Direct link to Host/Service problem in Message Notification

[fmpub]

Under Core we used to have a direct link to the host/service in the email alert which allowed us to click straight through to the page on our smart phones etc to easily acknowledge problems. We did this by using the "note_url" in our host and service definition. upon switching to XI I reformatted the URL for XI as follows.

notes_url http://nagios.mydomain.net/nagiosxi/inc ... =$HOSTNAME$
and
notes_url http://nagios.mydomain.net/nagiosxi/inc ... &dest=auto

The problem is when you click on these we keep a message about session being timed out rather then being asked for auth then sending us to the page like under the old CORE. Also when you click on my service URL it just sends you to the service status page, rather then the Service Status Detail page.

Any help on how I can restore this functionality.

[fmpub]

My Commands for the note URL see to have gotten truncated.... here they are again in an appropriate code bracket.

Code: Select all

       notes_url                       http://nagios.mydomain.net/nagiosxi/includes/components/xicore/status.php?show=servicedetail&host=$HOSTNAME$&service=$SERVICEDESC$&dest=auto
       notes_url                       http://nagios.mydomain.net/nagiosxi/includes/components/xicore/status.php?show=hostdetail&host=$HOSTNAME$

[mguthrie]

I'll see if I can recreate this on our end.

Would you be willing to send us the hyperlink output that you get in one of those emails (minus your domain). I'd like to double check that it's sending valid commands through the url. We did some security updates that protect from code injections into the url, but I'm wondering if that's causing an issue here.

[fmpub]

Example Service

Code: Select all

***** Nagios *****

Notification Type: PROBLEM
Acknowledged By: 
Acknowledgment Note: 
URL: http://nagios.mydomain.net/nagiosxi/includes/components/xicore/status.php?show=servicedetailhost=dynamic1.chi.mydomain.netservice=PROCESSESdest=auto

Service: PROCESSES
Host: dynamic1.chi.mydomain.net
Address: 172.16.110.31
State: CRITICAL

Date/Time: Thu Aug 26 16:10:11 EDT 2010

Additional Info:

PROCS CRITICAL: 1055 processes with STATE = RSZDT

Example Host;

Code: Select all

***** Nagios *****

Notification Type: PROBLEM
Acknowledged By: 
Acknowledgement Note:  
URL: http://nagios.mydomain.net/nagiosxi/includes/components/xicore/status.php?show=hostdetailhost=admin.chi.mydomain.net

Host: admin.chi.mydomain.net
State: DOWN
Address: 172.16.110.11
Info: PING CRITICAL - Packet loss = 100%

Date/Time: Tue Aug 24 13:46:13 EDT 2010

[mguthrie]

Oh yeah, looks we broke that one with a security fix. There are supposed to be '&' symbols after each argument being passed in the browser and it looks like those are being stripped. I'll file that in the bug tracker and we'll try and have that fixed with the next update.

Just to verify, the links should work with the &'s added back in.

Code: Select all

 http://nagios.mydomain.net/nagiosxi/includes/components/xicore/status.php?show=servicedetail&host=dynamic1.chi.mydomain.net&service=PROCESSES&dest=auto

http://nagios.mydomain.net/nagiosxi/includes/components/xicore/status.php?show=hostdetail&host=admin.chi.mydomain.net

[fmpub]

yes with the "&" everything is working.

A short term work around though I understand *not recommended* would be to remove the & from the illegal_macro_output_chars in the nagios.cfg I suppose?

[mmestnik]

The recent change uses html_entities as provided by PHP and is not configurable using nagios.cfg. As for illegal_macro_output_chars, '&' is especially dangerousness because '&&' can be used as a synonym for ';' vary easily allowing a macro to run applications(via a shell inject) it other wise would not be able to access.

The text should not be passing through NagiosCore, NagiosCore signals NagiosXI when an alert needs to be sent out. NagiosXI should then be responsible for dispatching the notifications.

[admin]

Could you clarify if you are :

1. using the notification message format that is available through the Nagios XI interface
or
2. using lower-level notification commands directly in Nagios Core

If the latter, you would have to adjust the illegal_macro_output_chars option in the config file.

If this former, use something like this in your custom email notification message format:

Code: Select all

http://nagios.mydomain.net/nagiosxi/?xiwindow=includes/components/xicore/status.php?show=servicedetail&host=%host%&service=%service%&dest=auto

Note that XI uses new psuedo-macros contained by percent (%) signs, whereas the lower-level Nagios Core commands still require the older $macro$ style.

[fmpub]

We are using the "notify-host-by-email" and "notify-service-by-email" commands modded in the following way:

Code: Select all

/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nAcknowledged By: $HOSTACKAUTHORALIAS$\nAcknowledgement Note: $HOSTACKCOMMENT$ \nURL: $HOSTNOTESURL$\n\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$

So the illegal macro thing fixes the links... however from a smart phone etc we still get the session timeout issue rather then being challenged for auth, and passed through to the final URL when authed properly.

So there is still a behaviour problem with XI vs Nagios Core.

[mguthrie]

So just to clarify, using the illegal macro trick you're able to make the links work on a PC, but not on the smart phones?


The problem does reside in the php htmlentities() function, we're currently discussing the best way to allow some of these characters through without sacrificing security to the system.