Server configuration
Server configuration is performed in the file /etc/saymon/saymon-server.conf
.
To apply changes the service saymon-server must be restarted:
$sudo service saymon-server restart
The following is description of the sections and settings.
Agent_stat
The section contains settings of storing historical data from the agent.
"agent_stat": {
"write_to": "mongo",
"default_ttl": 20,
"ttl": [
{
"key": "payload.cpuInformation.vendor",
"value": "Intel",
"expire": 10
}
]
}
Section/Parameter | Description |
---|---|
agent_stat.write_to |
Selecting a storage for data from the agent. With setting the value "mongo" data from the agent is stored in mongoDB. By default data from the agent is stored in ELK. |
agent_stat.default_ttl |
Default lifetime of datasets (in seconds). If this value is equal to By default – |
Cache
The section contains Redis server settings.
"cache": {
"host": "127.0.0.1",
"port": 6379
}
Section/Parameter | Description |
---|---|
cache.auth_pass |
Password for access to the Redis server. |
cache.host |
The Redis server address. By default "127.0.0.1". |
cache.port |
The Redis server port. By default 6379. |
Cache.cluster
The subsection contains settings which are applied when Redis Cluster is used.
"cache": {
"cluster": {
"nodes": [
{
"port": 7000,
"host": "127.0.0.1"
},
{
"port": 7001,
"host": "127.0.0.1"
}
],
"options": {}
}
}
If this subsection is set, then the system uses connection settings specified here. The parameters cache.host and cache.port are ignored. |
Section/Parameter |
Description |
---|---|
cache.cluster.options |
|
cache.cluster.nodes |
Servers of the cluster which are needed to be connected to. |
cache.cluster.nodes.host |
The address of the server of the cluster. |
cache.cluster.nodes.port |
The port of the server of the cluster. |
Custom Scripts
The section contains the settings of the custom scripts, which are executed with object creation or deletion.
"custom_scripts": {
"entity_triggers_path": "/opt/saymon-extensions/entity-triggers-path"
}
Section/Parameter | Description |
---|---|
custom_scripts.entity_triggers_path |
The full path to the folder with the files of the scripts. |
DB
The section contains the settings for connecting to the database with the object model. MongoDB is used as the database.
"db" : {
"mongodb": {
"url": "mongodb://localhost:27017/saymon?w=1"
}
}
Db.mongodb
Data for connecting to MongoDB.
Section/Parameter | Description | ||
---|---|---|---|
db.mongodb.url |
The MongoDB server address and additional connection settings. By default – "mongodb://localhost:27017/saymon?w=1"
All possible additional URL parameters are presented in MongoDB documentation. |
Elasticsearch
The section contains the settings of Elasticsearch.
"elasticsearch": {
"node": "http://127.0.0.1:9200",
"auth": {
"username": "elastic",
"password": "ypezA1ZoVv46fJh8Abj4"
},
"index_pattern": "myindex*",
"request_timeout": 30000,
"hits_per_request": 1000
}
Section/Parameter | Description | ||
---|---|---|---|
elasticsearch.hits_per_request |
Maximum number of records, which are requested in one query to Elasticsearch.
By default 1000. |
||
elasticsearch.index_pattern |
Elasticsearch index, which the search occurs within. |
||
elasticsearch.node |
IP address of the Elasticsearch instance. |
||
elasticsearch.request_timeout |
Waiting time for response from the Elasticsearch server (in milliseconds). By default 30000 | 30 seconds. |
Extensions
This section contains settings of SAYMON custom extensions.
"extensions": {
"path": "/opt/saymon-extensions"
}
Section/Parameter | Description |
---|---|
extensions.path |
Path to the folder with custom extensions. |
Hostname_update
This section contains settings for automatic update of automatically registered Host
class objects.
hostname_update: {
enabled: false
}
Section/Parameter | Description |
---|---|
hostname_update.enabled |
Automatically update name and properties of the
By default – false |
Kafka
This section contains settings for connection to Kafka broker.
"kafka" : {
"host" : "localhost",
"port" : 9092,
"requestTimeout" : 30000,
"fetch_latest" : false,
"logLevel" : 2
}
In addition to the parameters which are listed here, it is also possible to use additional connection parameters.
Section/Parameter | Description | ||||
---|---|---|---|---|---|
kafka.brokers |
Address pool to connect while using Kafka Cluster.
|
||||
kafka.fetch_latest |
Sets the processing rule for messages which have come to Kafka while the system has been turned off;
By default false. |
||||
kafka.host |
Kafka broker address. By default "localhost". |
||||
kafka.logLevel |
Kafka logging level;
By default 2 | WARN. |
||||
kafka.port |
Kafka broker port. By default 9092. |
||||
kafka.requestTimeout |
The client waiting time for answer (in milliseconds). By default 30000 | 30 seconds. |
||||
kafka.ssl |
Encryption settings. The key and certificate can be set as the paths to the files:
|
Kafka.sasl
Authentication settings. The parameters depend on authentication mechanism, which is used in Kafka. Settings example for the PLAIN/SCRAM mechanism:
"kafka" : {
...
"sasl": {
"mechanism": "plain",
"username": "user",
"password": "password"
},
...
}
Section/Parameter | Description |
---|---|
kafka.sasl.mechanism |
Authentication mechanism. |
Keycloak
This section contains parameters for interacting with the Keycloak server to authorize users.
"keycloak": {
"realm_certificate": "<data of keycloak_realm_certificate>",
"realm_certificate_file": "/etc/saymon/keycloak_realm_certificate",
"config_file": "/etc/saymon/keycloak_backend.json"
}
The parameters in the example are listed in descending order of priority when specified simultaneously. To work with Keycloak, it is sufficient to specify one of the parameters. |
Section/Parameter | Description |
---|---|
keycloak.config_file |
Path to the configuration file, generated by the Keycloak server for the Backend-client. |
keycloak.realm_certificate |
Data of the Realm Certificate, with which the Keycloak server signs user tokens. |
keycloak.realm_certificate_file |
Path to the file with the data of the Keycloak Realm Certificate. |
LDAP
This section contains parameters of external LDAP server for user authorization.
"ldap" : {
"url" : "ldaps://192.168.1.1:636",
"suffix" : "dc=example,dc=com",
"login" : "cn=admin,dc=example,dc=com",
"pass" : "root",
"allow_self_signed" : true,
"create_user_for_existing_group_only": true,
"import_non_existing_groups": false,
"update_existing_groups": false
}
Section/Parameter | Description | ||
---|---|---|---|
ldap.allow_self_signed |
It enables connection with LDAPs to a server with a self-signed certificate;
By default false | connection is disabled. |
||
ldap.create_user_for_existing_group_only |
It restricts authorization of new users with only those users, who have a group on the LDAP server, name of which matches the name of an existing group (previously created) in SAYMON:
By default false | authorization of any new LDAP users is allowed.
|
||
ldap.group_name_attribute |
The attribute which contains names of user groups. It is set when it is necessary to use non-standard attribute. The standard attribute is "cn". |
||
ldap.import_non_existing_groups |
It allows automatic creation of the groups, which the user belongs to on the LDAP server, but does not exist in SAYMON:
By default false | with authorization of an LDAP user new groups are not created in SAYMON. |
||
ldap.login |
LDAP administrator login. |
||
ldap.login_attribute_name |
The attribute which contains users' names to log in the system. It is set when it is necessary to use not the standard attribute. The standard attribute is "name". |
||
ldap.pass |
LDAP administrator password. |
||
ldap.suffix |
The root element (as a rule it is the organization’s domain name). |
||
ldap.update_existing_groups |
It allows to convert user groups, created in SAYMON, to LDAP groups, if with import of user groups from LDAP the groups' names match:
By default false | with login of LDAP users, groups are not updated. |
||
ldap.url |
LDAP server address. The protocols LDAP and LDAPs are supported. |
Monitoring
The section contains the settings of the custom monitoring probes.
"monitoring": {
"custom_tasks_path": "/opt/saymon-agent/custom_tasks"
}
Section/Parameter |
Description |
---|---|
monitoring.custom_tasks_path |
The full path to the folder with the files of the probes. |
MQTT
This section contains settings for connection to a MQTT broker.
"mqtt" : {
"broker" : "mqtt://username:password@localhost:1883"
}
Section/Parameter | Description | ||
---|---|---|---|
mqtt.broker |
Broker address and port. By default "mqtt://localhost:1883"
|
OpenTSDB
This section contains access parameters to OpenTSDB.
"OpenTSDB" : {
"enabled" : true,
"host" : "localhost",
"port" : 4242,
"timeout" : 15000
}
Section/Parameter | Description |
---|---|
openTsdb.enabled |
Recording historical data to OpenTSDB;
By default true |recording is enabled. |
openTsdb.host |
Address of the host with OpenTSDB. By default "localhost". |
openTsdb.port |
OpenTSDB port. By default 4242. |
openTsdb.timeout |
Requests timeout in milliseconds. By default 15000 | 15 seconds. |
Push Notification
This section contains parameters of push notifications in the mobile application. Firebase Cloud Messaging (FCM) is used for work with push notifications.
"Push_notification" : {
"disabled" : true,
"key_path" : "/etc/saymon/saymon-mobile-firebase-adminsdk.json",
"on_state_change" : true,
"timeout" : 0,
"url" : "https://saymon-mobile.firebaseio.com"
}
Section/Parameter | Description |
---|---|
push_notification.disabled |
It disables the notifications;
By default true | notifications are disabled. |
push_notification.key_path |
Path to SAYMON server authorization key on the Firebase server. By default "/etc/saymon/saymon-mobile-firebase-adminsdk.json". |
push_notification.on_state_change |
It enables sending notifications when state changes, in case of another notification source - MQTT messages;
By default true | sending is enabled. |
push_notification.timeout |
Time after which a notification is sent to each user (in milliseconds). By default 0 | no delay. |
push_notification.url |
URL, obtained by user from Firebase, to receive notifications content from the server. By default "https://saymon-mobile.firebaseio.com". |
Resource Server
This section contains parameters bonded with storage files, uploaded to SAYMON.
"Resource_server" : {
"debug" : false,
"file_storage_dir" : "/var/saymon/resources",
"ip_address" : "127.0.0.1",
"port" : 8092
}
Section/Parameter | Description |
---|---|
resource_server.debug |
It enables debug mode for logging into the file
By default false | debug mode is disabled. |
resource_server.file_storage_dir |
Path to the directory for storage documents, added to objects. By default "/var/saymon/resources". |
resource_server.ip_address |
Resource server address. By default "127.0.0.1". |
resource_server.port |
Resource server port. By default 8092. |
REST Server
This section contains REST server settings.
"Rest_server" : {
"base_url" : "/api",
"colorize_log" : false,
"debug" : false,
"document_download_url" : "http://localhost/node/api/docs",
"ip_address" : "127.0.0.1",
"keepAliveTimeout" : 5000,
"num_workers" : 1,
"port" : 8090,
"public_url" : "http://mycompany.com/index.html",
"session_ttl" : 3600000,
"snmp_mib_url" : "http://192.168.1.189:5550",
"update_download_url" : "http://localhost/node/api/agents/update"
}
Section/Parameter | Description |
---|---|
rest_server.base_url |
Path to API. By default "/api". |
rest_server.colorize_log |
It enables colorizing log;
By default false | colorizing is disabled. |
rest_server.debug |
It enables debug mode for logging into the file
By default false | debug mode is disabled. |
rest_server.document_download_url |
URL to files stored in $document_storage_dir. By default "http://localhost/node/api/docs". |
rest_server.ip_address |
Host address to run REST server. By default "127.0.0.1". |
rest_server.keepAliveTimeout |
The server waiting time for the next request before termination the current session (in milliseconds). By default 5000 | 5 seconds. |
rest_server.num_workers |
Number of processes to upload data. By default 1. |
rest_server.port |
REST server port. By default 8090. |
rest_server.public_url |
Address for access to the web interface from notifications. |
rest_server.session_ttl |
Amount of time a user can be inactive before the user’s session expires and closes (in milliseconds). By default 3600000 | 1 hour. |
rest_server.snmp_mib_url |
Address of the service for translation numeric SNMP OIDs to the text format. |
rest_server.update_download_url |
Path to agent update file. By default "http://localhost/node/api/agents/update". |
Rest_server.limits
This subsection contains limits for number of requests to API.
"limits" : [
{
"__comment": "unlimited number of requests for the admin user",
"user": "5048c849d7b6e40593dfee71"
},
{
"__comment": "unlimited number of requests for the duty shift group",
"group": "60e591928196105ec9c74636"
},
{
"__comment": "unlimited requests to States and Classes",
"uri": ["/states", "/classes"]
},
{
"__comment": "limit for requests to Objects",
"uri": ["/objects"],
"rate": "100/minute"
},
{
"__comment": "limits for users authorized from 127.0.0.1",
"user": true,
"ip": '127.0.0.1',
"rate": "120/minute"
},
{
"__comment": "limits for unauthorized users",
"user": false,
"rate": "10/minute"
}
]
By default there are no any limits. For each request the search of rules is implemented from the top down. Only one (first matched) rule is applied. |
Section/Parameter | Description |
---|---|
rest_server.limits.group |
The user groups, which the limit is set to;
Examples:
|
rest_server.limits.ip |
The IP addresses, which the limit is set for:
Examples:
|
rest_server.limits.rate |
The number of requests per time unit. If it is not specified, there are no limits. It is set in the format number_of_requests/time_unit. Supported time units:
Example:
|
rest_server.limits.uri |
The REST methods, which the limit is set to;
Any API method can be set without /node/api prefix, for example "/time". Examples:
|
rest_server.limits.user |
The users, which the limit is set to;
Examples:
|
Server
This section contains general server parameters.
Section/Parameter |
Description |
||
---|---|---|---|
server.agent_registration_parent_id |
ID of the object where agents appear in case of the self-registration process. By default "1". |
||
server.analytics_enabled |
It involves analytics of the metric values in the data processing;
By default false | analytics is disabled. |
||
server.analytics_processes |
The amount of logical cores used to process the times series analytics. By default all available cores are used. |
||
server.colorize_log |
It enables colorizing log;
By default false | colorizing is disabled. |
||
server.comet_ping_interval |
Time interval between sending messages by comet server (in milliseconds). By default 5000 | 5 seconds. |
||
server.comet_ping_timeout |
Waiting time for the message from the comet server (in milliseconds). By default 12000 | 12 seconds. |
||
server.comet_port |
Port for the connection. By default 8091. |
||
server.comet_secure |
It enables SSL connection;
By default false | connection is disabled. |
||
server.comet_ssl_certificate |
Path to the certificate. |
||
server.comet_ssl_key |
Path to the key. |
||
server.conditional_incidents_enabled |
It enables incidents functionality;
By default false | functionality is disabled. |
||
server.conditional_incidents_script |
The path to the script which is executed when the incident is occurred.
|
||
server.debug |
It enables debug mode for logging into the file
By default false | debug mode is disabled. |
||
server.default_result_timeout |
Time after which the condition No data on object is triggered since object creation or obtaining the last data (in milliseconds). By default 120000 | 2 minutes. |
||
server.default_state_id |
Object default state. By default 7 | NO DATA. |
||
server.discovery_parent_id |
ID of the object to place new network devices, discovered by agents. By default "1". |
||
server.event_log_max_bytes |
Event Log size at which the data is rotated (in bytes). By default "1 G" | 1 gigabyte. |
||
server.history_temporary_storage_period |
Time period (in milliseconds) during which the data is buffered in Redis and then transferred to OpenTSDB. This parameter works only if history_update_period is equal to 0. |
||
server.history_update_period |
History data recording period (in milliseconds). 0 - immediate recording incoming values. By default 60000 | 1 minute. |
||
server.history_write_length |
Limit of the number of points in one request to OpenTSDB. With specifying this parameter the data is written to the database in parts.
By default, there is no limit, data is written to OpenTSDB without splitting into parts. |
||
server.incident_timeout |
Transition time of an alarm from the active alarms list to the alarm history list after clearing the alarm. By default 120000 | 2 minutes. |
||
server.notification_buffering_period |
Time period to hoard all messages about object state changes and send grouped notification to the users (in milliseconds). By default 0 | buffering is disabled. |
||
server.retain_expired_stat |
It enables storage of the latest received data after their obsolescence;
By default false | storage is disabled. |
||
server.script_trigger_timeout |
The maximum execution time of triggers and operations (in milliseconds). By default 30000 | 30 seconds. |
||
server.self_object_id |
ID of an object, used for self-monitoring. |
||
server.sms_script |
Path to a script for sending SMS notifications. |
||
server.stat_local_timestamp_field_name |
Name of the field in which the time with which the data must be saved in OpenTSDB is displayed. By default "localTimestamp". |
||
server.stat_scan_period |
Validation period of incoming data expiration (in milliseconds). By default 3000 | 3 seconds. |
||
server.use_stat_timestamp |
It saves the timestamp from agent’s data;
By default false | the value of the timestamp field from agent’s data is replaced with server’s timestamp. |
||
server.voice_call_script |
Path to a script for implementing voice calls. |
Server.email
This subsection contains email-server settings.
"email" :{
"disabled" : false,
"fields" : {
"from" : "saymon@saas.saymon.info"
},
"max_json_length": 1000,
"transport" : {
"auth" {
"user" : "saymon@saas.saymon.info",
"pass" : "P@ssw0rd"
},
"host" : "smtp.gmail.com",
"port" : 465,
"secure" : true
},
}
Section/Parameter | Description |
---|---|
server.email.disabled |
It disables sending email notifications;
By default true | sending is disabled. |
server.email.max_json_length |
Size limit of notification emails (in symbols). By default 1000 | 1000 symbols. |
server.email.fields |
Information about the sender. |
server.email.fields.from |
Sender’s email address |
server.email.transport |
Post server data. |
server.email.transport.host |
Mail server address. |
server.email.transport.port |
Mail server port. |
server.email.transport.secure |
It enables TLS while connection to the server;
Default value depends on the port. |
server.email.transport.service |
Service kit, embedded in the connector. When using it sets host, port, secure automatically. By default "Gmail". |
server.email.transport.auth |
User’s credentials. |
server.email.transport.auth.pass |
User’s password. |
server.email.transport.auth.user |
User’s login. |
Server.user
This subsection contains user settings.
"user" : {
"auth_enabled": "true",
"new_user_access": "all",
"template": {
"permissions": ["manage-objects", "view-section-stat"],
"objectPermissions": {
"include": [],
"exclude": ["5fb643ddf277b96c8401119b", "5f8dc28407e86603bfe281f8"]
}
},
"usersRoot": "5800d9aaac7bf0f90d3d520e"
}
Section/Parameter | Description |
---|---|
server.user.auth_enabled |
In enables self-account-creation for users;
By default false | self-account-creation is disabled. |
server.user.lang_default |
User language by default;
By default "en" | English. |
server.user.new_user_access |
Access rights to objects for a new user; "all" | access to all of the objects, "not" | no access to any object. By default "all" | access to all of the objects. |
server.user.usersRoot |
ID of the object used as the root for a newly registered user’s new objects. By default "1". |
server.user.template |
New user’s rights template. These parameters are applied only for users, who used self-account-creation. |
server.user.template.permissions |
A list of permissions given to a newly registered user by default. |
server.user.template.objectPermissions |
User rights to access to objects. |
server.user.template.objectPermissions. |
A list of objects' IDs to which a newly registered user is given access by default. |
server.user.template.objectPermissions. |
A list of objects' IDs to which a newly registered user is denied access by default. |
SNMP
This section contains settings for processing SNMP traps.
"snmp": {
"filter": "/users/admin/tmp/snmp-filter.js"
}
Section/Parameter | Description |
---|---|
snmp.filter |
The path to the file with a filtration function for incoming SNMP traps. If the function returns false, the message will be discarded. The function below blocks traps which contain any string from the filters array: Filtration function example
Next example drops trap with enterpriseOid = '.1.3.6.1.4.1.169.10.1.1' AND genericTrap = 6 AND specificTrap = 5: Filtration function example
|
Wetty
The section contains the settings for logging the history of user interaction with the system via the Wetty terminal.
History of each user session is logged into a separate file. File name format: YYYY-MM-DD_HH_MM_SS_PROTOCOL_IP_USERNAME.log, for example 2023-01-12_11-56-17_ssh_127.0.0.1_admin.log. |
If you are using the SAYMON version older than 3.12.86, you should do the following steps when upgrading to a newer version:
|
"wetty" : {
"log_dir" : "/tmp",
"raw_mode": true
}
Section/Parameter | Description |
---|---|
wetty.log_dir |
Path to the folder for storing log-files. |
wetty.raw_mode |
It enables logging mode with ANSI control symbols;
By default true |
Zabbix
The section contains the settings for data import from the Zabbix system.
"zabbix" : [
{
"url" : "http://192.168.1.215/zabbix/api_jsonrpc.php",
"user" : "saymon",
"password" : "saymon_user_password",
"parent_id" : "58b586d5c3a2f96642e25537",
"debug": true,
"polling_period": 30000,
"classes" : {
"4" : "CPU",
"619503be0ffb595aebe22222" : "Memory\|General"
}
}
]
Section/Parameter | Description |
---|---|
zabbix.classes |
An array of correspondences between class IDs and names of discovered objects. The appropriate classes will be assigned to the objects with the specified names when creating. |
zabbix.debug |
It enables recording parameters and request results into the log file;
By default false | recording is disabled. |
zabbix.parent_id |
The ID of the object which is used as the parent for objects imported from Zabbix. |
zabbix.password |
The password of the user with the access to read the hosts or groups of hosts, the data about which need to be imported. |
zabbix.polling_period |
Data update period (in milliseconds). By default 120000 | 2 minutes. |
zabbix.url |
The address of the |
zabbix.user |
The login of the user with the access to read the hosts or groups of hosts, the data about which need to be imported. |
Zabbix.request_options
This subsection contains modified options of the requests for hosts, triggers and data.
"request_options": {
"hosts": {
"filter": {
...
}
},
"triggers": {
"filter": {
...
}
},
"data": {
"filter": {
...
}
}
}
Section/Parameter |
Description |
---|---|
zabbix.request_options.hosts |
Parameters of requests for hosts. |
zabbix.request_options.hosts. |
Fields of the filter of requests for hosts. All of the available hosts filters are described in Zabbix API documentation. |
zabbix.request_options.trigers |
Parameters of requests for triggers. |
zabbix.request_options.trigers. |
Fields of the filter of requests for triggers. All of the available triggers filters are described in Zabbix API documentation. |
zabbix.request_options.data |
Parameters of requests for data. |
zabbix.request_options.data. |
Fields of the filter of requests for data. All of the available data filters are described in Zabbix API documentation. |