# Monitoring Basics This part of the Icinga 2 documentation provides an overview of all the basic monitoring concepts you need to know to run Icinga 2. ## Hosts and Services Icinga 2 can be used to monitor the availability of hosts and services. Hosts and services can be virtually anything which can be checked in some way: * Network services (HTTP, SMTP, SNMP, SSH, etc.) * Printers * Switches / Routers * Temperature Sensors * Other local or network-accessible services Host objects provide a mechanism to group services that are running on the same physical device. Here is an example of a host object which defines two child services: object Host "my-server1" { address = "10.0.0.1" check_command = "hostalive" } object Service "ping4" { host_name = "localhost" check_command = "ping4" } object Service "http" { host_name = "localhost" check_command = "http_ip" } The example creates two services `ping4` and `http` which belong to the host `my-server1`. It also specifies that the host should perform its own check using the `hostalive` check command. The `address` custom attribute is used by check commands to determine which network address is associated with the host object. Details on troubleshooting check problems can be found [here](#troubleshooting). ### Host States Hosts can be in any of the following states: Name | Description ------------|-------------- UP | The host is available. DOWN | The host is unavailable. ### Service States Services can be in any of the following states: Name | Description ------------|-------------- OK | The service is working properly. WARNING | The service is experiencing some problems but is still considered to be in working condition. CRITICAL | The service is in a critical state. UNKNOWN | The check could not determine the service's state. ### Hard and Soft States When detecting a problem with a host/service Icinga re-checks the object a number of times (based on the `max_check_attempts` and `retry_interval` settings) before sending notifications. This ensures that no unnecessary notifications are sent for transient failures. During this time the object is in a `SOFT` state. After all re-checks have been executed and the object is still in a non-OK state the host/service switches to a `HARD` state and notifications are sent. Name | Description ------------|-------------- HARD | The host/service's state hasn't recently changed. SOFT | The host/service has recently changed state and is being re-checked. ## Using Templates Templates may be used to apply a set of identical attributes to more than one object: template Service "generic-service" { max_check_attempts = 3 check_interval = 5m retry_interval = 1m enable_perfdata = true } object Service "ping4" { import "generic-service" host_name = "localhost" check_command = "ping4" } object Service "ping6" { import "generic-service" host_name = "localhost" check_command = "ping6" } In this example the `ping4` and `ping6` services inherit properties from the template `generic-service`. Objects as well as templates themselves can import an arbitrary number of templates. Attributes inherited from a template can be overridden in the object if necessary. ## Apply objects based on rules Instead of assigning each object (`Service`, `Notification`, `Dependency`, `ScheduledDowntime`) based on attribute identifiers for example `host_name` objects can be [applied](#apply). apply Service "load" { import "generic-service" check_command = "load" assign where "linux-server" in host.groups ignore where host.vars.no_load_check } In this example the `load` service will be created as object for all hosts in the `linux-server` host group. If the `no_load_check` custom attribute is set, the host will be ignored. Notifications are applied to specific targets (`Host` or `Service`) and work in a similar manner: apply Notification "mail-noc" to Service { import "mail-service-notification" command = "mail-service-notification" user_groups = [ "noc" ] assign where service.vars.sla == "24x7" } In this example the `mail-noc` notification will be created as object for all services having the `sla` custom attribute set to `24x7`. The notification command is set to `mail-service-notification` and all members of the user group `noc` will get notified. `Dependency` and `ScheduledDowntime` objects can be applied in a similar fashion. ## Groups Groups are used for combining hosts, services, and users into accessible configuration attributes and views in external (web) interfaces. Group membership is defined at the respective object itself. If you have a hostgroup name `windows` for example, and want to assign specific hosts to this group for later viewing the group on your alert dashboard, first create the hostgroup: object HostGroup "windows" { display_name = "Windows Servers" } Then add your hosts to this hostgroup template Host "windows-server" { groups += [ "windows" ] } object Host "mssql-srv1" { import "windows-server" vars.mssql_port = 1433 } object Host "mssql-srv2" { import "windows-server" vars.mssql_port = 1433 } This can be done for service and user groups the same way. Additionally the user groups are associated as attributes in `Notification` objects. object UserGroup "windows-mssql-admins" { display_name = "Windows MSSQL Admins" } template User "generic-windows-mssql-users" { groups += [ "windows-mssql-admins" ] } object User "win-mssql-noc" { import "generic-windows-mssql-users" email = "noc@example.com" } object User "win-mssql-ops" { import "generic-windows-mssql-users" email = "ops@example.com" } ### Group Membership Assign If there is a certain number of hosts, services or users matching a pattern it's reasonable to assign the group object to these members. Details on the `assign where` syntax can be found [here](#apply) object HostGroup "mssql" { display_name = "MSSQL Servers" assign where host.vars.mssql_port } In this inherited example from above all hosts with the `var` `mssql_port` set will be added as members to the host group `mssql`. ## Notifications Notifications for service and host problems are an integral part of your monitoring setup. When a host or service is in a downtime, a problem has been acknowledged or the dependency logic determined that the host/service is unreachable, no notirications are sent. You can configure additional type and state filters refining the notifications being actually sent. There are many ways of sending notifications, e.g. by e-mail, XMPP, IRC, Twitter, etc. On its own Icinga 2 does not know how to send notifications. Instead it relies on external mechanisms such as shell scripts to notify users. A notification specification requires one or more users (and/or user groups) who will be notified in case of problems. These users must have all custom attributes defined which will be used in the `NotificationCommand` on execution. The user `icingaadmin` in the example below will get notified only on `WARNING` and `CRITICAL` states and `problem` and `recovery` notification types. object User "icingaadmin" { display_name = "Icinga 2 Admin" enable_notifications = true states = [ OK, Warning, Critical ] types = [ Problem, Recovery ] email = "icinga@localhost" } If you don't set the `states` and `types` configuration attributes for the `User` object, notifications for all states and types will be sent. Details on troubleshooting notification problems can be found [here](#troubleshooting). You should choose which information you (and your notified users) are interested in case of emergency, and also which information does not provide any value to you and your environment. An example notification command is explained [here](#notification-commands). You can add all shared attributes to a `Notification` template which is inherited to the defined notifications. That way you'll save duplicated attributes in each `Notification` object. Attributes can be overridden locally. template Notification "generic-notification" { interval = 15m command = "mail-service-notification" states = [ Warning, Critical, Unknown ] types = [ Problem, Acknowledgement, Recovery, Custom, FlappingStart, FlappingEnd, DowntimeStart,DowntimeEnd, DowntimeRemoved ] period = "24x7" } The time period `24x7` is shipped as example configuration with Icinga 2. Use the `apply` keyword to create `Notification` objects for your services: apply Notification "mail" to Service { import "generic-notification" command = "mail-notification" users = [ "icingaadmin" ] assign where service.name == "mysql" } Instead of assigning users to notifications, you can also add the `user_groups` attribute with a list of user groups to the `Notification` object. Icinga 2 will send notifications to all group members. ### Notification Escalations When a problem notification is sent and a problem still exists after re-notification you may want to escalate the problem to the next support level. A different approach is to configure the default notification by email, and escalate the problem via sms if not already solved. You can define notification start and end times as additional configuration attributes making the `Notification` object a so-called `notification escalation`. Using templates you can share the basic notification attributes such as users or the `interval` (and override them for the escalation then). Using the example from above, you can define additional users being escalated for sms notifications between start and end time. object User "icinga-oncall-2nd-level" { display_name = "Icinga 2nd Level" vars.mobile = "+1 555 424642" } object User "icinga-oncall-1st-level" { display_name = "Icinga 1st Level" vars.mobile = "+1 555 424642" } Define an additional `NotificationCommand` for SMS notifications. > **Note** > > The example is not complete as there are many different SMS providers. > Please note that sending SMS notifications will require an SMS provider > or local hardware with a SIM card active. object NotificationCommand "sms-notification" { command = [ PluginDir + "/send_sms_notification", "$mobile$", "..." } The two new notification escalations are added onto the host `localhost` and its service `ping4` using the `generic-notification` template. The user `icinga-oncall-2nd-level` will get notified by SMS (`sms-notification` command) after `30m` until `1h`. > **Note** > > The `interval` was set to 15m in the `generic-notification` > template example. Lower that value in your escalations by using a secondary > template or overriding the attribute directly in the `notifications` array > position for `escalation-sms-2nd-level`. If the problem does not get resolved or acknowledged preventing further notifications the `escalation-sms-1st-level` user will be escalated `1h` after the initial problem was notified, but only for one hour (`2h` as `end` key for the `times` dictionary). apply Notification "mail" to Service { import "generic-notification" command = "mail-notification" users = [ "icingaadmin" ] assign where service.name == "ping4" } apply Notification "escalation-sms-2nd-level" to Service { import "generic-notification" command = "sms-notification" users = [ "icinga-oncall-2nd-level" ] times = { begin = 30m end = 1h } assign where service.name == "ping4" } apply Notification "escalation-sms-1st-level" to Service { import "generic-notification" command = "sms-notification" users = [ "icinga-oncall-1st-level" ] times = { begin = 1h end = 2h } assign where service.name == "ping4" } ### First Notification Delay Sometimes the problem in question should not be notified when the first notification happens, but a defined time duration afterwards. In Icinga 2 you can use the `times` dictionary and set `begin = 15m` as key and value if you want to suppress notifications in the first 15 minutes. Leave out the `end` key - if not set, Icinga 2 will not check against any end time for this notification. apply Notification "mail" to Service { import "generic-notification" command = "mail-notification" users = [ "icingaadmin" ] times.begin = 15m // delay first notification assign where service.name == "ping4" } ### Notification Filters by State and Type If there are no notification state and type filter attributes defined at the `Notification` or `User` object Icinga 2 assumes that all states and types are being notified. Available state and type filters for notifications are: template Notification "generic-notification" { states = [ Warning, Critical, Unknown ] types = [ Problem, Acknowledgement, Recovery, Custom, FlappingStart, FlappingEnd, DowntimeStart, DowntimeEnd, DowntimeRemoved ] } If you are familiar with Icinga 1.x `notification_options` please note that they have been split into type and state, and allow more fine granular filtering for example on downtimes and flapping. You can filter for acknowledgements and custom notifications too. ## Time Periods Time Periods define time ranges in Icinga where event actions are triggered, for example whether a service check is executed or not within the `check_period` attribute. Or a notification should be sent to users or not, filtered by the `period` and `notification_period` configuration attributes for `Notification` and `User` objects. > **Note** > > If you are familar with Icinga 1.x - these time period definitions > are called `legacy timeperiods` in Icinga 2. > > An Icinga 2 legacy timeperiod requires the `ITL` provided template >`legacy-timeperiod`. The `TimePeriod` attribute `ranges` may contain multiple directives, including weekdays, days of the month, and calendar dates. These types may overlap/override other types in your ranges dictionary. The descending order of precedence is as follows: * Calendar date (2008-01-01) * Specific month date (January 1st) * Generic month date (Day 15) * Offset weekday of specific month (2nd Tuesday in December) * Offset weekday (3rd Monday) * Normal weekday (Tuesday) If you don't set any `check_period` or `notification_period` attribute on your configuration objects Icinga 2 assumes `24x7` as time period as shown below. object TimePeriod "24x7" { import "legacy-timeperiod" display_name = "Icinga 2 24x7 TimePeriod" ranges = { "monday" = "00:00-24:00" "tuesday" = "00:00-24:00" "wednesday" = "00:00-24:00" "thursday" = "00:00-24:00" "friday" = "00:00-24:00" "saturday" = "00:00-24:00" "sunday" = "00:00-24:00" } } If your operation staff should only be notified during workhours create a new timeperiod named `workhours` defining a work day from 09:00 to 17:00. object TimePeriod "workhours" { import "legacy-timeperiod" display_name = "Icinga 2 8x5 TimePeriod" ranges = { "monday" = "09:00-17:00" "tuesday" = "09:00-17:00" "wednesday" = "09:00-17:00" "thursday" = "09:00-17:00" "friday" = "09:00-17:00" } } Use the `period` attribute to assign time periods to `Notification` and `Dependency` objects: object Notification "mail" { import "generic-notification" host_name = "localhost" command = "mail-notification" users = [ "icingaadmin" ] period = "workhours" } ## Commands Icinga 2 uses three different command object types to specify how checks should be performed, notifications should be sent and events should be handled. ### Environment Variables for Commands Please check [Runtime Custom Attributes as Environment Variables](#runtime-custom-attribute-env-vars). ### Check Commands `CheckCommand` objects define the command line how a check is called. #### Integrate the Plugin with a CheckCommand Definition `CheckCommand` objects require the [ITL template](#itl-plugin-check-command) `plugin-check-command` to support native plugin based check methods. Unless you have done so already, download your check plugin and put it into the `PluginDir` directory. The following example uses the `check_disk` plugin shipped with the Monitoring Plugins package. The plugin path and all command arguments are made a list of double-quoted string arguments for proper shell escaping. Call the `check_disk` plugin with the `--help` parameter to see all available options. Our example defines warning (`-w`) and critical (`-c`) thresholds for the disk usage. Without any partition defined (`-p`) it will check all local partitions. icinga@icinga2 $ /usr/lib/nagios/plugins/check_disk --help ... This plugin checks the amount of used disk space on a mounted file system and generates an alert if free space is less than one of the threshold values Usage: check_disk -w limit -c limit [-W limit] [-K limit] {-p path | -x device} [-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ] [-t timeout] [-u unit] [-v] [-X type] [-N type] ... Next step is to understand how command parameters are being passed from a host or service object, and add a `CheckCommand` definition based on these required parameters and/or default values. #### Passing Check Command Parameters from Host or Service Unline Icinga 1.x check command parameters are defined as custom attributes which can be accessed as runtime macros by the executed check command. Define the default check command custom attribute `disk_wfree` and `disk_cfree` (freely definable naming schema) and their default threshold values. You can then use these custom attributes as runtime macros on the command line. The default custom attributes can be overridden by the custom attributes defined in the service using the check command `disk`. The custom attributes can also be inherited from a parent template using additive inheritance (`+=`). object CheckCommand "disk" { import "plugin-check-command" command = [ PluginDir + "/check_disk", "-w", "$disk_wfree$%", "-c", "$disk_cfree$%" ], vars.disk_wfree = 20 vars.disk_cfree = 10 } The host `localhost` with the service `disk` checks all disks with modified custom attributes (warning thresholds at `10%`, critical thresholds at `5%` free disk space). object Host "localhost" { import "generic-host" address = "127.0.0.1" address6 = "::1" } object Service "disk" { import "generic-service" host_name = "localhost" check_command = "disk" vars.disk_wfree = 10 vars.disk_cfree = 5 } ### Notification Commands `NotificationCommand` objects define how notifications are delivered to external interfaces (E-Mail, XMPP, IRC, Twitter, etc). `NotificationCommand` objects require the [ITL template](#itl-plugin-notification-command) `plugin-notification-command` to support native plugin-based notifications. Below is an example using runtime macros from Icinga 2 (such as `$service.output$` for the current check output) sending an email to the user(s) associated with the notification itself (`$user.email$`). If you want to specify default values for some of the custom attribute definitions, you can add a `vars` dictionary as shown for the `CheckCommand` object. object NotificationCommand "mail-service-notification" { import "plugin-notification-command" command = [ SysconfDir + "/icinga2/scripts/mail-notification.sh" ] env = { "NOTIFICATIONTYPE" = "$notification.type$" "SERVICEDESC" = "$service.name$" "HOSTALIAS" = "$host.display_name$", "HOSTADDRESS" = "$address$", "SERVICESTATE" = "$service.state$", "LONGDATETIME" = "$icinga.long_date_time$", "SERVICEOUTPUT" = "$service.output$", "NOTIFICATIONAUTHORNAME" = "$notification.author$", "NOTIFICATIONCOMMENT" = "$notification.comment$", "HOSTDISPLAYNAME" = "$host.display_name$", "SERVICEDISPLAYNAME" = "$service.display_name$", "USEREMAIL" = "$user.email$" } } The command attribute in the `mail-service-notification` command refers to the following shell script. The macros specified in the `env` array are exported as environment variables and can be used in the notification script: #!/usr/bin/env bash template=$(cat <