# # Sample configuration for nsca-ng(8). See the nsca-ng.cfg(5) man page. # # PLEASE SET THE PERMISSIONS OF THIS FILE APPROPRIATELY TO MAKE SURE THAT ONLY # AUTHORIZED USERS CAN ACCESS IT! # # # Most probably, you'll have to specify the path to the Nagios command file. # command_file = "/var/run/icinga2/cmd/icinga2.cmd" # # These configuration settings are optional. # # listen = "monitoring.example.com:5668" # Default: "*". # pid_file = "/var/run/nsca-ng.pid" # Default: create no PID file. # temp_directory = "/dev/shm" # Default: "/tmp". # tls_ciphers = "PSK-AES256-CBC-SHA" # Default: see nsca-ng.cfg(5). # chroot = "/usr/local/nagios/var" # Default: don't chroot(2). # user = "nagios" # Default: don't switch user. # log_level = 2 # Default: 3. # max_command_size = 65536 # Default: 16384. # max_queue_size = 128 # Default: 1024. # timeout = 15.0 # Default: 60.0. # user = "nsca" # # Clients provide a client ID (think: user name) and a password. The same # ID/password combination may be used by multiple clients. In order to # authorize clients to submit check results and/or other external commands, at # least one "authorize" section must be specified. The client ID (which follows # the "authorize" keyword) may be "*". In this case, the block will be used as # fallback if no section is defined for a given client ID. No other wildcard # characters are available, and "*" has no special meaning unless the client ID # is exactly "*". # # Authorizations are specified using the "commands", "hosts, and/or "services" # variables within an "authorize" section. These variables are (lists of) # extended POSIX regular expressions (see the regex(7) man page), but with an # implicit leading "^" and trailing "$". The "commands" patterns are matched # against the full command string transmitted by the client, except for the # leading bracketed timestamp. The "hosts" and "services" variables are # syntactic sugar, e.g.: # # services = { # "http@web-server", # "disk" # } # # is equivalent to # # commands = { # "PROCESS_SERVICE_CHECK_RESULT;web-server;http;.+;.+", # "PROCESS_SERVICE_CHECK_RESULT;[^;]+;disk;.+;.+" # } # # Some examples: # # Authenticated "root" clients may submit arbitrary check results and any other # monitoring commands. # # authorize "root" { # password = "cM5vBM9CtCWTH1SwnxFEOfp8VAmQq2vd" # commands = ".*" # } # # Authenticated "checker" clients may submit arbitrary check results, but no # other commands. # # authorize "checker" { # password = "s2LDCy4CiK6yrlcHhTXT6agFh067XYE3" # hosts = ".*" # services = ".*" # } # # Authenticated "mail-checker" clients may submit check results for arbitrary # services on hosts whose names begin with "pop", "imap", or "smtp". # # authorize "mail-checker" { # password = "1HOiwYonRoLByCaX6lfY5KDhP484THzV" # services = { # ".+@pop.*", # ".+@imap.*", # ".+@smtp.*" # } # } # # Authenticated "system-checker" clients may submit check results for the # "disk", "swap", and "load" services on arbitrary hosts. # # authorize "system-checker" { # password = "rDCnSMFaM9wb5Yzjd6JwRcvHEwmC9ZlQ" # services = { # "disk", # "swap", # "load" # } # } # # # The "*" section applies when no other section matches the client's identity. # In order to authorize clients to actually submit check results (or other # commands), at least one "commands" and/or "services" expression must be # specified. # authorize "*" { password = "change-me" # # The original NSCA server permits all authenticated clients to submit # arbitrary check results. To get this behaviour, enable the following # lines: # hosts = ".*" services = ".*" commands = ".*" } # # Other files can be included. If a directory is specified, all "*.cfg" and # "*.conf" files within this directory and all subdirectories are included. # # include(nsca-ng.d/included.cfg) #