Setting up the agent's environment

Note to Centreon Cloud users: The Centreon Monitoring Agent is still in its beta phase for Centreon Cloud. To get support, visit our dedicated group on The Watch.

Step 1: Configure Centreon

This step is performed via the central server's interface. (It is also possible to perform these steps using the Centreon Web API.)

Install the Monitoring Connector you need (OnPrem version)

On your central server, install the monitoring connector which will provide the templates and commands you need to configure the hosts and services monitored in Centreon. In the case of a Cloud platform, these connectors are already installed.

Linux

1. On your central server, go to Configuration > Connectors > Monitoring Connectors.
2. Install the Linux Centreon Monitoring Agent monitoring connector.

Windows

1. On your central server, go to Configuration > Connectors > Monitoring Connectors.
2. Install the Windows Centreon Monitoring Agent monitoring connector.

3. If you want to monitor a CMA-supported application, install the corresponding connector on your central server.

Update the Centreon Monitoring Agent connector (onPrem version)

1. Go to Configuration > Commands > Connectors.

2. Update the Centreon Monitoring Agent connector in the following way: in the Used by command field, type Centreon-Monitoring-Agent and then click Select all.

Create an authentication token

1. Go to Administration > Authentication tokens.

2. Create a token with the Centreon Monitoring Agent type.

   • You can select an expiration time. By default, tokens do not expire.
   • Keep the token generated for the agent configuration. If necessary, you can copy it to the clipboard at any time from the list of tokens.
   • You can use just one token for all your collectors and agents, or manage several for more precise control.

CMA authentication token behavior: deactivation/expiration/revocation

Agent connects to poller

• The monitoring engine checks the presence and validity of the token, and disconnects if the token is missing (because it has been disabled or revoked) or has expired. The message Token expired appears in the poller and agent logs.

Le collecteur se connecte à l'agent

• The agent checks the presence and validity of the token and disconnects if the token is missing (because it has been disabled or revoked) or has expired. The message Token expired appears in the poller and agent logs.

• When you disable or revoke a token, deploy the configuration for this action to take effect.

• Expiration takes effect immediately, without requiring any user action.

Create the host and services

Linux

On the central server, create the host and apply the OS-Linux-Centreon-Monitoring-Agent-custom host template to it. The template includes the Enable passive checks option, which is set to On.

Create the services associated with the host template.

Windows

On the central server, create the host and apply the OS-Windows-Centreon-Monitoring-Agent-custom host template to it. The template includes the Enable passive checks option, which is set to On.

Create the services associated with the host template.

Configure poller/agent communication

1. Go to the Configuration > Pollers > Agent configurations page, then click Add.
2. In the window that opens, select the Centreon Monitoring Agent agent type. Additional fields will appear.
3. Select the connection direction (default: the agent connects to the poller).

The agent connects to the poller

4. In the Settings section, select the poller(s) that will receive data from the agent.
5. In the OTLP Receiver section, enter the paths to the certificate files. See dedicated page to determine which files are required, depending on your configuration and the connection direction you want.

   If you are configuring multiple pollers at the same time, make sure that all certificate files have the same name.

6. Click Save.
7. Deploy the configuration by restarting the collection engine.

The poller connects to the agent

4. In the Settings section, select the poller that will connect to the agents.
5. In the Monitored Hosts section, select the host you created earlier. Its IP address will be displayed, and a default port will be entered. Change this information if necessary.
6. Enter the paths to the certificate files. See the dedicated page to determine which files are required, depending on your configuration and the connection direction you want.
7. Select the authentication token you created earlier. You can also create a token from this screen.
8. Add the host.
9. Repeat the operation for each host to be linked to this poller. To configure many hosts, we recommend using the dedicated APIs.
10. Deploy the configuration by restarting the collection engine.

This configuration is deployed on the poller in the /etc/centreon-engine/otl_server.json file. Please note that this file should not be edited manually as it is overwritten each time the configuration is deployed.

Step 2: Prepare the poller

This step is performed on the poller.

Configure the firewall

The agent connects to the poller

Run the following commands:

firewall-cmd --zone=public --add-port=4317/tcp --permanent

firewall-cmd --reload 

The poller connects to the agent

No action is required.

Configure encryption settings

See the dedicated section to determine which files are required, depending on your configuration and the connection direction you need.

Add CMA commands to your custom whitelists

If you are using whitelists on the poller (Cloud pollers have whitelists set by default), these must allow CMA commands. On the poller, in your custom whitelist file (e.g., /etc/centreon-engine-whitelist/my-whitelist.yml), include the following lines in the cma-whitelist block:

whitelist:
  regex:
    - \/usr\/lib(64)?\/nagios\/plugins\/.*
    - \/usr\/lib(64)?\/nagios\/plugins\/.check_.*
    
cma-whitelist:
  default:
    regex:
      - \/usr\/lib(?:64)?\/nagios\/plugins\/.*
      - \/usr\/lib(?:64)?\/centreon\/plugins\/.*
      - \/usr\/lib(?:64)?\/centreon\/plugins\/check_centreon_bam.*
      - \"C:\/Program Files\/Centreon\/Plugins\/centreon_plugins.exe\"\s+.+
      - ^\{\s*"check":".*\}$
      - \/usr\/bin\/echo\s+Host\s+alive
      - cmd\.exe\s+\/C\s+echo\s+.*

If necessary, you can specify whitelists by host. The syntax will be:

whitelist:
  regex:
    - \/usr\/lib(64)?\/nagios\/plugins\/.*
    - \/usr\/lib(64)?\/nagios\/plugins\/.check_.*
    
cma-whitelist:
  default:
    regex:
      - \/usr\/lib(?:64)?\/nagios\/plugins\/.*
      - \/usr\/lib(?:64)?\/centreon\/plugins\/.*
      - \/usr\/lib(?:64)?\/centreon\/plugins\/check_centreon_bam.*
      - \"C:\/Program Files\/Centreon\/Plugins\/centreon_plugins.exe\"\s+.+
      - ^\{\s*"check":".*\}$
      - \/usr\/bin\/echo\s+Host\s+alive
      - cmd\.exe\s+\/C\s+echo\s+.*
  hosts:
    - hostname:Host_1
    regex:
      - ...
      
    - hostname:Host_2
    regex:
      - ...

Make sure the correct access rigts are defined on all whitelist files:

chown root:centreon-engine /etc/centreon-engine-whitelist/my-whitelist.yml
chmod 0640 /etc/centreon-engine-whitelist/my-whitelist.yml
chown root:centreon-engine /etc/centreon-engine-whitelist
chmod 750 /etc/centreon-engine-whitelist

The behavior is as follows:

• If the whitelist block is filled in and the cma-whitelist block is absent, the monitoring engine will apply its whitelist (it will only allow the specified commands) and CMA will not apply a whitelist (all commands will be allowed).
• If both the whitelist and cma-whitelist blocks are filled in, the monitoring engine will apply the whitelist block and CMA will apply the cma-whitelist block (they will only allow the specified commands).
• If the whitelist block is absent and the cma-whitelist block is filled in, the monitoring engine will not apply a whitelist (all commands will be allowed) and CMA will apply the cma-whitelist block (it will only allow specified commands).
• If no block is filled in, no whitelist will be applied: all commands will be allowed.

Step 3: Prepare the host

This step is performed on the monitored host.

Download and install the agent

Linux

Install the Centreon repository and the agent

Install the Centreon repository and agent using the following commands:

Alma / RHEL / Oracle Linux 8

dnf install -y dnf-plugins-core
dnf config-manager --add-repo https://packages.centreon.com/rpm-standard/24.10/el8/centreon-24.10.repo
dnf install  centreon-monitoring-agent

Alma / RHEL / Oracle Linux 9

dnf install -y dnf-plugins-core
dnf config-manager --add-repo https://packages.centreon.com/rpm-standard/24.10/el9/centreon-24.10.repo
dnf install  compat-openssl11 centreon-monitoring-agent

Debian 11 & 12

apt-get update
apt-get -y install lsb-release gpg wget
echo "deb https://packages.centreon.com/apt-standard-24.10-stable $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/centreon.list
echo "deb https://packages.centreon.com/apt-plugins-stable/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/centreon-plugins.list

Then, import the repository key :

wget -O- https://apt-key.centreon.com | gpg --dearmor | tee /etc/apt/trusted.gpg.d/centreon.gpg > /dev/null 2>&1

Then, install agent :

apt-get update
apt install centreon-monitoring-agent

Ubuntu 22.04 & 24.04

1. Execute the following commands:

apt-get update
apt-get -y install lsb-release gpg wget
echo "deb https://packages.centreon.com/ubuntu-standard-24.10-stable $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/centreon.list
echo "deb https://packages.centreon.com/ubuntu-plugins-stable/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/centreon-plugins.list

2. Import the repository key:

wget -O- https://apt-key.centreon.com | gpg --dearmor | tee /etc/apt/trusted.gpg.d/centreon.gpg > /dev/null 2>&1

3. Install the agent :

apt-get update
apt install centreon-monitoring-agent

Configure centreon-monitoring-agent

Replace the contents of the /etc/centreon-monitoring-agent/centagent.json file with the following parameters :

Agent connects to poller

{
  "log_level":"info",
  "endpoint":"<POLLER IP/DNS>:4317",
  "host":"host_1",
  "log_type":"file",
  "log_file":"/var/log/centreon-monitoring-agent/centagent.log" ,
  "encryption":true,
  "ca_certificate":"/tmp/ca_1234.crt",
  "token":"<TOKEN>"
}

Poller connects to agent

{
  "log_level":"info",
  "endpoint":"0.0.0.0:4317",
  "host":"host_1",
  "log_type":"file",
  "log_file":"/var/log/centreon-monitoring-agent/centagent.log" ,
  "reversed_grpc_streaming":true,
  "encryption":true,
  "private_key":"/tmp/server_1234.key",
  "public_cert":"/tmp/server_1234.crt",
  "ca_certificate":"/tmp/ca_1234.crt",
  "token":"<TOKEN>"
}

Important: in the Host field, enter the name of the host to be monitored as you entered it in the Centreon interface. If absent, the agent will use the machine's hostname. This name will be the matching key used to send data back to the Centreon host.

Configure encryption parameters

See dedicated section to identify which files are required, depending on your configuration and direction.

Configure the logs

You can configure two kinds of log output:

• file: the CMA logs into a file, the path is configured in the log_file option.
• stdout: standard output is used.

If you choose to log into a file, log rotation can be customized using the log_max_file_size and log_max_files options.

Allowed log levels are:

• off: no logs
• critical: critical errors
• error: all errors
• info: additional information
• debug: more information about connections
• trace: the most verbose trace level showing messages sent and received to the poller

Restart the agent

systemctl restart centagent

You can check that the agent is running using the following command:

systemctl status centagent

Windows

Download the CMA installer (Custom Platform tab then Monitoring Agent tab), on every server you want to monitor.

The CMA installer can be executed in 2 modes:

Interactive mode

1. Start the installer (during the configuration, you can click on the (i) icons for help). If you choose to install centreon-plugins, the installer will try to download and install the latest version of the Centreon plugins. If it can't (no web connection, network issue...), a popup is displayed to ask confirmation before using embedded plugins.

   Results are displayed in the installer's window.

2. Configure the endpoint and the connection direction:

   • Host name in Centreon. This must be the name of the host as you have defined it in the Centreon interface.

     Warning : This name will be the unique key for mapping data to the right Centreon host. It must be strictly identical to the Centreon host name (case sensitive).

   • In most cases (the agent connects to the poller), you have to enter the poller's endpoint. The correct format is <poller IP or DNS name>:port (OpenTelemetry listening port on the poller, usually 4317), for example 192.168.45.32:4317.
   • In case of a poller-initiated connection (the poller connects to the agent), you have to choose a host interface (0.0.0.0 for all interfaces) and the listening port on which poller will connect, usually 4317.

Agent connects to poller

• In Poller endpoint, enter the poller's IP/DNS, followed by listening port, usually 4317. For example, 192.168.45.32:4317.

Poller connects to agent

• Listening interface can keep the default value (0.0.0.0:4317) and will be the interface through which the agent accepts incoming connections from the poller. (0.0.0.0) means 'all interfaces'. You can restrict this value for security reasons.

Silent mode (console)

In this mode, there is no interface. As this installer is not a console program, it returns immediately despite not having finished. You have to wait for a message telling you that all is finished. If you want to have an exit status, you can launch the installer in a powershell session and wait for the exit code. The exit code will be 0 if all is right.

To run it in silent mode, you need to set /S as the first argument. You can display a list of arguments with the following command:

centreon-monitoring-agent.exe /S --help

Available parameters are :

flag	description
--install_cma	Set this flag if you want to install the Centreon Monitoring Agent
--install_plugins	Set this flag if you want to download and install the latest version of Centreon plugins
--install_embedded_plugins	Set this flag if you want to install Centreon plugins embedded in the installer (case of a host that cannot access the internet)
--hostname	The name of the host as defined in the Centreon interface.
--endpoint	IP address of DNS name of the poller the agent will connect to. In case of Poller-initiated connection mode, it is the interface and port on which the agent will accept connections from the poller. 0.0.0.0 means all interfaces. The format is (IP or DNS name):(port)
--reverse	Add this flag for Poller-initiated connection mode.
--log_type	event_log or file. In case of logging in a file, log_file param is mandatory
--log_level	can be off, critical, error, warning, debug or trace
--log_file	log files path.
--log_max_file_size	max file in Mo before rotate.
--log_max_files	max number of log files before delete. For the rotation of logs to be active, it is necessary that both parameters 'Max File Size' and 'Max number of files' are set.
--encryption	Add this flag for encrypt connection with poller.
--private_key	Private key file path. Mandatory if encryption and poller-initiated connection are active.
--public_cert	Public certificate file path. Mandatory if encryption and poller-initiated connection are active.
--ca	Trusted CA's certificate file path.
--ca_name	Expected TLS certificate common name (CN).

| --token | Authentication token. If you use the --install_plugins option but the download of the plugins fails, the installer will install the plugins embedded in the installer.

Configuration data

Data defined through the installer or silent mode is stored in the registry:

\HKEY_LOCAL_MACHINE\SOFTWARE\Centreon\CentreonMonitoringAgent

Configure encryption parameters

See dedicated section to identify which files are required, depending on your configuration and direction.

Configure the logs

You can configure two kinds of log output:

• eventlog: the CMA logs in the Windows Event Viewer .
• file: the CMA logs into a file

If you choose to log into a file, log rotation can be customized using the log_max_file_size and log_max_files options.

Allowed log levels are:

• off: no logs
• critical: critical errors
• error: all errors
• info: additional information
• debug: more information about connections
• trace: the most verbose trace level showing messages sent and received to the poller.

Deploy the Centreon agent plugins on the host (Linux)

If you are using Centreon connectors and non-native controls on Linux:

1. Enable our plugins repository and install the plugins:

This repository will provide you our packaged plugins as well as the dependencies that are not available in the standard distribution repositories.

Alma / RHEL / Oracle Linux 8

dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled powertools

cat >/etc/yum.repos.d/centreon-plugins.repo <<'EOF'
[centreon-plugins-stable]
name=Centreon plugins repository.
baseurl=https://packages.centreon.com/rpm-plugins/el8/stable/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-stable-noarch]
name=Centreon plugins repository.
baseurl=https://packages.centreon.com/rpm-plugins/el8/stable/noarch/
enabled=1
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-testing]
name=Centreon plugins repository. (UNSUPPORTED)
baseurl=https://packages.centreon.com/rpm-plugins/el8/testing/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-testing-noarch]
name=Centreon plugins repository. (UNSUPPORTED)
baseurl=https://packages.centreon.com/rpm-plugins/el8/testing/noarch/
enabled=0
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-unstable]
name=Centreon plugins repository. (UNSUPPORTED)
baseurl=https://packages.centreon.com/rpm-plugins/el8/unstable/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-unstable-noarch]
name=Centreon plugins repository. (UNSUPPORTED)
baseurl=https://packages.centreon.com/rpm-plugins/el8/unstable/noarch/
enabled=0
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1
EOF

2. Install the plugin:

dnf install -y centreon-plugin-Operatingsystems-Linux-Local.noarch

Alma / RHEL / Oracle Linux 9

dnf install dnf-plugins-core
dnf install epel-release
dnf config-manager --set-enabled crb

cat >/etc/yum.repos.d/centreon-plugins.repo <<'EOF'
[centreon-plugins-stable]
name=Centreon plugins repository.
baseurl=https://packages.centreon.com/rpm-plugins/el9/stable/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-stable-noarch]
name=Centreon plugins repository.
baseurl=https://packages.centreon.com/rpm-plugins/el9/stable/noarch/
enabled=1
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-testing]
name=Centreon plugins repository. (UNSUPPORTED)
baseurl=https://packages.centreon.com/rpm-plugins/el9/testing/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-testing-noarch]
name=Centreon plugins repository. (UNSUPPORTED)
baseurl=https://packages.centreon.com/rpm-plugins/el9/testing/noarch/
enabled=0
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-unstable]
name=Centreon plugins repository. (UNSUPPORTED)
baseurl=https://packages.centreon.com/rpm-plugins/el9/unstable/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1

[centreon-plugins-unstable-noarch]
name=Centreon plugins repository. (UNSUPPORTED)
baseurl=https://packages.centreon.com/rpm-plugins/el9/unstable/noarch/
enabled=0
gpgcheck=1
gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
module_hotfixes=1
EOF

2. Install the plugin:

dnf install -y centreon-plugin-Operatingsystems-Linux-Local.noarch

Debian 11 & 12

apt update && apt install lsb-release ca-certificates apt-transport-https software-properties-common wget gnupg2 curl

wget -O- https://apt-key.centreon.com | gpg --dearmor | tee /etc/apt/trusted.gpg.d/centreon.gpg > /dev/null 2>&1
echo "deb https://packages.centreon.com/apt-plugins-stable/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/centreon-plugins.list
apt-get update

2. Install the plugin:

apt -y install centreon-plugin-operatingsystems-linux-local

Step 4: Test if the agent works

See dedicated section.