# Copyright (C) 2019 Checkmk GmbH - License: GNU General Public License v2 # This file is part of Checkmk (https://checkmk.com). It is subject to the terms and # conditions defined in the file COPYING, which is part of this source code package. # # User Checkmk configuration file # # The Agent will accept YML-File as a valid configuration file # only when the section global is presented # $CUSTOM_PLUGINS_PATH$ -> is ProgramData/checkmk/agent/plugins # $BUILTIN_PLUGINS_PATH$ -> is Program Files(x86)/checkmk/service/plugins # $CUSTOM_AGENT_PATH$ -> is ProgramData/checkmk/agent/ # $CUSTOM_LOCAL_PATH$ -> is ProgramData/checkmk/agent/local # 1. use http://www.yamllint.com/ for example to validate your yamllint # 2. Windows filenames contains backslash \, ergo you have to write either "c:\\windows" or 'c:\windows' # To disable any feature you may use two methods # 1. commenting out with '#' recommended to use with one line declarations # 2. renaming. Recommended to disable big parts of YAML tree # Most useful is adding _ at the beginning of name # # example # _logging: # <----- this structure is fully ignored by agent # logging: # <----- this structure is accepted by agent # Overriding values from the bakery( or defauts ) # For example we want to change sections set in output # 1. All sections are included: # sections: [] # <--- this is accepted as FULL list of sections, agent sends all data. To save your keystrokes # 2a. Two sections: # sections: [check_mk, systemtime] # <--- this is accepted as list of two sections # 2b. One section: # sections: [plugins] # <--- this is accepted as list of one section # 3. We want to return back(Use values combined from default and bakery if present) # 3a. # sections: ~ # <--- this line is skipped, this value is estimated as undefined # 3a. # _sections: [plugins] # <--- this name, '_sections' is unknown and will be ignored too global: # section may be fully disabled # enabled: yes # Restrict access to certain IP addresses # If ipv6 is enabled, all listed ipv4 adresses are also accepted as # source adresses in their ipv6-mapped form. I.e. if # 192.168.56.0/24 is listed, connections from ::ffff:c0a8:3800/120 # are also possible _only_from: # 127.0.0.1 192.168.56.0/24 ::1 # Change port where the agent is listening ( default 6556 ) # port: 6556 # Disable ipv6 support. By default, ipv4 is always supported # and ipv6 is enabled additionally if supported by the system. # ipv6: no # encryption # encrypted: no # password # passphrase: secret # Allowed file extensions. The agent launches the program(script) only # when its extension is on the list of allowed ones. # execute: [exe, bat, vbs, cmd, ps1] # Supported: vbs, ps1, py, pl, exe, cmd, bat # Run sync scripts in parallel (to each other). Default is "yes" # async: yes # Just output certain sections # Include all possible sections: # sections: [] # Valid example, but section is renamed to _sections and wil be ignored _sections: - check_mk - mrpe - skype - spool - plugins - local - winperf - uptime - systemtime - df - mem - services - msexch - dotnet_clrmemory - wmi_webservices - wmi_cpuload - ps - fileinfo - logwatch - openhardwaremonitor - agent_plugins # Useful example # sections: ~ # <--- this line is skipped as undefined # sections: [] # <--- this is accepted as FULL list of sections, agent send data from all sections # To disable section you have enumerate disabled section explicitly # To disable ps and fileinfo: _disabled_sections: [ps, fileinfo] # To ignore disabled_sections, you can use ~: # _disabled_sections: ~ # In this case disabled_sections will be ignored too # disabled_sections: [] #realtime data description # to control section manually change name from _realtime to realtime. _realtime: enabled: yes # specifies how long (in seconds) realtime updates are sent to # the last monitoring system that requested an update. # this should be longer than the request frequency (usually # one minute). # Please note that any new request cancels previous realtime # update schedules, so no more than one update is sent per second, # no matter if this timeout is "too high" or how many monitoring # systems are querying the agent. timeout: 90 port: 6559 # enable/disable encryption of regular agent output (default: no) encrypted: no # passphrase for encrypted communication. passphrase: this is my password # which sections are realtime, those three are by default run: - mem - df - winperf_processor # In seconds. Windows may be slow during WMI, increase the value when you have problems # wmi_timeout: 5 # cpuload_method: 'use_perf' # set use_wmi if you have serious problems with the section # -------------------------------------------------------------- # Internal log of agent # Write a logfile for tackling down crashes of the agent _logging: # folder with log file, empty is default which means '$CUSTOM_AGENT_PATH$\log' location: # name of file log, default is check_mk.log file : # log in file also internal debug messages, recommended when we have problems # allowed no, yes and all. Default yes! debug: yes # you may send logging messages in realtime in windows debug sink, default is yes windbg: yes # you may disable your eventlog ability eventlog: yes max_file_count: 5 # log rotation files quantity, allowed 1..1024 max_file_size: 8000000 # allowed 200K..200MB ps: # enabled: yes # use_wmi: yes # full_path: yes # This value has effect only when use_wmi is set winperf: # enabled: yes # changes only section name winperf_****** # prefix: winperf # no - nothing(default), yes output trace to the log/winperf.log #trace: no # yes - separate process for winnperf to prevent ahndle leaking, no - locally #fork: yes # default value, increase for heavy loaded machine # timeout: 10 # Select counters to extract. The following counters # are needed by checks shipped with check_mk. # Format: # - id:name # where id is OS counter and name is part of CHECK_MK Header counters: #- 638: tcp_conn #- Terminal Services: ts_sessions _logfiles: enabled: no # We do not support logfiles monitoring in agent at the moment # Please, use plugin mk_logwatch fileinfo: # enabled: yes # below are possible examples path: # - 'c:\a\a' # generates missing| string # - 'c:\Users\Public\*.log' # real string to process # - "this\\is\\not\\recommended\\" # double quoating uses escape sequences # - 'c:\Users\Public\**\Desktop.ini' works, 8 files to control # - 'c:\Windows\Resources\**\aero\aero*.*' works too, you will get two files in 'c:\Windows\Resources\Themes\aero\' # - 'c:\dev\shared_public\*.*' # typical test folder, provided during development # - '' # empty strings will be ignored # - '--' # all string without "C:\" or "\\" at start will be ignored too for security reason logwatch: # enabled: yes # sendall: no # this is MANDATORY, yes is useful only for debugging # vista_api: no # this is RECOMMENDED # skip_duplicated: no # if yes the same messages will be replaced with text [the above messages repeated times] # max_size: 500000 # default value # max_line_length: -1 # -1 to ignore, or any positive, max length of the line # max_entries: -1 # -1 to ignore, or any positive, max count of lines to receive # timeout: -1 # -1 to ignore, or any positive, in seconds # entries in the windows eventlog logfile: # - 'EventLogName': + [context|nocontext] # - 'Application': crit context # example # - 'System': warn nocontext # another example # - 'YourOwn': all nocontext # yet another example # - '*': warn nocontext # This is default params for not missing entries plugins: enabled: yes # max_wait: 60 # max timeout for every sync plugin. Agen will gather plugins data no more than max_wait time. # this is useful to terminate badly written or hanging plugins # async_start: yes # start plugins asynchronous, this is default # folders are scanned left -> right, order is important # all files from folders are gathered and verified, duplicated files will be removed # folders: ['$CUSTOM_PLUGINS_PATH$', '$BUILTIN_PLUGINS_PATH$' ] # ProgramData/checkmk/agent/plugins & Program Files x86/checkmk/service/plugins execution: # ********************************************************************************************* # PATTERNS: # patterns 1. Absolute path: 'c:\Windows\*.exe' or '$CUSTOM_PLUGINS_PATH$\win_license.bat' # 2. Only Filename: 'mk_*.exe' or win_license.bat # IMPORTANT: if you use relative path, then Agent takes only filename # 'win_license.bat' and 'include\win_license.bat' are the same # # PRIORITY: # Most important is top-most pattern: # Most important is check_mk.user.yml, next check_mk.bakery.yml amd least important is check_mk.yml # # DUPLICATED Plugins: # Plugins with Duplicated names will not be executed: # if you have '$CUSTOM_PLUGINS_PATH$\winstat_an.bat' and '$BUILTIN_PLUGINS_PATH$\winstat_an.bat' # to execute only first one will run ^^^^^^^^^^^^^^ xxxxxxxxxxxxxx # # ********************************************************************************************* # execution pattern for windows-updates.vbs: # all parameters below are DEFAULT set for every entry #- pattern : '$CUSTOM_PLUGINS_PATH$\mk_inventory.vbs' # Plugin name or absolute path . * and ? are allowed # run : yes # execute this plugin if plugin found # async : yes # agent will not wait for async plugins. Normally you will get data later. # timeout : 120 # after 120 seconds process will be killed. # cache_age : 3600 # only combined with async, upto 3600 seconds we may reuse plugin output # default value is 0. Minimum positive value is 120. # retry_count : 3 # failure on start plugin, before stopping, default 0 which means never stop attempts # cmd_line : '' # reserved for future use # #- pattern : '$CUSTOM_PLUGINS_PATH$\mk_scansql.vbs' # Plugin name or absolute path . * and ? are allowed # user : 'sql_user sql_secret' # user name(domain is allowed) and password separated with one space # run : yes # execute this plugin if plugin found # #- pattern : '$CUSTOM_PLUGINS_PATH$\network_access.bat' # Plugin requires access to the Network. # group : 'Users' # run plugin from the Internal Agent User belonging the this group # run : yes # #- pattern : '$CUSTOM_PLUGINS_PATH$\win_license.bat' # Plugin name. * and ? are allowed # run : No # do not run plugin even if found - pattern : '$CUSTOM_PLUGINS_PATH$\*.*' # in the ProgramData folder. DO NOT REMOVE THIS ENTRY timeout : 30 # after 30 seconds process will be killed. 60 sec is default in check_mk.yml run : yes # ALL FOUND files will be started. This is default value - pattern : '$BUILTIN_PLUGINS_PATH$\*.*' # in the ProgramFiles folder. DO NOT REMOVE THIS ENTRY timeout : 30 # after 30 seconds process will be killed. 60 sec is default in check_mk.yml run : no # No run, i.e disabled. - pattern : '*' # This is safety entry. Try not use plugins outside your predefined folder run : no # No run, i.e. disabked. - pattern : 'C:\ProgramData\checkmk\agent\plugins\win_scheduled_task.ps1' async : yes run : yes - pattern : 'C:\ProgramData\checkmk\agent\plugins\windows_tasks.ps1' async : yes run : yes # ProgramData/checkmk/agent/local folder local: # enabled: yes # max_wait: 60 # max timeout for every sync plugin. Agen will gather plugins data no more than max_wait time. # this is useful to terminate badly written or hanging plugins # async_start: true # start plugins asynchronous, this is normal mode. # patterns will be scanned up down, # configuration is assigned to the first found file matching the pattern _execution: - pattern : 'test_me.bat' # Plugin name. * and ? are allowed #async: no # default is no timeout : 35 # after 35 seconds process will be killed, default is 60 in check_mk.yml run : yes # execute this plugin. - pattern : '*.*' # in the user folder. DO NOT REMOVE THIS ENTRY run : yes # Do not run any files matching this pattern mrpe: # enabled: yes ## Timeout value (seconds) - Defaults to 60, which can be considered a safe choice, ## as legacy Nagios checks usually execute fastly. # timeout: 60 config: ## MRPE check entries: ## check = SERVICE_DESCRIPTION [(interval=INTERVAL)] COMMAND ## If specified, the check result will be cached for INTERVAL seconds ## before executing it again. ## Relative path are supported for checks and includes. ## The path below is equal to '$CUSTOM_AGENT_PATH$\plugins\your_check.com' # - check = Service_Description 'plugins\your_check.ps1' CON CP /STATUS # - check = Console 'c:\windows\system32\mode.com' CON CP /STATUS # - check = Checker (interval=100) 'c:\windows\system32\mode.com' ## Include entries: ## include [USER_NAME] = PATH_TO_CFG ## Add config files that contain additional MRPE check lines # - include = $CUSTOM_AGENT_PATH$\mrpe_checks.cfg # - include some_user_name = $CUSTOM_AGENT_PATH$\mrpe_checks.cfg modules: enabled: yes #python: auto # allowed auto or system, system prevents module usage to execute *.py files #quick_reinstall: yes # use %temp% as temporary storage for modules when Windows agent is updated system: enabled: yes #controller: # run: yes # start controller if present # detect_proxy: no # controller runtime option, see CLI for more information # validate_api_cert: no # controller runtime option, see CLI for more information # check: yes # if yes that only the controller process connections could access agent monitoring data # set no if monitoring is lost and in log you find 'Connection forbidden: address' # force_legacy: no # if yes always created for version with controller # agent_channel: "mailslot" # as fallback you may use also TCP-IP "localhost:ip_port", default "mailslot" # local_only: no # bind to 127.0.0.1 or 0.0.0.0 # on_crash: "ignore" # possible values "ignore" or "emergency_mode". This is safety switch. # Use "emergency_mode" if controller crashes/disappear #firewall: # mode: configure # allowed none, remove, configure # port: auto # allowed all or auto #cleanup_uninstall: smart # allowed none, smart and all # wait_network: 30 # #service: # restart_on_crash: yes # service will restart if crashed, you may set no to disable restarting # # no may be used if you have serious problems with crasghing and starting # error_mode: log # ignore or log # start_mode: auto # Possible values are: auto - service starts with boot, demand - requires manual starting # # disabled - service cannot be started manually and should be enabled