From bf817ce51bda960defd900afb5474d356cd42eff Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Sat, 25 Apr 2009 23:27:49 +0200 Subject: [PATCH] collectd.conf(5): Document the new authentication stuff. --- src/collectd.conf.pod | 117 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 76 insertions(+), 41 deletions(-) diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod index b335488c..a3834ff3 100644 --- a/src/collectd.conf.pod +++ b/src/collectd.conf.pod @@ -1550,45 +1550,39 @@ specified statistics will not be collected. =head2 Plugin C -=over 4 - -=item B I [I] - -=item B I [I] - -The B statement sets the server to send datagrams B. The statement -may occur multiple times to send each datagram to multiple destinations. - -The B statement sets the interfaces to bind to. When multiple -statements are found the daemon will bind to multiple interfaces. - -The argument I may be a hostname, an IPv4 address or an IPv6 address. If -the argument is a multicast address the daemon will join that multicast group. - -If no B statement is found the server tries join both, the default IPv6 -multicast group and the default IPv4 multicast group. If no B statement -is found the client will try to send data to the IPv6 multicast group first. If -that fails the client will try the IPv4 multicast group. +The Network plugin sends data to a remote instance of collectd, receives data +from a remote instance, or both at the same time. Data which has been received +from the network is usually not transmitted again, but this can be actived, see +the B option below. The default IPv6 multicast group is C. The default IPv4 -multicast group is C<239.192.74.66>. - -The optional I argument sets the port to use. It can either be given -using a numeric port number or a service name. If the argument is omitted the -default port B<25826> is assumed. +multicast group is C<239.192.74.66>. The default I port is B<25826>. -Both, B and B can be used as block, too, to provide -configuration options for this socket only. For example: +Both, B and B can be used as single option or as block. When +used as block, given options are valid for this socket only. For example: - + Server "collectd.internal.tld" + SecurityLevel "sign" - Secret "ohl0eQue" + Username "myhostname" + Password "ohl0eQue" -The following options are understood within BServerE> and -BListenE> blocks: +=over 4 + +=item BServer> I [I]B> + +The B statement/block sets the server to send datagrams to. The +statement may occur multiple times to send each datagram to multiple +destinations. + +The argument I may be a hostname, an IPv4 address or an IPv6 address. The +optional second argument specifies a port number or a service name. If not +given, the default, B<25826>, is used. + +The following options are recognized within B blocks: =over 4 @@ -1596,26 +1590,67 @@ BListenE> blocks: Set the security you require for network communication. When the security level has been set to B, data sent over the network will be encrypted using -I and only encrypted data will be accepted when receiving. The -integrity of encrypted packets is ensures using I. When set to B, -transmitted data is signed using the I message authentication -code and only signed and encrypted data is accepted when receiving. When set to -B, data is sent without any security and all data is accepted when -receiving. +I. The integrity of encrypted packets is ensured using I. When +set to B, transmitted data is signed using the I message +authentication code. When set to B, data is sent without any security. This feature is only available if the I plugin was linked with I. -=item B I +=item B I -Sets a shared secret for this socket. All security levels except B -require this setting. For B this setting is only required if you want to -be able to decrypt encrypted data (B is set to B on the -client). +Sets the username to transmit. This is used by the server to lookup the +password. See B below. All security levels except B require +this setting. This feature is only available if the I plugin was linked with I. +=item B I + +Sets a password (shared secret) for this socket. All security levels except +B require this setting. + +This feature is only available if the I plugin was linked with +I. + +=back + +=item BListen> I [I]B> + +The B statement sets the interfaces to bind to. When multiple +statements are found the daemon will bind to multiple interfaces. + +The argument I may be a hostname, an IPv4 address or an IPv6 address. If +the argument is a multicast address the daemon will join that multicast group. +The optional second argument specifies a port number or a service name. If not +given, the default, B<25826>, is used. + +The following options are recognized within CListenE> blocks: + +=over 4 + +=item B B|B|B + +Set the security you require for network communication. When the security level +has been set to B, only encrypted data will be accepted. The integrity +of encrypted packets is ensured using I. When set to B, only +signed and encrypted data is accepted. When set to B, all data will be +accepted. If an B option was given (see below), encrypted data is +decrypted if possible. + +This feature is only available if the I plugin was linked with +I. + +=item B I + +Sets a file in which usernames are mapped to passwords. These passwords are +used to verify signatures and to decrypt encrypted network packets. If +B is set to B, this is optional. If given, signed data is +verified and encrypted packets are decrypted. Otherwise, signed data is +accepted without checking the signature and encrypted data cannot be decrypted. +For the other security levels this option is mandatory. + =back =item B I<1-255> -- 2.11.0