Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Monitoring Agent Configuration

This page describes possible settings for Monitoring Agent. These values are set after first launching Ops Manager and not through manual editing of these files. See Ops Manager Configuration for the Ops Manager settings and their values.

Warning

Do not edit these settings for a Monitoring Agent that is managed by an Automation Agent. If you do, the Automation Agent can overwrite any changes you make. If you are not using the Automation Agent, you must edit these settings manually.

Location of the Configuration File on Each Operating System

The location of the Monitoring Agent configuration file depends on your operating system:

Operating System Installation Method Config File Path
RHEL, CentOS, Amazon Linux and Ubuntu package manager /etc/mongodb-mms/monitoring-agent.config
OS X or other Linux distributions tar <install-directory>/monitoring-agent.config
Windows msi C:\MMSData\Monitoring\monitoring-agent.config

Settings

Ops Manager provides default values for many of the Monitoring Agent Configuration settings.

Important

You must set the mmsApiKey value.

Connection Settings

For the Monitoring Agent to communicate with the Ops Manager servers, these connection settings are required:

mmsApiKey

Type: string

Specifies the Ops Manager agent API key of your Ops Manager group. To retrieve this key from Ops Manager, click Settings, then Agents and then click the appropriate operating system under Agent Downloads.

When the Monitoring Agent Installation Instructions box appears, these values can be copied directly from this box using the Copy buttons.

This setting is usually set when the Monitoring Agent is installed and it is required.

mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem
mmsBaseUrl

Type: string

Specifies the URL of the Ops Manager Application.

mmsBaseUrl=http://example.com:8080

Logging Settings

logFile

Type: string

Specifies the absolute path to the log file. If this is not specified, the log writes to standard error (stderr) on UNIX- and Linux-based systems and to the Event Log on Windows systems.

maxLogFileSizeBytes

Type: integer

Specifies the maximum size, in bytes, of a log file before the logs are rotated. If unspecified, the Monitoring Agent does not rotate logs based on file size. This is optional.

maxLogFileSizeBytes=536870912
maxLogFileDurationHrs

Type: float

Specifies the number of hours after which the log file is rotated. This is optional and only supported on UNIX- and Linux-based systems.

Note

You can manually rotate the Monitoring Agent logs. Issue a user signal 1 kill command for the Monitoring Agent process:

kill -SIGUSR1 <monitoringAgentID>

This rotates the Monitoring Agent log file.

HTTP Proxy Settings

httpProxy

Type: string

Specifies the URL of an HTTP proxy server the Monitoring Agent can use.

httpProxy=http://proxy.example.com:8080

MongoDB Kerberos Settings

Specify these settings if the Monitoring Agent authenticates to hosts using Kerberos. To configure Kerberos, see Configure the Monitoring Agent for Kerberos.

krb5Principal

Type: string

Specifies the Kerberos principal the Monitoring Agent uses.

krb5Principal=mmsagent/myhost@EXAMPLE.COM
krb5Keytab

Type: string

Specifies the absolute path to Kerberos principal’s keytab file.

krb5Keytab=/path/to/mms-monitoring-agent.keytab
krb5ConfigLocation

Type: string

Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.

krb5ConfigLocation=/path/to/krb_custom.conf
gssapiServiceName

Type: string

Specifies the service name with the gssapiServiceName option.

By default, MongoDB uses mongodb as its service name.

Note

Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent automatically when Kerberos is enabled. If you want to override the location of the Kerberos Credential Cache, you must set the KRB5CCNAME environment variable to the desired file name and path before running the agent.

MongoDB SSL Settings

Specify these settings when the Monitoring Agent connects to MongoDB deployments using SSL. See Configure Monitoring Agent for SSL for more information.

useSslForAllConnections

Type: boolean

Specifies whether or not to encrypt all connections to MongoDB deployments using SSL.

Caution

Setting this to true overrides any per-host SSL settings configured in the Ops Manager interface.

sslClientCertificate

Type: string

Specifies the absolute path to the private key, client certificate, and optional intermediate certificates in PEM format. The Monitoring Agent uses the client certificate to connect to any configured MongoDB deployment that uses SSL and requires a client certificate (run with the --sslCAFile option).

Example

If you want to connect to a MongoDB deployment that uses both SSL and certificate validation using the mongo shell:

mongo --ssl --sslPEMKeyFile /path/to/client.pem --sslCAFile /path/to/ca.pem example.net:27017

You must set these options in your Monitoring Agent configuration file:

sslTrustedServerCertificates=/path/to/ca.pem
sslClientCertificate=/path/to/client.pem
sslClientCertificatePassword

Type: string

Specifies the password needed to decrypt the private key in the sslClientCertificate file. This setting is required when the client certificate PEM file is encrypted.

sslClientCertificatePassword=password
sslTrustedServerCertificates

Type: string

Specifies the absolute path that contains the trusted CA certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with SSL.

sslTrustedServerCertificates=/path/to/ca.pem
sslRequireValidServerCertificates

Type: boolean

Specifies whether the Monitoring Agent should validate the SSL certificates presented by the MongoDB databases.

sslRequireValidServerCertificates=true

By default, the sslRequireValidServerCertificates setting is true, and a valid trusted certificate is required to connect to MongoDB instances using SSL.

When the Monitoring Agent is managed by the Automation Agent, this setting cannot be set to false. However, you can set sslRequireValidServerCertificates to false if you install and configure the Monitoring Agent manually. When sslRequireValidServerCertificates is false, you do not need to set the sslTrustedServerCertificates setting because Ops Manager will not verify the certificates.

Warning

Setting sslRequireValidServerCertificates to false makes connections between the Monitoring Agent and MongoDB databases susceptible to man-in-the-middle attacks. Setting sslRequireValidServerCertificates to false is recommended only for testing and not for production.

Ops Manager Server SSL Settings

Specify the settings the Monitoring Agent uses when communicating with Ops Manager using SSL.

sslTrustedMMSServerCertificate

Type: string

Specifies the absolute path that contains the trusted CA certificates in PEM format. The Monitoring Agent uses this certificate to verify that the agent is communicating with the designated Ops Manager instance.

By default, the Monitoring Agent uses the trusted root CAs installed on the system.

If the agent cannot find the trusted root CAs, configure these settings manually.

If the Ops Manager instance uses a self-signed SSL certificate, you must specify a sslTrustedMMSServerCertificate value.

sslTrustedMMSServerCertificate=/path/to/mms-certs.pem
sslRequireValidMMSServerCertificates

Type: boolean

Specifies if the Monitoring Agent should validate SSL certificates from Ops Manager.

Warning

Setting this option to false disables certificate verification and makes connections between the Monitoring Agent and Ops Manager susceptible to man-in-the-middle attacks. Setting this option to false is only recommended for testing purposes.

sslServerClientCertificate

Type: string

Specifies the path to the file containing the client’s private key, certificate, and optional intermediate certificates in PEM format. The Monitoring Agent uses the client certificate when connecting to Ops Manager over SSL if Ops Manager requires client certificates, such as when Ops Manager runs with Client Certificate Mode set to Required for Agents Only or Required for All Requests.

See also

See Client Certificate Mode in Ops Manager Configuration for how to specify this setting in the Ops Manager Application.

sslServerClientCertificate=/path/to/client.pem
sslServerClientCertificatePassword

Specifies the password needed to decrypt the private key in the sslServerClientCertificate file. This setting is required when the client certificate PEM file is encrypted.

sslServerClientCertificatePassword=password

Munin Settings

See Configure Hardware Monitoring with munin-node for information on configuring Munin-node.

enableMunin

Type: boolean

Specifies whether or not the Monitoring Agent collects hardware statistics via Munin-node.

false Monitoring Agent does not collect hardware statistics.
true Monitoring Agent collects hardware statistics.

Deprecated Settings

MongoDB Authentication Settings

If all monitored MongoDB deployments use the same MONGODB-CR credentials, you may use these settings. Setting the username and password in the configuration file overrides any configuration in the Ops Manager Application.

See Required Access for Monitoring Agent for information on the privileges needed for this user.

globalAuthUsername

Type: string

Specifies the MongoDB username that the Monitoring Agent uses to connect.

Warning

This value overrides all other usernames configured for the Monitoring Agent.

globalAuthUsername=mms-monitoring-agent
globalAuthPassword

Type: string

Specifies the password for the globalAuthUsername user.

Warning

This value overrides all other passwords configured for the Monitoring Agent.

globalAuthPassword=password