How do I setup a Public Nagios Monitor Wall?

[Box293]

We would like to setup a PC with a couple of monitors displaying the status of different hosts / services in Nagios XI. These monitors would be mounted on a wall and ideally we would hide the keyboard and mouse.

Here is an example, although this is a little more than I require.
http://www.flickr.com/photos/mogwai_83/3022261893/

How do I go about doing this? Assuming our PC will most lilkey be a Windows 7 OS (however I am open to other OS options).

I mean how do I get a web browser to open Nagios XI without requiring a human to type the username and password?

I assume it's something along the lines of using a custom URL that supplies the logon credentials. Not really sure to be honest.

[tonyyarusso]

As far as the authentication goes, normal browser cookies are used to store it. The problem there is that the cookie is only valid for 30 minutes since the most recent page load (it resets the timer whenever you refresh or visit a new page, so it just tracks whether the session is active), so if the page you want doesn't autorefresh you'll need to make some changes (although I don't know why anything you'd be interested in wouldn't auto-refresh). Unfortunately, it appears that value is right in the code, so you have to "hack core" to change it - be prepared to be haunted by Drupal developers. The setting is $cookie_timeout on line #62 of /usr/local/nagiosxi/includes/utils.inc.php. I just tested changing that and reloading the page, and my web browser now tells me the cookie expires "Mon 02 Oct 2017 10:16:32 AM CDT", so that appears to work.

That just addresses the persistency value. For actually logging in initially, you can provide a URL to submit the login form with your details as a GET request, in a manner similar to this (escaping special characters in your password):

Code: Select all

http://YOURSERVER/nagiosxi/login.php?page=auth&pageopt=login&username=YOURNAGIOSUSER&password=YOURPASSWORD&redirect=/nagiosxi/index.php%3f

For loading the page you want, from any page in XI look in the upper right corner of the content frame, where you will find three uneven bars - like the electrical schematic for a ground without the lead. The alt-text is "Popout", and clicking that will give you a page with just that frame and not the menus, and a real URL in your location bar. If the page you want uses multiple tabs, you'll need to right-click the tab you want to get the real URL for it still, since that won't change the page location. Then just set that to the home page, and you're all set. If you need to combine those steps, change the value of "redirect" in the login GET, and voila! Insert normal warnings about storing passwords in plaintext here.

Assuming our PC will most lilkey be a Windows 7 OS (however I am open to other OS options).

<PersonalBias>
Ubuntu! No sense paying for Windows license keys for no reason. I actually use Ubuntu for all of my personal stuff and most of my work stuff these days (just need Windows to run the VMware Infrastructure Client occasionally), but it makes even more sense for a kiosk-type setup like what you're describing.
</PersonalBias>

[Box293]

Thanks for all the information, this seems pretty straight forward.

I've played a little with Ubuntu so I might give it a go, see what the others think.

[Box293]

It seems that this has stopped working.

If you try the example I get the following on the screen:

Code: Select all

NSP: Sorry Dave, I can't let you do that

I am using 2009R1.2D.

[mmestnik]

Yes, there was a XSSA and the fix was to insert some 'hidden' input element containing an authcode. You just have to duplicate this in your get/post requests.

[Box293]

Can you please explain with an example URL, like Tony has in his previous post?

I'm not sure how to do what you are suggesting.

[mmestnik]

During login you would pull a crumb/authcode from the HTML downloaded and populate your URL(s) with the name/value pair. This prevents Cookies from being used by other malicious sites, they have to have the correct form post elements. This has something to do with JavaScript, not sure what though.

I'm not sure if the code will accept the data as part of the URL or is if must be present in the POST section.

This is taken from the configwizard page:
<form id="configWizardForm" method="post" action="/nagiosxi/config/monitoringwizard.php" onSubmit="show_child_content_throbber();">
<input type='hidden' name='nsp' value='3c9d32cecd91bb469972066d58e906cf'> <input type="hidden" name="update" value="1" />
<input type="hidden" name="nextstep" value="2" />

You'll get sorry Dave if (nsp != 3c9d32cecd91bb469972066d58e906cf).

[mguthrie]

You could also use the backend api access to generate a simple webpage to display the information. Here's a raw example of something we worked up a while back that you can modify as needed. The access credentials are invisible to the public, and the information to be displayed can be customized (if you don't mind diving into some PHP).

http://assets.nagios.com/downloads/nagi ... xample.zip