Page 1 of 3
Nagvis automatic authentication problems
Posted: Thu Nov 05, 2015 10:14 am
by Atria
I've been trying to get nagivs to automatically authenticate per the nagvis instructions below
The following mod_rewrite config maps the user "nagiosadmin" to NagVis:
RewriteEngine on
RewriteLock var/log/rewrite.lck
RewriteLog /dev/null
RewriteLogLevel 0
# The following line is the really important step,
# it tells the webserver that the user "nagiosadmin" has
# successfully authenticated and is sending the request,
# regardless who is sending it really.
RewriteRule /nagvis/ - [E=REMOTE_USER:nagiosadmin]
.htaccess
A second way to "disable" the authentication is setting the variable REMOTE_USER via .htaccess file. Place a file called .htaccess with the following content in the NagVis root directory:
the .httaccess doesn't seem to function so I tried to get the mod rewrite working. I modified /etc/httpd/conf.d/nagvis.conf to look like the following
Code: Select all
Alias /nagvis "/usr/local/nagvis/share"
<Directory "/usr/local/nagvis/share">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# To enable Nagios basic auth on NagVis use the following options
# Just uncomment it. Maybe you need to adjust the path to the
# Auth user file.
#
# If you use the NagVis internal auth mechanism based on the web
# for you won't need this.
#
#AuthName "NagVis Access"
#AuthType Basic
#AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
#Require valid-user
# With installed and enabled mod_rewrite there are several redirections
# available to fix deprecated and/or wrong urls. None of those rules is
# mandatory to get NagVis working.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /nagvis
# Use mod_rewrite for old url redirection even if there are php files which
# redirect the queries itselfs. In some cases the mod_rewrite redirect
# is better than the php redirect.
RewriteCond %{REQUEST_URI} ^/nagvis(/index\.php|/|)(\?.*|)$
RewriteRule ^(index\.php|)(\?.*|)$ /nagvis/frontend/nagvis-js/$1$2 [R=301,L]
RewriteCond %{REQUEST_URI} ^/nagvis/config\.php.*$
RewriteRule ^config\.php(.*) /nagvis/frontend/wui/$1 [R=301,L]
# Redirect old regular map links
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
RewriteCond %{QUERY_STRING} map=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]
# Redirect old wui map links
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/wui
RewriteCond %{QUERY_STRING} map=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/wui/index.php?mod=Map&act=edit&show=%1 [R=301,L]
# Redirect old rotation calls
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
RewriteCond %{QUERY_STRING} !mod
RewriteCond %{QUERY_STRING} rotation=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1 [R=301,L]
</IfModule>
</Directory>
RewriteEngine on
RewriteLock var/log/rewrite.lck
RewriteLog /dev/null
RewriteLogLevel 0
RewriteRule /nagvis/ - [E=REMOTE_USER:nagiosuser]
Whenever I try to restart httpd however I get the following error.
Code: Select all
Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
journalctl -xn shows no journal entries, and systemctl status httpd.service displays the following
Code: Select all
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: failed (Result: exit-code) since Thu 2015-11-05 09:50:34 EST; 36s ago
Process: 13601 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 30402 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 13599 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 13599 (code=exited, status=1/FAILURE)
Re: Nagvis automatic authentication problems
Posted: Thu Nov 05, 2015 11:17 am
by rkennedy
Can you try moving the 4 lines you added
Code: Select all
RewriteEngine on
RewriteLock var/log/rewrite.lck
RewriteLog /dev/null
RewriteLogLevel 0
RewriteRule /nagvis/ - [E=REMOTE_USER:nagiosuser]
to be before the -
Let us know if that works for you.
Re: Nagvis automatic authentication problems
Posted: Fri Nov 06, 2015 9:40 am
by Atria
Same result below is the nagvis.conf
Code: Select all
# NagVis Apache2 sample configuration file
#
# #############################################################################
Alias /nagvis "/usr/local/nagvis/share"
<Directory "/usr/local/nagvis/share">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# To enable Nagios basic auth on NagVis use the following options
# Just uncomment it. Maybe you need to adjust the path to the
# Auth user file.
#
# If you use the NagVis internal auth mechanism based on the web
# for you won't need this.
#
#AuthName "NagVis Access"
#AuthType Basic
#AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
#Require valid-user
# With installed and enabled mod_rewrite there are several redirections
# available to fix deprecated and/or wrong urls. None of those rules is
# mandatory to get NagVis working.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /nagvis
# Use mod_rewrite for old url redirection even if there are php files which
# redirect the queries itselfs. In some cases the mod_rewrite redirect
# is better than the php redirect.
RewriteCond %{REQUEST_URI} ^/nagvis(/index\.php|/|)(\?.*|)$
RewriteRule ^(index\.php|)(\?.*|)$ /nagvis/frontend/nagvis-js/$1$2 [R=301,L]
RewriteCond %{REQUEST_URI} ^/nagvis/config\.php.*$
RewriteRule ^config\.php(.*) /nagvis/frontend/wui/$1 [R=301,L]
# Redirect old regular map links
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
RewriteCond %{QUERY_STRING} map=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]
# Redirect old wui map links
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/wui
RewriteCond %{QUERY_STRING} map=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/wui/index.php?mod=Map&act=edit&show=%1 [R=301,L]
# Redirect old rotation calls
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
RewriteCond %{QUERY_STRING} !mod
RewriteCond %{QUERY_STRING} rotation=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1 [R=301,L]
RewriteEngine on
RewriteLock var/log/rewrite.lck
RewriteLog /dev/null
RewriteLogLevel 0
RewriteRule /nagvis/ - [E=REMOTE_USER:nagiosuser]
</IfModule>
</Directory>
Re: Nagvis automatic authentication problems
Posted: Fri Nov 06, 2015 12:22 pm
by rkennedy
Looks like I was wrong where it should of been then, can you move those 5 lines back below the
Try to restart, can you run
tail -n 25 error_log and post the output?
Re: Nagvis automatic authentication problems
Posted: Fri Nov 06, 2015 1:01 pm
by lmiltchev
This works for me just fine:
nagvis.conf
Code: Select all
# NagVis Apache2 sample configuration file
#
# #############################################################################
Alias /nagvis "/usr/local/nagvis/share"
<Directory "/usr/local/nagvis/share">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# To enable Nagios basic auth on NagVis use the following options
# Just uncomment it. Maybe you need to adjust the path to the
# Auth user file.
#
# If you use the NagVis internal auth mechanism based on the web
# for you won't need this.
#
# AuthName "NagVis Access"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
# With installed and enabled mod_rewrite there are several redirections
# available to fix deprecated and/or wrong urls. None of those rules is
# mandatory to get NagVis working.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /nagvis
# Use mod_rewrite for old url redirection even if there are php files which
# redirect the queries itselfs. In some cases the mod_rewrite redirect
# is better than the php redirect.
RewriteCond %{REQUEST_URI} ^/nagvis(/index\.php|/|)(\?.*|)$
RewriteRule ^(index\.php|)(\?.*|)$ /nagvis/frontend/nagvis-js/$1$2 [R=301,L]
RewriteCond %{REQUEST_URI} ^/nagvis/config\.php.*$
RewriteRule ^config\.php(.*) /nagvis/frontend/wui/$1 [R=301,L]
# Redirect old regular map links
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
RewriteCond %{QUERY_STRING} map=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]
# Redirect old wui map links
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/wui
RewriteCond %{QUERY_STRING} map=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/wui/index.php?mod=Map&act=edit&show=%1 [R=301,L]
# Redirect old rotation calls
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
RewriteCond %{QUERY_STRING} !mod
RewriteCond %{QUERY_STRING} rotation=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1 [R=301,L]
</IfModule>
</Directory>
RewriteEngine on
RewriteLock var/log/rewrite.lck
RewriteLog /dev/null
RewriteLogLevel 0
RewriteRule /nagvis/ - [E=REMOTE_USER:nagiosadmin]
nagvis.ini.php
Code: Select all
; <?php return 1; ?>
; the line above is to prevent
; viewing this file from web.
; DON'T REMOVE IT!
; ----------------------------
; Default NagVis Configuration File
; At delivery everything here is commented out. The default values are set in the NagVis code.
; You can make your changes here, they'll overwrite the default settings.
; ----------------------------
; ----------------------------
; !!! The sections/variables with a leading ";" won't be recognised by NagVis (commented out) !!!
; ----------------------------
; General options which affect the whole NagVis installation
[global]
; Enable/Disable logging of security related user actions in Nagvis. For
; example user logins and logouts are logged in var/nagvis-audit.log
;audit_log="1"
;
; Defines the authentication module to use. By default NagVis uses the built-in
; SQLite authentication module. On delivery there is no other authentication
; module available. It is possible to add own authentication modules for
; supporting other authorisation mechanisms. For details take a look at the
; documentation.
;authmodule="CoreAuthModSQLite"
;
; Defines the authorisation module to use. By default NagVis uses the built-in
; SQLite authorisation module. On delivery there is no other authorisation
; module available. It is possible to add own authorisation modules for
; supporting other authorisation mechanisms. For details take a look at the
; documentation.
;authorisationmodule="CoreAuthorisationModSQLite"
;
; Dateformat of the time/dates shown in nagvis (For valid format see PHP docs)
;dateformat="Y-m-d H:i:s"
;
; Defines which translations of NagVis are available to the users
;language_available="de_DE,en_US,es_ES,fr_FR,pt_BR"
; Language detection steps to use. Available:
; - User: The user selection
; - Session: Language saved in the session (Usually set after first setting an
; explicit language)
; - Browser: Detection by user agent information from the browser
; - Config: Use configured default language (See below)
;language_detection="user,session,browser,config"
;
; Select language (Available by default: en_US, de_DE, fr_FR, pt_BR)
;language="en_US"
;
; Defines the logon module to use. There are three logon modules to be used by
; default. It is possible to add own logon modules for serving other dialogs or
; ways of logging in. For details take a look at the documentation.
;
; The delivered modules are:
;
; LogonMixed: The mixed logon module uses the LogonEnv module as default and
; the LogonDialog module as fallback when LogonEnv returns no username. This
; should fit the requirements of most environments.
;
; LogonDialog: This is an HTML logon dialog for requesting authentication
; information from the user.
;
; LogonEnv: It is possible to realise a fully "trusted" authentication
; mechanism like all previous NagVis versions used it before. This way the user
; is not really authenticated with NagVis. NagVis trusts the provided username
; implicitly. NagVis uses the configured environment variable to identify the
; user. You can add several authentication mechanisms to your webserver,
; starting from the basic authentication used by Nagios (.htaccess) to single
; sign-on environments.
; Simply set logonmodule to "LogonEnv", put the environment variable to use as
; username to the option logonenvvar and tell the authentication module to
; create users in the database when provided users does not exist. The option
; logonenvcreaterole tells the module to assign the new user to a specific role
; set to empty string to disable that behaviour.
logonmodule="LogonEnv"
;logonenvvar="PHP_AUTH_USER"
;logonenvcreateuser="1"
;logonenvcreaterole="Guests"
;
; Default rotation time of pages in rotations
;refreshtime=60
;
; Some user information is stored in sessions which are identified by session
; cookies placed on the users computer. The options below set the properties
; of the session cookie.
; Domain to set the cookie for. By default NagVis tries to auto-detect this
; options value by using the webserver's environment variables.
;sesscookiedomain="auto-detect"
; Absolute web path to set the cookie for. This defaults to configured
; paths/htmlbase option
;sesscookiepath="/nagvis"
; Lifetime of the NagVis session cookie in seconds. The default value is set to
; 24 hours. The NagVis session cookie contents will be renewed on every page
; visit. If a session is idle for more time than configured here it will become
; invalid.
;sesscookieduration="86400"
;
; Start page to redirect the user to when first visiting NagVis without
; special parameters.
;startmodule="Overview"
;startaction="view"
; The startshow parameter is only used by some views at the moment. It is used
; by the Map and the AutoMap modules.
;startshow=""
; Path definitions
[paths]
; absolute physical NagVis path
;base="/usr/local/nagvis/"
; absolute html NagVis path
;htmlbase="/nagvis"
; absolute html NagVis cgi path
htmlcgi="/nagiosxi/includes/components/xicore"
; Default values which get inherited to the maps and its objects
[defaults]
; default backend (id of the default backend)
backend="ndomy_1"
backend="ndomy_1"
; background color of maps
;backgroundcolor="#ffffff"
; Enable/Disable the context menu on map objects. With the context menu you are
; able to bind commands or links to your map objects
;contextmenu=1
; Choose the default context template
;contexttemplate="default"
; Enable/Disable changing background color on state changes (Configured color is
; shown when summary state is PENDING, OK or UP)
;eventbackground=0
; Enable/Disable highlighting of the state changing object by adding a flashing
; border
;eventhighlight=1
; The duration of the event highlight in milliseconds (10 seconds by default)
;eventhighlightduration=10000
; The interval of the event highlight in milliseconds (0.5 seconds by default)
;eventhighlightinterval=500
; Enable/Disable the eventlog in the new javascript frontend. The eventlog keeps
; track of important actions and information
;eventlog=0
; Loglevel of the eventlog (available: debug, info, warning, critical)
;eventloglevel="info"
; Height of the eventlog when visible in px
;eventlogheight="75"
; Hide/Show the eventlog on page load
;eventloghidden="1"
; Enable/Disable scrolling to the icon which changed the state when the icon is
; out of the visible scope
;eventscroll=1
; Enable/Disable sound signals on state changes
;eventsound=1
; enable/disable header menu
;headermenu="1"
; header template
;headertemplate="default"
; Enable/Diable the fading effect of the submenus in the header menu
;headerfade=1
; enable/disable hover menu
;hovermenu=1
; hover template
;hovertemplate="default"
; hover menu open delay (seconds)
;hoverdelay=0
; show children in hover menus
;hoverchildsshow=1
; limit shown child objects to n
;hoverchildslimit="10"
; order method of children (desc: descending, asc: ascending)
;hoverchildsorder="asc"
; sort method of children (s: state, a: alphabetical)
;hoverchildssort="s"
; default icons
;icons="std_medium"
; recognize only hard states (not soft)
;onlyhardstates=0
; recognize service states in host/hostgroup objects
;recognizeservices=1
; show map in lists (dropdowns, index page, ...)
;showinlists=1
; show map in multisite snapin
;showinmultisite=1
; Name of the custom stylesheet to use on the maps (The file needs to be located
; in the share/nagvis/styles directory)
;stylesheet=""
; target for the icon links
;urltarget="_self"
; URL template for host object links
hosturl="[htmlcgi]/status.php?host=[host_name]"
; URL template for hostgroup object links
hostgroupurl="[htmlcgi]/status.php?show=services&hostgroup=[hostgroup_name]"
; URL template for service object links
serviceurl="[htmlcgi]/status.php?show=servicedetail&host=[host_name]&service=[service_description]&dest=auto"
; URL template for servicegroup object links
servicegroupurl="[htmlcgi]/status.php?show=services&servicegroup=[servicegroup_name]"
; URL template for nested map links
;mapurl="[htmlbase]/index.php?mod=Map&act=view&show=[map_name]"
; Options to configure the Overview page of NagVis
[index]
; Color of the overview background
;backgroundcolor=#ffffff
; Set number of map cells per row
;cellsperrow=4
; enable/disable header menu
;headermenu="1"
; header template
;headertemplate="default"
; Enable/Disable automap listing
;showautomaps=1
; Enable/Disable map listing
;showmaps=1
; Enable/Disable geomap listing
; Note: It is disabled here since it is unfinished yet and not for production
; use in current 1.5 code.
;showgeomap=0
; Enable/Disable rotation listing
;showrotations=1
; Enable/Disable map thumbnails
;showmapthumbs=0
; Options for the Automap
[automap]
; Default URL parameters for links to the automap
;defaultparams="&childLayers=2"
; Default root host (NagVis uses this if it can't detect it via NDO)
;defaultroot=""
; Path to the graphviz binaries (dot,neato,...); Only needed if not in ENV PATH
;graphvizpath="/usr/bin/"
; Show the automap in the lists (Map index and dropdown menu in header)
;showinlists=1
; Options for the WUI
[wui]
; Users which are allowed to change the NagVis configuration (comma separated list)
;allowedforconfig=EVERYONE
; auto update frequency
;autoupdatefreq=25
; enable/disable header menu in the WUI
;headermenu="1"
; header template to use in the WUI
;headertemplate="default"
; map lock time (minutes)
;maplocktime=5
; Options for the new Javascript worker
[worker]
; The interval in seconds in which the worker will check for objects which need
; to be updated
;interval=10
; The maximum number of parameters used in ajax http requests
; Some intrusion detection/prevention systems have a problem with
; too many parameters in the url. Give 0 for no limit.
;requestmaxparams=0
; The maximum length of http request urls during ajax http requests
; Some intrusion detection/prevention systems have a problem with
; queries being too long
;requestmaxlength=1900
; The retention time of the states in the frontend in seconds. The state
; information will be refreshed after this time
;updateobjectstates=30
; ----------------------------
; Backend definitions
; ----------------------------
; Example definition of a livestatus backend.
; In this case the backend_id is live_1
; The path /usr/local/nagios/var/rw has to exist
[backend_live_1]
backendtype="mklivestatus"
; The status host can be used to prevent annoying timeouts when a backend is not
; reachable. This is only useful in multi backend setups.
;
; It works as follows: The assumption is that there is a "local" backend which
; monitors the host of the "remote" backend. When the remote backend host is
; reported as UP the backend is queried as normal.
; When the remote backend host is reported as "DOWN" or "UNREACHABLE" NagVis won't
; try to connect to the backend anymore until the backend host gets available again.
;
; The statushost needs to be given in the following format:
; "<backend_id>:<hostname>" -> e.g. "live_2:nagios"
;statushost=""
;socket="unix:/usr/local/nagios/var/rw/live"
; Example definition for a MySQL backend
; in this example the ID of the Backend is "ndomy_1" you can define another ID.
[backend_ndomy_1]
; type of backend - MUST be set
backendtype="ndomy"
; The status host can be used to prevent annoying timeouts when a backend is not
; reachable. This is only useful in multi backend setups.
;
; It works as follows: The assumption is that there is a "local" backend which
; monitors the host of the "remote" backend. When the remote backend host is
; reported as UP the backend is queried as normal.
; When the remote backend host is reported as "DOWN" or "UNREACHABLE" NagVis won't
; try to connect to the backend anymore until the backend host gets available again.
;
; The statushost needs to be given in the following format:
; "<backend_id>:<hostname>" -> e.g. "live_2:nagios"
;statushost=""
; hostname for NDO-db
;dbhost="localhost"
; portname for NDO-db
;dbport=3306
; database name for NDO-db
;dbname="nagios"
; username for NDO-db
dbuser="ndoutils"
; password for NDO-db
dbpass="n@gweb"
; prefix for tables in NDO-db
;dbprefix="nagios_"
; instance name for tables in NDO-db
dbinstancename="localhost"
; maximum delay of the NDO Database in seconds
;maxtimewithoutupdate=180
; path to the cgi-bin of this backend
;htmlcgi="/nagios/cgi-bin"
; Example definition of a Merlin backend
; in this example the ID of the Backend is "merlinmy_1" you can define another ID.
[backend_merlinmy_1]
; type of backend - MUST be set
backendtype="merlinmy"
; hostname for Merlin db
;dbhost="localhost"
; portname for Merlin db
;dbport=3306
; database name for Merlin db
;dbname="merlin"
; username for Merlin db
;dbuser="merlin"
; password for Merlin db
;dbpass="merlin"
; maximum delay of the Merlin Database in seconds
;maxtimewithoutupdate=180
; path to the cgi-bin of this backend
;htmlcgi="/nagios/cgi-bin"
; ----------------------------
; Rotation pool definitions
; ----------------------------
; in this example the browser switches between the maps demo and demo2 every 15
; seconds, the rotation is enabled by url: index.php?rotation=demo
[rotation_demo]
; These steps are rotated. The "Demo2:" is a label which is being displayed in
; the index pages rotation list.
; You may also add external URLs as steps. Simply enclose the url using []
; instead of the map name. It is also possible to add automaps to rotations,
; add an @ sign before the automap name to add an automap to the rotation.
maps="demo,Demo2:demo2"
; rotation interval (seconds)
interval=15
; ------------------------------------------------------------------------------
; Below you find some advanced stuff
; ------------------------------------------------------------------------------
; Configure different state related settings
[states]
; State coverage/weight: This defines the state handling behaviour. For example
; a critical state will cover a warning state and an acknowledged critical
; state will not cover a warning state.
;
; These options are being used when calculating the summary state of the map
; objects. The default values should fit most needs.
;
;unreachable=9
;unreachable_ack=5
;unreachable_downtime=5
;down=8
;down_ack=5
;down_downtime=5
;critical=7
;critical_ack=5
;critical_downtime=5
;warning=6
;warning_ack=4
;warning_downtime=4
;unknown=3
;unknown_ack=2
;unknown_downtime=2
;error=3
;error_ack=2
;error_downtime=2
;up=1
;ok=1
;pending=0
;
; Colors of the different states. The colors are used in lines and hover menus
; and for example in the frontend highlight and background event handler
;
;unreachable_bgcolor=#F1811B
;unreachable_color=#F1811B
;unreachable_ack_bgcolor=
;unreachable_downtime_bgcolor=
;down_bgcolor=#FF0000
;down_color=#FF0000
;down_ack_bgcolor=
;down_downtime_bgcolor=
;critical_bgcolor=#FF0000
;critical_color=#FF0000
;critical_ack_bgcolor=
;critical_downtime_bgcolor=
;warning_bgcolor=#FFFF00
;warning_color=#FFFF00
;warning_ack_bgcolor=
;warning_downtime_bgcolor=
;unknown_bgcolor=#FFCC66
;unknown_color=#FFCC66
;unknown_ack_bgcolor=
;unknown_downtime_bgcolor=
;error_bgcolor=#0000FF
;error_color=#0000FF
;up_bgcolor=#00FF00
;up_color=#00FF00
;ok_bgcolor=#00FF00
;ok_color=#00FF00
;pending_bgcolor=#C0C0C0
;pending_color=#C0C0C0
;
; Sound of the different states to be used by the sound eventhandler in the
; frontend. The sounds are only being fired when changing to some
; worse state.
;
;unreachable_sound=std_unreachable.mp3
;down_sound=std_down.mp3
;critical_sound=std_critical.mp3
;warning_sound=std_warning.mp3
;unknown_sound=
;error_sound=
;up_sound=
;ok_sound=
;pending_sound=
; -------------------------
; EOF
; -------------------------
Basically, I only commented out the following lines in nagvis.conf:
Code: Select all
AuthName "NagVis Access"
AuthType Basic
AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
Require valid-user
and added:
Code: Select all
RewriteEngine on
RewriteLock var/log/rewrite.lck
RewriteLog /dev/null
RewriteLogLevel 0
RewriteRule /nagvis/ - [E=REMOTE_USER:nagiosadmin]
under the "</Directory>" line.
Next, commented out the following line in nagvis.ini.php
and restarted apache:
Note: This is a "vanilla" install of Nagios XI 5 5.2.0.
Re: Nagvis automatic authentication problems
Posted: Fri Nov 06, 2015 2:54 pm
by Atria
Tried both methods and received the same error output. when I try to run tail -n 25 error_log I get cannot open error_log for reading: No such file or directory
Re: Nagvis automatic authentication problems
Posted: Fri Nov 06, 2015 2:57 pm
by hsmith
Sorry, the correct command should be tail -n25 /var/log/httpd/error_log.
Re: Nagvis automatic authentication problems
Posted: Fri Nov 06, 2015 3:01 pm
by Atria
results are below
Code: Select all
sudo service httpd restart
Redirecting to /bin/systemctl restart httpd.service
Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
[frack@monitoring ~]$ sudo tail -n25 /var/log/httpd/error_log
[Fri Nov 06 14:51:27.373508 2015] [authz_core:error] [pid 16622] [client 10.0.219.126:5079] AH01630: client denied by server configuration: /usr/local/nagvis/share/frontend/nagvis-js/index.php
[Fri Nov 06 14:51:27.569792 2015] [authz_core:error] [pid 16622] [client 10.0.219.126:5079] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://frack/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:27.580102 2015] [authz_core:error] [pid 16622] [client 10.0.219.126:5079] AH01630: client denied by server configuration: /usr/local/nagvis/share/frontend/nagvis-js/images/internal/msg_critical.png, referer: http://frack/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:29.080828 2015] [authz_core:error] [pid 16643] [client 10.0.219.123:61986] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:29.102267 2015] [authz_core:error] [pid 16643] [client 10.0.219.123:61986] AH01630: client denied by server configuration: /usr/local/nagvis/share/frontend/nagvis-js/images/internal/msg_critical.png, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:29.740927 2015] [authz_core:error] [pid 16622] [client 10.0.219.126:5079] AH01630: client denied by server configuration: /usr/local/nagvis/share/frontend/nagvis-js/index.php
[Fri Nov 06 14:51:36.860844 2015] [authz_core:error] [pid 16621] [client 10.0.219.106:49393] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:37.573816 2015] [authz_core:error] [pid 16665] [client 10.0.219.126:5136] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://frack/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:39.077294 2015] [authz_core:error] [pid 16643] [client 10.0.219.123:61989] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:46.860959 2015] [authz_core:error] [pid 16915] [client 10.0.219.106:49398] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:49.069390 2015] [authz_core:error] [pid 16931] [client 10.0.219.123:61991] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:49.577225 2015] [authz_core:error] [pid 16622] [client 10.0.219.126:5183] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://frack/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:56.860208 2015] [authz_core:error] [pid 16623] [client 10.0.219.106:49403] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:51:59.075948 2015] [authz_core:error] [pid 16666] [client 10.0.219.123:61993] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:52:00.584190 2015] [authz_core:error] [pid 16665] [client 10.0.219.126:5184] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://frack/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:52:06.862261 2015] [authz_core:error] [pid 16915] [client 10.0.219.106:49404] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:52:09.069921 2015] [authz_core:error] [pid 16625] [client 10.0.219.123:61995] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://monitoring.atriacom.com/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:52:11.577525 2015] [authz_core:error] [pid 16665] [client 10.0.219.126:5184] AH01630: client denied by server configuration: /usr/local/nagvis/share/server/core/ajax_handler.php, referer: http://frack/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=Community&zoom=50&header_menu=0
[Fri Nov 06 14:52:16.095233 2015] [mpm_prefork:notice] [pid 16618] AH00170: caught SIGWINCH, shutting down gracefully
[Fri Nov 06 14:52:19.158427 2015] [suexec:notice] [pid 17858] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Nov 06 14:52:19.180454 2015] [auth_digest:notice] [pid 17858] AH01757: generating secret for digest authentication ...
[Fri Nov 06 14:52:19.180971 2015] [lbmethod_heartbeat:notice] [pid 17858] AH02282: No slotmem from mod_heartmonitor
[Fri Nov 06 14:52:19.218694 2015] [mpm_prefork:notice] [pid 17858] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 configured -- resuming normal operations
[Fri Nov 06 14:52:19.218719 2015] [core:notice] [pid 17858] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Fri Nov 06 15:00:39.452599 2015] [mpm_prefork:notice] [pid 17858] AH00170: caught SIGWINCH, shutting down gracefully
Re: Nagvis automatic authentication problems
Posted: Fri Nov 06, 2015 3:22 pm
by lmiltchev
What is the Nagios XI version that you are currently using? Is this a "vanilla" install? You haven't tried updating NagVis, have you? Run the following commands and show the output:
Re: Nagvis automatic authentication problems
Posted: Mon Nov 09, 2015 8:51 am
by Atria
Results below. I have updated Nagvis. I went from the included 1.5 version to to version 1.8.5
Code: Select all
[frack@monitoring ~]$ uname -a
Linux monitoring.atriacom.com 3.10.0-229.14.1.el7.x86_64 #1 SMP Tue Sep 15 15:05:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[frack@monitoring ~]$ cat /etc/*release
CentOS Linux release 7.1.1503 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.1.1503 (Core)
CentOS Linux release 7.1.1503 (Core)