Zabbix Documentation 4.4

3.04.05.0 (current)| In development:5.2 (devel)| Unsupported:1.82.02.22.43.23.44.24.4Guidelines

User Tools

Site Tools


manual:appendix:config:zabbix_agentd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:appendix:config:zabbix_agentd [2019/09/03 07:45]
martins-v formatting fix
manual:appendix:config:zabbix_agentd [2020/03/27 14:42] (current)
martins-v adding TLSCipher* parameters
Line 1: Line 1:
 ==== 3 Zabbix agent (UNIX) ==== ==== 3 Zabbix agent (UNIX) ====
  
-<​note>​The default values reflect daemon defaults, not the values in the shipped configuration files.</​note>​+=== Overview ===
  
-The parameters supported in a Zabbix agent configuration file (//zabbix_agentd.conf//):+This section lists parameters supported in a Zabbix agent configuration file (zabbix_agentd.conf). Note that: 
 + 
 +  * The default values reflect daemon defaults, not the values in the shipped configuration files; 
 +  * Zabbix supports configuration files only in UTF-8 encoding without [[https://​en.wikipedia.org/​wiki/​Byte_order_mark|BOM]];​ 
 +  * Comments starting with "#"​ are only supported in the beginning of the line. 
 + 
 +=== Parameters ===
  
 ^Parameter^Mandatory^Range^Default^Description^ ^Parameter^Mandatory^Range^Default^Description^
Line 38: Line 44:
 | TLSCAFile| no |  | |Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification,​ used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCAFile| no |  | |Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification,​ used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |
 | TLSCertFile| no |  | |Full pathname of a file containing the agent certificate or certificate chain, used for encrypted communications with Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCertFile| no |  | |Full pathname of a file containing the agent certificate or certificate chain, used for encrypted communications with Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |
 +| TLSCipherAll| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.\\ Example: TLS_AES_256_GCM_SHA384:​TLS_CHACHA20_POLY1305_SHA256:​TLS_AES_128_GCM_SHA256\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherAll13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-RSA:​+RSA:​+ECDHE-PSK:​+PSK:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL::​+SIGN-ALL:​+CTYPE-X.509\\ Example for OpenSSL: EECDH+aRSA+AES128:​RSA+aRSA+AES128:​kECDHEPSK+AES128:​kPSK+AES128\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherCert| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for certificate-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-RSA:​+RSA:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL:​+SIGN-ALL:​+CTYPE-X.509\\ Example for OpenSSL: EECDH+aRSA+AES128:​RSA+aRSA+AES128\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherCert13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for certificate-based encryption.\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherPSK| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for PSK-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-PSK:​+PSK:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL:​+SIGN-ALL\\ Example for OpenSSL: kECDHEPSK+AES128:​kPSK+AES128\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherPSK13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for PSK-based encryption.\\ Example: TLS_CHACHA20_POLY1305_SHA256:​TLS_AES_128_GCM_SHA256\\ This parameter is supported since Zabbix 4.4.7. ​ |
 | TLSConnect| yes, if TLS certificate or PSK parameters are defined (even for //​unencrypted//​ connection),​ otherwise no |  | |How the agent should connect to Zabbix server or proxy. Used for active checks. Only one value can be specified: \\ //​unencrypted//​ - connect without encryption (default) \\ //psk// - connect using TLS and a pre-shared key (PSK) \\ //cert// - connect using TLS and a certificate\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSConnect| yes, if TLS certificate or PSK parameters are defined (even for //​unencrypted//​ connection),​ otherwise no |  | |How the agent should connect to Zabbix server or proxy. Used for active checks. Only one value can be specified: \\ //​unencrypted//​ - connect without encryption (default) \\ //psk// - connect using TLS and a pre-shared key (PSK) \\ //cert// - connect using TLS and a certificate\\ This parameter is supported since Zabbix 3.0.0. ​ |
 | TLSCRLFile| no |  | |Full pathname of a file containing revoked certificates. This parameter is used for encrypted communications with Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCRLFile| no |  | |Full pathname of a file containing revoked certificates. This parameter is used for encrypted communications with Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |
Line 49: Line 61:
 | UserParameter| no | | |User-defined parameter to monitor. There can be several user-defined parameters.\\ Format: UserParameter=<​key>,<​shell command>​\\ Note that shell command must not return empty string or EOL only.\\ Example: UserParameter=system.test,​who%%|%%wc -l | | UserParameter| no | | |User-defined parameter to monitor. There can be several user-defined parameters.\\ Format: UserParameter=<​key>,<​shell command>​\\ Note that shell command must not return empty string or EOL only.\\ Example: UserParameter=system.test,​who%%|%%wc -l |
  
-<​note>​In Zabbix agent 2.0.0 version configuration parameters related to active and passive checks have been changed.\\ See the [[#​see_also|"​See also"​]] section at the bottom of this page to read more details about these changes.</​note>​ +=== See also ===
- +
-<​note>​Zabbix supports configuration files only in UTF-8 encoding without [[https://​en.wikipedia.org/​wiki/​Byte_order_mark|BOM]].\\ \\  Comments starting with "#"​ are only supported in the beginning of the line.</​note>​ +
-==== See also ====+
   - [[http://​blog.zabbix.com/​multiple-servers-for-active-agent-sure/​858|Differences in the Zabbix agent configuration for active and passive checks starting from version 2.0.0]]   - [[http://​blog.zabbix.com/​multiple-servers-for-active-agent-sure/​858|Differences in the Zabbix agent configuration for active and passive checks starting from version 2.0.0]]