trmm-expert

Overview

Tactical RMM (TRMM) is an open-source remote monitoring and management platform built on Django, Vue.js, and Go, with MeshCentral providing remote desktop/terminal/file browser capabilities. It uses NATS for real-time agent communication and PostgreSQL for data storage.

This skill provides expert-level answers from the complete TRMM documentation. When a user asks about TRMM, read the relevant reference file(s) listed in the navigation table below, then answer using that content.

Domain Concept Map

Organizational hierarchy: Client > Site > Agent. Every agent belongs to exactly one site, and every site belongs to exactly one client.

Check types: Disk Space, CPU Load, Memory, Script Check, Event Log, Ping, Windows Service (Winsvc). Each check runs at a configurable interval and produces a pass/fail result with a severity level (Info, Warning, Error).

Alert flow: Check fails or agent goes overdue → Alert created with severity → Alert Template determines notification actions (email, SMS, dashboard popup, webhook) → Optional failure script runs → When resolved, optional resolved script runs.

Task and Collector flow: Automated Tasks run scripts on schedules (time-based, check-failure, or manual). A Collector Task saves its last stdout line to a Custom Field, enabling dynamic data collection.

Custom Fields are user-defined fields on Agent, Site, or Client objects. They are referenced in scripts as {{agent.FieldName}}, {{site.FieldName}}, or {{client.FieldName}}. The Global Key Store provides {{global.key_name}} variables available to all scripts.

Automation Policy inheritance: Global → Client → Site → Agent. Each level can block inheritance from the level above. Policies deploy Checks, Tasks, Patch Policies, and Alert Templates in bulk. An Enforced policy overwrites conflicting agent-level checks.

Script variable syntax: {{model.field}} — e.g., {{agent.hostname}}, {{agent.site.name}}, {{client.name}}. Nested relations work. Everything between {{ }} is case-sensitive.

Reference Navigation

Read the reference file(s) matching the user's question topic before answering.

Topic	Reference File	Key Contents
Architecture, server components, NATS, services, how agents work, installation, agent deployment, antivirus exclusions, MeshCentral setup	references/architecture.md	Server infrastructure, nginx/NATS/celery services, firewall rules, agent install methods, mesh integration, Windows Update management
Scripts, script languages, script variables, custom fields, collector tasks, keystore	references/scripting-and-variables.md	PowerShell/Python/Bash/Deno support, {{model.field}} syntax, all agent/client/site/alert variable fields, custom field types, collector tasks, global key store
Checks, automated tasks, task scheduling, automation policies, patch policies, maintenance mode	references/checks-tasks-policies.md	Check types and intervals, task triggers (time/check-failure/manual), policy inheritance (Global→Client→Site→Agent), enforced policies, maintenance mode
Alerts, alert templates, email/SMS setup, webhooks	references/alerting-and-notifications.md	Alert severities, alert template options, periodic re-notification, failure/resolve actions, email relay setup (MS 365, Gmail), SMS via Twilio, webhook configuration
REST API, authentication, endpoints, examples	references/api.md	API key creation, authentication headers, endpoint listing with curl/PowerShell/Python examples, rate limiting
Global settings, setting overrides, permissions, Django admin, URL actions, UI preferences, software management, web terminal, management commands, advanced/dangerous commands	references/settings-and-admin.md	General settings, email/SMS config, MeshCentral config, browser token expiry, SSL certs, RBAC roles, Django admin access, URL action variables, chocolatey/software, bulk agent operations, database maintenance
Reporting templates, data queries, variables, base templates, assets, examples (Enterprise)	references/reporting.md	Jinja templating, data_sources with model/filter/columns, template dependencies, base template inheritance, report assets, PDF/CSV output, example reports
SSO / Single Sign-On (Enterprise)	references/sso.md	OIDC setup, Google/Microsoft/custom provider configuration, role mapping, user provisioning
FAQ, tips and tricks, Bitdefender GravityZone, Zammad, getting started guide, serial number examples, BitLocker keys, SNMP checks, remote background, roadmap	references/integrations-and-tips.md	Common troubleshooting, AV exclusion patterns, monitoring endpoints, third-party deployment guides, SNMP with pysnmplib, BitLocker key collection, remote terminal/file browser, development roadmap

Cross-Reference Guide

Some questions span multiple domains. Load files in the order shown:

Question Pattern	Files to Load (in order)
"How do I set up email/SMS alerts?"	alerting-and-notifications.md → settings-and-admin.md (Global Settings section)
"How do I write a script using custom fields?"	scripting-and-variables.md
"How do I create a report with agent data?"	reporting.md → scripting-and-variables.md (for variable syntax)
"How do I deploy agents?"	architecture.md (Agent Installation section)
"How do I automate patching?"	checks-tasks-policies.md (Automation Policies section) → architecture.md (Windows Update Management)
"How do I set up webhooks for alerts?"	alerting-and-notifications.md (Webhooks section)
"How do I use the API to manage agents?"	api.md
"How do I configure SSO?"	sso.md → settings-and-admin.md (Permissions section)
"How do I run scripts on check failure?"	checks-tasks-policies.md → scripting-and-variables.md
"How do I collect data into custom fields?"	scripting-and-variables.md (Custom Fields + Collector Tasks) → checks-tasks-policies.md (Automated Tasks)
"How do I set up SNMP monitoring?"	integrations-and-tips.md (SNMP Checks section)
"How do I use maintenance mode?"	checks-tasks-policies.md (Maintenance Mode section)

Key Syntax Quick Reference

Agent variables (use in script arguments or env vars):

• {{agent.hostname}}, {{agent.public_ip}}, {{agent.local_ips}}
• {{agent.operating_system}}, {{agent.plat}}, {{agent.version}}
• {{agent.site.name}}, {{agent.site.client.name}}
• {{agent.logged_in_username}}, {{agent.needs_reboot}}

Custom fields (case-sensitive, spaces allowed):

• {{agent.My Field Name}}, {{client.AV_KEY}}, {{site.no_patching}}

Global keystore: {{global.key_name}}

Alert template variables (only in failure/resolve actions):

• {{alert.message}}, {{alert.severity}}, {{alert.alert_type}}
• {{alert.agent.hostname}}, {{alert.site.name}}, {{alert.client.name}}
• {{alert.get_result.stdout}}, {{alert.get_result.stderr}}

Reporting data queries (YAML in variables editor):

data_sources:
    agents:
        model: agent
        filter:
            site__client_id: '{{ client.id }}'
        columns:
            - hostname
            - operating_system
            - last_seen

Jinja loops in reports:

{% for item in data_sources.agents %}
{{ item.hostname }} - {{ item.operating_system }}
{% endfor %}

Searching Large References

For reporting.md (~1200 lines), use Grep to find specific topics:

• Data query filters: search for filter: or model:
• Jinja syntax: search for {% or {{
• Specific models: search for the model name (e.g., model: agent)

For settings-and-admin.md (~700 lines), search by section:

• Email setup: search for Email or SMTP
• Permissions: search for Role or Permission
• Management commands: search for the command name or python manage.py

For architecture.md (~1100 lines):

• Services: search for systemctl or the service name (e.g., nats, celery)
• Agent install: search for install or deployment

Important Caveats

• Case sensitivity: Everything between {{ }} in script variables is case-sensitive. {{agent.Hostname}} will NOT work; use {{agent.hostname}}.
• API trailing slashes: All TRMM API endpoints require a trailing slash (e.g., /agents/). Omitting it returns a redirect or error.
• Enterprise features: Reporting and SSO are Enterprise Edition features requiring a sponsor license.
• RunAsUser limitations: The RunAsUser option for scripts and tasks has limitations on Linux/macOS agents.
• MeshCentral domain: MeshCentral must be accessible on the same domain or with valid TLS. Agent communication depends on mesh connectivity.
• Check intervals vs task schedules: Checks run at regular intervals (default 120s). Tasks use cron-style schedules, check-failure triggers, or manual execution. Don't confuse the two.
• Backslash escaping: In custom fields, \ is an escape character. Use \\ for literal backslashes.
• Policy inheritance blocking: Each level (Client, Site, Agent) can independently block policy inheritance from above. An "Enforced" policy overrides agent-level settings regardless.