Server configuration

Server configuration is stored in the /etc/saymon/saymon-server.conf file.

To apply changes, restart the saymon-server service:

$ sudo service saymon-server restart

The following is the description of the sections and settings.

agent_stat

This section contains description of settings that affect storing historical data from the agent.

"agent_stat": {
   "write_to": "mongo",
   "default_ttl": 20,
   "ttl": [
      {
        "key": "payload.cpuInformation.vendor",
        "value": "Intel",
        "expire": 10
      }
   ]
}

agent_stat.write_to

Selecting a storage for data from the agent.

Set the value to mongo to store agent data in MongoDB.

Default – data from the agent is stored in ELK.

agent_stat.default_ttl

Default lifetime of datasets (in seconds). If this value is equal to 0, the data isn’t written to the database.

Default86400

agent_stat.agent_stat.ttl

Lifetime of datasets that require a non-default lifetime.

agent_stat.ttl.key

Name of the metric.

agent_stat.ttl.value

Value of the metric.

agent_stat.ttl.expire

Lifetime of dataset. If this value is equal to 0, the data isn’t written to the database.

cache

This section contains Redis server settings.

"cache": {
    "host": "127.0.0.1",
    "port": 6379
}

cache.auth_pass

Password for access to the Redis server.

cache.host

The Redis server address.

Default"127.0.0.1".

cache.port

The Redis server port.

Default6379.

cache.cluster

The subsection contains settings which are applied when Redis Cluster is used.

"cache": {
    "cluster": {
        "nodes": [
            {
                "port": 7000,
                "host": "127.0.0.1"
            },
            {
                "port": 7001,
                "host": "127.0.0.1"
            }
        ],
        "options": {}
    }
}
If this subsection is set, then the system uses connection settings specified here. The parameters cache.host and cache.port are ignored.

cache.cluster.options

Additional connection parameters.

You can find out more in the ioredis documentation.

cache.cluster.nodes

Servers of the cluster which are needed to be connected to.

cache.cluster.nodes.host

The address of the server of the cluster.

cache.cluster.nodes.port

The port of the server of the cluster.

custom_scripts

This section contains settings of the custom scripts, which are executed with object creation or deletion.

"custom_scripts": {
    "entity_triggers_path": "/opt/saymon-extensions/entity-triggers-path"
}

custom_scripts.entity_triggers_path

The full path to the folder with the files of the scripts.

db

This section contains settings for connecting to the database with the object model. MongoDB is used as the database.

"db" : {
    "mongodb": {
        "url": "mongodb://localhost:27017/saymon?w=1"
    }
}

db.mongodb

Data for connecting to MongoDB.

db.mongodb.url

The MongoDB server address and additional connection settings.

Default"mongodb://localhost:27017/saymon?w=1"

When using a cluster with several hosts their addresses are specified comma-separated in arbitrary order:

"url": "mongodb://host01:27017,host02:27017,host03:27017/saymon?w=1"

All possible additional URL parameters are presented in MongoDB documentation.

elasticsearch

This section contains settings of Elasticsearch.

"elasticsearch": {
    "node": "http://127.0.0.1:9200",
    "auth": {
        "username": "elastic",
        "password": "ypezA1ZoVv46fJh8Abj4"
   },
   "index_pattern": "myindex*",
   "request_timeout": 30000,
   "hits_per_request": 1000
}

elasticsearch.hits_per_request

Maximum number of records, which are requested in one query to Elasticsearch.

With increasing the value of this parameter the number of queries to Elasticsearch is decreased. However, memory consumption and time of flow blocking on the SAYMON server during answer processing is raised.

Default1000.

elasticsearch.index_pattern

Elasticsearch index, which the search occurs within.

elasticsearch.node

IP address of the Elasticsearch instance.

elasticsearch.request_timeout

Waiting time for response from the Elasticsearch server (in milliseconds).

Default30000 – 30 seconds.

elasticsearch.auth

Elasticsearch user credentials.

elasticsearch.auth.password

Elasticsearch user password.

elasticsearch.auth.username

Elasticsearch user login.

encrypt

"encrypt": {
  "db": true,
  "server_config": true,
  "tags": [
    "<<",
    ">>"
  ],
  "prefix": "crypt"
}

encrypt.db

Enables database fields encryption

  • true – Enable encryption.

  • false – Disable encryption.

Defaultfalse

encrypt.server_config

Enables server configuration file fields encryption.

  • true – Enable encryption.

  • false – Disable encryption.

Defaultfalse

encrypt.tags

Tag that marks a field for encryption. Read more about encrypted field format in the Encryption format article.

Default["<<",">>"]

encrypt.prefix

Prefix that shows that a field is encrypted. Read more about encrypted field format in the Encryption format article.

Defaultcrypt

extensions

This section contains settings of SAYMON custom extensions.

"extensions": {
    "path": "/opt/saymon-extensions"
}

extensions.path

Path to the folder with custom extensions.

hostname_update

This section contains settings for automatic update of automatically registered Host class objects.

hostname_update: {
    enabled: false
}

hostname_update.enabled

Automatically update name and properties of the Host class object when you change hostname.

  • true – Turn on automatic update.

  • false – Turn off automatic update.

Defaultfalse

kafka

This section contains settings for connection to Kafka broker.

"kafka" : {
    "host" : "localhost",
    "port" : 9092,
    "requestTimeout" : 30000,
    "fetch_latest" : false,
    "logLevel" : 2
}

In addition to the parameters which are listed here, it is also possible to use additional connection parameters.

kafka.brokers

Address pool to connect while using Kafka Cluster.

"kafka" : {
    ...
    "brokers": [
        "192.168.1.10:9092",
        "192.168.1.11:9092"
    ],
    ...
}
If this parameter is set, the system ignores the kafka.host and kafka.port parameters.
It is necessary to make additional settings in the agent configuration file while using Kafka Cluster.

kafka.fetch_latest

Sets the processing rule for messages which have come to Kafka while the system has been turned off;

  • false – process accumulated data,

  • true – ignore accumulated data.

Defaultfalse.

kafka.host

Kafka broker address.

Default"localhost".

kafka.logLevel

Kafka logging level;

  • 0 – NOTHING,

  • 1 – ERROR,

  • 2 – WARN,

  • 4 – INFO,

  • 5 – DEBUG.

Default2 – WARN.

kafka.port

Kafka broker port.

Default9092.

kafka.requestTimeout

The client waiting time for answer (in milliseconds).

Default30000 – 30 seconds.

kafka.ssl

Encryption settings. The key and certificate can be set as the paths to the files:

"kafka" : {
...
    "ssl": {
        "certFile": "/opt/kafka/for-saymon-server/cert.pem",
        "keyFile": "/opt/kafka/for-saymon-server/key.pem"
    },
...
}

kafka.sasl

Authentication settings. The parameters depend on authentication mechanism, which is used in Kafka. Settings example for the PLAIN/SCRAM mechanism:

"kafka" : {
...
    "sasl": {
        "mechanism": "plain",
        "username": "user",
        "password": "password"
    },
...
}

kafka.sasl.mechanism

Authentication mechanism.

keycloak

This section contains parameters for interacting with the Keycloak server to authorize users.

"keycloak": {
    "realm_certificate": "<data of keycloak_realm_certificate>",
    "realm_certificate_file": "/etc/saymon/keycloak_realm_certificate",
    "config_file": "/etc/saymon/keycloak_backend.json"
}
The parameters in the example are listed in descending order of priority when specified simultaneously. To work with Keycloak, it is sufficient to specify one of the parameters.

keycloak.config_file

Path to the configuration file, generated by the Keycloak server for the Backend-client.

keycloak.realm_certificate

Data of the Realm Certificate, with which the Keycloak server signs user tokens.

keycloak.realm_certificate_file

Path to the file with the data of the Keycloak Realm Certificate.

ldap

This section contains parameters of external LDAP server for user authorization.

"ldap" : {
    "url" : "ldaps://192.168.1.1:636",
    "suffix" : "dc=example,dc=com",
    "login" : "cn=admin,dc=example,dc=com",
    "pass" : "root",
    "allow_self_signed" : true,
    "create_user_for_existing_group_only": true,
    "import_non_existing_groups": false,
    "update_existing_groups": false
}

ldap.allow_self_signed

It enables connection with LDAPs to a server with a self-signed certificate;

  • false – connection is disabled,

  • true – connection is enabled.

Defaultfalse – connection is disabled.

ldap.create_user_for_existing_group_only

It restricts authorization of new users with only those users, who have a group on the LDAP server, name of which matches the name of an existing group (previously created) in SAYMON:

  • false – authorization is allowed for any new LDAP users,

  • true – authorization is allowed for only the new LDAP users, for whom groups in SAYMON are exist.

Defaultfalse – authorization of any new LDAP users is allowed.

This parameter does not apply to LDAP users, who already have a SAYMON account.

Don’t use together with the import_non_existing_groups parameter. If both parameters are set to true, the server will first import all groups that the user is in and then authorize them, as they are in an existing group.

ldap.group_name_attribute

The attribute which contains names of user groups.

It is set when it is necessary to use non-standard attribute.

The standard attribute is "cn".

ldap.import_non_existing_groups

It allows automatic creation of the groups, which the user belongs to on the LDAP server, but does not exist in SAYMON:

  • false – with login of an LDAP user new groups are not created in SAYMON,

  • true – with login of an LDAP user all of their groups are created in SAYMON, the user is automatically added to the groups.

Defaultfalse – with authorization of an LDAP user new groups are not created in SAYMON.

ldap.login

LDAP administrator login. Administrator account must have access to LDAP users and groups, that need to be imported into SAYMON.

ldap.login_attribute_name

The attribute which contains users' names to log in the system.

It is set when it is necessary to use not the standard attribute.

The standard attribute is "name".

ldap.pass

LDAP administrator password.

ldap.suffix

The root element (as a rule it is the organization’s domain name).

ldap.update_existing_groups

It allows to convert user groups, created in SAYMON, to LDAP groups, if with import of user groups from LDAP the groups' names match:

  • false – with login of LDAP users, groups are not updated,

  • true – with login of an LDAP user, their groups in SAYMON, which are matched with their groups in LDAP, are updated to LDAP groups.

Defaultfalse – with login of LDAP users, groups are not updated.

ldap.url

LDAP server address. The protocols LDAP and LDAPs are supported.

logdb

This section contains settings for security log database.

This section is required to enable security log interface. This section is not set by default.
"logdb": {
  "url": "mongodb://localhost:27017/logs",
  "collection": "securityLogs"
}

logdb.url

URL of the MongoDB database that stores security log entries.

logdb.collection

Name of the collection of security log entries.

monitoring

This section contains settings of the custom monitoring probes.

"monitoring": {
    "custom_tasks_path": "/opt/saymon-agent/custom_tasks"
}

monitoring.custom_tasks_path

The full path to the folder with the files of the probes.

mqtt

This section contains settings for connection to a MQTT broker.

"mqtt" : {
    "broker" : "mqtt://username:password@localhost:1883"
}

mqtt.broker

Broker address and port.

Default"mqtt://localhost:1883"

In order to use authentication by username and password it is necessary to specify credentials before the server address.

openTsdb

This section contains access parameters to OpenTSDB.

"openTsdb" : {
    "enabled" : true,
    "host" : "localhost",
    "port" : 4242,
    "timeout" : 15000
}

openTsdb.enabled

Recording historical data to OpenTSDB;

  • false – recording is disabled,

  • true – recording is enabled.

Defaulttrue \|recording is enabled.

openTsdb.host

Address of the host with OpenTSDB.

Default"localhost".

openTsdb.port

OpenTSDB port.

Default4242.

openTsdb.timeout

Requests timeout in milliseconds.

Default15000 – 15 seconds.

tsdb_extensions

This section contains configuration parameters for additional time series databases.

"tsdb_extensions": [
    {
       "name": "influx",
       "enabled": true,
       "config": {}
	   "path": <path to DB client file>
    }
],

tsdb_extensions.name

Name of the additional time series database;

Possible values:

tsdb_extensions.enabled

Recording historical data into an additional time series database;

  • false – recording is disabled,

  • true – recording is enabled.

Defaulttrue – recording is enabled.

openTsdb.config

It defines the configuration for connecting to the database. Configuration for specific databases can be found in the respective integration descriptions:

openTsdb.path

It contains the absolute path to the database client file. It is used if you need to connect another third-party module to work with time series.

push_notification

This section contains parameters of push notifications in the mobile application. Firebase Cloud Messaging (FCM) is used for work with push notifications.

"push_notification" : {
    "disabled" : true,
    "key_path" : "/etc/saymon/saymon-mobile-firebase-adminsdk.json",
    "on_state_change" : true,
    "timeout" : 0,
    "url" : "https://saymon-mobile.firebaseio.com"
}

push_notification.disabled

It disables the notifications;

  • true – notifications are disabled,

  • false – notifications are enabled.

Defaulttrue – notifications are disabled.

push_notification.key_path

Path to SAYMON server authorization key on the Firebase server.

Default"/etc/saymon/saymon-mobile-firebase-adminsdk.json".

push_notification.on_state_change

It enables sending notifications when state changes, in case of another notification source – MQTT messages;

  • true – sending is enabled,

  • false – sending is disabled.

Defaulttrue – sending is enabled.

push_notification.timeout

Time after which a notification is sent to each user (in milliseconds).

Default0 – no delay.

push_notification.url

URL, obtained by user from Firebase, to receive notifications content from the server.

Default"https://saymon-mobile.firebaseio.com".

resource_server

This section contains parameters bonded with storage files, uploaded to SAYMON.

"resource_server" : {
    "debug" : false,
    "file_storage_dir" : "/var/saymon/resources",
    "ip_address" : "127.0.0.1",
    "port" : 8092
}

resource_server.debug

It enables debug mode for logging into the file /var/log/saymon/saymon-server.log;

  • false – debug mode is disabled,

  • true – debug mode is enabled.

Defaultfalse – debug mode is disabled.

resource_server.file_storage_dir

Path to the directory for storage documents, added to objects.

Default"/var/saymon/resources".

resource_server.ip_address

Resource server address.

Default"127.0.0.1".

resource_server.port

Resource server port.

Default8092.

rest_server

This section contains REST server settings.

"rest_server" : {
    "base_url" : "/api",
    "colorize_log" : false,
    "debug" : false,
    "document_download_url" : "http://localhost/node/api/docs",
    "ip_address" : "127.0.0.1",
    "keepAliveTimeout" : 5000,
    "num_workers" : 1,
    "port" : 8090,
    "public_url" : "http://mycompany.com/index.html",
    "session_ttl" : 3600000,
    "snmp_mib_url" : "http://192.168.1.189:5550",
    "update_download_url" : "http://localhost/node/api/agents/update"
}

rest_server.base_url

Base path to API requests.

Default"/api".

rest_server.body_limit

Limit on the size of the body of the request to the REST server.

You can specify this parameter in bytes as well as a string with the format <size><unit> (for example "10kb" or "5mb").

When you exceed this limitation when performing a request through web-interface, you will be shown a "Request entity too large" message.

rest_server.colorize_log

It enables colorizing log;

  • false – colorizing is disabled,

  • true – colorizing is enabled.

Defaultfalse – colorizing is disabled.

rest_server.debug

It enables debug mode for logging into the file /var/log/saymon/saymon-server.log;

  • false – debug mode is disabled,

  • true – debug mode is enabled.

Defaultfalse – debug mode is disabled.

rest_server.document_download_url

URL to files stored in $document_storage_dir.

Default"http://localhost/node/api/docs".

rest_server.ip_address

Host address to run REST server.

Default"127.0.0.1".

rest_server.keepAliveTimeout

The server waiting time for the next request before termination the current session (in milliseconds).

Default5000 – 5 seconds.

rest_server.num_workers

Number of processes to upload data.

Default1.

rest_server.port

REST server port.

Default8090.

rest_server.public_url

Address for access to the web interface from notifications.

rest_server.session_ttl

Amount of time a user can be inactive before the user’s session expires and closes (in milliseconds).

Default3600000 – 1 hour.

rest_server.snmp_mib_url

Address of the service for translation numeric SNMP OIDs to the text format.

rest_server.update_download_url

Path to agent update file.

Default"http://localhost/node/api/agents/update".

rest_server.limits

This subsection contains limits for number of requests to REST API.

"limits" : [
    {
        "__comment": "unlimited number of requests for the admin user",
        "user": "5048c849d7b6e40593dfee71"
    },
    {
        "__comment": "unlimited number of requests for the duty shift group",
        "group": "60e591928196105ec9c74636"
    },
    {
        "__comment": "unlimited requests to States and Classes",
        "uri": ["/states", "/classes"]
    },
    {
        "__comment": "limit for requests to Objects",
        "uri": ["/objects"],
        "rate": "100/minute"
    },
    {
        "__comment": "limits for users authorized from 127.0.0.1",
        "user": true,
        "ip": '127.0.0.1',
        "rate": "120/minute"
    },
    {
        "__comment": "limits for unauthorized users",
        "user": false,
        "rate": "10/minute"
    }
]

Default – there are no limits on requests.

For each request the search of rules is implemented from the top down. Only one (first matched) rule is applied.

rest_server.limits.group

The user groups, which the limit is set to;

  • string|string[] – the group ID or the list of the group IDs, which the rule is applied to.

Examples:

"limits": [
    {
        "group": "60e562277936944ebf158282",
        ...
    }
]
"limits": [
    {
        "group": [
            "60e562277936944ebf158282",
            "616406e1a3db5948cd815438"
        ],
        ...
    }
]

rest_server.limits.ip

The IP addresses, which the limit is set for:

  • true – separate limit for each IP address;

  • string|string[] – the IP address or the list of the IP addresses, which the rule is applied for.

Examples:

"limits": [
    {
        "ip": true,
        ...
    }
]
"limits": [
    {
        "ip": "127.0.0.1",
        ...
    }
]
"limits": [
    {
        "ip": [
            "127.0.0.1",
            "192.168.1.2"
        ],
        ...
    }
]

rest_server.limits.rate

The number of requests per time unit. If it is not specified, there are no limits.

It is set in the format number_of_requests/time_unit.

Supported time units:

  • y – year,

  • Q – quarter,

  • M – month,

  • w – week,

  • d – day,

  • h – hour,

  • m/minute – minute,

  • s – second,

  • ms – millisecond.

Example:

"limits": [
    {
        "rate": 100/minute,
        ...
    }
]

rest_server.limits.uri

The REST methods, which the limit is set to;

  • true – separate limit for each method;

  • string|string[] – the method or the list of the methods, which the rule is applied to.

Any API method can be set without /node/api prefix, for example "/time".

Examples:

"limits": [
    {
        "uri": true,
        ...
    }
]
"limits": [
    {
        "uri": "/ping",
        ...
    }
]
"limits": [
    {
        "uri": [
            "/ping",
            "/node/api/objects/:id/stat"
        ],
        ...
    }
]

rest_server.limits.user

The users, which the limit is set to;

  • true – separate limit for each authorized user;

  • false – limit by IP address for each authorized user;

  • string|string[] – the user ID or the list of the user IDs, which the rule is applied to.

Examples:

"limits": [
    {
        "user": true,
        ...
    }
]
"limits": [
    {
        "user": false,
        ...
    }
]
"limits": [
    {
        "user": "6048c849d7b6e40593dfee71",
        ...
    }
]
"limits": [
    {
        "user": [
            "57ff6853fa6db3a63d16d07b",
            "6048c849d7b6e40593dfee71"
        ],
        ...
    }
]

server

This section contains general server parameters.

server.agent_registration_parent_id

ID of the object where agents appear in case of the self-registration process.

Default"1".

server.analytics_enabled

It involves analytics of the metric values in the data processing;

  • false – analytics is disabled,

  • true – analytics is enabled.

Defaultfalse – analytics is disabled.

server.analytics_processes

The amount of logical cores used to process the times series analytics.

Default – all available cores are used.

server.block_by_ip

Block user by IP after a set amount of unsuccessful login attempts.

If a user is blocked, they will be shown the following message on the login screen:

Error! (38) Too many failed login attempts, try again in a few seconds

Default – this section is not set, functionality is disabled.

"block_by_ip": {
  "enabled": true,
  "attempts": 3,
  "block_period": 30000
}

server.block_by_ip.enabled

Whether the IP blocking functionality is enabled.

server.block_by_ip.attempts

Amount of unsuccessful attempts required to block the IP.

server.block_by_ip.block_period

Period of time during which the IP is blocked (in milliseconds).

server.colorize_log

It enables colorizing log;

  • false – colorizing is disabled,

  • true – colorizing is enabled.

Defaultfalse – colorizing is disabled.

server.comet_ping_interval

Time interval between sending messages by comet server (in milliseconds).

Default5000 – 5 seconds.

server.comet_ping_timeout

Waiting time for the message from the comet server (in milliseconds).

Default12000 – 12 seconds.

server.comet_port

Port for the connection.

Default8091.

server.comet_secure

It enables SSL connection;

  • false – connection is disabled,

  • true – connection is enabled.

Defaultfalse – connection is disabled.

server.comet_ssl_certificate

Path to the certificate.

server.comet_ssl_key

Path to the key.

server.conditional_incidents_enabled

  • false – functionality is disabled,

  • true – functionality is enabled.

Defaultfalse – functionality is disabled.

server.conditional_incidents_script

It is used only if the incidents functionality is enabled: server.conditional_incidents_enabled = true

server.debug

It enables debug mode for logging into the file /var/log/saymon/saymon-server.log;

  • false – debug mode is disabled,

  • true – debug mode is enabled.

Defaultfalse – debug mode is disabled.

server.default_result_timeout

Time after which the condition No data on object is triggered since object creation or obtaining the last data (in milliseconds).

Default120000 – 2 minutes.

server.default_state_id

Object default state.

Default7NO DATA.

server.discovery_parent_id

ID of the object to place new network devices, discovered by agents.

Default"1".

server.event_log_max_bytes

Event Log size at which the data is rotated (in bytes).

Default"1 G" – 1 gigabyte.

server.history_temporary_storage_period

Time period (in milliseconds) during which the data is buffered in Redis and then transferred to OpenTSDB.

This parameter works only if history_update_period is equal to 0.

server.history_update_period

History data recording period (in milliseconds).

0 – immediate recording incoming values.

Default60000 – 1 minute.

server.history_write_length

Limit of the number of points in one request to OpenTSDB. With specifying this parameter the data is written to the database in parts.

This function is useful with exceeding the size of the data which is written at once. The recommended value in this case is 100000.

By default, there is no limit, data is written to OpenTSDB without splitting into parts.

server.incident_timeout

Transition time of an alarm from the active alarms list to the alarm history list after clearing the alarm.

Default120000 – 2 minutes.

server.notification_buffering_period

Time period to hoard all messages about object state changes and send grouped notification to the users (in milliseconds).

Default0 – buffering is disabled.

server.retain_expired_stat

It enables storage of the latest received data after their obsolescence;

  • false – storage is disabled,

  • true – storage is enabled.

Defaultfalse – storage is disabled.

server.script_trigger_timeout

The maximum execution time of triggers and operations (in milliseconds).

Default30000 – 30 seconds.

server.self_object_id

ID of an object used for self-monitoring.

server.self_monitoring_period

Period between self-monitoring processes.

Default – – 2 minutes.

server.sms_script

Path to a script for sending SMS notifications.

server.stat_local_timestamp_field_name

Name of the field in which the time with which the data must be saved in OpenTSDB is displayed.

Default"localTimestamp".

server.stat_scan_period

Validation period of incoming data expiration (in milliseconds).

Default3000 – 3 seconds.

server.use_stat_timestamp

It saves the timestamp from agent’s data;

  • false – the value of the timestamp field from agent’s data is replaced with the server’s timestamp,

  • true – the value of the timestamp field from agent’s data is used, it is not replaced with the server’s timestamp.

Defaultfalse – the value of the timestamp field from agent’s data is replaced with server’s timestamp.

server.voice_call_script

Path to a script for implementing voice calls.

server.email

This subsection contains email-server settings.

"email" :{
    "disabled" : false,
    "fields" : {
        "from" : "saymon@saas.saymon.info"
    },
    "max_json_length": 1000,
    "transport" : {
        "auth" {
            "user" : "saymon@saas.saymon.info",
            "pass" : "P@ssw0rd"
        },
        "host" : "smtp.gmail.com",
        "port" : 465,
        "secure" : true
    },
}

server.email.disabled

It disables sending email notifications;

  • true – sending is disabled,

  • false – sending is enabled.

Defaulttrue – sending is disabled.

server.email.max_json_length

Size limit of notification emails (in symbols).

Default1000 – 1000 symbols.

server.email.fields

Information about the sender.

server.email.fields.from

Sender’s email address

server.email.transport

Post server data.

server.email.transport.host

Mail server address.

server.email.transport.port

Mail server port.

server.email.transport.secure

It enables TLS while connection to the server;

  • false – using TLS is disabled,

  • true – using TLS is enabled.

Default value depends on the port.

server.email.transport.service

Service kit, embedded in the connector. When using it sets host, port, secure automatically.

Default"Gmail".

server.email.transport.auth

User’s credentials.

server.email.transport.auth.pass

User’s password.

server.email.transport.auth.user

User’s login.

server.user

This subsection contains user settings.

"user" : {
    "auth_enabled": true,
    "new_user_access": "all",
    "template": {
        "permissions": ["manage-objects", "view-section-stat"],
        "objectPermissions": {
            "include": [],
            "exclude": ["5fb643ddf277b96c8401119b", "5f8dc28407e86603bfe281f8"]
        }
    },
    "usersRoot": "5800d9aaac7bf0f90d3d520e",
    "auth_attempts": {
        "enabled": true,
        "attempts": 3,
        "block_period": 60000
    },
}

server.user.auth_attempts

Blocking users for failed login attempts.

When a user fails to login an amount of times specified in the attempts parameter, this user is blocked. All requests from this user return 429 Too Many Requests message.

The amount of failed login attempts is reset after a successful login or after an amount of time specified in the block_period parameter. If a user was already blocked for failed login attempts, they will be unblocked after a period of time, specified in the block_period parameter

"user" : {
    ...
    "auth_attempts": {
        "enabled": true,
        "attempts": 3,
        "block_period": 60000
    },
    ...
}

server.user.auth_attempts.enabled

Enables blocking users for failed login attempts.

  • false – disables blocking,

  • true – enables blocking.

Defaulttrue – blocking is enabled.

server.user.auth_attempts.attempts

Maximum amount of failed login attempts.

Default3.

server.user.auth_attempts.block_period

Period, after which the user’s failed login attempts will be reset (in milliseconds).

If a user was already blocked for failed login attempts, they will be unblocked after a period of time, specified in this parameter.

Default300000.

server.user.auth_enabled

In enables self-account-creation and the ability to remove own account for users;

  • false – account creation and removal is disabled,

  • true – account creation and removal is enabled.

Defaultfalse – account creation and removal is disabled.

server.user.auth_token_enabled

Enables API token authentication.

  • false – token authentication is disabled,

  • true – token authentication is enabled.

Defaulttrue – token authentication is enabled.

server.user.lang_default

User language by default;

  • "en" – English,

  • "it" – Italian,

Default"en" – English.

server.user.new_user_access

Access rights to objects for a new user;

"all" – access to all of the objects, "not" – no access to any object.

Default"all" – access to all of the objects.

server.user.usersRoot

ID of the object used as the root for a newly registered user’s new objects.

Default"1".

server.user.template

New user’s rights template. These parameters are applied only for users, who used self-account-creation.

server.user.template.permissions

A list of permissions given to a newly registered user by default.

server.user.template.objectPermissions

User rights to access to objects.

server.user.template.objectPermissions.include

A list of objects' IDs to which a newly registered user is given access by default.

server.user.template.objectPermissions.exclude

A list of objects' IDs to which a newly registered user is denied access by default.

snmp

This section contains settings for processing SNMP traps.

"snmp": {
    "filter": "/users/admin/tmp/snmp-filter.js"
}

snmp.filter

The path to the file with a filtration function for incoming SNMP traps.

If the function returns false, the message will be discarded. The function below blocks traps which contain any string from the filters array:

Filtration function example
module.exports = function(message, rawMessage) {
    rawMessage = String(rawMessage);
    //console.log(message, rawMessage);
    let filters = [ 'HLR Call Processing Message',
        'AIR Rejected – No EPS Subscription',
        'GPRS SIBB Processing Exception',
        'AuC Call Processing Message',
        'Received notification from CLIM',
        'AuC Event Log Clean Up',
        'SOFT 0006'
    ];
    return !filters.some((filter) => rawMessage.includes(filter));
}

Next example drops trap with enterpriseOid = '.1.3.6.1.4.1.169.10.1.1' AND genericTrap = 6 AND specificTrap = 5:

Filtration function example
module.exports = function(message, rawMessage) {
    return message.payload.enterpriseOid != '.1.3.6.1.4.1.169.10.1.1' && message.payload.genericTrap != 6 && message.payload.specificTrap != 5;
}

state_history_log

"state_history_log": {
    "max_time_range_interval": 30
}

state_history_log.max_time_range_interval

Defines the maximum time range, that the user can set in the event log filter, when using parameters that can slow down the search (classId, tagId, entityName). This value is set in days.

If you set this value to 0, the user will not be limited in selection of the time interval. However, this might lead to long search times if there are a lot of objects in the system.

Default90 days.

wetty

This section contains settings for logging the history of user interaction with the system via the Wetty terminal.

History of each user session is logged into a separate file.

File name format: YYYY-MM-DD_HH_MM_SS_PROTOCOL_IP_USERNAME.log, for example 2023-01-12_11-56-17_ssh_127.0.0.1_admin.log.

If you are using the SAYMON version older than 3.12.86, you should do the following steps when upgrading to a newer version:

  1. Make changes to the file /etc/nginx/sites-available/saymon:

    location ~ /wetty/(.*)
    {
      # take path and query after wetty/ and append it to proxy_pass
      proxy_pass http://127.0.0.1:3001/wetty/$1?$query_string;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
  2. Restart nginx:

    $ service nginx reload
"wetty" : {
    "log_dir" : "/tmp",
    "raw_mode": true
}

wetty.log_dir

Path to the folder for storing log-files.

wetty.raw_mode

It enables logging mode with ANSI control symbols;

  • true – logs are written with ANSI control symbols;

  • false – logs are written without ANSI control symbols.

Defaulttrue

Logs are written with ANSI control symbols.

zabbix

This section contains settings for data import from the Zabbix system.

By default, server uses connection system for Zabbix 6.0. To use legacy connection system for Zabbix 5.x, set zabbix5 parameter to true.
"zabbix" : [
    {
        "url" : "http://192.168.1.215/zabbix/api_jsonrpc.php",
        "user" : "saymon",
        "password" : "saymon_user_password",
        "parent_id" : "58b586d5c3a2f96642e25537",
        "debug": true,
        "polling_period": 30000,
        "classes" : {
            "4" : "CPU",
            "619503be0ffb595aebe22222" : "Memory\|General"
        }
    }
]

zabbix.classes

An array of correspondences between class IDs and names of discovered objects. The appropriate classes will be assigned to the objects with the specified names when creating.

zabbix.debug

It enables recording parameters and request results into the log file;

  • false – recording is disabled,

  • true – recording is enabled.

Defaultfalse – recording is disabled.

zabbix.parent_id

The ID of the object which is used as the parent for objects imported from Zabbix.

zabbix.password

The password of the user with the access to read the hosts or groups of hosts, the data about which need to be imported.

zabbix.polling_period

Data update period (in milliseconds).

Default120000 – 2 minutes.

zabbix.url

The address of the api_jsonrpc.php file of the required Zabbix installation.

zabbix.user

The login of the user with the access to read the hosts or groups of hosts, the data about which need to be imported.

zabbix.zabbix5

Use the legacy connection system for Zabbix 5.x.

  • true – server uses legacy connection system for Zabbix 5.x,

  • false – server uses connection system for Zabbix 6.0.

Default – false – server uses connection system for Zabbix 6.0.

This parameter isn’t used in SAYMON server earlier than 3.14.89, as they don’t have Zabbix 6.0 support.

zabbix.request_options

This subsection contains modified options of the requests for hosts, triggers and data.

"request_options": {
    "hosts": {
        "filter": {
            ...
        }
    },
    "triggers": {
        "filter": {
            ...
        }
    },
    "data": {
        "filter": {
            ...
        }
    }
}

zabbix.request_options.hosts

Parameters of requests for hosts.

zabbix.request_options.hosts.filter

Fields of the filter of requests for hosts. All of the available hosts filters are described in Zabbix API documentation.

zabbix.request_options.triggers

Parameters of requests for triggers.

zabbix.request_options.triggers.filter

Fields of the filter of requests for triggers. All of the available triggers filters are described in Zabbix API documentation.

zabbix.request_options.data

Parameters of data requests.

zabbix.request_options.data.filter

Fields of the filter of requests for data. All of the available data filters are described in Zabbix API documentation.