Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Scheduled Downtime only working if user is admin

https://support.nagios.com/forum/viewtopic.php?t=38417

Page 1 of 2

Scheduled Downtime only working if user is admin

Posted: Mon May 16, 2016 9:28 am
by BanditBBS
very weird issue happening here.....

If I click on the "schedule downtime" link, it loads in about 5 seconds. If any user clicks on it, it just spins and spins and spins. It never loads. I then made a user an admin, the page loaded just as quick for them as it did for me. I then removed his admin and changed back to a user and the issue reappears.

I checked the http error_log and other files and could see no relevant log entries.

Re: Scheduled Downtime only working if user is admin

Posted: Mon May 16, 2016 12:04 pm
by ssax
Hmm, are you seeing anything in your /var/log/httpd/access_log or /var/log/httpd/ssl_access_log when you try it as a non-admin?

See if you have the logging enabled, edit this file:

Code: Select all

/usr/local/nagiosxi/html/includes/db.inc.php
At the top, change this line:

Code: Select all

error_reporting($error_level);
To:

Code: Select all

//error_reporting($error_level);
Run this tail command and make it spin again:

Code: Select all

tail -fn0 /var/log/httpd/*error* /var/log/httpd/*access*
Post the sanitized output.

Re: Scheduled Downtime only working if user is admin

Posted: Mon May 16, 2016 1:16 pm
by BanditBBS
Ok, here is the not sanitized output, too busy and lazy to care...its just IPs anyway!

Code: Select all

[Mon May 16 12:55:04 2016] [error] [client 10.150.253.1] PHP Notice:  Undefined offset: 1000 in /usr/local/nagiosxi/html/includes/components/helpsystem/helpsystem.inc.php on line 252, referer: http://iss-chi-nag05.net.itciss.com/nagiosxi/
10.150.253.1 - - [16/May/2016:12:55:04 -0500] "GET /nagiosxi/includes/components/xicore/downtime.php HTTP/1.1" 200 21167 "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:55:05 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getusermeta&opts=view_rotation_enabled&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/includes/components/xicore/downtime.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:54:28 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_comments_html%22%2C%22args%22%3A%7B%7D%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 24210381 "http://iss-chi-nag05.net.itciss.com/nagiosxi/includes/components/xicore/status.php?show=comments" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:55:05 -0500] "GET /nagiosxi/includes/components/nagioscore/ui/statusjson.php?username=XXXXXXXX&ticket=XXXXXXX&query=downtimelist&details=true HTTP/1.1" 500 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/includes/components/xicore/downtime.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:57:09 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:57:39 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:58:09 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:58:39 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:59:09 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:59:39 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:12:59:46 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=keepalive&opts=1&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:13:00:09 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:13:00:39 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:13:01:09 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
10.150.253.1 - - [16/May/2016:13:01:39 -0500] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=bb3fd870d2141c0c4173341e9908f76e HTTP/1.1" 200 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
This happens in all browsers, but I was trying this test in Microsoft Edge so I didn't have to logout of my session in Chrome...

The first 3 lines are instantly logged when I click the link.
The next 3 come up after it draws the column headers and then just spins more and more and more
The rest of the lines are same and written every 30 seconds.

Re: Scheduled Downtime only working if user is admin

Posted: Mon May 16, 2016 4:54 pm
by ssax
This is the critical part, I've modified yours to strip out the username/ticket:

Code: Select all

10.150.253.1 - - [16/May/2016:12:55:05 -0500] "GET /nagiosxi/includes/components/nagioscore/ui/statusjson.php?username=XXXXXXXX&ticket=XXXXXXX&query=downtimelist&details=true HTTP/1.1" 500 - "http://iss-chi-nag05.net.itciss.com/nagiosxi/includes/components/xicore/downtime.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
The user is getting a 500 error, let's modify the URL and go to it directly and see what it says for that user:
- Change YOURXISERVER, USERNAME, and TICKET to the values that you previously provided in the logs

Code: Select all

http://YOURXISERVER/nagiosxi/includes/components/nagioscore/ui/statusjson.php?username=USERNAME&ticket=TICKET&query=downtimelist&details=true
Let me know what it says in the browser.

Re: Scheduled Downtime only working if user is admin

Posted: Mon May 16, 2016 10:19 pm
by BanditBBS
Nothing ever happens in the browser, chrome, edge and ie all tested and all just sit and spin over and over with no error ever happening.

Edit: and as soon as I said that, Edge finally came back with:

Code: Select all

HTTP 500 error

That's odd... Microsoft Edge can’t find this page

This page can’t be displayed, because this site’s server might be under maintenance or there could be a programming error.

Try this
•Go back to the last page
And chrome just stopped spinning and ended with a white page, no error.

Re: Scheduled Downtime only working if user is admin

Posted: Tue May 17, 2016 11:03 am
by rkennedy
Are these local users, or LDAP users by any chance? I had a similar issue, which was a bug because the UPPER and lower cases didn't line up in cgi.cfg.

Re: Scheduled Downtime only working if user is admin

Posted: Tue May 17, 2016 12:15 pm
by BanditBBS
rkennedy wrote:Are these local users, or LDAP users by any chance? I had a similar issue, which was a bug because the UPPER and lower cases didn't line up in cgi.cfg.
These are local users....slowly switching to AD, but the one I am testing with is local.

Re: Scheduled Downtime only working if user is admin

Posted: Tue May 17, 2016 1:17 pm
by BanditBBS
I decided to test further, a normal user is able to load the page. This is only affecting users that are contacts on no hosts/services and have these permissions:
Capture.PNG

Re: Scheduled Downtime only working if user is admin

Posted: Tue May 17, 2016 2:34 pm
by ssax
Does your /usr/local/nagios/etc/cgi.cfg have these users in there (case-sensitive) on the correct entries?

Re: Scheduled Downtime only working if user is admin

Posted: Tue May 17, 2016 2:59 pm
by BanditBBS
ssax wrote:Does your /usr/local/nagios/etc/cgi.cfg have these users in there (case-sensitive) on the correct entries?
Yes sir, they are all there(well all the ones with the preferences above of course). All lower-case and so are their IDs in XI and in the URL.
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited