-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
conf.yaml.example
558 lines (493 loc) · 21.4 KB
/
conf.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
## All options defined here are available to all instances.
#
init_config:
## @param proxy - mapping - optional
## Set HTTP or HTTPS proxies for all instances. Use the `no_proxy` list
## to specify hosts that must bypass proxies.
##
## The SOCKS protocol is also supported like so:
##
## socks5://user:pass@host:port
##
## Using the scheme `socks5` causes the DNS resolution to happen on the
## client, rather than on the proxy server. This is in line with `curl`,
## which uses the scheme to decide whether to do the DNS resolution on
## the client or proxy. If you want to resolve the domains on the proxy
## server, use `socks5h` as the scheme.
#
# proxy:
# http: http://<PROXY_SERVER_FOR_HTTP>:<PORT>
# https: https://<PROXY_SERVER_FOR_HTTPS>:<PORT>
# no_proxy:
# - <HOSTNAME_1>
# - <HOSTNAME_2>
## @param skip_proxy - boolean - optional - default: false
## If set to `true`, this makes the check bypass any proxy
## settings enabled and attempt to reach services directly.
#
# skip_proxy: false
## @param timeout - number - optional - default: 10
## The timeout for connecting to services.
#
# timeout: 10
## @param service - string - optional
## Attach the tag `service:<SERVICE>` to every metric, event, and service check emitted by this integration.
##
## Additionally, this sets the default `service` for every log source.
#
# service: <SERVICE>
## Every instance is scheduled independently of the others.
#
instances:
## @param name - string - required
## Name of your HTTP check instance.
##
## Note: The `instance` tag takes the value of this parameter and normalizes all `,+*-/()[]{}` characters into `_`.
#
- name: My first service
## @param url - string - required
## Url to check
## Non-standard ports are supported using http://hostname:port syntax
#
url: http://some.url.example.com
## @param method - string - optional - default: get
## The method parameter allows you to change the HTTP method used in the request.
#
# method: get
## @param data - mapping or string - optional
## If any one of the POST, PUT, DELETE, or PATCH method is specified, you can choose to send data in the body of the
## request with the data parameter.
## SOAP requests are supported if you use the POST method and supply an XML string as the data parameter.
#
# data:
# <KEY>: <VALUE>
## @param content_match - string - optional
## The content_match parameter allows the check
## to look for a particular string within the response. The check
## will report as DOWN if the string is not found.
##
## content_match uses Python regular expressions which means that
## you will have to escape the following "special" characters with
## a backslash (\) if you're trying to match them in your content:
## . ^ $ * + ? { } [ ] \ | ( )
##
## Examples:
## content_match: 'In Stock'
## content_match: '^(Bread|Apples|Very small rocks|Cider|Gravy|Cherries|Mud|Churches|Lead) float(s)? in water'
#
# content_match: <REGEX>
## @param reverse_content_match - boolean - optional - default: false
## The reverse_content_match parameter will allow the content_match
## to work the other way around. That means that the check will report
## as DOWN if the string is found.
#
# reverse_content_match: false
## @param http_response_status_code - string or integer - optional - default: (1|2|3)\d\d
## The http_response_status_code parameter will instruct the check
## to look for a particular HTTP response status code or a Regex identifying
## a set of possible status codes.
## The check will report as DOWN if status code returned differs.
## This defaults to 1xx, 2xx and 3xx HTTP status code.
#
# http_response_status_code: (1|2|3)\d\d
## @param include_content - boolean - optional - default: false
## The include_content parameter will instruct the check
## to include the first 500 characters of the HTTP response body
## in notifications sent by this plugin. This is best used with
## "healthcheck"-type URLs, where the body contains a brief, human-
## readable summary of failure reasons in the case of errors.
#
# include_content: false
## @param collect_response_time - boolean - optional - default: true
## Set collect_response_time parameter to true to instruct the check to
## create a metric 'network.http.response_time', tagged with
## the url, reporting the response time in seconds.
#
# collect_response_time: true
## @param check_certificate_expiration - boolean - optional - default: true
## The check_certificate_expiration will instruct the check
## to create a service check that checks the expiration of the
## ssl certificate. Allow for a warning to occur when x days are
## left in the certificate, and alternatively raise a critical
## warning if the certificate is y days from the expiration date.
##
## When "days" doesn't provide enough granularity (e.g. when a certificate is
## expected to expire in less than 24h) "seconds" can be used. Please note
## that configuration parameters expressed in seconds take precedence over
## the corresponding ones expressed in days.
##
## By default, for the expiration check, the Agent validates the SSL certificate
## hostname against the host of the provided url.
#
# check_certificate_expiration: true
## @param use_cert_from_response - boolean - optional - default: true
## By default, the check makes a direct TCP connection to the server defined by the URL
## when the `check_certificate_expiration` option is enabled. This connection happens
## after the HTTP(S) request. When this option is enabled, the check instead uses the
## certificate from the original response to check the expiration.
#
# use_cert_from_response: true
## @param tls_retrieve_non_validated_cert - boolean - optional - default: false
## When set to true along with enabling `check_certificate_expiration`, this option allows certificates
## to be retrieved from a peer whether or not `tls_verify` is set to true or false. This allows the
## certificate to be examined for an expiration date in either case.
##
## This option has no effect if `use_cert_from_response` is enabled.
#
# tls_retrieve_non_validated_cert: false
## @param days_warning - integer - optional
## Express warning threshold for the HTTP check in days
#
# days_warning: <DAYS_WARNING>
## @param days_critical - integer - optional
## Express critical threshold for the HTTP check in days
#
# days_critical: <DAYS_CRITICAL>
## @param seconds_warning - integer - optional
## Alternatively to days_warning, seconds_warning expresses
## the warning threshold for the HTTP check in second
#
# seconds_warning: <SECONDS_WARNING>
## @param seconds_critical - integer - optional
## Alternatively to days_critical, seconds_warning expresses
## the critical threshold for the HTTP check in second
#
# seconds_critical: <SECONDS_CRITICAL>
## @param ssl_server_name - string - optional
## If necessary and check_hostname is set to true,
## override the hostname to match with ssl_server_name.
#
# ssl_server_name: <SSL_SERVER_NAME>
## @param stream - boolean - optional - default: false
## The stream parameter can be used to check the status code and/or
## response time of URLs that return an endless stream of data.
#
# stream: false
## @param include_default_headers - boolean - optional - default: true
## The (optional) include_default_headers parameter instructs the check to include the default headers.
## Default headers can be found at:
## https://github.com/DataDog/integrations-core/blob/master/datadog_checks_base/datadog_checks/utils/headers.py
#
# include_default_headers: true
## @param tags - list of strings - optional
## A list of tags to attach to every metric and service check emitted by this instance.
##
## Learn more about tagging at https://docs.datadoghq.com/tagging
#
# tags:
# - <KEY_1>:<VALUE_1>
# - <KEY_2>:<VALUE_2>
## @param service - string - optional
## Attach the tag `service:<SERVICE>` to every metric, event, and service check emitted by this integration.
##
## Overrides any `service` defined in the `init_config` section.
#
# service: <SERVICE>
## @param min_collection_interval - number - optional - default: 15
## This changes the collection interval of the check. For more information, see:
## https://docs.datadoghq.com/developers/write_agent_check/#collection-interval
#
# min_collection_interval: 15
## @param empty_default_hostname - boolean - optional - default: false
## This forces the check to send metrics with no hostname.
##
## This is useful for cluster-level checks.
#
# empty_default_hostname: false
## @param metric_patterns - mapping - optional
## A mapping of metrics to include or exclude, with each entry being a regular expression.
##
## Metrics defined in `exclude` will take precedence in case of overlap.
#
# metric_patterns:
# include:
# - <INCLUDE_REGEX>
# exclude:
# - <EXCLUDE_REGEX>
## @param proxy - mapping - optional
## This overrides the `proxy` setting in `init_config`.
##
## Set HTTP or HTTPS proxies for this instance. Use the `no_proxy` list
## to specify hosts that must bypass proxies.
##
## The SOCKS protocol is also supported, for example:
##
## socks5://user:pass@host:port
##
## Using the scheme `socks5` causes the DNS resolution to happen on the
## client, rather than on the proxy server. This is in line with `curl`,
## which uses the scheme to decide whether to do the DNS resolution on
## the client or proxy. If you want to resolve the domains on the proxy
## server, use `socks5h` as the scheme.
#
# proxy:
# http: http://<PROXY_SERVER_FOR_HTTP>:<PORT>
# https: https://<PROXY_SERVER_FOR_HTTPS>:<PORT>
# no_proxy:
# - <HOSTNAME_1>
# - <HOSTNAME_2>
## @param skip_proxy - boolean - optional - default: false
## This overrides the `skip_proxy` setting in `init_config`.
##
## If set to `true`, this makes the check bypass any proxy
## settings enabled and attempt to reach services directly.
#
# skip_proxy: false
## @param auth_type - string - optional - default: basic
## The type of authentication to use. The available types (and related options) are:
##
## - basic
## |__ username
## |__ password
## |__ use_legacy_auth_encoding
## - digest
## |__ username
## |__ password
## - ntlm
## |__ ntlm_domain
## |__ password
## - kerberos
## |__ kerberos_auth
## |__ kerberos_cache
## |__ kerberos_delegate
## |__ kerberos_force_initiate
## |__ kerberos_hostname
## |__ kerberos_keytab
## |__ kerberos_principal
## - aws
## |__ aws_region
## |__ aws_host
## |__ aws_service
##
## The `aws` auth type relies on boto3 to automatically gather AWS credentials, for example: from `.aws/credentials`.
## Details: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#configuring-credentials
#
# auth_type: basic
## @param use_legacy_auth_encoding - boolean - optional - default: true
## When `auth_type` is set to `basic`, this determines whether to encode as `latin1` rather than `utf-8`.
#
# use_legacy_auth_encoding: true
## @param username - string - optional
## The username to use if services are behind basic or digest auth.
#
# username: <USERNAME>
## @param password - string - optional
## The password to use if services are behind basic or NTLM auth.
#
# password: <PASSWORD>
## @param ntlm_domain - string - optional
## If your services use NTLM authentication, specify
## the domain used in the check. For NTLM Auth, append
## the username to domain, not as the `username` parameter.
#
# ntlm_domain: <NTLM_DOMAIN>\<USERNAME>
## @param kerberos_auth - string - optional - default: disabled
## If your services use Kerberos authentication, you can specify the Kerberos
## strategy to use between:
##
## - required
## - optional
## - disabled
##
## See https://github.com/requests/requests-kerberos#mutual-authentication
#
# kerberos_auth: disabled
## @param kerberos_cache - string - optional
## Sets the KRB5CCNAME environment variable.
## It should point to a credential cache with a valid TGT.
#
# kerberos_cache: <KERBEROS_CACHE>
## @param kerberos_delegate - boolean - optional - default: false
## Set to `true` to enable Kerberos delegation of credentials to a server that requests delegation.
##
## See https://github.com/requests/requests-kerberos#delegation
#
# kerberos_delegate: false
## @param kerberos_force_initiate - boolean - optional - default: false
## Set to `true` to preemptively initiate the Kerberos GSS exchange and
## present a Kerberos ticket on the initial request (and all subsequent).
##
## See https://github.com/requests/requests-kerberos#preemptive-authentication
#
# kerberos_force_initiate: false
## @param kerberos_hostname - string - optional
## Override the hostname used for the Kerberos GSS exchange if its DNS name doesn't
## match its Kerberos hostname, for example: behind a content switch or load balancer.
##
## See https://github.com/requests/requests-kerberos#hostname-override
#
# kerberos_hostname: <KERBEROS_HOSTNAME>
## @param kerberos_principal - string - optional
## Set an explicit principal, to force Kerberos to look for a
## matching credential cache for the named user.
##
## See https://github.com/requests/requests-kerberos#explicit-principal
#
# kerberos_principal: <KERBEROS_PRINCIPAL>
## @param kerberos_keytab - string - optional
## Set the path to your Kerberos key tab file.
#
# kerberos_keytab: <KEYTAB_FILE_PATH>
## @param auth_token - mapping - optional
## This allows for the use of authentication information from dynamic sources.
## Both a reader and writer must be configured.
##
## The available readers are:
##
## - type: file
## path (required): The absolute path for the file to read from.
## pattern: A regular expression pattern with a single capture group used to find the
## token rather than using the entire file, for example: Your secret is (.+)
## - type: oauth
## url (required): The token endpoint.
## client_id (required): The client identifier.
## client_secret (required): The client secret.
## basic_auth: Whether the provider expects credentials to be transmitted in
## an HTTP Basic Auth header. The default is: false
## options: Mapping of additional options to pass to the provider, such as the audience
## or the scope. For example:
## options:
## audience: https://example.com
## scope: read:example
##
## The available writers are:
##
## - type: header
## name (required): The name of the field, for example: Authorization
## value: The template value, for example `Bearer <TOKEN>`. The default is: <TOKEN>
## placeholder: The substring in `value` to replace with the token, defaults to: <TOKEN>
#
# auth_token:
# reader:
# type: <READER_TYPE>
# <OPTION_1>: <VALUE_1>
# <OPTION_2>: <VALUE_2>
# writer:
# type: <WRITER_TYPE>
# <OPTION_1>: <VALUE_1>
# <OPTION_2>: <VALUE_2>
## @param aws_region - string - optional
## If your services require AWS Signature Version 4 signing, set the region.
##
## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
#
# aws_region: <AWS_REGION>
## @param aws_host - string - optional
## If your services require AWS Signature Version 4 signing, set the host.
## This only needs the hostname and does not require the protocol (HTTP, HTTPS, and more).
## For example, if connecting to https://us-east-1.amazonaws.com/, set `aws_host` to `us-east-1.amazonaws.com`.
##
## Note: This setting is not necessary for official integrations.
##
## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
#
# aws_host: <AWS_HOST>
## @param aws_service - string - optional
## If your services require AWS Signature Version 4 signing, set the service code. For a list
## of available service codes, see https://docs.aws.amazon.com/general/latest/gr/rande.html
##
## Note: This setting is not necessary for official integrations.
##
## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
#
# aws_service: <AWS_SERVICE>
## @param tls_verify - boolean - optional - default: false
## Instructs the check to validate the TLS certificate of services.
#
# tls_verify: false
## @param tls_use_host_header - boolean - optional - default: false
## If a `Host` header is set, this enables its use for SNI (matching against the TLS certificate CN or SAN).
#
# tls_use_host_header: false
## @param tls_ignore_warning - boolean - optional - default: false
## If `tls_verify` is disabled, security warnings are logged by the check.
## Disable those by setting `tls_ignore_warning` to true.
#
# tls_ignore_warning: false
## @param tls_cert - string - optional
## The path to a single file in PEM format containing a certificate as well as any
## number of CA certificates needed to establish the certificate's authenticity for
## use when connecting to services. It may also contain an unencrypted private key to use.
#
# tls_cert: <CERT_PATH>
## @param tls_private_key - string - optional
## The unencrypted private key to use for `tls_cert` when connecting to services. This is
## required if `tls_cert` is set and it does not already contain a private key.
#
# tls_private_key: <PRIVATE_KEY_PATH>
## @param tls_ca_cert - string - optional
## The path to a file of concatenated CA certificates in PEM format or a directory
## containing several CA certificates in PEM format. If a directory, the directory
## must have been processed using the `openssl rehash` command. See:
## https://www.openssl.org/docs/man3.2/man1/c_rehash.html
#
# tls_ca_cert: <CA_CERT_PATH>
## @param tls_protocols_allowed - list of strings - optional
## The expected versions of TLS/SSL when fetching intermediate certificates.
## Only `SSLv3`, `TLSv1.2`, `TLSv1.3` are allowed by default. The possible values are:
## SSLv3
## TLSv1
## TLSv1.1
## TLSv1.2
## TLSv1.3
#
# tls_protocols_allowed:
# - SSLv3
# - TLSv1.2
# - TLSv1.3
## @param headers - mapping - optional
## The headers parameter allows you to send specific headers with every request.
## You can use it for explicitly specifying the host header or adding headers for
## authorization purposes.
##
## This overrides any default headers.
#
# headers:
# Host: <ALTERNATIVE_HOSTNAME>
# X-Auth-Token: <AUTH_TOKEN>
## @param extra_headers - mapping - optional
## Additional headers to send with every request.
#
# extra_headers:
# Host: <ALTERNATIVE_HOSTNAME>
# X-Auth-Token: <AUTH_TOKEN>
## @param timeout - number - optional - default: 10
## The timeout for accessing services.
##
## This overrides the `timeout` setting in `init_config`.
#
# timeout: 10
## @param connect_timeout - number - optional
## The connect timeout for accessing services. Defaults to `timeout`.
#
# connect_timeout: <CONNECT_TIMEOUT>
## @param read_timeout - number - optional
## The read timeout for accessing services. Defaults to `timeout`.
#
# read_timeout: <READ_TIMEOUT>
## @param request_size - number - optional - default: 16
## The number of kibibytes (KiB) to read from streaming HTTP responses at a time.
#
# request_size: 16
## @param log_requests - boolean - optional - default: false
## Whether or not to debug log the HTTP(S) requests made, including the method and URL.
#
# log_requests: false
## @param persist_connections - boolean - optional - default: false
## Whether or not to persist cookies and use connection pooling for improved performance.
#
# persist_connections: false
## @param allow_redirects - boolean - optional - default: true
## Whether or not to allow URL redirection.
#
# allow_redirects: true
## @param tls_private_key_password - string - optional
## Optional password to decrypt tls_private_key.
##
## Setting this implicitly sets `tls_verify` to true.
#
# tls_private_key_password: <PRIVATE_KEY_PASSWORD>
## @param tls_validate_hostname - boolean - optional - default: true
## Verifies that the server's cert hostname matches the one requested.
#
# tls_validate_hostname: true