EVE-OS (Edge Virtualization Engine) provides a set of runtime configuration properties that allow you to customize edge node behavior from Edge Infrastructure Services without modifying the operating system itself. These properties control communication intervals, network behavior, security settings, storage allocation, logging verbosity, and system performance across edge nodes in your deployment.
Prerequisites
You must have either the SysManager or SysAdmin role in your ZEDEDA Edge Infrastructure Services enterprise.
Configuration properties are set through Edge Infrastructure Services and synchronized to the edge node during its next configuration check. The default check interval is 60 seconds but can be adjusted using timer.config.interval.
You can configure all the properties in ZCLI with the --config parameter, similar to the following example:
Most properties take effect immediately after the edge node receives the updated configuration. Some properties require an edge node reboot to take effect, as noted in the property descriptions.
Properties are applied as key-value pairs. Each property has a defined type, default value, and valid range. When a property has no minimum or maximum constraint, the corresponding column shows -.
Key Benefits
Control edge node communication frequency with Edge Infrastructure Services to optimize bandwidth usage across all managed nodes.
Enable or disable security features such as SSH access, VGA console output, and USB device support for targeted troubleshooting without system-wide exposure.
Adjust storage allocation between the base OS, edge containers, and ZFS to match the requirements of each deployment environment.
Configure logging verbosity and remote log upload to balance observability with bandwidth and storage costs.
Fine-tune network failover, download retry behavior, and cellular modem recovery for reliable edge operations in challenging connectivity environments.
Configuration Properties Reference
The following tables list all available EVE-OS runtime configuration properties, organized by category.
Application settings
Name
Type
Default
Min
Max
Description
app.allow.vnc
boolean
false
-
-
Allows access to EVE-OS VNC ports from external IP addresses. By default, only local access is allowed.
app.boot.order
string
""
-
-
Sets the device-wide default boot order for VMs. Supported values: "" (default UEFI behavior), "usb" (prioritize USB devices), "nousb" (remove USB devices from boot order). Can be overridden per VM.
app.fml.resolution
string
notset
-
-
Sets the system-wide forced resolution for applications running in FML mode.
app.enable.tcp.mss.clamping
boolean
true
-
-
Enables automatic TCP MSS clamping on forwarded edge container traffic to match the path MTU, preventing fragmentation on lower-MTU links.
process.cloud-init.multipart
boolean
false
-
-
Enables handling of MIME multi-part cloud-init data for VMs that do not process it themselves.
Communication intervals
Name
Type
Default
Min
Max
Description
timer.config.interval
integer in seconds
60
5
86400
Controls how frequently the edge node retrieves configuration from Edge Infrastructure Services. Requires a reboot to take effect.
timer.cert.interval
integer in seconds
86400
60
4294967295
Controls how frequently the edge node checks for new Edge Infrastructure Services certificates.
timer.metric.interval
integer in seconds
60
5
3600
Controls how frequently the edge node reports metrics to Edge Infrastructure Services.
timer.deviceinfo.interval
integer in seconds
600
30
4294967295
Controls how frequently the edge node reports device information to Edge Infrastructure Services even when nothing has changed. Requires a reboot to take effect.
timer.metric.diskscan.interval
integer in seconds
300
5
3600
Controls how frequently the edge node scans disks for metrics.
timer.hardwarehealth.interval
integer in seconds
43200
21600
4294967295
Controls how frequently the edge node reports hardware health information (ECC, SMART) to Edge Infrastructure Services.
timer.hardwareinfo.interval
integer in seconds
10800
10800
4294967295
Controls how frequently the edge node reports hardware information (SMART) to Edge Infrastructure Services. Deprecated.
timer.ntpsources.interval
integer in seconds
600
60
4294967295
Controls how frequently the edge node reports information about NTP sources to Edge Infrastructure Services. Reports are also sent when the NTP peer list or peer fields change.
Network connectivity
Name
Type
Default
Min
Max
Description
network.fallback.any.eth
"enabled" or "disabled"
disabled
-
-
When set to "enabled", allows the edge node to attempt connectivity using any available Ethernet, WiFi, or LTE interface with DHCP if configured connections fail. Forcibly enabled during onboarding if no network configuration exists.
network.download.max.cost
0-255
0
0
255
Sets the maximum port cost allowed for downloads. Use this to prevent downloads over expensive connections such as LTE.
network.switch.enable.arpsnoop
boolean
true
-
-
Enables ARP snooping on switch network instances to prevent ARP spoofing attacks.
network.local.legacy.mac.address
boolean
false
-
-
Enables legacy MAC address generation for local network instances. Use only on edge nodes where changing MAC addresses would cause incorrect network configuration in edge containers.
timer.reboot.no.network
integer in seconds
604800
120
4294967295
Sets the duration without cloud connectivity before the edge node automatically reboots.
timer.update.fallback.no.network
integer in seconds
300
60
4294967295
Sets the duration without cloud connectivity before the edge node falls back to a previous configuration.
timer.port.georedo
integer in seconds
3600
60
4294967295
Controls how frequently the edge node redoes IP geolocation.
timer.port.georetry
integer in seconds
600
5
4294967295
Controls how frequently the edge node retries geolocation after a failure.
timer.port.testduration
integer in seconds
30
10
3600
Sets the duration to wait for DHCP to assign an address during port testing.
timer.port.testinterval
integer in seconds
300
300
3600
Controls how frequently the edge node retests the current port configuration.
timer.port.timeout
integer in seconds
15
0
3600
Sets the timeout for each HTTP send during port testing.
timer.port.testbetterinterval
integer in seconds
600
0
4294967295
Controls how frequently the edge node tests higher-priority port configurations to check availability.
Download and update settings
Name
Type
Default
Min
Max
Description
timer.download.retry
integer in seconds
600
60
4294967295
Sets the wait time before retrying a failed download.
timer.download.stalled
integer in seconds
600
20
4294967295
Sets the duration after which a download with no progress is cancelled.
blob.download.max.retries
integer
5
1
10
Sets the maximum number of download retries when image verification fails.
timer.send.timeout
integer in seconds
120
0
3600
Sets the timeout for each HTTP send operation.
timer.dial.timeout
integer in seconds
10
0
3600
Sets the maximum time allowed to establish a network connection.
timer.test.baseimage.update
integer in seconds
600
30
3600
Sets the duration to test a new base OS image before committing to the update. If the edge node becomes unstable during this period, it automatically falls back to the previous base OS version.
Storage settings
Name
Type
Default
Min
Max
Description
storage.dom0.disk.minusage.percent
integer
20
20
80
Sets the minimum percentage of the persist partition reserved for the EVE-OS base system.
storage.zfs.reserved.percent
integer
20
1
99
Sets the minimum percentage of the persist partition reserved for ZFS performance optimization.
storage.apps.ignore.disk.check
boolean
false
-
-
When enabled, allows edge containers to create images larger than currently available disk space. Use with caution, as enabling this can lead to out-of-disk-space errors during edge container operation.
When set to a non-zero value, keeps content trees available for reuse for the specified duration after deletion. Set to 0 to delete immediately.
Debug and troubleshooting settings
Name
Type
Default
Min
Max
Description
debug.enable.usb
boolean
false
-
-
Allows USB devices such as keyboards on the edge node.
debug.enable.vga
boolean
false
-
-
Allows VGA console output on the edge node.
debug.enable.ssh
authorized SSH key
""
-
-
Allows SSH access to EVE-OS when an authorized SSH public key is provided. An empty string disables SSH access.
debug.enable.console
boolean
false
-
-
Allows console access to EVE-OS. Requires a reboot to disable.
debug.enable.vnc.shim.vm
boolean
false
-
-
Allows VNC access to the container application shim VM. Requires a reboot to disable.
Memory settings
Name
Type
Default
Min
Max
Description
memory.apps.ignore.check
boolean
false
-
-
When enabled, allows edge containers to use more memory than currently available. Use with caution, as enabling this can lead to out-of-memory conditions.
memory.vmm.limit.MiB
integer
0
0
1073741824
Manually sets the overhead memory in MiB allocated for each running VMM.
memory-monitor.enabled
boolean
false
-
-
Enables external memory monitoring and memory pressure event handling.
internal-memory-monitor.store.enabled
boolean
true
-
-
Enables Internal Memory Monitor (IMM) data collection and CSV storage. When enabled, memory metrics are collected at regular intervals and stored at /persist/memory-monitor/output/memory_usage.csv.
internal-memory-monitor.analyze.enabled
boolean
true
-
-
Enables IMM leak detection analysis using statistical methods to detect memory growth patterns. Requires internal-memory-monitor.store.enabled to be set to true.
Go runtime settings
Name
Type
Default
Min
Max
Description
gogc.memory.limit.bytes
integer
0
0
4294967295
Sets the Golang runtime soft memory limit in bytes.
gogc.percent
integer
100
0
500
Sets the Golang runtime garbage collector target percentage.
gogc.forced.interval.seconds
integer in seconds
10
0
1000
Sets the minimum interval for forced garbage collection. Set to 0 to disable forced GC.
gogc.forced.growth.memory.MiB
integer in MiB
50
10
1024
Sets the minimum allocated memory growth in MiB required to trigger the next GC execution.
gogc.forced.growth.memory.percent
integer
20
5
300
Sets the minimum allocated memory growth percentage from the last reclaim required to trigger the next GC execution.
Logging settings
Name
Type
Default
Min
Max
Description
newlog.allow.fastupload
boolean
false
-
-
Enables faster upload of gzip-compressed log files to Edge Infrastructure Services.
newlog.gzipfiles.ondisk.maxmegabytes
integer in MiB
2048
10
4294967295
Sets the maximum disk space in MiB for storing compressed log files on the edge node.
log.dedup.window.size
integer
0
0
4294967295
Sets the size of the log deduplicator sliding window in number of messages. Set to 0 to disable deduplication.
log.count.filenames
string
""
-
-
Comma-separated list of log filenames to count and log once instead of logging every occurrence. A single comma "," filters out all entries without a filename field.
log.filter.filenames
string
""
-
-
Comma-separated list of log filenames to filter out entirely. A single comma "," filters out all entries without a filename field.
vector.enabled
boolean
true
-
-
Enables the Vector service for advanced log filtering and transformations.
vector.config
string
""
-
-
Full base64-encoded configuration file for Vector in YAML format. Modify only the transforms section.
Network diagnostics
Name
Type
Default
Min
Max
Description
netdump.enable
boolean
true
-
-
Enables publishing of network diagnostics as compressed archives to /persist/netdump on the edge node.
netdump.topic.preonboard.interval
integer in seconds
3600
60
4294967295
Controls how frequently network diagnostics of the same topic can be published before the edge node is onboarded.
netdump.topic.postonboard.interval
integer in seconds
86400
60
4294967295
Controls how frequently network diagnostics of the same topic can be published after the edge node is onboarded.
netdump.topic.maxcount
integer
10
1
4294967295
Sets the maximum number of network diagnostics that can be published per topic. The oldest entry is removed when the limit is exceeded.
netdump.downloader.with.pcap
boolean
false
-
-
Includes packet captures in network diagnostics for download requests. TCP segments carrying payload are excluded and the total PCAP size is limited to 64 MB.
netdump.downloader.http.with.fieldvalue
boolean
false
-
-
Includes HTTP header field values in network diagnostics for download requests. Enable with caution, as this may expose secrets such as datastore credentials.
Sets the remote HTTP endpoint used to assess network connectivity when Edge Infrastructure Services is not reachable. Used for diagnostics only. Set to an empty string to disable.
Sets the remote HTTPS endpoint used to assess network connectivity when Edge Infrastructure Services is not reachable. Hostnames are required; IP addresses are not accepted. Set to an empty string to disable.
Location reporting
Name
Type
Default
Min
Max
Description
timer.location.cloud.interval
integer in seconds
3600
300
4294967295
Controls how frequently the edge node reports geographic location information to Edge Infrastructure Services.
timer.location.app.interval
integer in seconds
20
5
3600
Controls how frequently the edge node reports geographic location information to edge containers via the local profile server and metadata server.
Edge container settings
Name
Type
Default
Min
Max
Description
timer.boot.retry
integer in seconds
600
10
4294967295
Sets the wait time before retrying a failed edge container boot.
timer.appcontainer.stats.interval
integer in seconds
300
1
4294967295
Controls how frequently EVE-OS collects edge container statistics.
timer.vault.ready.cutoff
integer in seconds
300
60
4294967295
Sets the maximum wait time for the vault to become accessible before triggering an edge node reboot.
force.fallback.counter
integer
0
0
4294967295
Forces fallback to an alternative OS image when the counter value changes.
Operating modes
Name
Type
Default
Min
Max
Description
maintenance.mode
enabled or disabled
none
-
-
When set to "enabled", puts the edge node into maintenance mode and stops running edge containers.
airgap.mode
enabled or disabled
none
-
-
When set to "enabled", configures the edge node to operate without connectivity to Edge Infrastructure Services and to be managed locally via the LOC (Local Operator Console).
Cellular modem settings
Name
Type
Default
Min
Max
Description
wwan.query.visible.providers
boolean
false
-
-
Enables periodic queries (once per hour) of visible cellular service providers. Results are published under WirelessStatus for every modem.
wwan.modem.recovery.watchdog
boolean
false
-
-
Enables the watchdog for cellular modems. When enabled, the edge node automatically reboots if a modem firmware crash cannot be recovered.
wwan.modem.recovery.reload.drivers
boolean
false
-
-
Enables automatic reload of MBIM/QMI/MHI drivers when a modem firmware crash occurs. This runs before the watchdog mechanism is triggered.
wwan.modem.recovery.restart.modemmanager
boolean
false
-
-
Enables automatic ModemManager restart when a modem firmware crash occurs. This runs before the watchdog mechanism is triggered and can be combined with driver reload recovery.
Goroutine leak detection
Name
Type
Default
Min
Max
Description
goroutine.leak.detection.threshold
integer
5000
1
4294967295
Sets the goroutine count at which leak detection is triggered regardless of growth rate.
goroutine.leak.detection.check.interval.minutes
integer in minutes
1
1
4294967295
Sets the interval in minutes between goroutine count measurements.
goroutine.leak.detection.check.window.minutes
integer in minutes
10
10
4294967295
Sets the analysis window in minutes for leak detection. The window must contain at least 10 measurements (no less than 10 times goroutine.leak.detection.check.interval.minutes).
goroutine.leak.detection.keep.stats.hours
integer in hours
24
1
4294967295
Sets the number of hours to retain goroutine stats for leak detection.
goroutine.leak.detection.cooldown.minutes
integer in minutes
5
1
4294967295
Sets the cooldown period in minutes after leak detection is triggered. During this period, no stack traces are collected and only warning messages are logged.
Kubernetes settings
Name
Type
Default
Min
Max
Description
kubernetes.drain.timeout
integer in hours
24
1
4294967295
Sets the maximum number of hours allowed for Kubernetes to drain a node.
k3s.config.override
string
None
Base64 encoded string of the contents of a k3s config.yaml.d file to override existing config or add config parameters to an EVE-k node.
To properly override existing config settings, the following rules must be followed:
Sets the maximum number of DHCP reacquire retries after a PNAC (802.1X) port authentication state change. EVE-OS retries with exponential backoff (2s, 4s, 8s, ...) until the IP subnet changes or the retry limit is reached. Set to 0 to disable DHCP reacquire.
dhcp.enable.vendorclassid
boolean
true
-
-
Enables sending the DHCP Vendor Class Identifier (Option 60) to identify the device as EVE-OS. Disable this if your DHCP server rejects unknown vendor class IDs.
scep.retry.interval
integer in seconds
300
60
3600
Sets the interval between retry attempts for certificates that failed to enroll or renew, or that returned PENDING from the SCEP server.
EdgeView settings
Name
Type
Default
Min
Max
Description
edgeview.authen.publickey
string
""
-
-
Specifies SSH public keys for Edgeview client command authentication. The user must provide the path to the SSH private key in the client script. Separate multiple public keys with newline characters.
Prometheus metrics settings
Name
Type
Default
Min
Max
Description
msrv.prometheus.metrics.rps
integer
1
1
4294967295
Sets the maximum number of requests per second for the Prometheus metrics endpoint.
msrv.prometheus.metrics.burst
integer
10
1
4294967295
Sets the maximum burst size for the Prometheus metrics endpoint.
msrv.prometheus.metrics.idletimeout.seconds
integer in seconds
240
1
4294967295
Sets the idle timeout in seconds for the Prometheus metrics endpoint. The rate limit resets when the connection has been idle for this duration.
Log levels
EVE-OS controls log verbosity through separate settings for each component. Logs for EVE-OS microservices use logrus levels: panic, fatal, error, warning, info, debug, and trace. Logs for syslog and kernel components use syslog levels: emerg, alert, crit, err, warning, notice, info, and debug. All log levels accept none (disables logging) and all (enables all log levels).
All logs are saved locally in /persist/newlog/keepSentQueue/ and are subject to rotation based on the configured maximum total size.
Global log level settings
Name
Type
Default
Min
Max
Description
debug.default.loglevel
string
debug
-
-
Sets the default verbosity of logs produced locally by EVE-OS microservices. Can be overridden per microservice using agent.<agentname>.debug.loglevel.
debug.default.remote.loglevel
string
warning
-
-
Sets the default verbosity of logs sent by EVE-OS microservices to Edge Infrastructure Services. Can be overridden per microservice.
debug.syslog.loglevel
string
info
-
-
Sets the verbosity of syslog messages produced locally.
debug.syslog.remote.loglevel
string
info
-
-
Sets the verbosity of syslog messages sent to Edge Infrastructure Services.
debug.kernel.loglevel
string
info
-
-
Sets the verbosity of kernel log messages produced locally.
debug.kernel.remote.loglevel
string
info
-
-
Sets the verbosity of kernel log messages sent to Edge Infrastructure Services.
debug.tui.loglevel
string
info
-
-
Sets the log level for the EVE-OS Text UI (TUI) monitor. TUI logs are only available locally and are not sent to Edge Infrastructure Services. Valid values: OFF, ERROR, WARN, INFO, DEBUG, TRACE (case insensitive).
Per-microservice log level settings
You can override the global log level for individual EVE-OS microservices using the following property pattern.
Name
Type
Default
Min
Max
Description
agent.<agentname>.debug.loglevel
string
-
-
-
Overrides debug.default.loglevel for the specified microservice. The legacy format debug.<agentname>.loglevel is also supported.
agent.<agentname>.debug.remote.loglevel
string
-
-
-
Overrides debug.default.remote.loglevel for the specified microservice. The legacy format debug.<agentname>.remote.loglevel is also supported.