# netdata configuration for aggregating data from remote hosts # # API keys authorize a pair of sending-receiving netdata servers. # Once their communication is authorized, they can exchange metrics for any # number of hosts. # # You can generate API keys, with the linux command: uuidgen # ----------------------------------------------------------------------------- # 1. ON CHILD NETDATA - THE ONE THAT WILL BE SENDING METRICS [stream] # Enable this on child nodes, to have them send metrics. enabled = no # Where is the receiving netdata? # A space separated list of: # # [PROTOCOL:]HOST[%INTERFACE][:PORT][:SSL] # # If many are given, the first available will get the metrics. # # PROTOCOL = tcp, udp, or unix (only tcp and unix are supported by parent nodes) # HOST = an IPv4, IPv6 IP, or a hostname, or a unix domain socket path. # IPv6 IPs should be given with brackets [ip:address] # INTERFACE = the network interface to use (only for IPv6) # PORT = the port number or service name (/etc/services) # SSL = when this word appear at the end of the destination string # the Netdata will encrypt the connection with the parent. # # This communication is not HTTP (it cannot be proxied by web proxies). destination = # The API_KEY to use (as the sender) api key = # Skip Certificate verification? # The netdata child is configurated to avoid invalid SSL/TLS certificate, # so certificates that are self-signed or expired will stop the streaming. # Case the server certificate is not valid, you can enable the use of # 'bad' certificates setting the next option as 'yes'. #ssl skip certificate verification = yes # Certificate Authority Path # OpenSSL has a default directory where the known certificates are stored. # In case it is necessary, it is possible to change this rule using the variable # "CApath", e.g. CApath = /etc/ssl/certs/ # #CApath = # Certificate Authority file # When the Netdata parent has a certificate that is not recognized as valid, # we can add it to the list of known certificates in "CApath" and give it to # Netdata as an argument, e.g. CAfile = /etc/ssl/certs/cert.pem # #CAfile = # Stream Compression # The default is enabled # You can control stream compression in this agent with options: yes | no #enable compression = yes # The timeout to connect and send metrics #timeout = 1m # If the destination line above does not specify a port, use this #default port = 19999 # filter the charts and contexts to be streamed # netdata SIMPLE PATTERN: # - space separated list of patterns (use \ to include spaces in patterns) # - use * as wildcard, any number of times within each pattern # - prefix a pattern with ! for a negative match (ie not stream the charts it matches) # - the order of patterns is important (left to right) # To send all except a few, use: !this !that * (ie append a wildcard pattern) # The pattern is matched against the context, the chart name and the chart id. #send charts matching = * # The buffer to use for sending metrics. # 10MB is good for 60 seconds of data, so increase this if you expect latencies. # The buffer is flushed on reconnects (this will not prevent gaps at the charts). #buffer size bytes = 10485760 # If the connection fails, or it disconnects, # retry after that many seconds. #reconnect delay = 5s # Sync the clock of the charts for that many iterations, when starting. # It is ignored when replication is enabled #initial clock resync iterations = 60 # ----------------------------------------------------------------------------- # 2. ON PARENT NETDATA - THE ONE THAT WILL BE RECEIVING METRICS # You can have one API key per child, # or the same API key for all child nodes. # # netdata searches for options in this order: # # a) parent netdata settings (netdata.conf) # b) [stream] section (above) # c) [API_KEY] section (below, settings for the API key) # d) [MACHINE_GUID] section (below, settings for each machine) # # You can combine the above (the more specific setting will be used). # API key authentication # If the key is not listed here, it will not be able to push metrics. # [API_KEY] is [YOUR-API-KEY], i.e [11111111-2222-3333-4444-555555555555] [API_KEY] # Default settings for this API key # This GUID is to be used as an API key from remote agents connecting # to this machine. Failure to match such a key, denies access. # YOU MUST SET THIS FIELD ON ALL API KEYS. type = api # You can disable the API key, by setting this to: no # The default (for unknown API keys) is: no enabled = no # A list of simple patterns matching the IPs of the servers that # will be pushing metrics using this API key. # The metrics are received via the API port, so the same IPs # should also be matched at netdata.conf [web].allow connections from #allow from = * # The history in entries (for db alloc or ram), for all hosts using this API key. # You can also set it per host below. # For the default db (dbengine), this is ignored. #retention = 3600 # The database to be used for all hosts using this API key. # You can also set it per host below. # If you don't set it here, the memory mode of netdata.conf will be used. # Valid modes: # ram keep it in RAM, don't touch the disk # none no database at all (use this on headless proxies) # dbengine Netdata's high performance database #db = dbengine # Shall we enable health monitoring for the hosts using this API key? # 3 possible values: # yes enable alarms # no do not enable alarms # auto enable alarms, only when the sending netdata is connected. # Health monitoring will be disabled as soon as the connection is closed. # You can also set it per host, below. # The default is taken from [health].enabled of netdata.conf #health enabled by default = auto # postpone alerts for a short period after the sender is connected #postpone alerts on connect = 1m # the duration to maintain health log events #health log retention = 5d # need to route metrics differently? set these. # the defaults are the ones at the [stream] section (above) #proxy enabled = yes | no #proxy destination = IP:PORT IP:PORT ... #proxy api key = API_KEY #proxy send charts matching = * # Stream Compression # By default it is enabled. # You can control stream compression in this parent agent stream with options: yes | no #enable compression = yes # select the order the compression algorithms will be used, when multiple are offered by the child #compression algorithms order = zstd lz4 brotli gzip # Replication # Enable replication for all hosts using this api key. Default: enabled #enable replication = yes # How many seconds to replicate from each child. Default: a day #replication period = 1d # The duration we want to replicate per each step. #replication step = 10m # Indicate whether this child is an ephemeral node. An ephemeral node will become unavailable # after the specified duration of "cleanup ephemeral hosts after" (as defined in the db section of netdata.conf) # from the time of the node's last connection. #is ephemeral node = no # ----------------------------------------------------------------------------- # 3. PER SENDING HOST SETTINGS, ON PARENT NETDATA # THIS IS OPTIONAL - YOU DON'T HAVE TO CONFIGURE IT # This section exists to give you finer control of the parent settings for each # child host, when the same API key is used by many netdata child nodes / proxies. # # Each netdata has a unique GUID - generated the first time netdata starts. # You can find it at /var/lib/netdata/registry/netdata.public.unique.id # (at the child). # # The host sending data will have one. If the host is not ephemeral, # you can give settings for each sending host here. [MACHINE_GUID] # This GUID is to be used as a MACHINE GUID from remote agents connecting # to this machine, not an API key. # YOU MUST SET THIS FIELD ON ALL MACHINE GUIDs. type = machine # enable this host: yes | no # When disabled, the parent will not receive metrics for this host. # THIS IS NOT A SECURITY MECHANISM - AN ATTACKER CAN SET ANY OTHER GUID. # Use only the API key for security. enabled = no # A list of simple patterns matching the IPs of the servers that # will be pushing metrics using this MACHINE GUID. # The metrics are received via the API port, so the same IPs # should also be matched at netdata.conf [web].allow connections from # and at stream.conf [API_KEY].allow from #allow from = * # The number of entries in the database. # This is ignored for db dbengine. #retention = 3600 # The memory mode of the database: ram | none | dbengine #db = dbengine # Health / alarms control: yes | no | auto #health enabled = auto # postpone alerts when the sender connects #postpone alerts on connect = 1m # the duration to maintain health log events #health log retention = 5d # need to route metrics differently? # the defaults are the ones at the [API KEY] section #proxy enabled = yes | no #proxy destination = IP:PORT IP:PORT ... #proxy api key = API_KEY #proxy send charts matching = * # Stream Compression # By default, enabled. # You can control stream compression in this parent agent stream with options: yes | no #enable compression = yes # Replication # Enable replication for all hosts using this api key. #enable replication = yes # How many seconds to replicate from each child. #replication period = 1d # The duration we want to replicate per each step. #replication step = 10m # Indicate whether this child is an ephemeral node. An ephemeral node will become unavailable # after the specified duration of "cleanup ephemeral hosts after" (as defined in the db section of netdata.conf) # from the time of the node's last connection. #is ephemeral node = no