The Extension Execution Controller (EEC) can be used standalone, out of the box. This topic explains how to modify your EEC.
To modify the EEC configuration, edit the extensionsuser.conf
file, which is located at:
%PROGRAMDATA%\dynatrace\remotepluginmodule\agent\conf\extensionsuser.conf
/var/lib/dynatrace/remotepluginmodule/agent/conf/extensionsuser.conf
After modifying the extensionsuser.conf
, you need to restart the EEC service:
To restart the EEC service on a Linux system, run the following commands:
service extensionsmodule stopservice extensionsmodule start
systemctl stop extensionsmodulesystemctl start extensionsmodule
By default, the EEC sends data via port 9999, which is used by ActiveGate.
If you modify the port using the ActiveGate custom.properties
file, you also have to modify the port that's used by the EEC. To do so, edit the extensionsuser.conf
file to replace PORT
with the target port and then restart the EEC service.
Server=https://127.0.0.1:PORT/communication
The port needs to be configured for the ActiveGate plugin module and the EEC.
This port is used for communication between the EEC and existing extension (data source) processes.
To add it, edit the extensionsuser.conf
file and insert
ingestport=<new_port>
Extensions leveraging sensitive data sources can significantly enhance the functionality and flexibility of your custom monitoring. However, they can also introduce potential vulnerabilities. Disabling custom extensions for these sensitive data sources can significantly reduce the risk of unauthorized access or data leakage.
To enable or disable custom code extensions for a data source
<DSID>
with the data source ID for which you want to enable or disable custom code extensions.
custom_code_<DSID>_allowed=[True|False]
By default, all local extensions on Windows (except WMI ones running on OneAgent) are executed with a LOCAL SERVICE account, which has lower privileges than the LOCAL SYSTEM account that is the default one for One Agent and EEC.
In case an extension requires elevated privileges, you can configure it to run as LOCAL SYSTEM manually.
Open the extensionsuser.conf
file and add the elevated_privileges_extensions
parameter as follows:
elevated_privileges_extensions=[<extensionName>:<extensionVersion>]
The extensionVersion
can either be a specific version in the format <major>.<minor>.<patch>
, for example 1.0.1
, or a wildcard character *
that can be used to specify that all versions of a particular extension will have elevated privileges.
When adding more than one extension, use a comma-separated list.
elevated_privileges_extensions=[com.dynatrace.filesystem:*, com.dynatrace.ibm-mq:1.0.1]
Only Dynatrace extensions can be elevated, while custom ones cannot. In case an extension was configured to run with elevated privileges but was already executed (the process is running), it’s necessary to force the process to restart by either restarting the OneAgent service or temporarily disabling and re-enabling the extension monitoring configuration.