Zabbix Documentation 5.0

3.04.04.45.0 (current)| In development:5.2 (devel)| Unsupported:1.82.02.22.43.23.44.2Guidelines

User Tools

Site Tools


manual:appendix:config:zabbix_proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:appendix:config:zabbix_proxy [2019/08/29 05:24]
martins-v adding the missing StartPreprocessors parameter
manual:appendix:config:zabbix_proxy [2020/03/27 14:27] (current)
martins-v adding TLSCipher* parameters
Line 1: Line 1:
 ==== 2 Zabbix proxy ==== ==== 2 Zabbix proxy ====
  
-<​note>​The default values reflect daemon defaults, not the values in the shipped configuration files.</​note>​+=== Overview ===
  
-The parameters supported in a Zabbix proxy configuration file:+This section lists parameters supported in a Zabbix proxy configuration file (zabbix_proxy.conf). Note that: 
 + 
 +  * The default values reflect daemon defaults, not the values in the shipped configuration files; 
 +  * Zabbix supports configuration files only in UTF-8 encoding without [[https://​en.wikipedia.org/​wiki/​Byte_order_mark|BOM]];​ 
 +  * Comments starting with "#"​ are only supported in the beginning of the line. 
 + 
 +=== Parameters ===
  
 ^Parameter^Mandatory^Range^Default^Description^ ^Parameter^Mandatory^Range^Default^Description^
Line 9: Line 15:
 | CacheSize| no | 128K-8G |8M |Size of configuration cache, in bytes.\\ Shared memory size, for storing host and item data.\\ Upper limit used to be 2GB before Zabbix 2.2.3. | | CacheSize| no | 128K-8G |8M |Size of configuration cache, in bytes.\\ Shared memory size, for storing host and item data.\\ Upper limit used to be 2GB before Zabbix 2.2.3. |
 | ConfigFrequency| no | 1-604800 |3600 |How often proxy retrieves configuration data from Zabbix server in seconds.\\ Active proxy parameter. Ignored for passive proxies (see ProxyMode parameter). ​ | | ConfigFrequency| no | 1-604800 |3600 |How often proxy retrieves configuration data from Zabbix server in seconds.\\ Active proxy parameter. Ignored for passive proxies (see ProxyMode parameter). ​ |
 +| DataSenderFrequency| no | 1-3600 |1 |Proxy will send collected data to the server every N seconds. Note that active proxy will still poll Zabbix server every second for remote command tasks.\\ Active proxy parameter. Ignored for passive proxies (see ProxyMode parameter). ​ |
 | DBHost| no | |localhost |Database host name.\\ In case of MySQL localhost or empty string results in using a socket. In case of PostgreSQL\\ only empty string results in attempt to use socket.| | DBHost| no | |localhost |Database host name.\\ In case of MySQL localhost or empty string results in using a socket. In case of PostgreSQL\\ only empty string results in attempt to use socket.|
 | DBName| yes | | | Database name or path to database file for SQLite3 (multi-process architecture of Zabbix does not allow to use [[https://​www.sqlite.org/​inmemorydb.html|in-memory database]], e.g. '':​memory:'',​ ''​file::​memory:?​cache=shared''​ or ''​file:​memdb1?​mode=memory&​cache=shared''​). \\ \\ Warning: Do not attempt to use the same database Zabbix server is using. ​ | | DBName| yes | | | Database name or path to database file for SQLite3 (multi-process architecture of Zabbix does not allow to use [[https://​www.sqlite.org/​inmemorydb.html|in-memory database]], e.g. '':​memory:'',​ ''​file::​memory:?​cache=shared''​ or ''​file:​memdb1?​mode=memory&​cache=shared''​). \\ \\ Warning: Do not attempt to use the same database Zabbix server is using. ​ |
 | DBPassword| no | | |Database password. Ignored for SQLite.\\ Comment this line if no password is used. | | DBPassword| no | | |Database password. Ignored for SQLite.\\ Comment this line if no password is used. |
-| DBSchema| no | | |Schema name. Used for IBM DB2 and PostgreSQL. |+| DBSchema| no | | |Schema name. Used for PostgreSQL. |
 | DBSocket| no | |3306 |Path to MySQL socket.\\ Database port when not using local socket. Ignored for SQLite. | | DBSocket| no | |3306 |Path to MySQL socket.\\ Database port when not using local socket. Ignored for SQLite. |
 | DBUser| | | |Database user. Ignored for SQLite. | | DBUser| | | |Database user. Ignored for SQLite. |
-DataSenderFrequency| no | 1-3600 ||Proxy will send collected data to the server ​every N secondsNote that active proxy will still poll Zabbix server ​every second ​for remote command tasks.\\ Active proxy parameter. ​Ignored ​for passive proxies (see ProxyMode ​parameter).  |+DBTLSConnect| no | | |Setting this option enforces to use TLS connection to database:\\ //​required// ​connect using TLS\\ //​verify_ca//​ - connect using TLS and verify certificate\\ //​verify_full//​ - connect using TLS, verify certificate and verify that database identity specified by DBHost matches its certificate\\ \\ On MySQL starting from 5.7.11 and PostgreSQL the following values are supported: %%"​required",​ "​verify",​ "​verify_full"​%%. On MariaDB starting from version 10.2.6 %%"​required"​ and "​verify_full"​%% values are supported.\\ By default not set to any option and the behaviour depends on database configuration.\\ \\ This parameter is supported since Zabbix 5.0.0.  ​| 
 +DBTLSCAFile| no\\ (yes, if DBTLSConnect set to one of: verify_ca, verify_full) |  | |Full pathname of a file containing ​the top-level CA(s) certificates for database certificate verification.\\ This parameter is supported since Zabbix 5.0.0. ​ | 
 +| DBTLSCertFile| no |  | |Full pathname of file containing Zabbix ​server ​certificate for authenticating to database.\\ This parameter is supported since Zabbix 5.0.0. ​ | 
 +| DBTLSKeyFile| no |  | |Full pathname of file containing the private key for authenticating to database.\\ This parameter is supported since Zabbix 5.0.0. ​ | 
 +| DBTLSCipher| no |  | |The list of encryption ciphers ​that Zabbix server ​permits ​for TLS protocols up through TLSv1.2.\\ Supported only for MySQL.\\ This parameter ​is supported since Zabbix 5.0.0.  | 
 +| DBTLSCipher13| no |  | |The list of encryption ciphersuites that Zabbix server permits ​for TLSv1.3 protocol.\\ Supported only for MySQL, starting from version 8.0.16.\\ This parameter ​is supported since Zabbix 5.0.0.  |
 | DebugLevel| no | 0-5 |3 |Specifies debug level:\\ 0 - basic information about starting and stopping of Zabbix processes\\ 1 - critical information\\ 2 - error information\\ 3 - warnings\\ 4 - for debugging (produces lots of information)\\ 5 - extended debugging (produces even more information) | | DebugLevel| no | 0-5 |3 |Specifies debug level:\\ 0 - basic information about starting and stopping of Zabbix processes\\ 1 - critical information\\ 2 - error information\\ 3 - warnings\\ 4 - for debugging (produces lots of information)\\ 5 - extended debugging (produces even more information) |
 | EnableRemoteCommands| no | |0 |Whether remote commands from Zabbix server are allowed.\\ 0 - not allowed\\ 1 - allowed\\ This parameter is supported since Zabbix 3.4.0. | | EnableRemoteCommands| no | |0 |Whether remote commands from Zabbix server are allowed.\\ 0 - not allowed\\ 1 - allowed\\ This parameter is supported since Zabbix 3.4.0. |
Line 69: Line 81:
 | TLSCAFile| no |  | |Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification,​ used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCAFile| no |  | |Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification,​ used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |
 | TLSCertFile| no |  | |Full pathname of a file containing the proxy certificate or certificate chain, used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCertFile| no |  | |Full pathname of a file containing the proxy certificate or certificate chain, used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |
 +| TLSCipherAll| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.\\ Example: TLS_AES_256_GCM_SHA384:​TLS_CHACHA20_POLY1305_SHA256:​TLS_AES_128_GCM_SHA256\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherAll13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-RSA:​+RSA:​+ECDHE-PSK:​+PSK:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL::​+SIGN-ALL:​+CTYPE-X.509\\ Example for OpenSSL: EECDH+aRSA+AES128:​RSA+aRSA+AES128:​kECDHEPSK+AES128:​kPSK+AES128\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherCert| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for certificate-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-RSA:​+RSA:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL:​+SIGN-ALL:​+CTYPE-X.509\\ Example for OpenSSL: EECDH+aRSA+AES128:​RSA+aRSA+AES128\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherCert13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for certificate-based encryption.\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherPSK| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for PSK-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-PSK:​+PSK:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL:​+SIGN-ALL\\ Example for OpenSSL: kECDHEPSK+AES128:​kPSK+AES128\\ This parameter is supported since Zabbix 4.4.7. ​ |
 +| TLSCipherPSK13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for PSK-based encryption.\\ Example: TLS_CHACHA20_POLY1305_SHA256:​TLS_AES_128_GCM_SHA256\\ This parameter is supported since Zabbix 4.4.7. ​ |
 | TLSConnect| yes for active proxy, if TLS certificate or PSK parameters are defined (even for //​unencrypted//​ connection),​ otherwise no |  | |How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy. Only one value can be specified: \\ //​unencrypted//​ - connect without encryption (default) \\ //psk// - connect using TLS and a pre-shared key (PSK) \\ //cert// - connect using TLS and a certificate\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSConnect| yes for active proxy, if TLS certificate or PSK parameters are defined (even for //​unencrypted//​ connection),​ otherwise no |  | |How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy. Only one value can be specified: \\ //​unencrypted//​ - connect without encryption (default) \\ //psk// - connect using TLS and a pre-shared key (PSK) \\ //cert// - connect using TLS and a certificate\\ This parameter is supported since Zabbix 3.0.0. ​ |
 | TLSCRLFile| no |  | |Full pathname of a file containing revoked certificates.This parameter is used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCRLFile| no |  | |Full pathname of a file containing revoked certificates.This parameter is used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |
Line 86: Line 104:
 | VMwarePerfFrequency | no |10-86400 ​ |60  |Delay in seconds between performance counter statistics retrieval from a single VMware service.\\ This delay should be set to the least update interval of any VMware monitoring [[:​manual/​config/​items/​itemtypes/​simple_checks/​vmware_keys#​footnotes|item]] that uses VMware performance counters.\\ This parameter is supported since Zabbix 2.2.9, 2.4.4| | VMwarePerfFrequency | no |10-86400 ​ |60  |Delay in seconds between performance counter statistics retrieval from a single VMware service.\\ This delay should be set to the least update interval of any VMware monitoring [[:​manual/​config/​items/​itemtypes/​simple_checks/​vmware_keys#​footnotes|item]] that uses VMware performance counters.\\ This parameter is supported since Zabbix 2.2.9, 2.4.4|
 | VMwareTimeout | no | 1-300 |10 |The maximum number of seconds vmware collector will wait for a response from VMware service (vCenter or ESX hypervisor).\\ This parameter is supported since Zabbix 2.2.9, 2.4.4| | VMwareTimeout | no | 1-300 |10 |The maximum number of seconds vmware collector will wait for a response from VMware service (vCenter or ESX hypervisor).\\ This parameter is supported since Zabbix 2.2.9, 2.4.4|
- 
-<​note>​Zabbix supports configuration files only in UTF-8 encoding without [[https://​en.wikipedia.org/​wiki/​Byte_order_mark|BOM]].\\ \\  Comments starting with "#"​ are only supported in the beginning of the line.</​note>​