1# 2# Sample configuration for nsca-ng(8). See the nsca-ng.cfg(5) man page. 3# 4# PLEASE SET THE PERMISSIONS OF THIS FILE APPROPRIATELY TO MAKE SURE THAT ONLY 5# AUTHORIZED USERS CAN ACCESS IT! 6# 7 8# 9# Most probably, you'll have to specify the path to the Nagios command file. 10# 11command_file = "/usr/local/nagios/var/rw/nagios.cmd" 12 13# 14# These configuration settings are optional. 15# 16# listen = "monitoring.example.com:5668" # Default: "*". 17# pid_file = "/var/run/nsca-ng.pid" # Default: create no PID file. 18# temp_directory = "/dev/shm" # Default: "/tmp". 19# tls_ciphers = "PSK-AES256-CBC-SHA" # Default: see nsca-ng.cfg(5). 20# chroot = "/usr/local/nagios/var" # Default: don't chroot(2). 21# user = "nagios" # Default: don't switch user. 22# log_level = 2 # Default: 3. 23# max_command_size = 65536 # Default: 16384. 24# max_queue_size = 128 # Default: 1024. 25# timeout = 15.0 # Default: 60.0. 26# 27 28# 29# Clients provide a client ID (think: user name) and a password. The same 30# ID/password combination may be used by multiple clients. In order to 31# authorize clients to submit check results and/or other external commands, at 32# least one "authorize" section must be specified. The client ID (which follows 33# the "authorize" keyword) may be "*". In this case, the block will be used as 34# fallback if no section is defined for a given client ID. No other wildcard 35# characters are available, and "*" has no special meaning unless the client ID 36# is exactly "*". 37# 38# Authorizations are specified using the "commands", "hosts, and/or "services" 39# variables within an "authorize" section. These variables are (lists of) 40# extended POSIX regular expressions (see the regex(7) man page), but with an 41# implicit leading "^" and trailing "$". The "commands" patterns are matched 42# against the full command string transmitted by the client, except for the 43# leading bracketed timestamp. The "hosts" and "services" variables are 44# syntactic sugar, e.g.: 45# 46# services = { 47# "http@web-server", 48# "disk" 49# } 50# 51# is equivalent to 52# 53# commands = { 54# "PROCESS_SERVICE_CHECK_RESULT;web-server;http;.+;.+", 55# "PROCESS_SERVICE_CHECK_RESULT;[^;]+;disk;.+;.+" 56# } 57# 58# Some examples: 59# 60# Authenticated "root" clients may submit arbitrary check results and any other 61# monitoring commands. 62# 63# authorize "root" { 64# password = "cM5vBM9CtCWTH1SwnxFEOfp8VAmQq2vd" 65# commands = ".*" 66# } 67# 68# Authenticated "checker" clients may submit arbitrary check results, but no 69# other commands. 70# 71# authorize "checker" { 72# password = "s2LDCy4CiK6yrlcHhTXT6agFh067XYE3" 73# hosts = ".*" 74# services = ".*" 75# } 76# 77# Authenticated "mail-checker" clients may submit check results for arbitrary 78# services on hosts whose names begin with "pop", "imap", or "smtp". 79# 80# authorize "mail-checker" { 81# password = "1HOiwYonRoLByCaX6lfY5KDhP484THzV" 82# services = { 83# ".+@pop.*", 84# ".+@imap.*", 85# ".+@smtp.*" 86# } 87# } 88# 89# Authenticated "system-checker" clients may submit check results for the 90# "disk", "swap", and "load" services on arbitrary hosts. 91# 92# authorize "system-checker" { 93# password = "rDCnSMFaM9wb5Yzjd6JwRcvHEwmC9ZlQ" 94# services = { 95# "disk", 96# "swap", 97# "load" 98# } 99# } 100# 101 102# 103# The "*" section applies when no other section matches the client's identity. 104# In order to authorize clients to actually submit check results (or other 105# commands), at least one "commands", "hosts", and/or "services" expression must 106# be specified. 107# 108authorize "*" { 109 password = "change-me" 110 # 111 # The original NSCA server permits all authenticated clients to submit 112 # arbitrary check results. To get this behaviour, enable the following 113 # lines: 114 # 115 # hosts = ".*" 116 # services = ".*" 117} 118 119# 120# Other files can be included. If a directory is specified, all "*.cfg" and 121# "*.conf" files within this directory and all subdirectories are included. 122# 123# include(nsca-ng.d/included.cfg) 124# 125