################################################################# # # CGI.CFG - Sample CGI Configuration File for Icinga # ################################################################# # MAIN CONFIGURATION FILE # This tells the CGIs where to find your main configuration file. # The CGIs will read the main and host config files for any other # data they might need. main_config_file=/etc/icinga/icinga.cfg # ATTRIBUTE BASED AUTHORIZATION FILE # This option will include a file defining authroization based on # attributes. #authorization_config_file=/etc/icinga/cgiauth.cfg # PHYSICAL HTML PATH # This is the path where the HTML files for Icinga reside. This # value is used to locate the logo images needed by the statusmap # and statuswrl CGIs. physical_html_path=/usr/share/icinga/htdocs # URL HTML PATH # This is the path portion of the URL that corresponds to the # physical location of the Icinga HTML files (as defined above). # This value is used by the CGIs to locate the online documentation # and graphics. If you access the Icinga pages with an URL like # http://www.myhost.com/icinga, this value should be '/icinga' # (without the quotes). url_html_path=/icinga # URL STYLESHEETS PATH # This option allows to define an url stylesheet path other than the # default ($url_html_path/stylesheets). This will be useful when # adding custom stylesheets in another location. # If not set, the default location will be used. url_stylesheets_path=/icinga/stylesheets # HTTP CHARSET # This defines charset that is sent with HTTP headers. http_charset=utf-8 # NAGIOS PROCESS CHECK COMMAND # This is the full path and filename of the program used to check # the status of the Nagios process. It is used only by the CGIs # and is completely optional. However, if you don't use it, you'll # see warning messages in the CGIs about the Nagios process # not running and you won't be able to execute any commands from # the web interface. The program should follow the same rules # as plugins; the return codes are the same as for the plugins, # it should have timeout protection, it should output something # to STDIO, etc. # # Note: The command line for the check_nagios plugin below may # have to be tweaked a bit, as different versions of the plugin # use different command line arguments/syntaxes. icinga_check_command=/usr/lib/nagios/plugins/check_nagios /var/lib/icinga/status.dat 5 '/usr/sbin/icinga' # CONTEXT-SENSITIVE HELP # This option determines whether or not a context-sensitive # help icon will be displayed for most of the CGIs. # Values: 0 = disables context-sensitive help # 1 = enables context-sensitive help show_context_help=0 # HIGHLIGHT TABLE ROWS # This option allows you to define if table rows in status.cgi # will be highlighted or not. # Values: 0 = disables row highlighting # 1 = enables row highlighting highlight_table_rows=1 # PENDING STATES OPTION # This option determines what states should be displayed in the web # interface for hosts/services that have not yet been checked. # Values: 0 = leave hosts/services that have not been check yet in their original state # 1 = mark hosts/services that have not been checked yet as PENDING use_pending_states=1 # Logging # USE LOGGING # If you want to log information from cgi's (e.g. all submitted commands) # then set this option to 1, default is 0 (off). # WARNING: # This log is highly experimental and changes may occure without notice. Use at your own risk!! use_logging=0 # CGI LOG FILE # This is the cgi log file for information about what users are doing. # At the moment only submitted commands from cmd.cgi will be logged. cgi_log_file=/usr/share/icinga/htdocs/log/icinga-cgi.log # CGI LOG ROTATION METHOD # This is the log rotation method that should be used to rotate # the cgi log file. Values are as follows.. # n = None - don't rotate the log # h = Hourly rotation (top of the hour) # d = Daily rotation (midnight every day) # w = Weekly rotation (midnight on Saturday evening) # m = Monthly rotation (midnight last day of month) cgi_log_rotation_method=d # CGI LOG ARCHIVE PATH # This is the directory where archived (rotated) cgi log files should be # placed (assuming you've chosen to do log rotation). cgi_log_archive_path=/usr/share/icinga/htdocs/log # FORCE COMMENT # This option forces the users of to comment every action they perform. # The comments get logged into cgi log file. This option only has effect # if logging is switched on. See option "use_logging" # Default is 0 (off), to activate it set it to 1 (on). enforce_comments_on_actions=0 # FIRST DAY OF WEEK # Here you can set if your week starts on sunday or monday. # Default is 0 (Sunday), set it to 1 if your week start monday. first_day_of_week=0 # AUTHENTICATION USAGE # This option controls whether or not the CGIs will use any # authentication when displaying host and service information, as # well as committing commands to Icinga for processing. # # Read the HTML documentation to learn how the authorization works! # # NOTE: It is a really *bad* idea to disable authorization, unless # you plan on removing the command CGI (cmd.cgi)! Failure to do # so will leave you wide open to kiddies messing with Icinga and # possibly hitting you with a denial of service attack by filling up # your drive by continuously writing to your command file! # # Setting this value to 0 will cause the CGIs to *not* use # authentication (bad idea), while any other value will make them # use the authentication functions (the default). use_authentication=1 # x509 CERT AUTHENTICATION # When enabled, this option allows you to use x509 cert (SSL) # authentication in the CGIs. This is an advanced option and should # not be enabled unless you know what you're doing. use_ssl_authentication=0 # DEFAULT USER # Setting this variable will define a default user name that can # access pages without authentication. This allows people within a # secure domain (i.e., behind a firewall) to see the current status # without authenticating. You may want to use this to avoid basic # authentication if you are not using a secure server since basic # authentication transmits passwords in the clear. # # Important: Do not define a default username unless you are # running a secure web server and are sure that everyone who has # access to the CGIs has been authenticated in some manner! If you # define this variable, anyone who has not authenticated to the web # server will inherit all rights you assign to this user! #default_user_name=guest # SYSTEM/PROCESS INFORMATION ACCESS # This option is a comma-delimited list of all usernames that # have access to viewing the Icinga process information as # provided by the Extended Information CGI (extinfo.cgi). By # default, *no one* has access to this unless you choose to # not use authorization. You may use an asterisk (*) to # authorize any user who has authenticated to the web server. # Alternatively you can specify contactgroups too, starting # with Icinga 1.5.0 authorized_for_system_information=icingaadmin #authorized_contactgroup_for_system_information= # CONFIGURATION INFORMATION ACCESS # This option is a comma-delimited list of all usernames that # can view ALL configuration information (hosts, commands, etc). # By default, users can only view configuration information # for the hosts and services they are contacts for. You may use # an asterisk (*) to authorize any user who has authenticated # to the web server. # Alternatively you can specify contactgroups too, starting # with Icinga 1.5.0 authorized_for_configuration_information=icingaadmin #authorized_contactgroup_for_configuration_information= # RAW COMMANDLINE CONFIGURATION INFORMATION ACCESS # This option is a comma-delimited list of all usernames that # can view a command in config command expander as icinga would # execute it. To resolve all MACROS it is necessary to allow # read access to the web server for resource.cfg . # CAUTION: $USERXX$ vars and custom vars can contain sensitive # data. # Alternatively you can specify contactgroups too. authorized_for_full_command_resolution=icingaadmin #authorized_contactgroup_for_full_command_resolution= # SYSTEM/PROCESS COMMAND ACCESS # This option is a comma-delimited list of all usernames that # can issue shutdown and restart commands to Icinga via the # command CGI (cmd.cgi). Users in this list can also change # the program mode to active or standby. By default, *no one* # has access to this unless you choose to not use authorization. # You may use an asterisk (*) to authorize any user who has # authenticated to the web server. # Alternatively you can specify contactgroups too, starting # with Icinga 1.5.0 authorized_for_system_commands=icingaadmin #authorized_contactgroup_for_system_commands= # GLOBAL HOST/SERVICE VIEW ACCESS # These two options are comma-delimited lists of all usernames that # can view information for all hosts and services that are being # monitored. By default, users can only view information # for hosts or services that they are contacts for (unless you # you choose to not use authorization). You may use an asterisk (*) # to authorize any user who has authenticated to the web server. # Alternatively you can specify contactgroups too, starting # with Icinga 1.5.0 authorized_for_all_services=dsa-guest,icingaadmin authorized_for_all_hosts=dsa-guest,icingaadmin #authorized_contactgroup_for_all_services= #authorized_contactgroup_for_all_hosts= # GLOBAL HOST/SERVICE COMMAND ACCESS # These two options are comma-delimited lists of all usernames that # can issue host or service related commands via the command # CGI (cmd.cgi) for all hosts and services that are being monitored. # By default, users can only issue commands for hosts or services # that they are contacts for (unless you you choose to not use # authorization). You may use an asterisk (*) to authorize any # user who has authenticated to the web server. # Alternatively you can specify contactgroups too, starting # with Icinga 1.5.0 authorized_for_all_service_commands=icingaadmin authorized_for_all_host_commands=icingaadmin #authorized_contactgroup_for_all_service_commands= #authorized_contactgroup_for_all_host_commands= # READ-ONLY USERS # A comma-delimited list of usernames that have read-only rights in # the CGIs. This will block any service or host commands normally shown # on the extinfo CGI pages. It will also block comments from being shown # to read-only users. # Alternatively you can specify contactgroups too, starting # with Icinga 1.5.0 #authorized_for_read_only=user1,user2 #authorized_contactgroup_for_read_only= # SHOW ALL SERVICES THE HOST IS AUTHORIZED FOR # By default, a user can see all services on a host, if the user is # authorized as contact for the host only. By disabling this option, # the user must be an authorized contact for the service too in order # to view it. # Values: 0 - disabled, user must be authorized for services too # 1 - enabled, user can view all services on authorized host show_all_services_host_is_authorized_for=1 # SHOW PARTIAL HOSTGROUPS # By default, a user only sees a hostgroup and the hosts within it if # they are an authorized contact for all of the hosts of the group. By # enabling this option hostgroups will show a partial listing of hosts # the user is an authorized contact for in the hostgroups. # Values: 0 - disabled, user only sees full hostgroups (default) # 1 - enabled, user sees partial hostgroups show_partial_hostgroups=0 # STATUSMAP BACKGROUND IMAGE # This option allows you to specify an image to be used as a # background in the statusmap CGI. It is assumed that the image # resides in the HTML images path (i.e. /usr/local/icinga/share/images). # This path is automatically determined by appending "/images" # to the path specified by the 'physical_html_path' directive. # Note: The image file may be in GIF, PNG, JPEG, or GD2 format. # However, I recommend that you convert your image to GD2 format # (uncompressed), as this will cause less CPU load when the CGI # generates the image. #statusmap_background_image=smbackground.gd2 # STATUSMAP TRANSPARENCY INDEX COLOR # These options set the r,g,b values of the background color used the statusmap CGI, # so normal browsers that can't show real png transparency set the desired color as # a background color instead (to make it look pretty). # Defaults to white: (R,G,B) = (255,255,255). #color_transparency_index_r=255 #color_transparency_index_g=255 #color_transparency_index_b=255 # DEFAULT STATUSMAP LAYOUT METHOD # This option allows you to specify the default layout method # the statusmap CGI should use for drawing hosts. If you do # not use this option, the default is to use user-defined # coordinates. Valid options are as follows: # 0 = User-defined coordinates # 1 = Depth layers # 2 = Collapsed tree # 3 = Balanced tree # 4 = Circular # 5 = Circular (Marked Up) default_statusmap_layout=5 # DEFAULT STATUSWRL LAYOUT METHOD # This option allows you to specify the default layout method # the statuswrl (VRML) CGI should use for drawing hosts. If you # do not use this option, the default is to use user-defined # coordinates. Valid options are as follows: # 0 = User-defined coordinates # 2 = Collapsed tree # 3 = Balanced tree # 4 = Circular default_statuswrl_layout=4 # STATUSWRL INCLUDE # This option allows you to include your own objects in the # generated VRML world. It is assumed that the file # resides in the HTML path (i.e. /usr/local/icinga/share). #statuswrl_include=myworld.wrl # PING SYNTAX # This option determines what syntax should be used when # attempting to ping a host from the WAP interface (using # the statuswml CGI. You must include the full path to # the ping binary, along with all required options. The # $HOSTADDRESS$ macro is substituted with the address of # the host before the command is executed. # Please note that the syntax for the ping binary is # notorious for being different on virtually ever *NIX # OS and distribution, so you may have to tweak this to # work on your system. ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$ # REFRESH RATE # This option allows you to specify the refresh rate in seconds # of various CGIs (extinfo, outages, status, statusmap and tac). refresh_rate=90 # REFRESH TYPE # This option determines what type of refresh should be used. # You can choose between http header and javascript. By # default javascript (1) is activated. If you have trouble # using javascript then try refresh via http header (0). refresh_type=1 # ESCAPE HTML TAGS # This option determines whether HTML tags in host and service # status output is escaped in the web interface. If enabled, # your plugin output will not be able to contain clickable links. escape_html_tags=1 # PERSISTENT ACKNOWLEDGEMENT COMMENTS # This options determines whether the initial state of the # checkbox "Persistent Comment:" for service and host problem # acknowledgements is checked or unchecked persistent_ack_comments=0 # SOUND OPTIONS # These options allow you to specify an optional audio file # that should be played in your browser window when there are # problems on the network. The audio files are used only in # the status CGI. Only the sound for the most critical problem # will be played. Order of importance (higher to lower) is as # follows: unreachable hosts, down hosts, critical services, # warning services, and unknown services. If there are no # visible problems, the sound file optionally specified by # 'normal_sound' variable will be played. # # # = # # Note: All audio files must be placed in the /media subdirectory # under the HTML path (i.e. /usr/local/icinga/share/media/). #host_unreachable_sound=hostdown.wav #host_down_sound=hostdown.wav #service_critical_sound=critical.wav #service_warning_sound=warning.wav #service_unknown_sound=warning.wav #normal_sound=noproblem.wav # URL TARGET FRAMES # These options determine the target frames in which notes and # action URLs will open. Default is main frame. action_url_target=main notes_url_target=main #action_url_target=_blank #notes_url_target=_blank # LOCK AUTHOR NAMES OPTION # This option determines whether users can change the author name # when submitting comments, scheduling downtime. If disabled, the # author names will be locked into their contact name, as defined in Icinga. # Values: 0 = allow editing author names # 1 = lock author names (disallow editing) lock_author_names=1 # DEFAULT DOWNTIME DURATION # This option defines the default duration (in seconds) of fixed and # flexible downtimes. Default is 7200 seconds (2 hours). default_downtime_duration=7200 # DEFAULT EXPIRING ACKNOWLEDGEMENT DURATION # This option defines the default duration (in seconds) of a expiring # acknowledgement. Default is 86400 seconds (1 day). default_expiring_acknowledgement_duration=86400 # SHOW LONG PLUGIN OUTPUT IN STATUS OPTION # This option allows you to specify the length of status information # in output of status.cgi. If you set the value to 1 it shows the # full plugin output instead of the first line only. # Default value is 0. status_show_long_plugin_output=0 # DISPLAY STATUS TOTAL # This option allows you to specify if the # Host Status Totals and Service Status Totals # should be displayed. # Default value is 0. display_status_totals=0 # SHOW ONLY HARD STATES IN TAC OPTION # This options allows you to specify if the tactical overview # should only show hard states on hosts and services. # By default disabled, all states will be shown. tac_show_only_hard_state=0 # SHOW CHILD HOSTS IN EXTINFO OPTION # This Option allows you to specify if the extended host information # cgi will show child hosts for the selected host. # 0 = disabled # 1 = only show immediate child hosts # 2 = show immediate and all child hosts # NOTE: Option 2 could be a real performance killer in # large installations, so use with care. # By default disabled, as this could be a performance killer. extinfo_show_child_hosts=0 # SUPPRESS MAINTENANCE DOWNTIME # This options suppresses the state coloring of hosts and services # that are in a scheduled downtime. It sets their coloring to gray, # so they no longer draw extra attention to themselves, making it # so only actual problems are the ones that stand out. # By default it is disabled. suppress_maintenance_downtime=0 # SHOW TAC INFORMATION IN TOP FRAME # This options places tactical overview information in # the top frame similar to the view that's in icinga-web. # By default it is enabled. show_tac_header=1 # SHOW PENDING IN TAC HEADER # This options enables the display of pending counts in # the tac header. If your display is less than 1024x768 # and this is enabled, the tactical information may not # fit well in the top frame. # By default it is enabled. show_tac_header_pending=1 # SHOW INITIAL STATES IN SHOWLOG OPTION # This options allows you to specify if initial states # of hosts and services should be shown in showlog.cgi # Note: This Option only works if the option # "log_initial_states" in icinga.cfg is set to 1. # By default it's enabled. Default is 0. #showlog_initial_states=0 # SHOW CURRENT STATES IN SHOWLOG OPTION # This options allows you to specify if current states # of hosts and services should be shown in showlog.cgi # Note: This Option only works if the option # "log_current_states" in icinga.cfg is set to 1. # By default it's enabled. Default is 0. #showlog_current_states=0 # DEFAULT NUM DISPLAYED LOG ENTRIES OPTION # This options specifies the number of log entries # displayed by default in showlog.cgi. To display # all log entries by default set this value to 0. # Default is 10000. #default_num_displayed_log_entries=10000 # CSV DELIMITER # This option determines the character which should act as # delimiter. Default is ";". #csv_delimiter=; # CSV DATA ENCLOSURE # This option determines the character which should act as # data enclosure to wrap in the data. Default is "'". #csv_data_enclosure=' # TAB-FRIENDLY S # Activating this option changes the <title> of status.cgi # and extinfo.cgi when they refer to a single host, service, # or group. They will then read: # [Host] # {HostGroup} # ServiceDesc @ Host # (ServiceGroup) # These are easier to read and find if you use (many) tabs # in your browser. # Default is enabled. 0=disabled, 1=enabled tab_friendly_titles=1 # SERVICE STATES TO ANNOTATE WITH CURRENT NOTIFICATION NO. # Set this to an OR of the service state identifiers for # which status.cgi should not only report "Attempts" (e.g., # "3/3" for a HARD non-OK state with max_check_attempts=3) # but also the current notification number ("(#0)" if no # problem notification has been sent yet, etc.). This is # helpful to identify services which switched between # different non-OK states a lot, or services which have a # first_notification_delay set and are "not yet officially" # considered in trouble. # Relevant values from include/statusdata.h (look them up # *there* if you want to be *really* sure): # #define SERVICE_PENDING 1 # #define SERVICE_OK 2 # #define SERVICE_WARNING 4 # #define SERVICE_UNKNOWN 8 # #define SERVICE_CRITICAL 16 # You'll likely want to use add_notif_num_hard=0 (default) # or add_notif_num_hard=28 (warn+crit+unknown). There's an # add_notif_num_soft affecting services in a SOFT state # for sake of completeness, too. #add_notif_num_hard=28 #add_notif_num_soft=0 # SPLUNK INTEGRATION OPTIONS # These options allow you to enable integration with Splunk # in the web interface. If enabled, you'll be presented with # "Splunk It" links in various places in the CGIs (log file, # alert history, host/service detail, etc). Useful if you're # trying to research why a particular problem occurred. # For more information on Splunk, visit http://www.splunk.com/ # This option determines whether the Splunk integration is enabled # Values: 0 = disable Splunk integration # 1 = enable Splunk integration #enable_splunk_integration=1 # This option should be the URL used to access your instance of Splunk #splunk_url=http://127.0.0.1:8000/