1 #################################################################
3 # CGI.CFG - Sample CGI Configuration File for Icinga
5 #################################################################
8 # MAIN CONFIGURATION FILE
9 # This tells the CGIs where to find your main configuration file.
10 # The CGIs will read the main and host config files for any other
11 # data they might need.
13 main_config_file=/etc/icinga/icinga.cfg
16 # ATTRIBUTE BASED AUTHORIZATION FILE
17 # This option will include a file defining authroization based on
20 #authorization_config_file=/etc/icinga/cgiauth.cfg
24 # This is the path where the HTML files for Icinga reside. This
25 # value is used to locate the logo images needed by the statusmap
28 physical_html_path=/usr/share/icinga/htdocs
33 # This is the path portion of the URL that corresponds to the
34 # physical location of the Icinga HTML files (as defined above).
35 # This value is used by the CGIs to locate the online documentation
36 # and graphics. If you access the Icinga pages with an URL like
37 # http://www.myhost.com/icinga, this value should be '/icinga'
38 # (without the quotes).
44 # URL STYLESHEETS PATH
45 # This option allows to define an url stylesheet path other than the
46 # default ($url_html_path/stylesheets). This will be useful when
47 # adding custom stylesheets in another location.
48 # If not set, the default location will be used.
50 url_stylesheets_path=/icinga/stylesheets
55 # This defines charset that is sent with HTTP headers.
59 # NAGIOS PROCESS CHECK COMMAND
60 # This is the full path and filename of the program used to check
61 # the status of the Nagios process. It is used only by the CGIs
62 # and is completely optional. However, if you don't use it, you'll
63 # see warning messages in the CGIs about the Nagios process
64 # not running and you won't be able to execute any commands from
65 # the web interface. The program should follow the same rules
66 # as plugins; the return codes are the same as for the plugins,
67 # it should have timeout protection, it should output something
70 # Note: The command line for the check_nagios plugin below may
71 # have to be tweaked a bit, as different versions of the plugin
72 # use different command line arguments/syntaxes.
74 icinga_check_command=/usr/lib/nagios/plugins/check_nagios /var/lib/icinga/status.dat 5 '/usr/sbin/icinga'
76 # CONTEXT-SENSITIVE HELP
77 # This option determines whether or not a context-sensitive
78 # help icon will be displayed for most of the CGIs.
79 # Values: 0 = disables context-sensitive help
80 # 1 = enables context-sensitive help
86 # HIGHLIGHT TABLE ROWS
87 # This option allows you to define if table rows in status.cgi
88 # will be highlighted or not.
89 # Values: 0 = disables row highlighting
90 # 1 = enables row highlighting
92 highlight_table_rows=1
96 # PENDING STATES OPTION
97 # This option determines what states should be displayed in the web
98 # interface for hosts/services that have not yet been checked.
99 # Values: 0 = leave hosts/services that have not been check yet in their original state
100 # 1 = mark hosts/services that have not been checked yet as PENDING
108 # If you want to log information from cgi's (e.g. all submitted commands)
109 # then set this option to 1, default is 0 (off).
111 # This log is highly experimental and changes may occure without notice. Use at your own risk!!
117 # This is the cgi log file for information about what users are doing.
118 # At the moment only submitted commands from cmd.cgi will be logged.
120 cgi_log_file=/usr/share/icinga/htdocs/log/icinga-cgi.log
123 # CGI LOG ROTATION METHOD
124 # This is the log rotation method that should be used to rotate
125 # the cgi log file. Values are as follows..
126 # n = None - don't rotate the log
127 # h = Hourly rotation (top of the hour)
128 # d = Daily rotation (midnight every day)
129 # w = Weekly rotation (midnight on Saturday evening)
130 # m = Monthly rotation (midnight last day of month)
132 cgi_log_rotation_method=d
135 # CGI LOG ARCHIVE PATH
136 # This is the directory where archived (rotated) cgi log files should be
137 # placed (assuming you've chosen to do log rotation).
139 cgi_log_archive_path=/usr/share/icinga/htdocs/log
143 # This option forces the users of to comment every action they perform.
144 # The comments get logged into cgi log file. This option only has effect
145 # if logging is switched on. See option "use_logging"
146 # Default is 0 (off), to activate it set it to 1 (on).
148 enforce_comments_on_actions=0
152 # Here you can set if your week starts on sunday or monday.
153 # Default is 0 (Sunday), set it to 1 if your week start monday.
158 # AUTHENTICATION USAGE
159 # This option controls whether or not the CGIs will use any
160 # authentication when displaying host and service information, as
161 # well as committing commands to Icinga for processing.
163 # Read the HTML documentation to learn how the authorization works!
165 # NOTE: It is a really *bad* idea to disable authorization, unless
166 # you plan on removing the command CGI (cmd.cgi)! Failure to do
167 # so will leave you wide open to kiddies messing with Icinga and
168 # possibly hitting you with a denial of service attack by filling up
169 # your drive by continuously writing to your command file!
171 # Setting this value to 0 will cause the CGIs to *not* use
172 # authentication (bad idea), while any other value will make them
173 # use the authentication functions (the default).
180 # x509 CERT AUTHENTICATION
181 # When enabled, this option allows you to use x509 cert (SSL)
182 # authentication in the CGIs. This is an advanced option and should
183 # not be enabled unless you know what you're doing.
185 use_ssl_authentication=0
191 # Setting this variable will define a default user name that can
192 # access pages without authentication. This allows people within a
193 # secure domain (i.e., behind a firewall) to see the current status
194 # without authenticating. You may want to use this to avoid basic
195 # authentication if you are not using a secure server since basic
196 # authentication transmits passwords in the clear.
198 # Important: Do not define a default username unless you are
199 # running a secure web server and are sure that everyone who has
200 # access to the CGIs has been authenticated in some manner! If you
201 # define this variable, anyone who has not authenticated to the web
202 # server will inherit all rights you assign to this user!
204 #default_user_name=guest
208 # SYSTEM/PROCESS INFORMATION ACCESS
209 # This option is a comma-delimited list of all usernames that
210 # have access to viewing the Icinga process information as
211 # provided by the Extended Information CGI (extinfo.cgi). By
212 # default, *no one* has access to this unless you choose to
213 # not use authorization. You may use an asterisk (*) to
214 # authorize any user who has authenticated to the web server.
215 # Alternatively you can specify contactgroups too, starting
218 authorized_for_system_information=icingaadmin
219 #authorized_contactgroup_for_system_information=
222 # CONFIGURATION INFORMATION ACCESS
223 # This option is a comma-delimited list of all usernames that
224 # can view ALL configuration information (hosts, commands, etc).
225 # By default, users can only view configuration information
226 # for the hosts and services they are contacts for. You may use
227 # an asterisk (*) to authorize any user who has authenticated
229 # Alternatively you can specify contactgroups too, starting
232 authorized_for_configuration_information=icingaadmin
233 #authorized_contactgroup_for_configuration_information=
236 # RAW COMMANDLINE CONFIGURATION INFORMATION ACCESS
237 # This option is a comma-delimited list of all usernames that
238 # can view a command in config command expander as icinga would
239 # execute it. To resolve all MACROS it is necessary to allow
240 # read access to the web server for resource.cfg .
241 # CAUTION: $USERXX$ vars and custom vars can contain sensitive
243 # Alternatively you can specify contactgroups too.
245 authorized_for_full_command_resolution=icingaadmin
246 #authorized_contactgroup_for_full_command_resolution=
249 # SYSTEM/PROCESS COMMAND ACCESS
250 # This option is a comma-delimited list of all usernames that
251 # can issue shutdown and restart commands to Icinga via the
252 # command CGI (cmd.cgi). Users in this list can also change
253 # the program mode to active or standby. By default, *no one*
254 # has access to this unless you choose to not use authorization.
255 # You may use an asterisk (*) to authorize any user who has
256 # authenticated to the web server.
257 # Alternatively you can specify contactgroups too, starting
260 authorized_for_system_commands=icingaadmin
261 #authorized_contactgroup_for_system_commands=
264 # GLOBAL HOST/SERVICE VIEW ACCESS
265 # These two options are comma-delimited lists of all usernames that
266 # can view information for all hosts and services that are being
267 # monitored. By default, users can only view information
268 # for hosts or services that they are contacts for (unless you
269 # you choose to not use authorization). You may use an asterisk (*)
270 # to authorize any user who has authenticated to the web server.
271 # Alternatively you can specify contactgroups too, starting
275 authorized_for_all_services=dsa-guest,icingaadmin
276 authorized_for_all_hosts=dsa-guest,icingaadmin
277 #authorized_contactgroup_for_all_services=
278 #authorized_contactgroup_for_all_hosts=
281 # GLOBAL HOST/SERVICE COMMAND ACCESS
282 # These two options are comma-delimited lists of all usernames that
283 # can issue host or service related commands via the command
284 # CGI (cmd.cgi) for all hosts and services that are being monitored.
285 # By default, users can only issue commands for hosts or services
286 # that they are contacts for (unless you you choose to not use
287 # authorization). You may use an asterisk (*) to authorize any
288 # user who has authenticated to the web server.
289 # Alternatively you can specify contactgroups too, starting
292 authorized_for_all_service_commands=icingaadmin
293 authorized_for_all_host_commands=icingaadmin
294 #authorized_contactgroup_for_all_service_commands=
295 #authorized_contactgroup_for_all_host_commands=
299 # A comma-delimited list of usernames that have read-only rights in
300 # the CGIs. This will block any service or host commands normally shown
301 # on the extinfo CGI pages. It will also block comments from being shown
302 # to read-only users.
303 # Alternatively you can specify contactgroups too, starting
306 #authorized_for_read_only=user1,user2
307 #authorized_contactgroup_for_read_only=
310 # SHOW ALL SERVICES THE HOST IS AUTHORIZED FOR
311 # By default, a user can see all services on a host, if the user is
312 # authorized as contact for the host only. By disabling this option,
313 # the user must be an authorized contact for the service too in order
315 # Values: 0 - disabled, user must be authorized for services too
316 # 1 - enabled, user can view all services on authorized host
318 show_all_services_host_is_authorized_for=1
321 # SHOW PARTIAL HOSTGROUPS
322 # By default, a user only sees a hostgroup and the hosts within it if
323 # they are an authorized contact for all of the hosts of the group. By
324 # enabling this option hostgroups will show a partial listing of hosts
325 # the user is an authorized contact for in the hostgroups.
326 # Values: 0 - disabled, user only sees full hostgroups (default)
327 # 1 - enabled, user sees partial hostgroups
329 show_partial_hostgroups=0
332 # STATUSMAP BACKGROUND IMAGE
333 # This option allows you to specify an image to be used as a
334 # background in the statusmap CGI. It is assumed that the image
335 # resides in the HTML images path (i.e. /usr/local/icinga/share/images).
336 # This path is automatically determined by appending "/images"
337 # to the path specified by the 'physical_html_path' directive.
338 # Note: The image file may be in GIF, PNG, JPEG, or GD2 format.
339 # However, I recommend that you convert your image to GD2 format
340 # (uncompressed), as this will cause less CPU load when the CGI
341 # generates the image.
343 #statusmap_background_image=smbackground.gd2
348 # STATUSMAP TRANSPARENCY INDEX COLOR
349 # These options set the r,g,b values of the background color used the statusmap CGI,
350 # so normal browsers that can't show real png transparency set the desired color as
351 # a background color instead (to make it look pretty).
352 # Defaults to white: (R,G,B) = (255,255,255).
354 #color_transparency_index_r=255
355 #color_transparency_index_g=255
356 #color_transparency_index_b=255
361 # DEFAULT STATUSMAP LAYOUT METHOD
362 # This option allows you to specify the default layout method
363 # the statusmap CGI should use for drawing hosts. If you do
364 # not use this option, the default is to use user-defined
365 # coordinates. Valid options are as follows:
366 # 0 = User-defined coordinates
371 # 5 = Circular (Marked Up)
373 default_statusmap_layout=5
377 # DEFAULT STATUSWRL LAYOUT METHOD
378 # This option allows you to specify the default layout method
379 # the statuswrl (VRML) CGI should use for drawing hosts. If you
380 # do not use this option, the default is to use user-defined
381 # coordinates. Valid options are as follows:
382 # 0 = User-defined coordinates
387 default_statuswrl_layout=4
392 # This option allows you to include your own objects in the
393 # generated VRML world. It is assumed that the file
394 # resides in the HTML path (i.e. /usr/local/icinga/share).
396 #statuswrl_include=myworld.wrl
401 # This option determines what syntax should be used when
402 # attempting to ping a host from the WAP interface (using
403 # the statuswml CGI. You must include the full path to
404 # the ping binary, along with all required options. The
405 # $HOSTADDRESS$ macro is substituted with the address of
406 # the host before the command is executed.
407 # Please note that the syntax for the ping binary is
408 # notorious for being different on virtually ever *NIX
409 # OS and distribution, so you may have to tweak this to
410 # work on your system.
412 ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
417 # This option allows you to specify the refresh rate in seconds
418 # of various CGIs (extinfo, outages, status, statusmap and tac).
424 # This option determines what type of refresh should be used.
425 # You can choose between http header and javascript. By
426 # default javascript (1) is activated. If you have trouble
427 # using javascript then try refresh via http header (0).
433 # This option determines whether HTML tags in host and service
434 # status output is escaped in the web interface. If enabled,
435 # your plugin output will not be able to contain clickable links.
441 # PERSISTENT ACKNOWLEDGEMENT COMMENTS
442 # This options determines whether the initial state of the
443 # checkbox "Persistent Comment:" for service and host problem
444 # acknowledgements is checked or unchecked
446 persistent_ack_comments=0
450 # These options allow you to specify an optional audio file
451 # that should be played in your browser window when there are
452 # problems on the network. The audio files are used only in
453 # the status CGI. Only the sound for the most critical problem
454 # will be played. Order of importance (higher to lower) is as
455 # follows: unreachable hosts, down hosts, critical services,
456 # warning services, and unknown services. If there are no
457 # visible problems, the sound file optionally specified by
458 # 'normal_sound' variable will be played.
461 # <varname>=<sound_file>
463 # Note: All audio files must be placed in the /media subdirectory
464 # under the HTML path (i.e. /usr/local/icinga/share/media/).
466 #host_unreachable_sound=hostdown.wav
467 #host_down_sound=hostdown.wav
468 #service_critical_sound=critical.wav
469 #service_warning_sound=warning.wav
470 #service_unknown_sound=warning.wav
471 #normal_sound=noproblem.wav
476 # These options determine the target frames in which notes and
477 # action URLs will open. Default is main frame.
479 action_url_target=main
480 notes_url_target=main
481 #action_url_target=_blank
482 #notes_url_target=_blank
487 # LOCK AUTHOR NAMES OPTION
488 # This option determines whether users can change the author name
489 # when submitting comments, scheduling downtime. If disabled, the
490 # author names will be locked into their contact name, as defined in Icinga.
491 # Values: 0 = allow editing author names
492 # 1 = lock author names (disallow editing)
498 # DEFAULT DOWNTIME DURATION
499 # This option defines the default duration (in seconds) of fixed and
500 # flexible downtimes. Default is 7200 seconds (2 hours).
502 default_downtime_duration=7200
506 # DEFAULT EXPIRING ACKNOWLEDGEMENT DURATION
507 # This option defines the default duration (in seconds) of a expiring
508 # acknowledgement. Default is 86400 seconds (1 day).
510 default_expiring_acknowledgement_duration=86400
514 # SHOW LONG PLUGIN OUTPUT IN STATUS OPTION
515 # This option allows you to specify the length of status information
516 # in output of status.cgi. If you set the value to 1 it shows the
517 # full plugin output instead of the first line only.
518 # Default value is 0.
520 status_show_long_plugin_output=0
524 # DISPLAY STATUS TOTAL
525 # This option allows you to specify if the
526 # Host Status Totals and Service Status Totals
527 # should be displayed.
528 # Default value is 0.
530 display_status_totals=0
534 # SHOW ONLY HARD STATES IN TAC OPTION
535 # This options allows you to specify if the tactical overview
536 # should only show hard states on hosts and services.
537 # By default disabled, all states will be shown.
539 tac_show_only_hard_state=0
543 # SHOW CHILD HOSTS IN EXTINFO OPTION
544 # This Option allows you to specify if the extended host information
545 # cgi will show child hosts for the selected host.
547 # 1 = only show immediate child hosts
548 # 2 = show immediate and all child hosts
549 # NOTE: Option 2 could be a real performance killer in
550 # large installations, so use with care.
551 # By default disabled, as this could be a performance killer.
553 extinfo_show_child_hosts=0
557 # SUPPRESS MAINTENANCE DOWNTIME
558 # This options suppresses the state coloring of hosts and services
559 # that are in a scheduled downtime. It sets their coloring to gray,
560 # so they no longer draw extra attention to themselves, making it
561 # so only actual problems are the ones that stand out.
562 # By default it is disabled.
564 suppress_maintenance_downtime=0
567 # SHOW TAC INFORMATION IN TOP FRAME
568 # This options places tactical overview information in
569 # the top frame similar to the view that's in icinga-web.
570 # By default it is enabled.
575 # SHOW PENDING IN TAC HEADER
576 # This options enables the display of pending counts in
577 # the tac header. If your display is less than 1024x768
578 # and this is enabled, the tactical information may not
579 # fit well in the top frame.
580 # By default it is enabled.
582 show_tac_header_pending=1
586 # SHOW INITIAL STATES IN SHOWLOG OPTION
587 # This options allows you to specify if initial states
588 # of hosts and services should be shown in showlog.cgi
589 # Note: This Option only works if the option
590 # "log_initial_states" in icinga.cfg is set to 1.
591 # By default it's enabled. Default is 0.
593 #showlog_initial_states=0
597 # SHOW CURRENT STATES IN SHOWLOG OPTION
598 # This options allows you to specify if current states
599 # of hosts and services should be shown in showlog.cgi
600 # Note: This Option only works if the option
601 # "log_current_states" in icinga.cfg is set to 1.
602 # By default it's enabled. Default is 0.
604 #showlog_current_states=0
608 # DEFAULT NUM DISPLAYED LOG ENTRIES OPTION
609 # This options specifies the number of log entries
610 # displayed by default in showlog.cgi. To display
611 # all log entries by default set this value to 0.
614 #default_num_displayed_log_entries=10000
619 # This option determines the character which should act as
620 # delimiter. Default is ";".
627 # This option determines the character which should act as
628 # data enclosure to wrap in the data. Default is "'".
630 #csv_data_enclosure='
634 # TAB-FRIENDLY <TITLE>S
635 # Activating this option changes the <title> of status.cgi
636 # and extinfo.cgi when they refer to a single host, service,
637 # or group. They will then read:
642 # These are easier to read and find if you use (many) tabs
644 # Default is enabled. 0=disabled, 1=enabled
646 tab_friendly_titles=1
649 # SERVICE STATES TO ANNOTATE WITH CURRENT NOTIFICATION NO.
650 # Set this to an OR of the service state identifiers for
651 # which status.cgi should not only report "Attempts" (e.g.,
652 # "3/3" for a HARD non-OK state with max_check_attempts=3)
653 # but also the current notification number ("(#0)" if no
654 # problem notification has been sent yet, etc.). This is
655 # helpful to identify services which switched between
656 # different non-OK states a lot, or services which have a
657 # first_notification_delay set and are "not yet officially"
658 # considered in trouble.
659 # Relevant values from include/statusdata.h (look them up
660 # *there* if you want to be *really* sure):
661 # #define SERVICE_PENDING 1
662 # #define SERVICE_OK 2
663 # #define SERVICE_WARNING 4
664 # #define SERVICE_UNKNOWN 8
665 # #define SERVICE_CRITICAL 16
666 # You'll likely want to use add_notif_num_hard=0 (default)
667 # or add_notif_num_hard=28 (warn+crit+unknown). There's an
668 # add_notif_num_soft affecting services in a SOFT state
669 # for sake of completeness, too.
671 #add_notif_num_hard=28
672 #add_notif_num_soft=0
676 # SPLUNK INTEGRATION OPTIONS
677 # These options allow you to enable integration with Splunk
678 # in the web interface. If enabled, you'll be presented with
679 # "Splunk It" links in various places in the CGIs (log file,
680 # alert history, host/service detail, etc). Useful if you're
681 # trying to research why a particular problem occurred.
682 # For more information on Splunk, visit http://www.splunk.com/
684 # This option determines whether the Splunk integration is enabled
685 # Values: 0 = disable Splunk integration
686 # 1 = enable Splunk integration
688 #enable_splunk_integration=1
691 # This option should be the URL used to access your instance of Splunk
693 #splunk_url=http://127.0.0.1:8000/