| 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | 
|---|
| 2 | <html xmlns="http://www.w3.org/1999/xhtml"> | 
|---|
| 3 | <head> | 
|---|
| 4 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | 
|---|
| 5 | <meta http-equiv="Content-Style-Type" content="text/css" /> | 
|---|
| 6 | <meta name="generator" content="pandoc" /> | 
|---|
| 7 | <title>Nagios Installation and Configuration</title> | 
|---|
| 8 | <link rel="stylesheet" href="../../style.css" type="text/css" /> | 
|---|
| 9 | </head> | 
|---|
| 10 | <body> | 
|---|
| 11 | <div id="header"> | 
|---|
| 12 | <h1 class="title">Nagios Installation and Configuration</h1> | 
|---|
| 13 | </div> | 
|---|
| 14 | <div id="TOC"> | 
|---|
| 15 | <ul> | 
|---|
| 16 | <li><a href="#introduction"><span class="toc-section-number">1</span> Introduction</a><ul> | 
|---|
| 17 | <li><a href="#goals"><span class="toc-section-number">1.1</span> Goals</a></li> | 
|---|
| 18 | <li><a href="#notes"><span class="toc-section-number">1.2</span> Notes</a></li> | 
|---|
| 19 | </ul></li> | 
|---|
| 20 | <li><a href="#exercises"><span class="toc-section-number">2</span> Exercises</a></li> | 
|---|
| 21 | <li><a href="#part-iv---adding-parent-relationships"><span class="toc-section-number">3</span> PART IV - Adding Parent Relationships</a><ul> | 
|---|
| 22 | <li><a href="#adding-parents-to-switches.cfg"><span class="toc-section-number">3.1</span> 1. Adding Parents to switches.cfg</a></li> | 
|---|
| 23 | <li><a href="#adding-parents-to-routers.cfg"><span class="toc-section-number">3.2</span> 2. Adding Parents to routers.cfg</a></li> | 
|---|
| 24 | <li><a href="#adding-parents-to-pcs.cfg"><span class="toc-section-number">3.3</span> 3. Adding Parents to pcs.cfg</a></li> | 
|---|
| 25 | <li><a href="#restart-nagios-and-see-the-updated-status-map"><span class="toc-section-number">3.4</span> 4. Restart Nagios and See the Updated Status Map</a></li> | 
|---|
| 26 | </ul></li> | 
|---|
| 27 | <li><a href="#part-v---create-more-host-groups"><span class="toc-section-number">4</span> PART V - Create More Host Groups</a><ul> | 
|---|
| 28 | <li><a href="#prep"><span class="toc-section-number">4.1</span> 0. Prep</a></li> | 
|---|
| 29 | <li><a href="#update-etcnagios3conf.dhostgroups_nagios2.cfg"><span class="toc-section-number">4.2</span> 1. Update /etc/nagios3/conf.d/hostgroups_nagios2.cfg</a></li> | 
|---|
| 30 | <li><a href="#go-back-to-the-web-interface-and-look-at-your-new-host-groups-in-nagios."><span class="toc-section-number">4.3</span> 2. Go back to the web interface and look at your new Host Groups in Nagios.</a></li> | 
|---|
| 31 | </ul></li> | 
|---|
| 32 | <li><a href="#part-vi---extended-host-information-making-your-graphs-pretty"><span class="toc-section-number">5</span> PART VI - Extended Host Information ("making your graphs pretty")</a><ul> | 
|---|
| 33 | <li><a href="#update-extinfo_nagios2.cfg"><span class="toc-section-number">5.1</span> 1. Update extinfo_nagios2.cfg</a></li> | 
|---|
| 34 | </ul></li> | 
|---|
| 35 | <li><a href="#part-vii---create-service-groups"><span class="toc-section-number">6</span> PART VII - Create Service Groups</a><ul> | 
|---|
| 36 | <li><a href="#create-service-groups-for-ssh-and-http-for-each-set-of-pcs."><span class="toc-section-number">6.1</span> 1. Create service groups for ssh and http for each set of pcs.</a></li> | 
|---|
| 37 | </ul></li> | 
|---|
| 38 | <li><a href="#part-viii---configure-guest-access-to-the-nagios-web-interface"><span class="toc-section-number">7</span> PART VIII - Configure Guest Access to the Nagios Web Interface</a><ul> | 
|---|
| 39 | <li><a href="#you-will-edit-the-file-etcnagios3cgi.cfg-to-give-read-only-guest-user-access-to-the-nagios-web-interface."><span class="toc-section-number">7.1</span> 1. You will edit the file /etc/nagios3/cgi.cfg to give read-only guest user access to the Nagios web interface.</a></li> | 
|---|
| 40 | <li><a href="#enable-external-commands-in-nagios.cfg"><span class="toc-section-number">7.2</span> 2. Enable External commands in nagios.cfg</a></li> | 
|---|
| 41 | </ul></li> | 
|---|
| 42 | </ul> | 
|---|
| 43 | </div> | 
|---|
| 44 | <h1 id="introduction"><a href="#TOC"><span class="header-section-number">1</span> Introduction</a></h1> | 
|---|
| 45 | <h2 id="goals"><a href="#TOC"><span class="header-section-number">1.1</span> Goals</a></h2> | 
|---|
| 46 | <ul> | 
|---|
| 47 | <li>Install and configure Nagios</li> | 
|---|
| 48 | </ul> | 
|---|
| 49 | <h2 id="notes"><a href="#TOC"><span class="header-section-number">1.2</span> Notes</a></h2> | 
|---|
| 50 | <ul> | 
|---|
| 51 | <li>Commands preceded with "$" imply that you should execute the command as a general user - not as root.</li> | 
|---|
| 52 | <li>Commands preceded with "#" imply that you should be working as root.</li> | 
|---|
| 53 | <li>Commands with more specific command lines (e.g. "rtrX>" or "mysql>") imply that you are executing commands on remote equipment, or within another program.</li> | 
|---|
| 54 | </ul> | 
|---|
| 55 | <h1 id="exercises"><a href="#TOC"><span class="header-section-number">2</span> Exercises</a></h1> | 
|---|
| 56 | <h1 id="part-iv---adding-parent-relationships"><a href="#TOC"><span class="header-section-number">3</span> PART IV - Adding Parent Relationships</a></h1> | 
|---|
| 57 | <p>Each item is a child of either a switch or a router in our classroom, EXCEPT for your gateway router (rtrX) and the other members of your group. We are now going to add a "parents" statement for each device we have configured.</p> | 
|---|
| 58 | <p>If you are unsure of the parent relationships you can look at our classroom Network Diagram. Remember, the parent relationships are from the point of view of your Nagios instance running on your pc.</p> | 
|---|
| 59 | <h2 id="adding-parents-to-switches.cfg"><a href="#TOC"><span class="header-section-number">3.1</span> 1. Adding Parents to switches.cfg</a></h2> | 
|---|
| 60 | <pre><code>$ cd /etc/nagios3/conf.d | 
|---|
| 61 | $ sudo editor switches.cfg</code></pre> | 
|---|
| 62 | <p>Update the entry:</p> | 
|---|
| 63 | <pre><code>define host { | 
|---|
| 64 | use         generic-host | 
|---|
| 65 | host_name   sw | 
|---|
| 66 | alias       Backbone Switch | 
|---|
| 67 | address     10.10.0.253 | 
|---|
| 68 | }</code></pre> | 
|---|
| 69 | <p>to be</p> | 
|---|
| 70 | <pre><code>define host { | 
|---|
| 71 | use         generic-host | 
|---|
| 72 | host_name   sw | 
|---|
| 73 | alias       Backbone Switch | 
|---|
| 74 | address     10.10.0.253 | 
|---|
| 75 | parents rtrX | 
|---|
| 76 | }</code></pre> | 
|---|
| 77 | <p>Where "rtrX" is the gateway router for your group. I.E., for group 1 you would use "rtr1", for group 2, "rtr2" and so forth.</p> | 
|---|
| 78 | <p>Save and exit from the file.</p> | 
|---|
| 79 | <h2 id="adding-parents-to-routers.cfg"><a href="#TOC"><span class="header-section-number">3.2</span> 2. Adding Parents to routers.cfg</a></h2> | 
|---|
| 80 | <pre><code>$ sudo editor routers.cfg</code></pre> | 
|---|
| 81 | <p>For each entry we will add a "parents" line. So, for the gw definition at the top of the file this should now look like:</p> | 
|---|
| 82 | <pre><code>define host { | 
|---|
| 83 | use         generic-host | 
|---|
| 84 | host_name   gw | 
|---|
| 85 | alias       Classrooom Gateway Router | 
|---|
| 86 | address     10.10.0.254 | 
|---|
| 87 | parents     sw | 
|---|
| 88 | }</code></pre> | 
|---|
| 89 | <p>For all the remaining rtrX entries you should, also, add a line that says:</p> | 
|---|
| 90 | <pre><code>    parents sw</code></pre> | 
|---|
| 91 | <p>EXCEPT For the rtrX entry for your group. There should be NO PARENTS entry. If you have an entry for "ap1" (classroom wireless access point), then the parents entry is, also, "sw" - same as the other routers.</p> | 
|---|
| 92 | <p>So, if you are in group 2, then the entries for groups 1, 2 and 3 would look like:</p> | 
|---|
| 93 | <pre><code>define host { | 
|---|
| 94 | use         generic-host | 
|---|
| 95 | host_name   rtr1 | 
|---|
| 96 | alias       Group 1 Router | 
|---|
| 97 | address     10.10.1.254 | 
|---|
| 98 | parents     sw | 
|---|
| 99 | } | 
|---|
| 100 |  | 
|---|
| 101 | define host { | 
|---|
| 102 | use         generic-host | 
|---|
| 103 | host_name   rtr2 | 
|---|
| 104 | alias       Group 2 Router | 
|---|
| 105 | address     10.10.2.254 | 
|---|
| 106 | } | 
|---|
| 107 |  | 
|---|
| 108 | define host { | 
|---|
| 109 | use         generic-host | 
|---|
| 110 | host_name   rtr3 | 
|---|
| 111 | alias       Group 3 Router | 
|---|
| 112 | address     10.10.3.254 | 
|---|
| 113 | parents     sw | 
|---|
| 114 | }</code></pre> | 
|---|
| 115 | <p>Update the rest of the file correctly and then save and exit from the file.</p> | 
|---|
| 116 | <h2 id="adding-parents-to-pcs.cfg"><a href="#TOC"><span class="header-section-number">3.3</span> 3. Adding Parents to pcs.cfg</a></h2> | 
|---|
| 117 | <p>For all the PC entries you should add a "parents" line that has the router for that PC's group. For the noc the parent is the core switch or "sw"</p> | 
|---|
| 118 | <pre><code># | 
|---|
| 119 | # Classroom NOC | 
|---|
| 120 | # | 
|---|
| 121 |  | 
|---|
| 122 | define host { | 
|---|
| 123 | use         generic-host | 
|---|
| 124 | host_name   noc | 
|---|
| 125 | alias       Workshop NOC machine | 
|---|
| 126 | address     10.10.0.250 | 
|---|
| 127 | parents     sw | 
|---|
| 128 | } | 
|---|
| 129 |  | 
|---|
| 130 |  | 
|---|
| 131 | For PCs in Group 1 entries look like: | 
|---|
| 132 |  | 
|---|
| 133 |  | 
|---|
| 134 | # | 
|---|
| 135 | # Group 1 | 
|---|
| 136 | # | 
|---|
| 137 |  | 
|---|
| 138 | define host { | 
|---|
| 139 | use         generic-host | 
|---|
| 140 | host_name   pc1 | 
|---|
| 141 | alias       pc1 | 
|---|
| 142 | address     10.10.1.1 | 
|---|
| 143 | parents     rtr1 | 
|---|
| 144 | } | 
|---|
| 145 |  | 
|---|
| 146 | define host { | 
|---|
| 147 | use         generic-host | 
|---|
| 148 | host_name   pc2 | 
|---|
| 149 | alias       pc2 | 
|---|
| 150 | address     10.10.1.2 | 
|---|
| 151 | parents     rtr1 | 
|---|
| 152 | } | 
|---|
| 153 | </code></pre> | 
|---|
| 154 | <p>etc</p> | 
|---|
| 155 | <p>Do this for all the PCs in the remaining groups. I.E., pc5 in Group 2 has a parents statement of:</p> | 
|---|
| 156 | <pre><code>     parents    rtr2</code></pre> | 
|---|
| 157 | <p>BUT, FOR THE 4 ENTRIES FOR THE PCS IN YOUR GROUP DO NOT ADD ANY PARENTS STATEMENT! REPEAT - THE PCS IN YOUR GROUP DO NOT HAVE ANY PARENT ENTRY!</p> | 
|---|
| 158 | <p>Save and exit from the file.</p> | 
|---|
| 159 | <h2 id="restart-nagios-and-see-the-updated-status-map"><a href="#TOC"><span class="header-section-number">3.4</span> 4. Restart Nagios and See the Updated Status Map</a></h2> | 
|---|
| 160 | <pre><code>$ sudo service nagios3 restart</code></pre> | 
|---|
| 161 | <p>If you have errors, fix these and try restarting again.</p> | 
|---|
| 162 | <p>Open a web browser to http://pcN.ws.nsrc.org/nagios3 and click on the "Map" link on the left. Your map should now look quite different. You should see a map that represents the Nagios world point of view from your machine.</p> | 
|---|
| 163 | <h1 id="part-v---create-more-host-groups"><a href="#TOC"><span class="header-section-number">4</span> PART V - Create More Host Groups</a></h1> | 
|---|
| 164 | <h2 id="prep"><a href="#TOC"><span class="header-section-number">4.1</span> 0. Prep</a></h2> | 
|---|
| 165 | <p>In the web view, look at the pages "Hostgroup Overview", "Hostgroup Summary", "Hostgroup Grid". This gives a convenient way to group together hosts which are related (e.g. in the same site, serving the same purpose).</p> | 
|---|
| 166 | <h2 id="update-etcnagios3conf.dhostgroups_nagios2.cfg"><a href="#TOC"><span class="header-section-number">4.2</span> 1. Update /etc/nagios3/conf.d/hostgroups_nagios2.cfg</a></h2> | 
|---|
| 167 | <p>For the following exercises it will be very useful if we have created or update the following hostgroups:</p> | 
|---|
| 168 | <pre><code>      debian-servers | 
|---|
| 169 | routers | 
|---|
| 170 | switches</code></pre> | 
|---|
| 171 | <p>If you edit the file /etc/nagios3/conf.d/hostgroups_nagios2.cfg you will see an entry for debian-servers that just contains localhost. Update this entry to include all the classroom PCs, including the noc (this assumes that you created a "noc" entry in your pcs.cfg file). Remember to skip your PC entry as it is represented by the localhost entry.</p> | 
|---|
| 172 | <pre><code>$ sudo editor /etc/nagios3/conf.d/hostgroups_nagios2.cfg</code></pre> | 
|---|
| 173 | <p>Update the entry that says:</p> | 
|---|
| 174 | <pre><code># A list of your Debian GNU/Linux servers | 
|---|
| 175 | define hostgroup { | 
|---|
| 176 | hostgroup_name  debian-servers | 
|---|
| 177 | alias           Debian GNU/Linux Servers | 
|---|
| 178 | members         localhost | 
|---|
| 179 | }</code></pre> | 
|---|
| 180 | <p>So that the "members" parameter contains something like this. Use your classroom network diagram to confirm the exact number of machines and names in your workshop.</p> | 
|---|
| 181 | <pre><code>  members    localhost,pc1,pc2,pc3,pc4,pc5,pc6,pc7,pc8,pc9,pc10,pc11,pc12, \ | 
|---|
| 182 | pc13,pc14,pc15,pc16,pc17,pc18,pc19,pc20,pc21,pc22,pc23,pc24,pc25,\ | 
|---|
| 183 | pc26,pc27,pc28,pc29,pc30,pc31,pc32,pc33,pc34,pc35,pc36</code></pre> | 
|---|
| 184 | <p>Be sure that the end of the line has a "" to indicate a new line. Otherwise you will get an error when you go to restart Nagios. Remember that your own PC is "localhost", so skip your pc entry.</p> | 
|---|
| 185 | <p>Once you have done this, add one more host group for our classroom switch(es). If there is more than just one switch (sw.ws.nsrc.org) include this on the members line below, otherwise the entry at the end of the hostgroups_nagios2.cfg file should look like (COPY and PASTE):</p> | 
|---|
| 186 | <pre><code># A list of our switches | 
|---|
| 187 | define hostgroup { | 
|---|
| 188 | hostgroup_name  switches | 
|---|
| 189 | alias           Classroom Switches | 
|---|
| 190 | members         sw | 
|---|
| 191 | }</code></pre> | 
|---|
| 192 | <p>When you are done be sure to verify your work and restart Nagios.</p> | 
|---|
| 193 | <h2 id="go-back-to-the-web-interface-and-look-at-your-new-host-groups-in-nagios."><a href="#TOC"><span class="header-section-number">4.3</span> 2. Go back to the web interface and look at your new Host Groups in Nagios.</a></h2> | 
|---|
| 194 | <h1 id="part-vi---extended-host-information-making-your-graphs-pretty"><a href="#TOC"><span class="header-section-number">5</span> PART VI - Extended Host Information ("making your graphs pretty")</a></h1> | 
|---|
| 195 | <h2 id="update-extinfo_nagios2.cfg"><a href="#TOC"><span class="header-section-number">5.1</span> 1. Update extinfo_nagios2.cfg</a></h2> | 
|---|
| 196 | <p>If you would like to use appropriate icons for your defined hosts in Nagios this is where you do this. We have the three types of devices:</p> | 
|---|
| 197 | <ul> | 
|---|
| 198 | <li>Cisco routers</li> | 
|---|
| 199 | <li>Cisco switches</li> | 
|---|
| 200 | <li>Ubuntu servers</li> | 
|---|
| 201 | </ul> | 
|---|
| 202 | <p>There is a fairly large repository of icon images available for you to use located here:</p> | 
|---|
| 203 | <pre><code>/usr/share/nagios/htdocs/images/logos/</code></pre> | 
|---|
| 204 | <p>these were installed by default as dependent packages of the nagios3 package in Ubuntu. In some cases you can find model-specific icons for your hardware, but to make things simpler we will use the following icons for our hardware:</p> | 
|---|
| 205 | <pre><code>/usr/share/nagios/htodcs/images/logos/base/debian.* | 
|---|
| 206 | /usr/share/nagios/htdocs/images/logos/cook/router.* | 
|---|
| 207 | /usr/share/nagios/htdocs/images/logos/cook/switch.*</code></pre> | 
|---|
| 208 | <p>The next step is to edit the file /etc/nagios3/conf.d/extinfo_nagios2.cfg and tell nagios what image you would like to use to represent your devices.</p> | 
|---|
| 209 | <pre><code>$ sudo editor /etc/nagios3/conf.d/extinfo_nagios2.cfg</code></pre> | 
|---|
| 210 | <p>Here is what an entry for your routers looks like (there is already an entry for debian-servers that will work as is). Note that the router model (3600) is not all that important. The image used represents a router in general.</p> | 
|---|
| 211 | <pre><code>define hostextinfo { | 
|---|
| 212 | hostgroup_name   routers | 
|---|
| 213 | icon_image       cook/router.png | 
|---|
| 214 | icon_image_alt   Cisco Routers (7200) | 
|---|
| 215 | vrml_image       router.png | 
|---|
| 216 | statusmap_image  cook/router.gd2 | 
|---|
| 217 | }</code></pre> | 
|---|
| 218 | <p>Note how we can simply use "hostgroup_name routers" as this has already been defined in the file hostgroups_nagios2.cfg. This makes configuring multiple, like items much simpler.</p> | 
|---|
| 219 | <p>Now add an entry for your switches. Once you are done check your work and restart Nagios. Take a look at the Status Map in the web interface (Map link on the left). It should be much nicer, with real icons instead of question marks for most items.</p> | 
|---|
| 220 | <h1 id="part-vii---create-service-groups"><a href="#TOC"><span class="header-section-number">6</span> PART VII - Create Service Groups</a></h1> | 
|---|
| 221 | <h2 id="create-service-groups-for-ssh-and-http-for-each-set-of-pcs."><a href="#TOC"><span class="header-section-number">6.1</span> 1. Create service groups for ssh and http for each set of pcs.</a></h2> | 
|---|
| 222 | <p>The idea here is to create three service groups. Each service group will be for a quarter of the classroom. We want to see these PCs grouped together and include status of their ssh and http services. To do this edit and create the file:</p> | 
|---|
| 223 | <pre><code>$ cd /etc/nagios3/conf.d            (just to be sure) | 
|---|
| 224 | $ sudo editor servicegroups.cfg</code></pre> | 
|---|
| 225 | <p>Here is a sample of the service group for group 1:</p> | 
|---|
| 226 | <pre><code>define servicegroup { | 
|---|
| 227 | servicegroup_name   group1-services | 
|---|
| 228 | alias           group 1 services | 
|---|
| 229 | members  pc1,SSH,pc1,HTTP,pc2,SSH,pc2,HTTP,pc3,SSH,pc3,HTTP,pc4,SSH,pc4,HTTP | 
|---|
| 230 | }</code></pre> | 
|---|
| 231 | <p>Note that if the members line is too long you can use the "" at the end to create a new line of members just below.</p> | 
|---|
| 232 | <p>Note that "SSH" and "HTTP" need to be uppercase as this is how the service_description is written in the file /etc/nagios3/conf.d/services_nagios2.cfg</p> | 
|---|
| 233 | <p>You should create an entry for other groups of servers too.</p> | 
|---|
| 234 | <p>CRITICAL - When you create an entry for your group remember to use "localhost" instead of your "pcN" name since you have only defined your pc as localhost in the file hostgroups_nagios2.cfg.</p> | 
|---|
| 235 | <p>Save your changes, verify your work and restart Nagios. Now if you click on the Service Groups menu item in the Nagios web interface you should see this information grouped together.</p> | 
|---|
| 236 | <h1 id="part-viii---configure-guest-access-to-the-nagios-web-interface"><a href="#TOC"><span class="header-section-number">7</span> PART VIII - Configure Guest Access to the Nagios Web Interface</a></h1> | 
|---|
| 237 | <h2 id="you-will-edit-the-file-etcnagios3cgi.cfg-to-give-read-only-guest-user-access-to-the-nagios-web-interface."><a href="#TOC"><span class="header-section-number">7.1</span> 1. You will edit the file /etc/nagios3/cgi.cfg to give read-only guest user access to the Nagios web interface.</a></h2> | 
|---|
| 238 | <p>By default Nagios is configured to give full r/w access via the Nagios web interface to the user nagiosadmin. You can change the name of this user, add other users, change how you authenticate users, what users have access to what resources and more via the cgi.cfg file.</p> | 
|---|
| 239 | <p>First, lets create a "guest" user and password in the htpasswd.users file.</p> | 
|---|
| 240 | <pre><code>$ sudo htpasswd /etc/nagios3/htpasswd.users guest</code></pre> | 
|---|
| 241 | <p>You can use any password you want (or none). A password of "guest" is not a bad choice.</p> | 
|---|
| 242 | <p>Next, edit the file /etc/nagios3/cgi.cfg and look for what type of access has been given to the nagiosadmin user. By default you will see the following directives (note, there are comments between each directive):</p> | 
|---|
| 243 | <pre><code>authorized_for_system_information=nagiosadmin | 
|---|
| 244 | authorized_for_configuration_information=nagiosadmin | 
|---|
| 245 | authorized_for_system_commands=nagiosadmin | 
|---|
| 246 | authorized_for_all_services=nagiosadmin | 
|---|
| 247 | authorized_for_all_hosts=nagiosadmin | 
|---|
| 248 | authorized_for_all_service_commands=nagiosadmin | 
|---|
| 249 | authorized_for_all_host_commands=nagiosadmin</code></pre> | 
|---|
| 250 | <p>Now let's tell Nagios to allow the "guest" user some access to information via the web interface. You can choose whatever you would like, but what is pretty typical is this:</p> | 
|---|
| 251 | <pre><code>authorized_for_system_information=nagiosadmin,guest | 
|---|
| 252 | authorized_for_configuration_information=nagiosadmin,guest | 
|---|
| 253 | authorized_for_system_commands=nagiosadmin | 
|---|
| 254 | authorized_for_all_services=nagiosadmin,guest | 
|---|
| 255 | authorized_for_all_hosts=nagiosadmin,guest | 
|---|
| 256 | authorized_for_all_service_commands=nagiosadmin | 
|---|
| 257 | authorized_for_all_host_commands=nagiosadmin</code></pre> | 
|---|
| 258 | <p>Note we do not give the guest user access to system commands, service commands nor host commands.</p> | 
|---|
| 259 | <p>Once you make the changes, save the file cgi.cfg, verify your work and restart Nagios.</p> | 
|---|
| 260 | <p>To see if you can log in as the "guest" user you will need to clear the cookies in your web browser or open an alternate web browser if you have one. You will not notice any difference in the web interface. The difference is that a number of items that are available via the web interface (forcing a service/host check, scheduling checks, comments, etc.) will not work for the guest user.</p> | 
|---|
| 261 | <h2 id="enable-external-commands-in-nagios.cfg"><a href="#TOC"><span class="header-section-number">7.2</span> 2. Enable External commands in nagios.cfg</a></h2> | 
|---|
| 262 | <p>This change is required in order to allow users to "Acknowledge" problems with hosts and services in the Web interface. The default file permissions are set up in a secure way to prevent the web interface from updating nagios, so you need to make them slightly more permissive.</p> | 
|---|
| 263 | <p>First, edit the file "/etc/nagios3/nagios.cfg", and change the line:</p> | 
|---|
| 264 | <pre><code>    check_external_commands=0</code></pre> | 
|---|
| 265 | <p>to</p> | 
|---|
| 266 | <pre><code>    check_external_commands=1</code></pre> | 
|---|
| 267 | <p>Save the file and exit.</p> | 
|---|
| 268 | <p>Then, perform the following commands to change directory permissions and to make the changes permanent:</p> | 
|---|
| 269 | <pre><code>$ sudo /etc/init.d/nagios3 stop | 
|---|
| 270 | $ sudo dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw | 
|---|
| 271 | $ sudo dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3 | 
|---|
| 272 | $ sudo /etc/init.d/nagios3 start</code></pre> | 
|---|
| 273 | <p>Once this is done, go to "Problems" > "Services (Unhandled)" and find a service in the red (critical) or yellow (warning) state. Click on the service name. Then under "Service commands" click on "Acknowledge this service problem".</p> | 
|---|
| 274 | <p>The problem should disappear from the list of unhandled problems.</p> | 
|---|
| 275 | </body> | 
|---|
| 276 | </html> | 
|---|