See Also: Configuration Overview, Information on the CGIs, Authentication And Authorization In The CGIs, CGI Footers and Headers
When creating and/or editing configuration files, keep the following in mind:
By default, Thruk expects the CGI configuration file to be named cgi.cfg and located in the config file directory along with the main config file. If you need to change the name of the file or its location, you can configure Thruk to load a different location by setting cgi.cfg in your /etc/naemon/thruk_local.conf.
Below you will find descriptions of each main Naemon configuration file option…
Format: | use_authentication=<0/1> |
Example: | use_authentication=1 |
This option controls whether or not the CGIs will use the authentication and authorization functionality when determining what information and commands users have access to. I would strongly suggest that you use the authentication functionality for the CGIs. If you decide not to use authentication, make sure to remove the command CGI to prevent unauthorized users from issuing commands to Naemon. The CGI will not issue commands to Naemon if authentication is disabled, but I would suggest removing it altogether just to be on the safe side. More information on how to setup authentication and configure authorization for the CGIs can be found here.
Format: | default_user_name=<username> |
Example: | default_user_name=guest |
Setting this variable will define a default username that can access the CGIs. This allows people within a secure domain (i.e., behind a firewall) to access the CGIs without necessarily having to authenticate to the web server. You may want to use this to avoid having to use basic authentication if you are not using a secure server, as basic authentication transmits passwords in clear text over the Internet.
Important: Do not define a default username unless you are running a secure web server and are sure that everyone who has access to the CGIs has been authenticated in some manner! If you define this variable, anyone who has not authenticated to the web server will inherit all rights you assign to this user!
Format: | authorized_for_system_information=<user1>,<user2>,<user3>,...<user*n*> |
Groups: | authorized_contactgroup_for_system_information=<group1>,<group2>,<group3>,...<group*n*> |
Example: | authorized_for_system_information=naemonadmin,theboss |
This is a comma-delimited list of names of authenticated users who can view system/process information in the extended information CGI. Users in this list are not automatically authorized to issue system/process commands. If you want users to be able to issue system/process commands as well, you must add them to the authorized_for_system_commands variable. More information on how to setup authentication and configure authorization for the CGIs can be found here.
Format: | authorized_for_system_commands=<user1>,<user2>,<user3>,...<user*n*> |
Groups: | authorized_contactgroup_for_system_commands=<group1>,<group2>,<group3>,...<group*n*> |
Example: | authorized_for_system_commands=naemonadmin |
This is a comma-delimited list of names of authenticated users who can issue system/process commands via the command CGI. Users in this list are not automatically authorized to view system/process information. If you want users to be able to view system/process information as well, you must add them to the authorized_for_system_information variable. More information on how to setup authentication and configure authorization for the CGIs can be found here.
Format: | authorized_for_configuration_information=<user1>,<user2>,<user3>,...<user*n*> |
Groups: | authorized_contactgroup_for_configuration_information=<group1>,<group2>,<group3>,...<group*n*> |
Example: | authorized_for_configuration_information=naemonadmin |
This is a comma-delimited list of names of authenticated users who can view configuration information in the configuration CGI. Users in this list can view information on all configured hosts, host groups, services, contacts, contact groups, time periods, and commands. More information on how to setup authentication and configure authorization for the CGIs can be found here.
Format: | authorized_for_all_hosts=<user1>,<user2>,<user3>,...<user*n*> |
Groups: | authorized_contactgroup_for_all_hosts=<group1>,<group2>,<group3>,...<group*n*> |
Example: | authorized_for_all_hosts=naemonadmin,theboss |
This is a comma-delimited list of names of authenticated users who can view status and configuration information for all hosts. Users in this list are also automatically authorized to view information for all services. Users in this list are not automatically authorized to issue commands for all hosts or services. If you want users able to issue commands for all hosts and services as well, you must add them to the authorized_for_all_host_commands variable. More information on how to setup authentication and configure authorization for the CGIs can be found here.
Format: | authorized_for_all_host_commands=<user1>,<user2>,<user3>,...<user*n*> |
Groups: | authorized_contactgroup_for_all_host_commands=<group1>,<group2>,<group3>,...<group*n*> |
Example: | authorized_for_all_host_commands=naemonadmin |
This is a comma-delimited list of names of authenticated users who can issue commands for all hosts via the command CGI. Users in this list are also automatically authorized to issue commands for all services. Users in this list are not automatically authorized to view status or configuration information for all hosts or services. If you want users able to view status and configuration information for all hosts and services as well, you must add them to the authorized_for_all_hosts variable. More information on how to setup authentication and configure authorization for the CGIs can be found here.
Format: | authorized_for_all_services=<user1>,<user2>,<user3>,...<user*n*> |
Groups: | authorized_contactgroup_for_all_services=<group1>,<group2>,<group3>,...<group*n*> |
Example: | authorized_for_all_services=naemonadmin,theboss |
This is a comma-delimited list of names of authenticated users who can view status and configuration information for all services. Users in this list are not automatically authorized to view information for all hosts. Users in this list are not automatically authorized to issue commands for all services. If you want users able to issue commands for all services as well, you must add them to the authorized_for_all_service_commands variable. More information on how to setup authentication and configure authorization for the CGIs can be found here.
Format: | authorized_for_all_service_commands=<user1>,<user2>,<user3>,...<user*n*> |
Groups: | authorized_contactgroup_for_all_service_commands=<group1>,<group2>,<group3>,...<group*n*> |
Example: | authorized_for_all_service_commands=naemonadmin |
This is a comma-delimited list of names of authenticated users who can issue commands for all services via the command CGI. Users in this list are not automatically authorized to issue commands for all hosts. Users in this list are not automatically authorized to view status or configuration information for all hosts. If you want users able to view status and configuration information for all services as well, you must add them to the authorized_for_all_services variable. More information on how to setup authentication and configure authorization for the CGIs can be found here.
Format: | authorized_for_read_only=<user1>,<user2>,<user3>,...<user*n*> |
Groups: | authorized_contactgroup_for_read_only=<group1>,<group2>,<group3>,...<group*n*> |
Example: | authorized_for_read_only=john,mark |
A comma-delimited list of usernames that have read-only rights in the CGIs. This will block any service or host commands normally shown on the extinfo CGI pages. It will also block comments from being shown to read-only users.
Format: | lock_author_names=[0/1] |
Example: | lock_author_names=1 |
This option allows you to restrict users from changing the author name when submitting comments, acknowledgements, and scheduled downtime from the web interface. If this option is enabled, users will be unable to change the author name associated with the command request.
Format: | refresh_rate=<rate_in_seconds> |
Example: | refresh_rate=90 |
This option allows you to specify the number of seconds between page refreshes for all pages which use automatic refresh. You can also always add &refresh=<seconds> to the url to override the default refresh interval.
Formats: |
host_unreachable_sound=<sound_file> host_down_sound=<sound_file> service_critical_sound=<sound_file> service_warning_sound=<sound_file> service_unknown_sound=<sound_file> |
Examples: |
host_unreachable_sound=hostu.wav host_down_sound=hostd.wav service_critical_sound=critical.wav service_warning_sound=warning.wav service_unknown_sound=unknown.wav |
These options allow you to specify an audio file that should be played in your browser if there are problems when you are viewing the status CGI. If there are problems, the audio file for the most critical type of problem will be played. The most critical type of problem is on or more unreachable hosts, while the least critical is one or more services in an unknown state (see the order in the example above). Audio files are assumed to be in the media/ subdirectory in your HTML directory (i.e. /usr/share/naemon/root/thruk/media).
Format: | escape_html_tags=[0/1] |
Example: | escape_html_tags=1 |
This option determines whether or not HTML tags in host and service (plugin) output is escaped in the CGIs. If you enable this option, your plugin output will not be able to contain clickable hyperlinks.
Format: | notes_url_target=[target] |
Example: | notes_url_target=_blank |
This option determines the name of the frame target that notes URLs should be displayed in. Valid options include _blank, _self, _top, _parent, or any other valid target name.
Format: | action_url_target=[target] |
Example: | action_url_target=_blank |
This option determines the name of the frame target that action URLs should be displayed in. Valid options include _blank, _self, _top, _parent, or any other valid target name.