2013-11-24 17:47:34 +01:00
|
|
|
#
|
|
|
|
# Sample configuration for nsca-ng(8). See the nsca-ng.cfg(5) man page.
|
|
|
|
#
|
|
|
|
# PLEASE SET THE PERMISSIONS OF THIS FILE APPROPRIATELY TO MAKE SURE THAT ONLY
|
|
|
|
# AUTHORIZED USERS CAN ACCESS IT!
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# Most probably, you'll have to specify the path to the Nagios command file.
|
|
|
|
#
|
|
|
|
command_file = "/var/run/icinga2/cmd/icinga2.cmd"
|
|
|
|
|
|
|
|
#
|
|
|
|
# These configuration settings are optional.
|
|
|
|
#
|
|
|
|
# listen = "monitoring.example.com:5668" # Default: "*".
|
|
|
|
# pid_file = "/var/run/nsca-ng.pid" # Default: create no PID file.
|
|
|
|
# temp_directory = "/dev/shm" # Default: "/tmp".
|
|
|
|
# tls_ciphers = "PSK-AES256-CBC-SHA" # Default: see nsca-ng.cfg(5).
|
|
|
|
# chroot = "/usr/local/nagios/var" # Default: don't chroot(2).
|
|
|
|
# user = "nagios" # Default: don't switch user.
|
|
|
|
# log_level = 2 # Default: 3.
|
|
|
|
# max_command_size = 65536 # Default: 16384.
|
|
|
|
# max_queue_size = 128 # Default: 1024.
|
|
|
|
# timeout = 15.0 # Default: 60.0.
|
|
|
|
#
|
|
|
|
|
|
|
|
user = "nsca"
|
|
|
|
|
|
|
|
#
|
|
|
|
# Clients provide a client ID (think: user name) and a password. The same
|
|
|
|
# ID/password combination may be used by multiple clients. In order to
|
|
|
|
# authorize clients to submit check results and/or other external commands, at
|
|
|
|
# least one "authorize" section must be specified. The client ID (which follows
|
|
|
|
|
|
|
|
# the "authorize" keyword) may be "*". In this case, the block will be used as
|
|
|
|
# fallback if no section is defined for a given client ID. No other wildcard
|
|
|
|
# characters are available, and "*" has no special meaning unless the client ID
|
|
|
|
# is exactly "*".
|
|
|
|
#
|
|
|
|
# Authorizations are specified using the "commands", "hosts, and/or "services"
|
|
|
|
# variables within an "authorize" section. These variables are (lists of)
|
|
|
|
# extended POSIX regular expressions (see the regex(7) man page), but with an
|
|
|
|
# implicit leading "^" and trailing "$". The "commands" patterns are matched
|
|
|
|
# against the full command string transmitted by the client, except for the
|
|
|
|
# leading bracketed timestamp. The "hosts" and "services" variables are
|
|
|
|
# syntactic sugar, e.g.:
|
|
|
|
#
|
|
|
|
# services = {
|
|
|
|
# "http@web-server",
|
|
|
|
# "disk"
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# is equivalent to
|
|
|
|
#
|
|
|
|
# commands = {
|
|
|
|
# "PROCESS_SERVICE_CHECK_RESULT;web-server;http;.+;.+",
|
|
|
|
# "PROCESS_SERVICE_CHECK_RESULT;[^;]+;disk;.+;.+"
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# Some examples:
|
|
|
|
#
|
|
|
|
# Authenticated "root" clients may submit arbitrary check results and any other
|
|
|
|
# monitoring commands.
|
|
|
|
#
|
|
|
|
# authorize "root" {
|
|
|
|
# password = "cM5vBM9CtCWTH1SwnxFEOfp8VAmQq2vd"
|
|
|
|
# commands = ".*"
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# Authenticated "checker" clients may submit arbitrary check results, but no
|
|
|
|
# other commands.
|
|
|
|
#
|
|
|
|
# authorize "checker" {
|
|
|
|
# password = "s2LDCy4CiK6yrlcHhTXT6agFh067XYE3"
|
|
|
|
# hosts = ".*"
|
|
|
|
# services = ".*"
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# Authenticated "mail-checker" clients may submit check results for arbitrary
|
|
|
|
# services on hosts whose names begin with "pop", "imap", or "smtp".
|
|
|
|
#
|
|
|
|
# authorize "mail-checker" {
|
|
|
|
# password = "1HOiwYonRoLByCaX6lfY5KDhP484THzV"
|
|
|
|
# services = {
|
|
|
|
# ".+@pop.*",
|
|
|
|
# ".+@imap.*",
|
|
|
|
# ".+@smtp.*"
|
|
|
|
# }
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# Authenticated "system-checker" clients may submit check results for the
|
|
|
|
# "disk", "swap", and "load" services on arbitrary hosts.
|
|
|
|
#
|
|
|
|
# authorize "system-checker" {
|
|
|
|
# password = "rDCnSMFaM9wb5Yzjd6JwRcvHEwmC9ZlQ"
|
|
|
|
# services = {
|
|
|
|
# "disk",
|
|
|
|
# "swap",
|
|
|
|
# "load"
|
|
|
|
# }
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# The "*" section applies when no other section matches the client's identity.
|
|
|
|
# In order to authorize clients to actually submit check results (or other
|
|
|
|
# commands), at least one "commands" and/or "services" expression must be
|
|
|
|
# specified.
|
|
|
|
#
|
|
|
|
authorize "*" {
|
2013-12-09 21:46:36 +01:00
|
|
|
password = "change-me"
|
2013-11-24 17:47:34 +01:00
|
|
|
#
|
|
|
|
# The original NSCA server permits all authenticated clients to submit
|
|
|
|
# arbitrary check results. To get this behaviour, enable the following
|
|
|
|
# lines:
|
|
|
|
#
|
|
|
|
hosts = ".*"
|
|
|
|
services = ".*"
|
2013-12-20 15:32:45 +01:00
|
|
|
commands = ".*"
|
2013-11-24 17:47:34 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#
|
|
|
|
# Other files can be included. If a directory is specified, all "*.cfg" and
|
|
|
|
# "*.conf" files within this directory and all subdirectories are included.
|
|
|
|
#
|
|
|
|
# include(nsca-ng.d/included.cfg)
|
2013-12-20 15:32:45 +01:00
|
|
|
#
|