From 5cc3ea8e33a74c6b34bd2b13f4a899668683e19c Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 15 May 2015 09:15:55 +0200
Subject: [PATCH] use new cgi.cfg from the package

---
 config/static/cgi.cfg | 902 +++++++++++++++++++++++++++++-------------
 1 file changed, 623 insertions(+), 279 deletions(-)

diff --git a/config/static/cgi.cfg b/config/static/cgi.cfg
index c0f99e9..bf05e00 100644
--- a/config/static/cgi.cfg
+++ b/config/static/cgi.cfg
@@ -1,10 +1,17 @@
 #################################################################
 #
-# CGI.CFG - Sample CGI Configuration File for Icinga
+# CGI.CFG - CGI Configuration File for Icinga
 #
 #################################################################
 
 
+
+######################################
+#
+#    COMMON (ALL CGIs)
+#
+######################################
+
 # MAIN CONFIGURATION FILE
 # This tells the CGIs where to find your main configuration file.
 # The CGIs will read the main and host config files for any other
@@ -13,17 +20,25 @@
 main_config_file=/etc/icinga/icinga.cfg
 
 
-# ATTRIBUTE BASED AUTHORIZATION FILE
-# This option will include a file defining authroization based on
-# attributes.
 
-#authorization_config_file=/etc/icinga/cgiauth.cfg
+# STANDALONE INSTALLATION
+# This is only useful in an Icinga 2 setup (or any other setup
+# containing multiple Classic UI installs). If you have installed
+# Icinga 2 with compat layer and classic-ui, you can set this
+# to 1. Otherwise leave it at 0.
+# Enabling this option ignores main_config_file setting.
+#
+# NOTE: Check also the "Standalone (Icinga2) section" at the bottom
+# if this option is switched on!
+
+standalone_installation=0
+
 
 
 # PHYSICAL HTML PATH
 # This is the path where the HTML files for Icinga reside.  This
 # value is used to locate the logo images needed by the statusmap
-# and statuswrl CGIs.
+# and status CGIs.
 
 physical_html_path=/usr/share/icinga/htdocs
 
@@ -39,6 +54,32 @@ physical_html_path=/usr/share/icinga/htdocs
 
 url_html_path=/icinga
 
+# NAGIOS PROCESS CHECK COMMAND
+# This is the full path and filename of the program used to check
+# the status of the Nagios process.  It is used only by the CGIs
+# and is completely optional.  However, if you don't use it, you'll
+# see warning messages in the CGIs about the Nagios process
+# not running and you won't be able to execute any commands from
+# the web interface.  The program should follow the same rules
+# as plugins; the return codes are the same as for the plugins,
+# it should have timeout protection, it should output something
+# to STDIO, etc.
+#
+# Note: The command line for the check_nagios plugin below may
+# have to be tweaked a bit, as different versions of the plugin
+# use different command line arguments/syntaxes.
+
+icinga_check_command=/usr/lib/nagios/plugins/check_nagios /var/lib/icinga/status.dat 5 '/usr/sbin/icinga'
+
+# URL CGI PATH
+# This is the path portion of the URL that corresponds to the
+# physical location of the Icinga CGI files. It is evaluated by
+# the cmd.cgi CSRF protection.
+# This value should be changed if the CGI files are accessible
+# under a different path than the default installation path.
+
+#url_cgi_path=/icinga/cgi-bin
+
 
 
 # URL STYLESHEETS PATH
@@ -56,40 +97,51 @@ url_stylesheets_path=/icinga/stylesheets
 
 http_charset=utf-8
 
-# NAGIOS PROCESS CHECK COMMAND
-# This is the full path and filename of the program used to check
-# the status of the Nagios process.  It is used only by the CGIs
-# and is completely optional.  However, if you don't use it, you'll
-# see warning messages in the CGIs about the Nagios process
-# not running and you won't be able to execute any commands from
-# the web interface.  The program should follow the same rules
-# as plugins; the return codes are the same as for the plugins,
-# it should have timeout protection, it should output something
-# to STDIO, etc.
-#
-# Note: The command line for the check_nagios plugin below may
-# have to be tweaked a bit, as different versions of the plugin
-# use different command line arguments/syntaxes.
 
-icinga_check_command=/usr/lib/nagios/plugins/check_nagios /var/lib/icinga/status.dat 5 '/usr/sbin/icinga'
 
-# CONTEXT-SENSITIVE HELP
-# This option determines whether or not a context-sensitive
-# help icon will be displayed for most of the CGIs.
-# Values: 0 = disables context-sensitive help
-#         1 = enables context-sensitive help
+# REFRESH RATE
+# This option allows you to specify the refresh rate in seconds
+# of various CGIs (extinfo, outages, status, statusmap and tac).
+
+refresh_rate=90
+
 
-show_context_help=0
 
+# REFRESH TYPE
+# This option determines what type of refresh should be used.
+# You can choose between http header and javascript. By
+# default javascript (1) is activated. If you have trouble
+# using javascript then try refresh via http header (0).
 
+refresh_type=1
 
-# HIGHLIGHT TABLE ROWS
-# This option allows you to define if table rows in status.cgi
-# will be highlighted or not.
-# Values: 0 = disables row highlighting
-#	  1 = enables row highlighting
 
-highlight_table_rows=1
+
+# ESCAPE HTML TAGS
+# This option determines whether HTML tags in host and service
+# status output is escaped in the web interface.  If enabled,
+# your plugin output will not be able to contain clickable links.
+
+escape_html_tags=1
+
+
+
+# RESULT LIMIT
+# This options specifies the number of page entries
+# displayed by default in various cgi's. To display
+# all entries by default set this value to 0.
+# Default is 50.
+
+result_limit=50
+
+
+
+# SHOW TAC INFORMATION IN TOP FRAME
+# This options places tactical overview information in
+# the top frame similar to the view that's in icinga-web.
+# By default it is enabled.
+
+show_tac_header=1
 
 
 
@@ -97,62 +149,81 @@ highlight_table_rows=1
 # This option determines what states should be displayed in the web
 # interface for hosts/services that have not yet been checked.
 # Values: 0 = leave hosts/services that have not been check yet in their original state
-#         1 = mark hosts/services that have not been checked yet as PENDING
+#         1 = mark hosts/services that have not been checked yet as PENDING (default)
 
 use_pending_states=1
 
 
-# Logging
 
-# USE LOGGING
-# If you want to log information from cgi's (e.g. all submitted commands)
-# then set this option to 1, default is 0 (off).
-# WARNING:
-# This log is highly experimental and changes may occure without notice. Use at your own risk!!
+# FIRST DAY OF WEEK
+# Here you can set if your week starts on sunday or monday.
+# Default is 0 (Sunday), set it to 1 if your week start monday.
 
-use_logging=0
+first_day_of_week=0
 
 
-# CGI LOG FILE
-# This is the cgi log file for information about what users are doing.
-# At the moment only submitted commands from cmd.cgi will be logged.
 
-cgi_log_file=/usr/share/icinga/htdocs/log/icinga-cgi.log
+# CSV DELIMITER
+# This option determines the character which should act as
+# delimiter. Default is ";".
 
+#csv_delimiter=;
 
-# CGI LOG ROTATION METHOD
-# This is the log rotation method that should be used to rotate
-# the cgi log file. Values are as follows..
-#	n	= None - don't rotate the log
-#	h	= Hourly rotation (top of the hour)
-#	d	= Daily rotation (midnight every day)
-#	w	= Weekly rotation (midnight on Saturday evening)
-#	m	= Monthly rotation (midnight last day of month)
 
-cgi_log_rotation_method=d
 
+# CSV DATA ENCLOSURE
+# This option determines the character which should act as
+# data enclosure to wrap in the data. Default is "'".
 
-# CGI LOG ARCHIVE PATH
-# This is the directory where archived (rotated) cgi log files should be
-# placed (assuming you've chosen to do log rotation).
+#csv_data_enclosure='
 
-cgi_log_archive_path=/usr/share/icinga/htdocs/log
 
 
-# FORCE COMMENT
-# This option forces the users of to comment every action they perform.
-# The comments get logged into cgi log file. This option only has effect
-# if logging is switched on. See option "use_logging"
-# Default  is 0 (off), to activate it set it to 1 (on).
+# SUPPRESS MAINTENANCE DOWNTIME
+# This options suppresses the state coloring of hosts and services
+# that are in a scheduled downtime. It sets their coloring to gray,
+# so they no longer draw extra attention to themselves, making it
+# so only actual problems are the ones that stand out.
+# By default it is disabled.
 
-enforce_comments_on_actions=0
+suppress_maintenance_downtime=0
 
 
-# FIRST DAY OF WEEK
-# Here you can set if your week starts on sunday or monday.
-# Default is 0 (Sunday), set it to 1 if your week start monday.
 
-first_day_of_week=0
+# URL TARGET FRAMES
+# These options determine the target frames in which notes and
+# action URLs will open. Default is main frame.
+
+action_url_target=main
+notes_url_target=main
+#action_url_target=_blank
+#notes_url_target=_blank
+
+
+
+# READ GZIP LOGS
+# This option enables reading of gzipped log files. As this can
+# have a huge performance impact in big environments, this
+# option is disabled by default.
+# 
+
+read_gzip_logs=0
+
+
+
+
+######################################
+#
+#   AUTHENTICATION (ALL CGIs)
+#
+######################################
+
+# ATTRIBUTE BASED AUTHORIZATION FILE
+# This option will include a file defining authroization based on
+# attributes.
+
+#authorization_config_file=/etc/icinga/cgiauth.cfg
+
 
 
 # AUTHENTICATION USAGE
@@ -176,16 +247,33 @@ use_authentication=1
 
 
 
-
-# x509 CERT AUTHENTICATION
-# When enabled, this option allows you to use x509 cert (SSL)
-# authentication in the CGIs.  This is an advanced option and should
-# not be enabled unless you know what you're doing.
+# USE CLIENT CERTIFICATTES
+# This option controls whether the value of the web server environment
+# variable REMOTE_USER or SSL_CLIENT_S_DN_CN will be used. The name of
+# the directive is a bit misleading because unless you set up the use
+# of client certificates the value has to be set to zero (0). Setting
+# the value to one (1) requires "SSLUserName SSL_CLIENT_S_DN_CN" and
+# several other options in your web server config. Please consult your
+# web server configuration documentation for details.
+# 
+# Values:
+# 0 = Use web server environment variable REMOTE_USER to get the user
+#	logged in. Don't use client certificates (default)
+# 1 = Use web server environment variable SSL_CLIENT_S_DN_CN to get
+#	the user logged in. Use client certificates
 
 use_ssl_authentication=0
 
 
 
+# LOWERCASE USER NAME
+# This option controls whether or not the username is converted
+# to all lowercase letters. Can be useful if the username is stored
+# in Active Directory (case-insensitive).
+
+lowercase_user_name=0
+
+
 
 # DEFAULT USER
 # Setting this variable will define a default user name that can
@@ -219,6 +307,7 @@ authorized_for_system_information=icingaadmin
 #authorized_contactgroup_for_system_information=
 
 
+
 # CONFIGURATION INFORMATION ACCESS
 # This option is a comma-delimited list of all usernames that
 # can view ALL configuration information (hosts, commands, etc).
@@ -233,6 +322,7 @@ authorized_for_configuration_information=icingaadmin
 #authorized_contactgroup_for_configuration_information=
 
 
+
 # RAW COMMANDLINE CONFIGURATION INFORMATION ACCESS
 # This option is a comma-delimited list of all usernames that
 # can view a command in config command expander as icinga would
@@ -246,6 +336,7 @@ authorized_for_full_command_resolution=icingaadmin
 #authorized_contactgroup_for_full_command_resolution=
 
 
+
 # SYSTEM/PROCESS COMMAND ACCESS
 # This option is a comma-delimited list of all usernames that
 # can issue shutdown and restart commands to Icinga via the
@@ -261,6 +352,7 @@ authorized_for_system_commands=icingaadmin
 #authorized_contactgroup_for_system_commands=
 
 
+
 # GLOBAL HOST/SERVICE VIEW ACCESS
 # These two options are comma-delimited lists of all usernames that
 # can view information for all hosts and services that are being
@@ -268,16 +360,18 @@ authorized_for_system_commands=icingaadmin
 # for hosts or services that they are contacts for (unless you
 # you choose to not use authorization). You may use an asterisk (*)
 # to authorize any user who has authenticated to the web server.
-# Alternatively you can specify contactgroups too, starting
-# with Icinga 1.5.0
-
+# Alternatively you can specify contactgroups too.
+#
+# NOTE: Users in authorized_for_all_hosts are also automatically
+# authorised to view information for all services.
 
-authorized_for_all_services=dsa-guest,icingaadmin
-authorized_for_all_hosts=dsa-guest,icingaadmin
+authorized_for_all_services=icingaadmin
+authorized_for_all_hosts=icingaadmin
 #authorized_contactgroup_for_all_services=
 #authorized_contactgroup_for_all_hosts=
 
 
+
 # GLOBAL HOST/SERVICE COMMAND ACCESS
 # These two options are comma-delimited lists of all usernames that
 # can issue host or service related commands via the command
@@ -286,8 +380,10 @@ authorized_for_all_hosts=dsa-guest,icingaadmin
 # that they are contacts for (unless you you choose to not use
 # authorization).  You may use an asterisk (*) to authorize any
 # user who has authenticated to the web server.
-# Alternatively you can specify contactgroups too, starting
-# with Icinga 1.5.0
+# Alternatively you can specify contactgroups too.
+#
+# NOTE: Users in authorized_for_all_host_commands are also automatically
+# authorised to issue commands for all services.
 
 authorized_for_all_service_commands=icingaadmin
 authorized_for_all_host_commands=icingaadmin
@@ -295,11 +391,12 @@ authorized_for_all_host_commands=icingaadmin
 #authorized_contactgroup_for_all_host_commands=
 
 
+
 # READ-ONLY USERS
 # A comma-delimited list of usernames that have read-only rights in
 # the CGIs.  This will block any service or host commands normally shown
-# on the extinfo CGI pages.  It will also block comments from being shown
-# to read-only users.
+# on the extinfo CGI pages. It will also block comments and downtimes
+# from being shown to read-only users.
 # Alternatively you can specify contactgroups too, starting
 # with Icinga 1.5.0
 
@@ -307,6 +404,31 @@ authorized_for_all_host_commands=icingaadmin
 #authorized_contactgroup_for_read_only=
 
 
+
+# READ-ONLY FOR COMMENTS USERS
+# A comma-delimited list of usernames that have rights to view comments in
+# the CGIs. If user is defined as read-only and you add the same user to
+# this options, then the user can still see comments. If user is NOT
+# read-only then the options to delete comments in extinfo.cgi are not
+# displayed as well.
+
+#authorized_for_comments_read_only=user1,user2
+#authorized_contactgroup_for_comments_read_only=
+
+
+
+# READ-ONLY FOR DOWNTIMES USERS
+# A comma-delimited list of usernames that have rights to view downtimes in
+# the CGIs. If user is defined as read-only and you add the same user to
+# this options, then the user can still see downtimes. If user is NOT
+# read-only then the options to delete downtimes in extinfo.cgi are not
+# displayed as well.
+
+#authorized_for_downtimes_read_only=user1,user2
+#authorized_contactgroup_for_downtimes_read_only=
+
+
+
 # SHOW ALL SERVICES THE HOST IS AUTHORIZED FOR
 # By default, a user can see all services on a host, if the user is
 # authorized as contact for the host only. By disabling this option,
@@ -318,33 +440,68 @@ authorized_for_all_host_commands=icingaadmin
 show_all_services_host_is_authorized_for=1
 
 
+
 # SHOW PARTIAL HOSTGROUPS
-# By default, a user only sees a hostgroup and the hosts within it if
-# they are an authorized contact for all of the hosts of the group. By
-# enabling this option hostgroups will show a partial listing of hosts
-# the user is an authorized contact for in the hostgroups.
+# By default (meaning the directive is not present or disabled), a user
+# only sees a hostgroup and the hosts within it if they are an authorised
+# contact for all of the hosts of the group. The behaviour can be changed
+# using the directive show_partial_hostgroups=1.
+# When enabled, the hostgroups overview will show a partial listing of hosts
+# that the user is an authorised contact for within each hostgroup.
+# It will also add the string "(Partial Hostgroups Enabled)" to the top of
+# the Hostgroup Overview to help prevent any confusion over whether the option
+# is in use or not. However for privacy reasons, hostgroups that are only showing
+# a partial listing are not specifically indicated.
+# 
 # Values: 0 - disabled, user only sees full hostgroups (default)
 #         1 - enabled, user sees partial hostgroups
 
 show_partial_hostgroups=0
 
 
+
+# SHOW PARTIAL SERVICEROUPS
+# By default (meaning the directive is not present or disabled), a user
+# only sees a servicegroup and the hosts and services within it if they are an
+# authorised contact for all of the hosts and services of the group.
+# The behaviour can be changed using the directive show_partial_servicegroups=1.
+# When enabled, the serviceroups overview will show a partial listing of hosts
+# and services that the user is an authorised contact for within each servicegroup.
+# It will also add the string "(Partial Servicegroups Enabled)" to the top of
+# the Servicegroup Overview to help prevent any confusion over whether the option
+# is in use or not. However for privacy reasons, servicegroups that are only showing
+# a partial listing are not specifically indicated.
+#
+# Values: 0 - disabled, user only sees full servicegroups (default)
+#         1 - enabled, user sees partial servicegroups
+
+show_partial_servicegroups=0
+
+
+
+
+######################################
+#
+#   STATUSMAP (statusmap.cgi)
+#
+######################################
+
 # STATUSMAP BACKGROUND IMAGE
-# This option allows you to specify an image to be used as a
-# background in the statusmap CGI.  It is assumed that the image
-# resides in the HTML images path (i.e. /usr/local/icinga/share/images).
-# This path is automatically determined by appending "/images"
-# to the path specified by the 'physical_html_path' directive.
-# Note:  The image file may be in GIF, PNG, JPEG, or GD2 format.
-# However, I recommend that you convert your image to GD2 format
-# (uncompressed), as this will cause less CPU load when the CGI
-# generates the image.
+# This option allows you to specify an image to be used as a background
+# in the statusmap CGI if you use the user-supplied coordinates layout method.
+# The background image is not be available in any other layout methods. It is
+# assumed that the image resides in the HTML images path (i.e. 
+# /usr/local/icinga/share/images). This path is automatically determined by
+# appending "/images" to the path specified by the physical_html_path directive.
+#
+# NOTE: The image file can be in GIF, JPEG, PNG, or GD2 format. However, GD2
+# format (preferably in uncompressed format) is recommended, as it will reduce
+# the CPU load when the CGI generates the map image.
 
 #statusmap_background_image=smbackground.gd2
 
 
 
-
 # STATUSMAP TRANSPARENCY INDEX COLOR
 # These options set the r,g,b values of the background color used the statusmap CGI,
 # so normal browsers that can't show real png transparency set the desired color as
@@ -357,7 +514,6 @@ show_partial_hostgroups=0
 
 
 
-
 # DEFAULT STATUSMAP LAYOUT METHOD
 # This option allows you to specify the default layout method
 # the statusmap CGI should use for drawing hosts.  If you do
@@ -369,82 +525,18 @@ show_partial_hostgroups=0
 #       3 = Balanced tree
 #       4 = Circular
 #       5 = Circular (Marked Up)
+#       6 = Baloon (Marked Up)
 
 default_statusmap_layout=5
 
 
 
-# DEFAULT STATUSWRL LAYOUT METHOD
-# This option allows you to specify the default layout method
-# the statuswrl (VRML) CGI should use for drawing hosts.  If you
-# do not use this option, the default is to use user-defined
-# coordinates.  Valid options are as follows:
-#	0 = User-defined coordinates
-#       2 = Collapsed tree
-#       3 = Balanced tree
-#       4 = Circular
-
-default_statuswrl_layout=4
-
-
-
-# STATUSWRL INCLUDE
-# This option allows you to include your own objects in the
-# generated VRML world.  It is assumed that the file
-# resides in the HTML path (i.e. /usr/local/icinga/share).
-
-#statuswrl_include=myworld.wrl
-
-
-
-# PING SYNTAX
-# This option determines what syntax should be used when
-# attempting to ping a host from the WAP interface (using
-# the statuswml CGI.  You must include the full path to
-# the ping binary, along with all required options.  The
-# $HOSTADDRESS$ macro is substituted with the address of
-# the host before the command is executed.
-# Please note that the syntax for the ping binary is
-# notorious for being different on virtually ever *NIX
-# OS and distribution, so you may have to tweak this to
-# work on your system.
-
-ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
-
-
-
-# REFRESH RATE
-# This option allows you to specify the refresh rate in seconds
-# of various CGIs (extinfo, outages, status, statusmap and tac).
-
-refresh_rate=90
-
-
-# REFRESH TYPE
-# This option determines what type of refresh should be used.
-# You can choose between http header and javascript. By
-# default javascript (1) is activated. If you have trouble
-# using javascript then try refresh via http header (0).
-
-refresh_type=1
-
-
-# ESCAPE HTML TAGS
-# This option determines whether HTML tags in host and service
-# status output is escaped in the web interface.  If enabled,
-# your plugin output will not be able to contain clickable links.
-
-escape_html_tags=1
-
-
-
-# PERSISTENT ACKNOWLEDGEMENT COMMENTS
-# This options determines whether the initial state of the
-# checkbox "Persistent Comment:" for service and host problem
-# acknowledgements is checked or unchecked
-
-persistent_ack_comments=0
 
+######################################
+#
+#   STATUS (status.cgi)
+#
+######################################
 
 # SOUND OPTIONS
 # These options allow you to specify an optional audio file
@@ -472,24 +564,148 @@ persistent_ack_comments=0
 
 
 
-# URL TARGET FRAMES
-# These options determine the target frames in which notes and
-# action URLs will open. Default is main frame.
+# SHOW LONG PLUGIN OUTPUT IN STATUS OPTION
+# This option allows you to specify the length of status information
+# in output of status.cgi. If you set the value to 1 it shows the
+# full plugin output instead of the first line only.
+# Default value is 0.
+
+status_show_long_plugin_output=0
+
+
+
+# DISPLAY STATUS TOTAL
+# This option allows you to specify if the
+# Host Status Totals and Service Status Totals
+# should be displayed.
+# Default value is 0.
+
+display_status_totals=0
+
+
+
+# HIGHLIGHT TABLE ROWS
+# This option allows you to define if table rows in status.cgi
+# will be highlighted or not.
+# Values: 0 = disables row highlighting
+#	  1 = enables row highlighting
+
+highlight_table_rows=1
+
+
+
+# SERVICE STATES TO ANNOTATE WITH CURRENT NOTIFICATION NO.
+# Set this to an OR of the service state identifiers for
+# which status.cgi should not only report "Attempts" (e.g.,
+# "3/3" for a HARD non-OK state with max_check_attempts=3)
+# but also the current notification number ("(#0)" if no
+# problem notification has been sent yet, etc.). This is
+# helpful to identify services which switched between
+# different non-OK states a lot, or services which have a
+# first_notification_delay set and are "not yet officially"
+# considered in trouble.
+# Relevant values from include/statusdata.h (look them up
+# *there* if you want to be *really* sure):
+#	#define	SERVICE_PENDING		1
+#	#define	SERVICE_OK		2
+#	#define	SERVICE_WARNING		4
+#	#define	SERVICE_UNKNOWN		8
+#	#define	SERVICE_CRITICAL	16
+# You'll likely want to use add_notif_num_hard=0 (default)
+# or add_notif_num_hard=28 (warn+crit+unknown). There's an
+# add_notif_num_soft affecting services in a SOFT state
+# for sake of completeness, too.
+
+#add_notif_num_hard=28
+#add_notif_num_soft=0
+
+
+
+
+######################################
+#
+#   SEND COMMANDS (cmd.cgi)
+#
+######################################
+
+# Logging
+
+# USE LOGGING
+# If you want to log information from cgi's (e.g. all submitted commands)
+# then set this option to 1, default is 0 (off).
+# WARNING:
+# This log is highly experimental and changes may occure without notice. Use at your own risk!!
+
+use_logging=0
+
+
+
+# CGI LOG FILE
+# This is the cgi log file for information about what users are doing.
+# At the moment only submitted commands from cmd.cgi will be logged.
+
+cgi_log_file=/usr/share/icinga/htdocs/log/icinga-cgi.log
+
+
+
+# CGI LOG ROTATION METHOD
+# This is the log rotation method that should be used to rotate
+# the cgi log file. Values are as follows..
+#	n	= None - don't rotate the log
+#	h	= Hourly rotation (top of the hour)
+#	d	= Daily rotation (midnight every day)
+#	w	= Weekly rotation (midnight on Saturday evening)
+#	m	= Monthly rotation (midnight last day of month)
+
+cgi_log_rotation_method=d
+
+
+
+# CGI LOG ARCHIVE PATH
+# This is the directory where archived (rotated) cgi log files should be
+# placed (assuming you've chosen to do log rotation).
+
+cgi_log_archive_path=/usr/share/icinga/htdocs/log
+
+
+
+# FORCE COMMENT
+# This option forces the users of to comment every action they perform.
+# The comments get logged into cgi log file. This option only has effect
+# if logging is switched on. See option "use_logging"
+# Default  is 0 (off), to activate it set it to 1 (on).
+
+enforce_comments_on_actions=0
+
+
+
+# SEND ACK NOTIFICATIONS
+# This options determines whether the initial state of the
+# checkbox "Send Notifications" when acknowledging a problem.
+# A value of 1 ticks the checkbox and 0 does not.  The default
+# is 1, which will send notifications on acknowledged problems.
+
+send_ack_notifications=1
 
-action_url_target=main
-notes_url_target=main
-#action_url_target=_blank
-#notes_url_target=_blank
 
 
+# PERSISTENT ACKNOWLEDGEMENT COMMENTS
+# This options determines whether the initial state of the
+# checkbox "Persistent Comment:" for service and host problem
+# acknowledgements is checked or unchecked
+
+persistent_ack_comments=0
+
 
 
 # LOCK AUTHOR NAMES OPTION
-# This option determines whether users can change the author name
-# when submitting comments, scheduling downtime.  If disabled, the
-# author names will be locked into their contact name, as defined in Icinga.
-# Values: 0 = allow editing author names
-#         1 = lock author names (disallow editing)
+# This option allows you to restrict users from changing the author name
+# when submitting comments, acknowledgements, and scheduled downtime from
+# the web interface. If this option is enabled, users will be unable to
+# change the author name associated with the command request.
+#
+# Values: 0 = Allow users to change author names when submitting commands
+#         1 = Prevent users from changing author names (default)
 
 lock_author_names=1
 
@@ -503,6 +719,16 @@ default_downtime_duration=7200
 
 
 
+# SET EXPIRE ACK BY DEFAULT
+# This option either sets or clears the checkbox for "Use Expire Time"
+# in the acknowledgement menu.  Valid values are 0 (DO NOT tick the
+# checkbox by default) or 1 (tick the checkbox by default).  The default
+# is 0 (leave the checkbox blank).
+
+set_expire_ack_by_default=0
+
+
+
 # DEFAULT EXPIRING ACKNOWLEDGEMENT DURATION
 # This option defines the default duration (in seconds) of a expiring
 # acknowledgement. Default is 86400 seconds (1 day).
@@ -511,26 +737,33 @@ default_expiring_acknowledgement_duration=86400
 
 
 
-# SHOW LONG PLUGIN OUTPUT IN STATUS OPTION
-# This option allows you to specify the length of status information
-# in output of status.cgi. If you set the value to 1 it shows the
-# full plugin output instead of the first line only.
-# Default value is 0.
+# DEFAULT EXPIRING DISABLED NOTIFICATIONS DURATION
+# This option defines the default duration (in seconds) of a expiring
+# disabled notifications. Default is 86400 seconds (1 day).
 
-status_show_long_plugin_output=0
+default_expiring_disabled_notifications_duration=86400
 
 
 
-# DISPLAY STATUS TOTAL
-# This option allows you to specify if the
-# Host Status Totals and Service Status Totals
-# should be displayed.
-# Default value is 0.
+# DISABLE CMD CGI CSRF PROTECTION
+# This option disables the protection against CSRF attacks
+# (Cross-Site Request Forgery). Use this option only if you are
+# using external programs (like Nagstamon) which access
+# cmd.cgi directly to submit commands. By default the submitted
+# command (via external program) will be rejected.
+# The default is 0 (protection is on).
 
-display_status_totals=0
+disable_cmd_cgi_csrf_protection=0
 
 
 
+
+######################################
+#
+#   TACTICAL OVERVIEW (tac.cgi)
+#
+######################################
+
 # SHOW ONLY HARD STATES IN TAC OPTION
 # This options allows you to specify if the tactical overview
 # should only show hard states on hosts and services.
@@ -540,6 +773,48 @@ tac_show_only_hard_state=0
 
 
 
+# SHOW PENDING IN TAC HEADER
+# This options enables the display of pending counts in
+# the tac header. If your display is less than 1024x768
+# and this is enabled, the tactical information may not
+# fit well in the top frame.
+# By default it is enabled.
+
+show_tac_header_pending=1
+
+
+
+
+######################################
+#
+#   EXTENDED INFO (extinfo.cgi)
+#
+######################################
+
+# EXCLUDE CUSTOMVAR NAMES
+# This Option allows you to specify a comma seperated list of
+# custom variable names which are automatically excluded when
+# a variable name would contain that name.
+# NOTE: For security reasons, you should at least exclude all
+# sensitive information like passwords, snmp communities, etc
+# Use * to exclude all custom variable names.
+
+exclude_customvar_name=PASSWORD,COMMUNITY
+
+
+
+# EXCLUDE CUSTOMVAR VALUES
+# This Option allows you to specify a comma seperated list of
+# custom variable values which are automatically excluded when
+# a variable value would contain that value.
+# NOTE: For security reasons, you should at least exclude all
+# sensitive information like passwords, snmp communities, etc
+# Use * to exclude all custom variable values.
+
+exclude_customvar_value=secret
+
+
+
 # SHOW CHILD HOSTS IN EXTINFO OPTION
 # This Option allows you to specify if the extended host information
 # cgi will show child hosts for the selected host.
@@ -554,41 +829,35 @@ extinfo_show_child_hosts=0
 
 
 
-# SUPPRESS MAINTENANCE DOWNTIME
-# This options suppresses the state coloring of hosts and services
-# that are in a scheduled downtime. It sets their coloring to gray,
-# so they no longer draw extra attention to themselves, making it
-# so only actual problems are the ones that stand out.
-# By default it is disabled.
-
-suppress_maintenance_downtime=0
-
-
-# SHOW TAC INFORMATION IN TOP FRAME
-# This options places tactical overview information in
-# the top frame similar to the view that's in icinga-web.
-# By default it is enabled.
-
-show_tac_header=1
+# TAB-FRIENDLY <TITLE>S
+# Activating this option changes the <title> of status.cgi
+# and extinfo.cgi when they refer to a single host, service,
+# or group. They will then read:
+#	[Host]
+#	{HostGroup}
+#	ServiceDesc @ Host
+#	(ServiceGroup)
+# These are easier to read and find if you use (many) tabs
+# in your browser.
+# Default is enabled. 0=disabled, 1=enabled
 
+tab_friendly_titles=1
 
-# SHOW PENDING IN TAC HEADER
-# This options enables the display of pending counts in
-# the tac header. If your display is less than 1024x768
-# and this is enabled, the tactical information may not
-# fit well in the top frame.
-# By default it is enabled.
 
-show_tac_header_pending=1
 
 
+######################################
+#
+#   SHOWLOG (showlog.cgi)
+#
+######################################
 
 # SHOW INITIAL STATES IN SHOWLOG OPTION
 # This options allows you to specify if initial states
 # of hosts and services should be shown in showlog.cgi
 # Note: This Option only works if the option
 # "log_initial_states" in icinga.cfg is set to 1.
-# By default it's enabled. Default is 0.
+# By default it's disabled. Default is 0.
 
 #showlog_initial_states=0
 
@@ -599,99 +868,174 @@ show_tac_header_pending=1
 # of hosts and services should be shown in showlog.cgi
 # Note: This Option only works if the option
 # "log_current_states" in icinga.cfg is set to 1.
-# By default it's enabled. Default is 0.
+# By default it's disabled. Default is 0.
 
 #showlog_current_states=0
 
 
 
-# DEFAULT NUM DISPLAYED LOG ENTRIES OPTION
-# This options specifies the number of log entries
-# displayed by default in showlog.cgi. To display
-# all log entries by default set this value to 0.
-# Default is 10000.
 
-#default_num_displayed_log_entries=10000
+######################################
+#
+#   SPLUNK INTEGRATION (VARIOUS CGIs)
+#
+######################################
 
+# SPLUNK INTEGRATION OPTIONS
+# These options allow you to enable integration with Splunk
+# in the web interface.  If enabled, you'll be presented with
+# "Splunk It" links in various places in the CGIs (log file,
+# alert history, host/service detail, etc).  Useful if you're
+# trying to research why a particular problem occurred.
+# For more information on Splunk, visit http://www.splunk.com/
 
+# This option determines whether the Splunk integration is enabled
+# Values: 0 = disable Splunk integration
+#         1 = enable Splunk integration
 
-# CSV DELIMITER
-# This option determines the character which should act as
-# delimiter. Default is ";".
+#enable_splunk_integration=1
 
-#csv_delimiter=;
 
 
+# This option should be the URL used to access your instance of Splunk
 
-# CSV DATA ENCLOSURE
-# This option determines the character which should act as
-# data enclosure to wrap in the data. Default is "'".
+#splunk_url=http://127.0.0.1:8000/
 
-#csv_data_enclosure='
 
 
 
-# TAB-FRIENDLY <TITLE>S
-# Activating this option changes the <title> of status.cgi
-# and extinfo.cgi when they refer to a single host, service,
-# or group. They will then read:
-#	[Host]
-#	{HostGroup}
-#	ServiceDesc @ Host
-#	(ServiceGroup)
-# These are easier to read and find if you use (many) tabs
-# in your browser.
-# Default is enabled. 0=disabled, 1=enabled
+######################################
+#
+#    STANDALONE (ICINGA 2) OPTIONS
+#    requires standalone_installation=1
+#
+######################################
 
-tab_friendly_titles=1
+# OBJECT CACHE FILE
+# This option determines where object definitions are cached when
+# Icinga starts/restarts. The CGIs read object definitions from
+# this cache file (rather than looking at the object config files
+# directly) in order to prevent inconsistencies that can occur
+# when the config files are modified after Icinga starts.
+# Icinga 2 provides this file through its compat component, if enabled.
 
+object_cache_file=/var/cache/icinga/objects.cache
 
-# SERVICE STATES TO ANNOTATE WITH CURRENT NOTIFICATION NO.
-# Set this to an OR of the service state identifiers for
-# which status.cgi should not only report "Attempts" (e.g.,
-# "3/3" for a HARD non-OK state with max_check_attempts=3)
-# but also the current notification number ("(#0)" if no
-# problem notification has been sent yet, etc.). This is
-# helpful to identify services which switched between
-# different non-OK states a lot, or services which have a
-# first_notification_delay set and are "not yet officially"
-# considered in trouble.
-# Relevant values from include/statusdata.h (look them up
-# *there* if you want to be *really* sure):
-#	#define	SERVICE_PENDING		1
-#	#define	SERVICE_OK		2
-#	#define	SERVICE_WARNING		4
-#	#define	SERVICE_UNKNOWN		8
-#	#define	SERVICE_CRITICAL	16
-# You'll likely want to use add_notif_num_hard=0 (default)
-# or add_notif_num_hard=28 (warn+crit+unknown). There's an
-# add_notif_num_soft affecting services in a SOFT state
-# for sake of completeness, too.
 
-#add_notif_num_hard=28
-#add_notif_num_soft=0
 
+# STATUS FILE
+# This is where the current status of all monitored services and
+# hosts is stored.  Its contents are read and processed by the CGIs.
+# The contents of the status file are deleted every time Icinga
+# restarts.
+# Icinga 2 provides this file through its compat component, if enabled.
 
+status_file=/var/cache/icinga/status.dat
 
-# SPLUNK INTEGRATION OPTIONS
-# These options allow you to enable integration with Splunk
-# in the web interface.  If enabled, you'll be presented with
-# "Splunk It" links in various places in the CGIs (log file,
-# alert history, host/service detail, etc).  Useful if you're
-# trying to research why a particular problem occurred.
-# For more information on Splunk, visit http://www.splunk.com/
 
-# This option determines whether the Splunk integration is enabled
-# Values: 0 = disable Splunk integration
-#         1 = enable Splunk integration
 
-#enable_splunk_integration=1
+# RESOURCE FILE
+# This is an optional resource file that contains $USERx$ macro
+# definitions. Multiple resource files can be specified by using
+# multiple resource_file definitions.  The CGIs will not attempt to
+# read the contents of resource files, so information that is
+# considered to be sensitive (usernames, passwords, etc) can be
+# defined as macros in this file and restrictive permissions (600)
+# can be placed on this file.
 
+resource_file=/etc/icinga/resource.cfg
 
-# This option should be the URL used to access your instance of Splunk
 
-#splunk_url=http://127.0.0.1:8000/
+
+# EXTERNAL COMMAND FILE
+# This is the file that Icinga checks for external command requests.
+# It is also where the command CGI will write commands that are submitted
+# by users, so it must be writeable by the user that the web server
+# is running as (usually 'nobody').  Permissions should be set at the
+# directory level instead of on the file, as the file is deleted every
+# time its contents are processed.
+# Icinga 2 provides this file through its compat component, if enabled.
+
+command_file=/var/lib/icinga/rw/icinga.cmd
+
+
+
+# EXTERNAL COMMAND OPTION
+# This option allows you to specify whether or not Icinga should check
+# for external commands (in the command file defined below).  By default
+# Icinga will *not* check for external commands, just to be on the
+# cautious side.  If you want to be able to use the CGI command interface
+# you will have to enable this.
+# Values: 0 = disable commands, 1 = enable commands
+
+check_external_commands=1
+
+
+
+# INTERVAL LENGTH
+# This is the seconds per unit interval as used in the
+# host/contact/service configuration files.  Setting this to 60 means
+# that each interval is one minute long (60 seconds).  Other settings
+# have not been tested much, so your mileage is likely to vary...
+
+interval_length=60
+
+
+
+# STATUS FILE UPDATE INTERVAL
+# This option determines the frequency (in seconds) that
+# Icinga will periodically dump program, host, and
+# service status data.
+# Increase the value, if you don't require it that often.
+
+#status_update_interval=30
+status_update_interval=10
+
+
+
+# LOG FILE
+# This is the main log file where service and host events are logged
+# for historical purposes.  This should be the first option specified
+# in the config file!!!
+# Icinga 2 provides this file through its compat component, if enabled.
+
+log_file=/var/log/icinga/icinga.log
+
+
+
+# LOG ROTATION METHOD
+# This is the log rotation method that Icinga should use to rotate
+# the main log file. Values are as follows..
+#	n	= None - don't rotate the log
+#	h	= Hourly rotation (top of the hour)
+#	d	= Daily rotation (midnight every day)
+#	w	= Weekly rotation (midnight on Saturday evening)
+#	m	= Monthly rotation (midnight last day of month)
+
+log_rotation_method=d
+
+
+
+# LOG ARCHIVE PATH
+# This is the directory where archived (rotated) log files should be
+# placed (assuming you've chosen to do log rotation).
+# Icinga 2 provides this file through its compat component, if enabled.
+
+log_archive_path=/var/log/icinga/archives
+
+
+
+# DATE FORMAT OPTION
+# This option determines how short dates are displayed. Valid options
+# include:
+#	us		(MM-DD-YYYY HH:MM:SS)
+#	euro    	(DD-MM-YYYY HH:MM:SS)
+#	iso8601		(YYYY-MM-DD HH:MM:SS)
+#	strict-iso8601	(YYYY-MM-DDTHH:MM:SS)
+#
+
+date_format=us
 
 
 
-result_limit=0
+#   EOF
-- 
2.20.1