002-2006 Audun Ytterdal, Jimmy Olsen, Dagfin Ilmari
       Mansaaker, Nicolai Langfeldt

       This is free software; see the source for copying conditions. There is
       NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR

       This program is released under the GNU General Public License