Onagre Agent Configuration
Overview
The Onagre Agent deployed within a client's infrastructure can be configured using a dedicated configuration file. This file defines connection details for resources to be monitored while keeping sensitive data secure within the private environment. It ensures that secrets, such as database credentials or message broker connections, remain local and are never transmitted to the Onagre platform.
Configuration File Location
The configuration file is stored based on the operating system:
| OS | Location |
|---|---|
| Windows | %LOCALAPPDATA%\Onagre\<agent_code>.conf |
| Linux | /etc/onagre/<agent_code>.conf |
Each configuration file is named after the agent code to allow multiple agents to run on the same infrastructure without conflicts.
Configuration Structure
The configuration file is in JSON format and contains a collection of secrets. Each secret is structured with three properties:
name: The unique identifier of the secret, consisting only ofa-z,A-Z,-, and.characters.type: The type of secret. Enum values:MSSQL,PostgreSQL,Oracle,MariaDB,MySQL,SQLite(for SQL databases)Redis(for key-value databases)RabbitMQ(for message brokers)data: The actual secret information, such as connection strings.
Security Considerations
- Local Storage: Secrets are stored locally within the agent's infrastructure and are not synchronized with the Onagre platform.
- Minimal Data Exchange: Only the secret's
typeandnameare sent to Onagre for validation, ensuring no sensitive credentials leave the private network. - Entrypoint Synchronization: The
nameandtypeattributes of each entry in the configuration file are synchronized to Onagre. These values appear in theEntrypointfield of SQL Compatible, KVDB, and DLQ sensors, allowing users to select the appropriate connection alias without exposing sensitive data. - TLS Encryption: All communications between the Onagre Agent and the platform are encrypted using TLS to secure transmitted metadata.
SQL Compatible Configuration
The SQL Compatible sensor requires database connection details. The type must be one of the following values: MSSQL, PostgreSQL, Oracle, MariaDB, MySQL, SQLite.
Microsoft SQL Server
{
"name": "eu-west.mssql.db096",
"type": "MSSQL",
"data": "Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;"
}
Postgres
{
"name": "eu-west.postgre.db062",
"type": "PostgreSQL",
"data": "Server=127.0.0.1;Port=5432;Database=myDataBase;User Id=myUsername;Password=myPassword;"
}
Oracle
{
"name": "eu-west.oracle.db041",
"type": "Oracle",
"data": "Server=127.0.0.1;Port=5432;Database=myDataBase;User Id=myUsername;Password=myPassword;"
}
Maria DB
{
"name": "eu-west.mariadb.db132",
"type": "MariaDB",
"data": "Server=127.0.0.1;Port=5432;Database=myDataBase;User Id=myUsername;Password=myPassword;"
}
MySQL
{
"name": "eu-west.mysql.db475",
"type": "MySQL",
"data": "Server=127.0.0.1;Port=5432;Database=myDataBase;User Id=myUsername;Password=myPassword;"
}
SQLite
Key-Value Database Configuration
The Key-Value DB (KVDB) Sensor supports Redis. Below is an example configuration :
Redis Configuration OptionsDead Letter Queue Configuration
The DLQ Sensor supports RabbitMQ. Below is an example configuration:
{
"name": "eu-west.broker.rabbit003",
"type": "RabbitMQ",
"data": "amqp://user:password@host:port/vhost"
}
Complete Configuration Example
Below is a sample configuration file containing multiple secrets. Each entry in the array represents a connection alias that can be referenced by sensors within the Onagre platform:
[
{
"name": "eu-west.mssql.db096",
"type": "MSSQL",
"data": "Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;"
},
{
"name": "eu-west.redis.cache02",
"type": "Redis",
"data": "redis0:6380"
},
{
"name": "eu-west.broker.rabbit003",
"type": "RabbitMQ",
"data": "amqp://user:password@host:port/vhost"
}
]