From f94baa0e1dcc542ac7b363c10ff34f1ab97c45fd Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Fri, 3 Mar 2017 16:54:53 +0000 Subject: [PATCH] move configs to the new spots. this may cause alerts --- roles/nagios/server/files/nagios/cgi.cfg | 183 ++++++++++++++++---- roles/nagios/server/files/nagios/nagios.cfg | 32 ++-- 2 files changed, 174 insertions(+), 41 deletions(-) diff --git a/roles/nagios/server/files/nagios/cgi.cfg b/roles/nagios/server/files/nagios/cgi.cfg index 816cc6d464..670215486b 100644 --- a/roles/nagios/server/files/nagios/cgi.cfg +++ b/roles/nagios/server/files/nagios/cgi.cfg @@ -1,6 +1,6 @@ ################################################################# # -# CGI.CFG - Sample CGI Configuration File for Nagios +# CGI.CFG - Sample CGI Configuration File for Nagios 4.2.4 # # Last Modified: 05-05-2005 # @@ -21,7 +21,7 @@ main_config_file=/etc/nagios/nagios.cfg # value is used to locate the logo images needed by the statusmap # and statuswrl CGIs. -physical_html_path=/usr/share/nagios/share +physical_html_path=/usr/share/nagios/html @@ -47,22 +47,14 @@ show_context_help=0 -# NAGIOS PROCESS CHECK COMMAND -# This is the full path and filename of the program used to check -# the status of the Nagios process. It is used only by the CGIs -# and is completely optional. However, if you don't use it, you'll -# see warning messages in the CGIs about the Nagios process -# not running and you won't be able to execute any commands from -# the web interface. The program should follow the same rules -# as plugins; the return codes are the same as for the plugins, -# it should have timeout protection, it should output something -# to STDIO, etc. -# -# Note: The command line for the check_nagios plugin below may -# have to be tweaked a bit, as different versions of the plugin -# use different command line arguments/syntaxes. +# PENDING STATES OPTION +# This option determines what states should be displayed in the web +# interface for hosts/services that have not yet been checked. +# Values: 0 = leave hosts/services that have not been check yet in their original state +# 1 = mark hosts/services that have not been checked yet as PENDING + +use_pending_states=1 -#nagios_check_command=/usr/lib/nagios/plugins/check_nagios /var/log/nagios/status.dat 5 '/usr/sbin/nagios' @@ -87,12 +79,23 @@ use_authentication=1 + +# x509 CERT AUTHENTICATION +# When enabled, this option allows you to use x509 cert (SSL) +# authentication in the CGIs. This is an advanced option and should +# not be enabled unless you know what you're doing. + +use_ssl_authentication=0 + + + + # DEFAULT USER # Setting this variable will define a default user name that can # access pages without authentication. This allows people within a # secure domain (i.e., behind a firewall) to see the current status # without authenticating. You may want to use this to avoid basic -# authentication if you are not using a sercure server since basic +# authentication if you are not using a secure server since basic # authentication transmits passwords in the clear. # # Important: Do not define a default username unless you are @@ -113,7 +116,7 @@ use_authentication=1 # not use authorization. You may use an asterisk (*) to # authorize any user who has authenticated to the web server. -#authorized_for_system_information=nagiosadmin,theboss,jdoe +#authorized_for_system_information=nagiosadmin authorized_for_system_information=* @@ -126,10 +129,11 @@ authorized_for_system_information=* # an asterisk (*) to authorize any user who has authenticated # to the web server. -#authorized_for_configuration_information=nagiosadmin,jdoe +#authorized_for_configuration_information=nagiosadmin authorized_for_configuration_information=* + # SYSTEM/PROCESS COMMAND ACCESS # This option is a comma-delimited list of all usernames that # can issue shutdown and restart commands to Nagios via the @@ -140,7 +144,7 @@ authorized_for_configuration_information=* # authenticated to the web server. #authorized_for_system_commands=nagiosadmin -authorized_for_system_commands=athmane,ausil,averi,badone,codeblock,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,karsten,parasense,pingou,tflink,mizdebsk,msimacek +authorized_for_system_commands=athmane,ausil,averi,badone,codeblock,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,karsten,parasense,pingou,tflink,mizdebsk,msimacek,stickster @@ -153,6 +157,8 @@ authorized_for_system_commands=athmane,ausil,averi,badone,codeblock,hvivani,ianw # to authorize any user who has authenticated to the web server. +#authorized_for_all_services=nagiosadmin +#authorized_for_all_hosts=nagiosadmin authorized_for_all_services=* authorized_for_all_hosts=* @@ -168,9 +174,11 @@ authorized_for_all_hosts=* #authorized_for_all_service_commands=nagiosadmin #authorized_for_all_host_commands=nagiosadmin -authorized_for_all_service_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten,pingou,tflink,mizdebsk,msimacek +authorized_for_all_service_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten,pingou,tflink,mizdebsk,msimacek,stickster + +authorized_for_all_host_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten,pingou,tflink,mizdebsk,msimacek,stickster + -authorized_for_all_host_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten,pingou,tflink,mizdebsk,msimacek # STATUSMAP BACKGROUND IMAGE @@ -181,24 +189,52 @@ authorized_for_all_host_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivan # to the path specified by the 'physical_html_path' directive. # Note: The image file may be in GIF, PNG, JPEG, or GD2 format. # However, I recommend that you convert your image to GD2 format -# (uncompressed), as this will cause less CPU load when the CGI -# generates the image. +# (uncompressed) but ONLY IF YOU WILL USE THE LEGACY MAP EXCLUSIVELY, +# as this will cause less CPU load when the CGI generates the image. #statusmap_background_image=smbackground.gd2 + +# STATUSMAP TRANSPARENCY INDEX COLOR +# These options set the r,g,b values of the background color used the statusmap CGI, +# so normal browsers that can't show real png transparency set the desired color as +# a background color instead (to make it look pretty). +# Defaults to white: (R,G,B) = (255,255,255). + +#color_transparency_index_r=255 +#color_transparency_index_g=255 +#color_transparency_index_b=255 + + + + # DEFAULT STATUSMAP LAYOUT METHOD # This option allows you to specify the default layout method # the statusmap CGI should use for drawing hosts. If you do -# not use this option, the default is to use user-defined -# coordinates. Valid options are as follows: +# not use this option, the default for the legacy map is to use +# user-defined coordinates and the default for the new map is "6" +# (Circular Balloon). +# Valid options for the legacy map are as follows: # 0 = User-defined coordinates # 1 = Depth layers -# 2 = Collapsed tree -# 3 = Balanced tree -# 4 = Circular -# 5 = Circular (Marked Up) +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular +# 5 = Circular (Marked Up) +# Valid options for the new map are as follows: +# 0 = User-defined coordinates +# 1 = Depth Layers (Horizontal) +# 2 = Collapsed tree (Horizontal) +# 3 = Balanced tree (Horizontal) +# 4 = DON'T USE +# 5 = Circular Markup +# 6 = Circular Balloon +# 7 = Balanced tree (Vertical) +# 8 = Collapsed tree (Vertical) +# 9 = Depth Layers (Vertical) +# 10 = Force Map default_statusmap_layout=5 @@ -249,6 +285,23 @@ ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$ refresh_rate=90 +# DEFAULT PAGE LIMIT +# This option allows you to specify the default number of results +# displayed on the status.cgi. This number can be adjusted from +# within the UI after the initial page load. Setting this to 0 +# will show all results. + +result_limit=100 + + +# ESCAPE HTML TAGS +# This option determines whether HTML tags in host and service +# status output is escaped in the web interface. If enabled, +# your plugin output will not be able to contain clickable links. + +escape_html_tags=1 + + # SOUND OPTIONS @@ -274,3 +327,71 @@ refresh_rate=90 #service_warning_sound=warning.wav #service_unknown_sound=warning.wav #normal_sound=noproblem.wav + + + +# URL TARGET FRAMES +# These options determine the target frames in which notes and +# action URLs will open. + +action_url_target=_blank +notes_url_target=_blank + + + + +# LOCK AUTHOR NAMES OPTION +# This option determines whether users can change the author name +# when submitting comments, scheduling downtime. If disabled, the +# author names will be locked into their contact name, as defined in Nagios. +# Values: 0 = allow editing author names +# 1 = lock author names (disallow editing) + +lock_author_names=1 + + + + +# SPLUNK INTEGRATION OPTIONS +# These options allow you to enable integration with Splunk +# in the web interface. If enabled, you'll be presented with +# "Splunk It" links in various places in the CGIs (log file, +# alert history, host/service detail, etc). Useful if you're +# trying to research why a particular problem occurred. +# For more information on Splunk, visit http://www.splunk.com/ + +# This option determines whether the Splunk integration is enabled +# Values: 0 = disable Splunk integration +# 1 = enable Splunk integration + +#enable_splunk_integration=1 + + +# This option should be the URL used to access your instance of Splunk + +#splunk_url=http://127.0.0.1:8000/ + + + + +# NAVIGATION BAR SEARCH OPTIONS +# The following options allow to configure the navbar search. Default +# is to search for hostnames. With enabled navbar_search_for_addresses, +# the navbar search queries IP addresses as well. It's also possible +# to enable search for aliases by setting navbar_search_for_aliases=1. + +navbar_search_for_addresses=1 +navbar_search_for_aliases=1 + + + + + +# DEFAULTS FOR CHECKBOXES FOR ACKNOWLEDGEMENTS +# Enabling ack_no_sticky will default the "Sticky Acknowledgement" to +# be unchecked. +# Enabling ack_no_send will default the "Send Notification" to +# be unchecked. + +#ack_no_sticky=0 +#ack_no_send=0 diff --git a/roles/nagios/server/files/nagios/nagios.cfg b/roles/nagios/server/files/nagios/nagios.cfg index 7937bfc703..b08ebff3d0 100644 --- a/roles/nagios/server/files/nagios/nagios.cfg +++ b/roles/nagios/server/files/nagios/nagios.cfg @@ -1,6 +1,6 @@ ############################################################################## # -# NAGIOS.CFG - Sample Main Config File for Nagios 4.0.8 +# NAGIOS.CFG - Sample Main Config File for Nagios 4.2.4 # # Read the documentation for more information on this configuration # file. I've provided some comments here, but things may not be so @@ -76,7 +76,7 @@ cfg_dir=/etc/nagios/conf.d # directly) in order to prevent inconsistencies that can occur # when the config files are modified after Nagios starts. -object_cache_file=/var/log/nagios/objects.cache +object_cache_file=/var/spool/nagios/objects.cache @@ -92,7 +92,7 @@ object_cache_file=/var/log/nagios/objects.cache # Read the documentation section on optimizing Nagios to find our more # about how this feature works. -precached_object_file=/var/log/nagios/objects.precache +precached_object_file=/var/spool/nagios/objects.precache @@ -115,7 +115,7 @@ resource_file=/etc/nagios/private/resource.cfg # The contents of the status file are deleted every time Nagios # restarts. -status_file=/var/log/nagios/status.dat +status_file=/var/spool/nagios/status.dat @@ -189,7 +189,7 @@ lock_file=/var/run/nagios/nagios.pid # is created, used, and deleted throughout the time that Nagios is # running. -temp_file=/var/log/nagios/nagios.tmp +temp_file=/var/spool/nagios/nagios.tmp @@ -629,7 +629,7 @@ retain_state_information=1 # This file is used only if the retain_state_information # variable is set to 1. -state_retention_file=/var/log/nagios/retention.dat +state_retention_file=/var/spool/nagios/retention.dat @@ -718,7 +718,7 @@ interval_length=60 # patches to Nagios. Nagios is critical to you - make sure you keep it in # good shape. Nagios will check once a day for new updates. Data collected # by Nagios Enterprises from the update check is processed in accordance -# with our privacy policy - see http://api.nagios.org for details. +# with our privacy policy - see https://api.nagios.org for details. check_for_updates=1 @@ -842,8 +842,8 @@ process_performance_data=0 # Performance data is only written to these files if the # enable_performance_data option (above) is set to 1. -#host_perfdata_file=/var/log/nagios/host-perfdata -#service_perfdata_file=/var/log/nagios/service-perfdata +#host_perfdata_file=/var/spool/nagios/host-perfdata +#service_perfdata_file=/var/spool/nagios/service-perfdata @@ -1144,10 +1144,12 @@ illegal_object_name_chars=`~!$%^&*|'"<>?,()= # host check commands. # The following macros are stripped of the characters you specify: # $HOSTOUTPUT$ +# $LONGHOSTOUTPUT$ # $HOSTPERFDATA$ # $HOSTACKAUTHOR$ # $HOSTACKCOMMENT$ # $SERVICEOUTPUT$ +# $LONGSERVICEOUTPUT$ # $SERVICEPERFDATA$ # $SERVICEACKAUTHOR$ # $SERVICEACKCOMMENT$ @@ -1298,7 +1300,7 @@ debug_verbosity=1 # DEBUG FILE # This option determines where Nagios should write debugging information. -debug_file=/var/log/nagios/nagios.debug +debug_file=/var/spool/nagios/nagios.debug @@ -1327,6 +1329,16 @@ allow_empty_hostgroup_assignment=0 +# DISABLE SERVICE CHECKS WHEN HOST DOWN +# This option will disable all service checks if the host is not in an UP state +# +# While desirable in some environments, enabling this value can distort report +# values as the expected quantity of checks will not have been performed + +#host_down_disable_service_checks=0 + + + # EXPERIMENTAL load controlling options # To get current defaults based on your system issue a command to # the query handler. Please note that this is an experimental feature