-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
Copy pathconf.yaml.example
437 lines (390 loc) · 16.2 KB
/
conf.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
## All options defined here are available to all instances.
#
init_config:
## @param proxy - mapping - optional
## Set HTTP or HTTPS proxies for all instances. Use the `no_proxy` list
## to specify hosts that must bypass proxies.
##
## The SOCKS protocol is also supported like so:
##
## socks5://user:pass@host:port
##
## Using the scheme `socks5` causes the DNS resolution to happen on the
## client, rather than on the proxy server. This is in line with `curl`,
## which uses the scheme to decide whether to do the DNS resolution on
## the client or proxy. If you want to resolve the domains on the proxy
## server, use `socks5h` as the scheme.
#
# proxy:
# http: http://<PROXY_SERVER_FOR_HTTP>:<PORT>
# https: https://<PROXY_SERVER_FOR_HTTPS>:<PORT>
# no_proxy:
# - <HOSTNAME_1>
# - <HOSTNAME_2>
## @param skip_proxy - boolean - optional - default: false
## If set to `true`, this makes the check bypass any proxy
## settings enabled and attempt to reach services directly.
#
# skip_proxy: false
## @param timeout - number - optional - default: 10
## The timeout for connecting to services.
#
# timeout: 10
## @param service - string - optional
## Attach the tag `service:<SERVICE>` to every metric, event, and service check emitted by this integration.
##
## Additionally, this sets the default `service` for every log source.
#
# service: <SERVICE>
## Every instance is scheduled independently of the others.
#
instances:
## @param lighttpd_status_url - string - required
## Status url of your Lighttpd server.
#
- lighttpd_status_url: http://localhost/server-status?auto
## @param proxy - mapping - optional
## This overrides the `proxy` setting in `init_config`.
##
## Set HTTP or HTTPS proxies for this instance. Use the `no_proxy` list
## to specify hosts that must bypass proxies.
##
## The SOCKS protocol is also supported, for example:
##
## socks5://user:pass@host:port
##
## Using the scheme `socks5` causes the DNS resolution to happen on the
## client, rather than on the proxy server. This is in line with `curl`,
## which uses the scheme to decide whether to do the DNS resolution on
## the client or proxy. If you want to resolve the domains on the proxy
## server, use `socks5h` as the scheme.
#
# proxy:
# http: http://<PROXY_SERVER_FOR_HTTP>:<PORT>
# https: https://<PROXY_SERVER_FOR_HTTPS>:<PORT>
# no_proxy:
# - <HOSTNAME_1>
# - <HOSTNAME_2>
## @param skip_proxy - boolean - optional - default: false
## This overrides the `skip_proxy` setting in `init_config`.
##
## If set to `true`, this makes the check bypass any proxy
## settings enabled and attempt to reach services directly.
#
# skip_proxy: false
## @param auth_type - string - optional - default: basic
## The type of authentication to use. The available types (and related options) are:
##
## - basic
## |__ username
## |__ password
## |__ use_legacy_auth_encoding
## - digest
## |__ username
## |__ password
## - ntlm
## |__ ntlm_domain
## |__ password
## - kerberos
## |__ kerberos_auth
## |__ kerberos_cache
## |__ kerberos_delegate
## |__ kerberos_force_initiate
## |__ kerberos_hostname
## |__ kerberos_keytab
## |__ kerberos_principal
## - aws
## |__ aws_region
## |__ aws_host
## |__ aws_service
##
## The `aws` auth type relies on boto3 to automatically gather AWS credentials, for example: from `.aws/credentials`.
## Details: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#configuring-credentials
#
# auth_type: basic
## @param use_legacy_auth_encoding - boolean - optional - default: true
## When `auth_type` is set to `basic`, this determines whether to encode as `latin1` rather than `utf-8`.
#
# use_legacy_auth_encoding: true
## @param username - string - optional
## The username to use if services are behind basic or digest auth.
#
# username: <USERNAME>
## @param password - string - optional
## The password to use if services are behind basic or NTLM auth.
#
# password: <PASSWORD>
## @param ntlm_domain - string - optional
## If your services use NTLM authentication, specify
## the domain used in the check. For NTLM Auth, append
## the username to domain, not as the `username` parameter.
#
# ntlm_domain: <NTLM_DOMAIN>\<USERNAME>
## @param kerberos_auth - string - optional - default: disabled
## If your services use Kerberos authentication, you can specify the Kerberos
## strategy to use between:
##
## - required
## - optional
## - disabled
##
## See https://github.com/requests/requests-kerberos#mutual-authentication
#
# kerberos_auth: disabled
## @param kerberos_cache - string - optional
## Sets the KRB5CCNAME environment variable.
## It should point to a credential cache with a valid TGT.
#
# kerberos_cache: <KERBEROS_CACHE>
## @param kerberos_delegate - boolean - optional - default: false
## Set to `true` to enable Kerberos delegation of credentials to a server that requests delegation.
##
## See https://github.com/requests/requests-kerberos#delegation
#
# kerberos_delegate: false
## @param kerberos_force_initiate - boolean - optional - default: false
## Set to `true` to preemptively initiate the Kerberos GSS exchange and
## present a Kerberos ticket on the initial request (and all subsequent).
##
## See https://github.com/requests/requests-kerberos#preemptive-authentication
#
# kerberos_force_initiate: false
## @param kerberos_hostname - string - optional
## Override the hostname used for the Kerberos GSS exchange if its DNS name doesn't
## match its Kerberos hostname, for example: behind a content switch or load balancer.
##
## See https://github.com/requests/requests-kerberos#hostname-override
#
# kerberos_hostname: <KERBEROS_HOSTNAME>
## @param kerberos_principal - string - optional
## Set an explicit principal, to force Kerberos to look for a
## matching credential cache for the named user.
##
## See https://github.com/requests/requests-kerberos#explicit-principal
#
# kerberos_principal: <KERBEROS_PRINCIPAL>
## @param kerberos_keytab - string - optional
## Set the path to your Kerberos key tab file.
#
# kerberos_keytab: <KEYTAB_FILE_PATH>
## @param auth_token - mapping - optional
## This allows for the use of authentication information from dynamic sources.
## Both a reader and writer must be configured.
##
## The available readers are:
##
## - type: file
## path (required): The absolute path for the file to read from.
## pattern: A regular expression pattern with a single capture group used to find the
## token rather than using the entire file, for example: Your secret is (.+)
## - type: oauth
## url (required): The token endpoint.
## client_id (required): The client identifier.
## client_secret (required): The client secret.
## basic_auth: Whether the provider expects credentials to be transmitted in
## an HTTP Basic Auth header. The default is: false
## options: Mapping of additional options to pass to the provider, such as the audience
## or the scope. For example:
## options:
## audience: https://example.com
## scope: read:example
##
## The available writers are:
##
## - type: header
## name (required): The name of the field, for example: Authorization
## value: The template value, for example `Bearer <TOKEN>`. The default is: <TOKEN>
## placeholder: The substring in `value` to replace with the token, defaults to: <TOKEN>
#
# auth_token:
# reader:
# type: <READER_TYPE>
# <OPTION_1>: <VALUE_1>
# <OPTION_2>: <VALUE_2>
# writer:
# type: <WRITER_TYPE>
# <OPTION_1>: <VALUE_1>
# <OPTION_2>: <VALUE_2>
## @param aws_region - string - optional
## If your services require AWS Signature Version 4 signing, set the region.
##
## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
#
# aws_region: <AWS_REGION>
## @param aws_host - string - optional
## If your services require AWS Signature Version 4 signing, set the host.
## This only needs the hostname and does not require the protocol (HTTP, HTTPS, and more).
## For example, if connecting to https://us-east-1.amazonaws.com/, set `aws_host` to `us-east-1.amazonaws.com`.
##
## Note: This setting is not necessary for official integrations.
##
## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
#
# aws_host: <AWS_HOST>
## @param aws_service - string - optional
## If your services require AWS Signature Version 4 signing, set the service code. For a list
## of available service codes, see https://docs.aws.amazon.com/general/latest/gr/rande.html
##
## Note: This setting is not necessary for official integrations.
##
## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
#
# aws_service: <AWS_SERVICE>
## @param tls_verify - boolean - optional - default: true
## Instructs the check to validate the TLS certificate of services.
#
# tls_verify: true
## @param tls_use_host_header - boolean - optional - default: false
## If a `Host` header is set, this enables its use for SNI (matching against the TLS certificate CN or SAN).
#
# tls_use_host_header: false
## @param tls_ignore_warning - boolean - optional - default: false
## If `tls_verify` is disabled, security warnings are logged by the check.
## Disable those by setting `tls_ignore_warning` to true.
#
# tls_ignore_warning: false
## @param tls_cert - string - optional
## The path to a single file in PEM format containing a certificate as well as any
## number of CA certificates needed to establish the certificate's authenticity for
## use when connecting to services. It may also contain an unencrypted private key to use.
#
# tls_cert: <CERT_PATH>
## @param tls_private_key - string - optional
## The unencrypted private key to use for `tls_cert` when connecting to services. This is
## required if `tls_cert` is set and it does not already contain a private key.
#
# tls_private_key: <PRIVATE_KEY_PATH>
## @param tls_ca_cert - string - optional
## The path to a file of concatenated CA certificates in PEM format or a directory
## containing several CA certificates in PEM format. If a directory, the directory
## must have been processed using the `openssl rehash` command. See:
## https://www.openssl.org/docs/man3.2/man1/c_rehash.html
#
# tls_ca_cert: <CA_CERT_PATH>
## @param tls_protocols_allowed - list of strings - optional
## The expected versions of TLS/SSL when fetching intermediate certificates.
## Only `SSLv3`, `TLSv1.2`, `TLSv1.3` are allowed by default. The possible values are:
## SSLv3
## TLSv1
## TLSv1.1
## TLSv1.2
## TLSv1.3
#
# tls_protocols_allowed:
# - SSLv3
# - TLSv1.2
# - TLSv1.3
## @param tls_ciphers - list of strings - optional
## The list of ciphers suites to use when connecting to an endpoint. If not specified,
## `ALL` ciphers are used. For list of ciphers see:
## https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
#
# tls_ciphers:
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_AES_128_GCM_SHA256
## @param headers - mapping - optional
## The headers parameter allows you to send specific headers with every request.
## You can use it for explicitly specifying the host header or adding headers for
## authorization purposes.
##
## This overrides any default headers.
#
# headers:
# Host: <ALTERNATIVE_HOSTNAME>
# X-Auth-Token: <AUTH_TOKEN>
## @param extra_headers - mapping - optional
## Additional headers to send with every request.
#
# extra_headers:
# Host: <ALTERNATIVE_HOSTNAME>
# X-Auth-Token: <AUTH_TOKEN>
## @param timeout - number - optional - default: 10
## The timeout for accessing services.
##
## This overrides the `timeout` setting in `init_config`.
#
# timeout: 10
## @param connect_timeout - number - optional
## The connect timeout for accessing services. Defaults to `timeout`.
#
# connect_timeout: <CONNECT_TIMEOUT>
## @param read_timeout - number - optional
## The read timeout for accessing services. Defaults to `timeout`.
#
# read_timeout: <READ_TIMEOUT>
## @param request_size - number - optional - default: 16
## The number of kibibytes (KiB) to read from streaming HTTP responses at a time.
#
# request_size: 16
## @param log_requests - boolean - optional - default: false
## Whether or not to debug log the HTTP(S) requests made, including the method and URL.
#
# log_requests: false
## @param persist_connections - boolean - optional - default: false
## Whether or not to persist cookies and use connection pooling for improved performance.
#
# persist_connections: false
## @param allow_redirects - boolean - optional - default: true
## Whether or not to allow URL redirection.
#
# allow_redirects: true
## @param tags - list of strings - optional
## A list of tags to attach to every metric and service check emitted by this instance.
##
## Learn more about tagging at https://docs.datadoghq.com/tagging
#
# tags:
# - <KEY_1>:<VALUE_1>
# - <KEY_2>:<VALUE_2>
## @param service - string - optional
## Attach the tag `service:<SERVICE>` to every metric, event, and service check emitted by this integration.
##
## Overrides any `service` defined in the `init_config` section.
#
# service: <SERVICE>
## @param min_collection_interval - number - optional - default: 15
## This changes the collection interval of the check. For more information, see:
## https://docs.datadoghq.com/developers/write_agent_check/#collection-interval
#
# min_collection_interval: 15
## @param empty_default_hostname - boolean - optional - default: false
## This forces the check to send metrics with no hostname.
##
## This is useful for cluster-level checks.
#
# empty_default_hostname: false
## @param metric_patterns - mapping - optional
## A mapping of metrics to include or exclude, with each entry being a regular expression.
##
## Metrics defined in `exclude` will take precedence in case of overlap.
#
# metric_patterns:
# include:
# - <INCLUDE_REGEX>
# exclude:
# - <EXCLUDE_REGEX>
## Log Section
##
## type - required - Type of log input source (tcp / udp / file / windows_event).
## port / path / channel_path - required - Set port if type is tcp or udp.
## Set path if type is file.
## Set channel_path if type is windows_event.
## source - required - Attribute that defines which integration sent the logs.
## encoding - optional - For file specifies the file encoding. Default is utf-8. Other
## possible values are utf-16-le and utf-16-be.
## service - optional - The name of the service that generates the log.
## Overrides any `service` defined in the `init_config` section.
## tags - optional - Add tags to the collected logs.
##
## Discover Datadog log collection: https://docs.datadoghq.com/logs/log_collection/
#
# logs:
# - type: file
# path: /var/log/lighttpd/access.log
# source: lighttpd
# service: lighttpd
# - type: file
# path: /var/log/lighttpd/error.log
# source: lighttpd
# service: lighttpd