Customize ActiveGate properties
Before you begin
Understand the basic ActiveGate configuration concepts related to the property files.
Basic rules for working with ActiveGate configuration
-
ActiveGate property files
Many ActiveGate configuration settings (for example, connectivity and proxy settings, ciphers, or memory dump settings), are stored in the
config.propertiesandcustom.propertiesproperties files, which are located in the ActiveGate configuration directory. The properties listed in the property files are applicable for both Environment ActiveGates and Cluster ActiveGates. -
Do not modify settings in config.properties
The
config.propertiesconfiguration file contains the default settings with which your ActiveGate is installed. This configuration file is overwritten during each update of ActiveGate. Thus, any customized settings stored in this file will be lost (with some exceptions). -
Specify customized settings in custom.properties
Settings stored in
custom.propertiestake precedence over corresponding settings inconfig.properties, and the file is copied to the newly installed version of ActiveGate during update.The configuration files are divided into
[sections], which are denoted by square brackets.
To specify customized settings incustom.properties, enter section names and include the appropriate properties within these sections.You can use the
config.txtfile as a reference when you add your custom settings to thecustom.propertiesfile. Theconfig.txtfile, which is also located in the ActiveGate configuration directory, is not used by ActiveGate, however it contains a reference list of possible configuration properties. Alternatively, you can first locate the relevant section in theconfig.propertiesfile and then copy the section title along with the names of the desired properties intocustom.properties.
After that, you can modify the entries in the section, as appropriate. -
Restart required
If you modify your ActiveGate configuration, you must restart the ActiveGate service to put your changes into effect.
ActiveGate modules
ActiveGate uses embedded modules to run a number of monitoring processes. Learn more about ActiveGate purposes.
- AWS monitoring
- Azure monitoring
- Cloud Foundry monitoring
- Kubernetes monitoring
- Log Monitoring
- VMware monitoring
- Oracle database insights
- ActiveGate extensions
- Mainframe monitoring
- Dynatrace Synthetic tests from private Synthetic locations
A module is active if the corresponding configuration property is listed with value true in the configuration section dedicated to the module. Note, however, that you can't enable all modules using custom.properties simply by changing the value of a property: if you installed your ActiveGate to serve as a private Synthetic location or to monitor mainframe, and you need to change your ActiveGate purpose, you have to reinstall the ActiveGate.
Active modules are listed on the Deployment status page.
In addition to configuration sections dedicated to specific ActiveGate functionality, each ActiveGate modules has its own section in the configuration. Settings specified in this section apply specifically to that module. This applies, for example, to proxy settings. However, not all settings can be repeated in this way and specified for a module: Each module section has only a limited number of options that it accepts. Do NOT copy configuration settings between sections, unless specifically instructed to do so.
Section: [connectivity]
| Property | Default value | Description |
|---|---|---|
dnsEntryPoint |
unset | Define the entry point for the ActiveGate (for example, https://sg1.mydomain.com:9999). Via this URL, the ActiveGate is accessed by Dynatrace OneAgent. If not set, an auto-detected endpoint will be used. This entry can be used if the ActiveGate is accessed via, for example, an external IP address or load balancer. Depending on your ActiveGate deployment, make sure you use the right prefix, http or https, otherwise your OneAgents won't be able to connect. |
networkZone |
unset | Defines the network zone to which the ActiveGate belongs. An ActiveGate can belong to only one network zone. The name of a network zone is a string of alphanumeric characters, hyphens ( |
Section: [com.compuware.apm.webserver]
| Property | Default value | Description |
|---|---|---|
port-ssl |
9999 |
The port where the ActiveGate listens for traffic from OneAgent—used for HTTPS connection. If you need to change the port value, see custom Plugin Module configuration |
port |
unset | The port where the ActiveGate listens for traffic from OneAgent—used for HTTP connection. It is disabled by default. On Linux, a value > 1024 is recommended, to ensure no root privileges are required. |
ssl-protocols |
TLSv1.2 |
Supported SSL protocols. Can be one or a list of the following values:TLSv1, TLSv1.1, TLSv1.2 |
excluded-ciphers |
unset | List of additionally excluded ciphers (ciphers are defined by a substring matching at least a part of the cipher name, for example _DHE_) |
certificate-file |
unset | Path to PKCS#12 file containing certificates to be used by ActiveGate web server. Please also see Configuration of custom SSL certificate on ActiveGate. |
certificate-password |
unset | Password to open the certificate file. |
certificate-alias |
unset | Friendly name of the certificate in the PKCS#12 file. |
Operating over HTTPS vs HTTP
By default, ActiveGate operates in a secure way, by servicing incoming requests using HTTPS. This is specified by the port-ssl configuration property, which can be customized in custom.properties. However, if you want ActiveGate to use HTTP, you have to set the port property in custom.properties.
Note that the secure way is the default and recommended one. However, you might want to choose the HTTP option for performance reasons. For example, if you have a load balancer installed in front of a Cluster ActiveGate and if the load balancer terminates incoming external SSL connections (see the third deployment scenario).
Section: [dump]
For more information, see Configure an ActiveGate for memory dump storage.
| Property | Default value | Description |
|---|---|---|
dumpDir |
dump |
Valid path of the storage directory used for dump storage |
maxSizeGb |
100 |
Storage quota in GBs. If full, the oldest dumps are overwritten until enough space is available to store a new dump. |
maxAgeDays |
7 |
Maximum age of a memory dump in days until the dump is automatically overwritten |
maxConcurrentUploads |
5 |
Maximum number of concurrent dump uploads from OneAgents |
downloadUrl |
unset | A custom download URL (for example, if ActiveGate is behind a load balancer or if ActiveGate only detects an IP address and the user requires an FQDN). The URL must contain the correct schema and port. |
Section: [http.client]
Communication settings used for AWS/VMware/Azure monitoring and for communicating with the Dynatrace Cluster (unless overridden in [http.client.internal]).
In particular, this section contains configuration properties related to proxy settings and connection timeouts.
Specify common proxy settings for Dynatrace Cluster communication and AWS/VMware/Azure monitoring.
Section: [http.client.internal]
ActiveGate version 1.207+
Settings specific to communication with the Dynatrace Cluster only.
In particular, this section can contain configuration properties related to proxy settings and connection timeouts.
If this section does not exist, communication with the Dynatrace Cluster is defined by the settings in the [http.client] section. However, if the [http.client.internal] section does exist, but a particular communication setting is not listed there, then, for the purpose of communicating with the Dynatrace Cluster, the value of that setting is assumed to be its factory default (i.e., it is not inherited from [http.client]).
Set up proxy only for Dynatrace Cluster communication
Section: [http.client.external]
ActiveGate version 1.207+
Communication settings for specific modules: Cloud Foundry, Kubernetes, and also for Synthetic Monitoring.
In particular, this section can contain configuration properties related to proxy settings and connection timeouts.
If this section contains proxy-off = true, then there is no proxy for the modules. If it contains the proxy-host property, then this is the proxy to be used for the modules.
Note: Communication settings specified in [http.client] are not always used as defaults for the modules: If a particular communication setting is not specified in [http.client.external], then that setting—for Cloud Foundry, Kubernetes or Synthetic Monitoring—will revert to its factory default value, rather than to the value specified in [http.client].
Similarly, if the entire [http.client.external] section does not exist, then all of the communication settings for Kubernetes and Cloud Foundry will revert to their factory default values; however, settings for Synthetic Monitoring will assume values as specified in the [http.client] section.
Specify common proxy settings for Cloud Foundry, Kubernetes, and Synthetic Monitoring
Section: [collector]
| Property | Default value | Description |
|---|---|---|
MSGrouter |
true |
ActiveGate enables routing of OneAgent and other ActiveGate traffic through Dynatrace. |
restInterface |
true |
You can use an ActiveGate to access Dynatrace API. ActiveGate supports calls to all the Dynatrace API configuration and environment endpoints in both, v1 and v2 versions. To access Dynatrace API using ActiveGate, use a URL in the following format: |
DumpSupported |
false |
ActiveGate allows you to temporarily store memory dumps from OneAgent. Additional configuration in section [dump] is required. |
trustedstore |
unset | Your trusted keystore (optional). The property trustedstore should contain the path to the file holding trusted certificates. That path should be relative to the ActiveGate SSL directory. Please also see Configuration of trusted root certificates on ActiveGate. |
trustedstore-password |
changeit |
Password of your trusted keystore (optional) which is encrypted during ActiveGate start. The obfuscated password is then stored in trustedstore-password-encr. |
trustedstore-type |
JKS |
Java default format of key and certificate databases (optional). The second supported format is PKCS12. |
group |
unset | ActiveGate 1.209+ Defines the ActiveGate group to which the ActiveGate belongs. An ActiveGate can belong to only one group. The name of an ActiveGate group is a string of alphanumeric characters, hyphens ( |
Section: [aws_monitoring]
| Property | Default value | Description |
|---|---|---|
aws_monitoring_enabled |
Environment ActiveGate: false; Cluster ActiveGate: true |
Enables AWS monitoring module. |
Section: [azure_monitoring]
| Property | Default value | Description |
|---|---|---|
azure_monitoring_enabled |
Environment ActiveGate: true; Cluster ActiveGate: true |
Enables Microsoft Azure module. |
This section also contains settings related to communication for Azure monitoring, such as connection timeouts and maximum number of connections.
Section: [cloudfoundry_monitoring]
| Property | Default value | Description |
|---|---|---|
cloudfoundry_monitoring_enabled |
Environment ActiveGate: true; Cluster ActiveGate: true |
Enables Cloud Foundry module. |
ActiveGate version 1.207+
This section can contain proxy settings for communication with Cloud Foundry. If this section contains proxy-off = true, then there is no proxy for communication with Cloud Foundry. If it contains the proxy-host property, then this is the proxy to be used for Cloud Foundry monitoring, rather than the proxy specified in [http.client.external].
Note: If you have a [cloudfoundry_monitoring] section in your custom.properties file, you also need to have an [http.client.external] section, where you should specify all the remaining communication parameters that are to be used for Cloud Foundry communication.
Set up proxy only for Cloud Foundry monitoring
Section: [kubernetes_monitoring]
| Property | Default value | Description |
|---|---|---|
kubernetes_monitoring_enabled |
Environment ActiveGate: true; Cluster ActiveGate: true |
Enables Kubernetes monitoring module. |
ActiveGate version 1.207+
This section can contain proxy settings for communication with Kubernetes, along with other settings related to fine-tuning communication settings for Kubernetes monitoring.
If this section contains proxy-off = true, then there is no proxy for communication with Kubernetes. If it contains the proxy-host property, then this is the proxy to be used for Kubernetes monitoring, rather than the proxy specified in [http.client.external].
Note: If you have a [kubernetes_monitoring] section in your custom.properties file, then you also need to have an [http.client.external] section, where you should specify all of the remaining communication parameters to be used for Kubernetes communication.
Set up proxy only for Kubernetes monitoring
Section: [vmware_monitoring]
| Property | Default value | Description |
|---|---|---|
vmware_monitoring_enabled |
Environment ActiveGate: true; Cluster ActiveGate: true |
Enables VMWare monitoring module. |
Section [dbAgent]
| Property | Default value | Description |
|---|---|---|
dbAgent_enabled |
Environment ActiveGate: true; Not supported on Cluster ActiveGate |
Enables Oracle database insights module. |
Section [rpm]
| Property | Default value | Description |
|---|---|---|
rpm_enabled |
Environment ActiveGate: true; Not supported on Cluster ActiveGate |
Enables the Remote plugin module, which is used to run ActiveGate extensions. |
Section: [synthetic]
ActiveGate version 1.207+
Proxy settings for Synthetic Monitoring. If this section contains proxy-off = true, then there is no proxy for Synthetic Monitoring. If it contains the proxy-host property, then this is the proxy to be used for Synthetic Monitoring, rather than the proxy specified in [http.client.external] (or in [http.client], if [http.client.external] is not defined).
Note: If you have a [synthetic] section in your custom.properties file, you can have an [http.client.external] section, where you should specify all of the remaining communication parameters to be used for Synthetic Monitoring. Alternatively, you can specify the remaining communication settings in the [http.client] section.
However, if you do create the [http.client.external] section, you have to specify all of the communication parameters there. Otherwise, the communication parameters for monitored environments (Cloud Foundry, Kubernetes, or Synthetic Monitoring) will revert to their factory defaults.
To learn more about the proxy-related properties for a Synthetic-enabled ActiveGate, see Set up a proxy for private synthetic monitoring.
Note that changing the synthetic_enabled property only works if you installed the ActiveGate to run Synthetic monitors from a private location. If you installed the ActiveGate to route traffic, monitor cloud environments, or monitor remote technologies with extensions or monitor mainframe, you have to reinstall the ActiveGate to use it for Synthetic Monitoring. For more information, see Create private locations
| Property | Default value | Description |
|---|---|---|
synthetic_enabled |
false in the Default deployment mode. true in the Synthetic monitoring deployment mode. |
Enables the ActiveGate to execute monitors from private Synthetic locations. |
proxy-server |
unset | Proxy server address |
proxy-port |
unset | Proxy port (numeric) |
proxy-user |
unset | Proxy user name (optional) |
proxy-password |
unset | Proxy password (optional). The password provided in the proxy-password property is obfuscated following ActiveGate restart and the obfuscated password is stored in the proxy-password-encr property. |
proxy-off |
unset | Disable proxy communication between ActiveGate and tested resource |
proxy-non-proxy-hosts |
unset | Do not use proxy when communicating with these hosts |