optionstechnology wrote:We are wondering is there a way to lockdown the GUI on NCPA so that users cant login with the Token, we ideally would like users to be able to authenticate with LDAP if that's an option?
Unfortunately no, LDAP integration for using the web GUI interface is not supported in the current version of NCPA.
By default the token (i.e.
community_string) is a shared password that allows both logins to the web GUI available on port 5693 and the NCPA REST request listener running on the same port, 5693.
If you don't want people accessing the web GUI, you could set
allowed_hosts to a value that only allows in traffic from the Nagios XI monitoring engine. This will disallow
anyone from using the web gui unless they're running a web browser on the Nagios XI machine. For example (
C:\Program Files (x86)\Nagios\NCPA\etc\ncpa.cfg):
Code: Select all
#
# Comma separated list of allowed hosts that can access the API (and GUI)
# Supported types: IPv4, IPv4-mapped IPv6, IPv6, hostnames
# Hostname wildcards are not supported.
#
# Exmaple IPv4: 192.168.23.15
# Example IPv4 subnet: 192.168.0.0/28
# Example IPv4-mapped IPv6: ::ffff:192.168.1.15
# Example IPv6: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
# Example hostname: asterisk.mydomain.com
# Example mixed types: 192.168.23.15, 192.168.0.0/28, ::ffff:192.168.1.15, 2001:0db8:85a3:0000:0000:8a2e:0370:7334, asterisk.mydomain.com
#
allowed_hosts = 192.168.23.44
You could also disallow the admin section from the web GUI from everybody (
C:\Program Files (x86)\Nagios\NCPA\etc\ncpa.cfg):
Code: Select all
#
# Allow admin functionality in the web GUI. When this is set to 0, the admin section will not
# be displayed in the header and will not be available to be accessed.
# Default: 1
#
admin_gui_access = 0
You could also set a separate admin password, such that the Token will get you into the basic interface, but the administration portions require an extra password.
Code: Select all
#
# Admin password for the admin section in the web GUI, by default there is no admin
# password and the admin section of the GUI can be accessed by anyone if admin_gui_access is set to 1.
# Default: None
#
# Note: Setting this value to 'None' will automatically log you in, setting it empty will allow you to
# log in using a blank password.
#
admin_password = oXKuz+4NnelBvluIgBP0iGh1MNJm
Keep in mind those options are
not mutually-exclusive -- any combination of those three access control methods can work together to provide as much or as little security as you want.
Is there a way of having the output of say the Disk Usage checks in Percentage format but have the graphs in GB format?
If you set two checks,
- one without thresholds, set to GB, and
- one with thresholds, set to percent
you should be able to accomplish this.
optionstechnology wrote:Additionally was wondering if its possible to search for multiple IDs in the log file checks, haven't been able to find any examples where more than one is specified
This was the only thing I'm fuzzy on what you're asking. What are you referring to, a "log file check"? Is this a custom plugin that NCPA is running? Can you link me the script? What ID are you searching? A screenshot of what it's giving back in the Nagios XI command center would be helpful too.