Nagios Support Forum

Posted: **Fri Feb 12, 2021 12:56 pm**

Hello Nagios team,

Can someone tell me what all these API entries are in my audit log? There are almost 1800 of them in the last 24 hours.

I have no clue what it's doing.

Thank you!

Posted: **Fri Feb 12, 2021 3:01 pm**

Hi,

That's coming from the following API call.

Code: Select all

curl -XGET "https://<IPADDRESS>/nagiosxi/api/v1/system/status?apikey=<APIKEY>&pretty=1"

And likely from the Nagios XI Server configuration wizard. Go to the CCM and take a look at the check_interval on those services, maybe it's checking too frequently. every 5 minutes should be sufficient.

Benjamain

Posted: **Fri Feb 12, 2021 4:29 pm**

Thanks for your reply.

See attached image. I have those same checks setup for each of my three XI servers. None of them are configured to check at less than 5 minute intervals. Also, I'm not seeing any checks that refer to 'system/status'.

Can you tell me exactly what the name of the check would be if configured through the Nagios XI wizard?

Posted: **Mon Feb 15, 2021 12:20 pm**

Hi,

Can you tell me exactly what the name of the check would be if configured through the Nagios XI wizard?

Looking over the Nagios XI Wizard, the Nagiso XI Jobs, Nagiso XI Daemons, load and iowait service checks would be using the system API command. It's calling the system detail command.

Code: Select all

curl -XGET "https://192.168.23.113/nagiosxi/api/v1/system/statusdetail?apikey=<APIKEY>&pretty=1"

--Benjamin

Posted: **Wed Feb 17, 2021 6:40 pm**

Does this mean anything to you?

Code: Select all

root@nagiosxi:/root>curl -XGET "https://xx.xx.xx.xx/nagiosxi/api/v1/system/statusdetail?apikey=APIKEY&pretty=1"
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
root@nagiosxi:/root>curl -XGET "https://xx.xx.xx.xx/nagiosxi/api/v1/system/statusdetail?apikey=APIKEY=1" -k
{
    "iostat": {
        "updated": "2021-02-17 15:31:48.565913",
        "user": "4.18",
        "nice": "0.00",
        "system": "2.62",
        "iowait": "3.32",
        "steal": "0.00",
        "idle": "89.89"
    },
    "sysstat": {
        "last_check": "1613604703"
    },
    "perfdataprocessor": {
        "last_check": "1613604712"
    },
    "reportengine": {
        "last_check": "1613604662"
    },
    "nom": {
        "last_check": "1613604662"
    },
    "dbbackend": {
        "last_checkin": "2021-02-17 15:31:02",
        "bytes_processed": "172137117",
        "entries_processed": "322214",
        "connect_time": "2021-02-17 14:03:24",
        "disconnect_time": "0000-00-00 00:00:00"
    },
    "nagioscore": {
        "updated": "2021-02-17 15:31:43.515642",
        "activehostchecks": {
            "val1": "85",
            "val5": "584",
            "val15": "584"
        },
        "passivehostchecks": {
            "val1": "0",
            "val5": "0",
            "val15": "0"
        },
        "activeservicechecks": {
            "val1": "914",
            "val5": "4448",
            "val15": "4472"
        },
        "passiveservicechecks": {
            "val1": "0",
            "val5": "0",
            "val15": "0"
        },
        "activehostcheckperf": {
            "min_latency": "0",
            "max_latency": "0.98744",
            "avg_latency": "0.021890986394557818",
            "min_execution_time": "0.00259",
            "max_execution_time": "4.06773",
            "avg_execution_time": "0.4445006632653057"
        },
        "activeservicecheckperf": {
            "min_latency": "0",
            "max_latency": "1.00399",
            "avg_latency": "0.01809902591599645",
            "min_execution_time": "0.00229",
            "max_execution_time": "10.09645",
            "avg_execution_time": "0.15920947050938303"
        }
    },
    "load": {
        "updated": "2021-02-17 15:31:43.531852",
        "load1": "0.36",
        "load5": "0.33",
        "load15": "0.35"
    },
    "memory": {
        "updated": "2021-02-17 15:31:43.54601",
        "total": "31993",
        "used": "1832",
        "free": "25367",
        "shared": "187",
        "buffers": "4793",
        "cached": "29580"
    },
    "swap": {
        "updated": "2021-02-17 15:31:43.555795",
        "total": "4091",
        "used": "0",
        "free": "4091"
    },
    "feedprocessor": {
        "last_check": "1613604703"
    },
    "deadpool_reaper": {
        "last_check": "1613604662"
    },
    "cleaner": {
        "last_check": "1613604662"
    },
    "dbmaint": {
        "last_check": "1613604602"
    },
    "cmdsubsys": {
        "last_check": "1613604712"
    },
    "eventman": {
        "last_check": "1613604713"
    },
    "daemons": {
        "updated": "2021-02-17 15:31:43.487988",
        "daemon": [
            {
                "@attributes": {
                    "id": "nagioscore"
                },
                "name": "nagios",
                "output": "           \u2514\u250068958 \/bin\/ping -n -U -w 30 -c 5 xx.xx.xx.xx",
                "return_code": "0",
                "status": "0"
            },
            {
                "@attributes": {
                    "id": "pnp"
                },
                "name": "npcd",
                "output": "           \u2514\u25001199 \/usr\/local\/nagios\/bin\/npcd -d -f \/usr\/local\/nagios\/etc\/pnp\/npcd.cfg",
                "return_code": "0",
                "status": "0"
            }
        ]
    }
}

Posted: **Thu Feb 18, 2021 11:23 am**

Hi,

I'm familiar with that message. Are you using a self-signed certificate? If so, you're going to get that message when running those commands locally. You can bypass this by using the -K option as shown in the output.

The other option is to add your self-signed certificate as trusted. The following steps worked on my test system.

Code: Select all

sudo yum install ca-certificates
sudo update-ca-trust enable
sudo cp /path/to/your_new_cert.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract

If you have a certificate from a known CA, try the following to resolve this.

Code: Select all

yum update curl
yum install ca-certificates

Reference:
https://stackoverflow.com/questions/146 ... known-ca-c

Posted: **Thu Feb 18, 2021 3:59 pm**

Yes, we're using a self-signed cert. I'll attempt to add it as trusted per your instructions. Thank you.

Posted: **Thu Feb 18, 2021 4:47 pm**

Hi,

Yes, we're using a self-signed cert. I'll attempt to add it as trusted per your instructions. Thank you.

Sounds good. Let us know it goes.

Posted: **Mon Mar 01, 2021 12:13 pm**

I performed the recommended steps, but unfortunately the entries are still occurring in my audit log. Every 1-2 minutes.

Any other ideas?

Posted: **Tue Mar 02, 2021 10:02 am**

Hi @rferebee,

Those entries in the log are coming from the Nagios XI Wizard. It's not unusual to have a significant number of incoming requests to the API. Did you try to increase the check interval for the Nagiso XI Jobs, Nagiso XI Daemons service checks? Also, make sure there are not duplicate configurations for these service checks.

Benjamin

Nagios Support Forum

API calls?

API calls?

Re: API calls?

Re: API calls?

Re: API calls?

Re: API calls?

Re: API calls?

Re: API calls?

Re: API calls?

Re: API calls?

Re: API calls?