Skip to content

Configuration file

This is the default mfadmin configuration file.

```ini

STARTUP

[startup]

If flag=0, block the start of the module

flag=1

AUTORESTART

[autorestart]

If flag=1, then the autorestart feature is on

flag=1

MISC

[misc]

Max coredumps size (value for ulimit -c;

if core_size=-1, ulimit -c is not set)

core_size=0

tmp sub-directory (${MFMODULE_RUNTIME_HOME}/tmp) cleaning

0 => no automatic cleaning

x => clean files/directories older than x days

tmp_max_age=2

LOG

[log]

Log minimal level

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

minimal_level=INFO

Duplicate some log messages in JSON to a specific file (for external

monitoring tool)

If json_file value is :

null => the feature is desactivated

AUTO => the feature is desactivated (because it's not necessary anymore

since 1.2 version)

json_file=null

Minimal level for this json log file

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

Note: you can't send more messages to json log file than the configured global

minimal_level level (so also change the value of minimal_level key in

these uncommon use-cases)

json_minimal_level=WARNING

Send some log files to mfadmin

null => the feature is desactivated

AUTO => the feature is activated if [admin]/hostname != null

mfadmin_flag=AUTO

Minimal level for mfadmin send

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

Note: you can't send more messages to mfadmin than the configured global

minimal_level level (so also change the value of minimal_level key in

these uncommon use-cases)

mfadmin_minimal_level=WARNING

Maximum number of rotated files to keep

number_of_rotated_files=5

Max age of a log file before rotation (in seconds)

Default: 86400 (24H)

max_age_before_rotation=86400

Max size of a log file before rotation (in bytes)

Default: 104857600 (100 MB)

max_size_before_rotation=104857600

chmod on log files

Default : 0644

chmod=0644

Try to split stdout/stderr in distinct log files (when it's possible)

(1 => split, 0 => don't split)

try_to_split_stdout_stderr=0

Try to split multiple workers in distinct log files (when it's possible)

(1 => split, 0 => don't split)

try_to_split_multiple_workers=0

VECTOR

[vector]

UDP port used by vector syslog server (for mflog logs)

mflog_port = 5146

CIRCUS

[circus]

You don't have to change this

endpoint=ipc://{{MFMODULE_RUNTIME_HOME}}/var/circus.socket pubsub_endpoint=ipc://{{MFMODULE_RUNTIME_HOME}}/var/circus_pubsub.socket

Arbiter config setting (default 5 was not enough to prevent "ConflictError: arbiter is already running..." with circus 0.17.2

check_delay = 15

INFLUXDB

[influxdb]

Internal Influxdb port

port=18088

Public InfluxDB HTTP port

http_port=18086

LDAP

[ldap]

if flag=1, use LDAP for authentification

flag=0

internal port for LDAP authentification (not exposed)

port=27156

use this user for connecting to LDAP server (bind operation)

(if empty => connect anonymously)

bind_who=

bind password (see bind_who key)

bind_pass=

ldap url

url=ldap://yourldapserver:port

ldap search base

base=ou=people,dc=example,dc=com

if starttls=1 => use STARTTLS protocol option

starttls=0

GRAFANA

[grafana]

grafana admin password (length must be > 4)

(you have to restart the module if you change it)

admin_password=admin

If you want to serve grafana behind a reverse proxy

set the proxied public url here

(null => no reverse proxy and automatic configuration with

root_url = http://{{MFHOSTNAME_FULL}}:{{MFADMIN_NGINX_PORT}}/grafana)

reverse_proxy_root_url = null

smtp options

if host = null, the smtp service is disabled

smtp_host = null smtp_user = smtp_password = smtp_cert_file = smtp_key_file = smtp_from_name = Grafana smtp_from_address = admin@grafana.localhost smtp_skip_verify = true smtp_ehlo_identity =

ELASTICSEARCH

[elasticsearch]

Public ElasticSearch HTTP POrt

http_port=15603

Heap Size for ElasticSearch (-Xmx format)

(1g => 1 GB)

heap_size=1g

ElasticSearch node name

node_name={{MFHOSTNAME}}

https://www.elastic.co/guide/en/elasticsearch/reference/current/network.host.html

network_host=0.0.0.0

indices starting with "mflog-" and "nginx-" are destroyed after {indices_lifetime} days

-1 => no cleaning

indices_lifetime = 5

KIBANA

[kibana]

Public Kibana HTTP Port

http_port=15604

kibana admin password

added at nginx level

(you have to restart the module if you change it)

admin_password=admin

Encryption keys

something at least 32 characters

can be superseded by OPs

xpack_security_encryptionkey=541ca694529ab5916456cc7eb9b8cedfbdb9182fbaadd145 xpack_reporting_encryptionkey=8608cf617b392bd0590a0f97c1745a988192345df5bf8488

LOKI

[loki]

Port used by loki daemon

http_port=13600 http_alert_manager_port=19093

retention inside loki (in days)

logs_lifetime = 5

NGINX

[nginx]

Port of nginx daemon used to protect kibana

port=15605

Max body size for incoming http requests (in MB)

upload_max_body_size=100

Number of nginx workers

workers=2

Default timeout (in seconds)

You can override this in plugin config.ini

timeout=60

If logging=0, do not log anything in nginx_access.log

logging=0

In which tmp directory nginx put big request bodies

clientbody_temp_path=@@@MFMODULE_RUNTIME_HOME@@@/var/nginx2

```