Then check your apache logs for clues. It sounds like you missed something when you setup the apache stuff and the authentication. How do you login to the site? As what user? Is that user in the cgi.cfg file, or is he in the contacts and contactgroup.cfg files?
Surprisingly enough, when i go to 127.0.0.1/nagios, it is not asking me for authentiation. It directly opens the main page of nagios. Does that mean something is wrong?
Sir,
can i paste the httpd.conf file for you to have a look?
Sure paste it, but if you didn’t have to login, then you didn’t setup authentication. I would strongly suggest that you do so.
nagios.sourceforge.net/docs/1_0/installweb.html
Surprisngly enough, i have done exactly the same way as it shows in the documentation. I am posting my cgi.cfg file for your kind persual as well as httpd.conf file in the next reply.
thanks
Here is my cgi.cfg file,
#################################################################
CGI.CFG - Sample CGI Configuration File for Nagios
Last Modified: 10-29-2002
#################################################################
MAIN CONFIGURATION FILE
This tells the CGIs where to find your main configuration file.
The CGIs will read the main and host config files for any other
data they might need.
main_config_file=/usr/local/nagios/etc/nagios.cfg
PHYSICAL HTML PATH
This is the path where the HTML files for Nagios reside. This
value is used to locate the logo images needed by the statusmap
and statuswrl CGIs.
physical_html_path=/usr/local/nagios/share
URL HTML PATH
This is the path portion of the URL that corresponds to the
physical location of the Nagios HTML files (as defined above).
This value is used by the CGIs to locate the online documentation
and graphics. If you access the Nagios pages with an URL like
myhost.com/nagios, this value should be ‘/nagios’
(without the quotes).
url_html_path=/nagios
CONTEXT-SENSITIVE HELP
This option determines whether or not a context-sensitive
help icon will be displayed for most of the CGIs.
Values: 0 = disables context-sensitive help
1 = enables context-sensitive help
show_context_help=0
NAGIOS PROCESS CHECK COMMAND
This is the full path and filename of the program used to check
the status of the Nagios process. It is used only by the CGIs
and is completely optional. However, if you don’t use it, you’ll
see warning messages in the CGIs about the Nagios process
not running and you won’t be able to execute any commands from
the web interface. The program should follow the same rules
as plugins; the return codes are the same as for the plugins,
it should have timeout protection, it should output something
to STDIO, etc.
Note: If you are using the check_nagios plugin here, the first
argument should be the physical path to the status log, the
second argument is the number of minutes that the status log
contents should be “fresher” than, and the third argument is the
string that should be matched from the output of the ‘ps’
command in order to locate the running Nagios process. That
process string is going to vary depending on how you start
Nagios. Run the ‘ps’ command manually to see what the command
line entry for the Nagios process looks like.
nagios_check_command=/usr/local/nagios/libexec/check_nagios /usr/local/nagios/var/status.log 5 ‘nagios’
AUTHENTICATION USAGE
This option controls whether or not the CGIs will use any
authentication when displaying host and service information, as
well as committing commands to Nagios for processing.
Read the HTML documentation to learn how the authorization works!
NOTE: It is a really bad idea to disable authorization, unless
you plan on removing the command CGI (cmd.cgi)! Failure to do
so will leave you wide open to kiddies messing with Nagios and
possibly hitting you with a denial of service attack by filling up
your drive by continuously writing to your command file!
Setting this value to 0 will cause the CGIs to not use
authentication (bad idea), while any other value will make them
use the authentication functions (the default).
use_authentication=1
DEFAULT USER
Setting this variable will define a default user name that can
access pages without authentication. This allows people within a
secure domain (i.e., behind a firewall) to see the current status
without authenticating. You may want to use this to avoid basic
authentication if you are not using a sercure server since basic
authentication transmits passwords in the clear.
Important: Do not define a default username unless you are
running a secure web server and are sure that everyone who has
access to the CGIs has been authenticated in some manner! If you
define this variable, anyone who has not authenticated to the web
server will inherit all rights you assign to this user!
default_user_name=guest
SYSTEM/PROCESS INFORMATION ACCESS
This option is a comma-delimited list of all usernames that
have access to viewing the Nagios process information as
provided by the Extended Information CGI (extinfo.cgi). By
default, no one has access to this unless you choose to
not use authorization. You may use an asterisk (*) to
authorize any user who has authenticated to the web server.
authorized_for_system_information=*
CONFIGURATION INFORMATION ACCESS
This option is a comma-delimited list of all usernames that
can view ALL configuration information (hosts, commands, etc).
By default, users can only view configuration information
for the hosts and services they are contacts for. You may use
an asterisk (*) to authorize any user who has authenticated
to the web server.
authorized_for_configuration_information=*
SYSTEM/PROCESS COMMAND ACCESS
This option is a comma-delimited list of all usernames that
can issue shutdown and restart commands to Nagios via the
command CGI (cmd.cgi). Users in this list can also change
the program mode to active or standby. By default, no one
has access to this unless you choose to not use authorization.
You may use an asterisk (*) to authorize any user who has
authenticated to the web server.
authorized_for_system_commands=nagiosadmin,dthomas
GLOBAL HOST/SERVICE VIEW ACCESS
These two options are comma-delimited lists of all usernames that
can view information for all hosts and services that are being
monitored. By default, users can only view information
for hosts or services that they are contacts for (unless you
you choose to not use authorization). You may use an asterisk (*)
to authorize any user who has authenticated to the web server.
authorized_for_all_services=*
authorized_for_all_hosts=*
GLOBAL HOST/SERVICE COMMAND ACCESS
These two options are comma-delimited lists of all usernames that
can issue host or service related commands via the command
CGI (cmd.cgi) for all hosts and services that are being monitored.
By default, users can only issue commands for hosts or services
that they are contacts for (unless you you choose to not use
authorization). You may use an asterisk (*) to authorize any
user who has authenticated to the web server.
authorized_for_all_service_commands=nagiosadmin,dthomas
authorized_for_all_host_commands=nagiosadmin,dthomas
EXTENDED HOST INFORMATION
This is all entirely optional. If you don’t enter any extended
information, nothing bad will happen - I promise… Its basically
just used to have pretty icons and such associated with your hosts.
This is especially nice when you’re using the statusmap and
statuswrl CGIs. You can also specify an URL that links to a document
containing more information about the host (location details, contact
information, etc).
hostextinfo<host_name>]=<notes_url>;<icon_image>;<vrml_image>;<gd2_image>;\
<image_alt>;<x_2d>,<y_2d>;<x_3d>,<y_3d>,<z_3d>;
<notes_url> = Optional URL that points to a document of
some type containing information on the host.
The information (and the document type) can
be anything you want. Examples include details
on the physical location of the server, info
on how to contact the admins in case of an
emergency, etc. Relative URLs start in the
same path that is used to access the CGIs.
The link that is created for the host’s notes
notes is found in the extinfo CGI.
Note: You may use the $HOSTNAME$ and
$HOSTADDRESS$ macros in this URL.
<icon_image> = A GIF, PNG, or JPEG image to associate with
the host. This is used in the status and
extinfo CGIs.
<vrml_image> = An image to use in the statuswrl CGI in the
VRML generation. Transparent images don’t
work so great…
<gd2_image> = An image used by the statusmap CGI to
represent the host. This can be a GIF, PNG,
JPEG, or GD2 image. GD2 format is recommended,
as it produces the load CPU load.
utility supplied with Boutell’s gd library.
<image_alt> = ALT tag used with images in various CGIs
<x_2d>,<y_2d> = X and Y coordinates used when drawing the
host in the statusmap CGI. (0,0) is located
in the upper left corner of the screen and is
considered to be the origin. The coordinates
you supply here are used as the coords of the
upper left hand corner of host icon. Both
numbers should be positive integers.
<x_3d>,<y_3d>,<z_3d> = X, Y, and Z coordinates used when drawing
the host in the statuswrl (VRML) CGI. All
numbers can be positive or negative (anywhere
in 3-D space). The coordinates are used to
determine the center of the host “cube” that
is drawn. Host “cubes” are drawn with a
height, width, and depth of 0.5 (meters).
Note: All images must be placed in the /logos subdirectory under
the HTML images path (i.e. /usr/local/nagios/share/images/logos/).
This path is automatically determined by appending “/images/logos”
to the path specified by the ‘physical_html_path’ directive.
#hostextinfo[es-eds]=/serverinfo/es-eds.html;novell40.gif;novell40.jpg;novell40.gd2;IntranetWare 4.11;100,50;3.5,0.0,-1.5;
#hostextinfo[rosie]=/serverinfo/rosie.html;win40.gif;win40.jpg;win40.gd2;NT Server 4.0;;;
EXTENDED SERVICE INFORMATION
This is all entirely optional. If you don’t enter any extended
information, nothing bad will happen - I promise… Its basically
just used to have pretty icons and such associated with your services.
You can also specify an URL that links to a document containing more
information about the service (location details, contact information,
etc).
serviceextinfo<host_name>;<svc_description>]=<notes_url>;<icon_image>;<image_alt>
<notes_url> = Optional URL that points to a document of
some type containing information on the service.
The information (and the document type) can
be anything you want. Examples include details
on the physical location of the server, info
on how to contact the admins in case of an
emergency, etc. Relative URLs start in the
same path that is used to access the CGIs.
The link that is created for the service’s
notes URL is found in the extinfo CGI.
Note: You may use the $HOSTNAME$, $HOSTADDRESS$,
and $SERVICEDESC$ macros in this URL.
<icon_image> = A GIF, PNG, or JPEG image to associate with
the service. This is used in the status and
extinfo CGIs.
<image_alt> = ALT tag used with image
Note: All images must be placed in the /logos subdirectory under
the HTML images path (i.e. /usr/local/nagios/share/images/logos/).
This path is automatically determined by appending “/images/logos”
to the path specified by the ‘physical_html_path’ directive.
#serviceextinfo[es-eds;PING]=http://www.somewhere.com?tracerouteto=$HOSTADDRESS$;;PING rate
#serviceextinfo[rosie;Security Alerts]=;security.gif;Security alerts
STATUSMAP BACKGROUND IMAGE
This option allows you to specify an image to be used as a
background in the statusmap CGI. It is assumed that the image
resides in the HTML images path (i.e. /usr/local/nagios/share/images).
This path is automatically determined by appending “/images”
to the path specified by the ‘physical_html_path’ directive.
Note: The image file may be in GIF, PNG, JPEG, or GD2 format.
However, I recommend that you convert your image to GD2 format
(uncompressed), as this will cause less CPU load when the CGI
generates the image.
#statusmap_background_image=smbackground.gd2
DEFAULT STATUSMAP LAYOUT METHOD
This option allows you to specify the default layout method
the statusmap CGI should use for drawing hosts. If you do
not use this option, the default is to use user-defined
coordinates. Valid options are as follows:
0 = User-defined coordinates
1 = Depth layers
2 = Collapsed tree
3 = Balanced tree
4 = Circular
5 = Circular (Marked Up)
default_statusmap_layout=5
DEFAULT STATUSWRL LAYOUT METHOD
This option allows you to specify the default layout method
the statuswrl (VRML) CGI should use for drawing hosts. If you
do not use this option, the default is to use user-defined
coordinates. Valid options are as follows:
0 = User-defined coordinates
2 = Collapsed tree
3 = Balanced tree
4 = Circular
default_statuswrl_layout=4
STATUSWRL INCLUDE
This option allows you to include your own objects in the
generated VRML world. It is assumed that the file
resides in the HTML path (i.e. /usr/local/nagios/share).
#statuswrl_include=myworld.wrl
PING SYNTAX
This option determines what syntax should be used when
attempting to ping a host from the WAP interface (using
the statuswml CGI. You must include the full path to
the ping binary, along with all required options. The
$HOSTADDRESS$ macro is substituted with the address of
the host before the command is executed.
ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
REFRESH RATE
This option allows you to specify the refresh rate in seconds
of various CGIs (status, statusmap, extinfo, and outages).
refresh_rate=90
SOUND OPTIONS
These options allow you to specify an optional audio file
that should be played in your browser window when there are
problems on the network. The audio files are used only in
the status CGI. Only the sound for the most critical problem
will be played. Order of importance (higher to lower) is as
follows: unreachable hosts, down hosts, critical services,
warning services, and unknown services. If there are no
visible problems, the sound file optionally specified by
‘normal_sound’ variable will be played.
=<sound_file>
Note: All audio files must be placed in the /media subdirectory
under the HTML path (i.e. /usr/local/nagios/share/media/).
#host_unreachable_sound=hostdown.wav
#host_down_sound=hostdown.wav
#service_critical_sound=critical.wav
#service_warning_sound=warning.wav
#service_unknown_sound=warning.wav
#normal_sound=noproblem.wav
DG EXTENDED DATA
Note: These config directives are only used if you compiled
in database support for extended data!
The user you specify here only needs SELECT privileges on the
‘hostextinfo’ table in the database.
#xeddb_host=somehost
#xeddb_port=someport
#xeddb_database=somedatabase
#xeddb_username=someuser
#xeddb_password=somepassword
DB STATUS DATA (Read-Only For CGIs)
Note: These config directives are only used if you compiled
in database support for status data!
The user you specify here only needs SELECT privileges on the
‘programstatus’, ‘hoststatus’, and ‘servicestatus’ tables
in the database, as these values are only used by the CGIs.
The core program will read the directives you specify in
in a resource file.
#xsddb_host=somehost
#xsddb_port=someport
#xsddb_database=somedatabase
#xsddb_username=someuser
#xsddb_password=somepassword
DB COMMENT DATA (Read-Only For CGIs)
Note: These config directives are only used if you compiled
in database support for comment data!
The user you specify here only needs SELECT privileges on the
‘hostcomments’, and ‘servicecomments’ tables in the database,
as these values are only used by the CGIs. The core program
will read the directives you specify in a resource file.
#xcddb_host=somehost
#xcddb_port=someport
#xcddb_database=somedatabase
#xcddb_username=someuser
#xcddb_password=somepassword
DB DOWNTIME DATA (Read-Only For CGIs)
Note: These config directives are only used if you compiled
in database support for downtime data!
The user you specify here only needs SELECT privileges on the
‘hostdowntime’, and ‘servicedowntime’ tables in the database,
as these values are only used by the CGIs. The core program
will read the directives you specify in a resource file.
#xdddb_host=somehost
#xdddb_port=someport
#xdddb_database=somedatabase
#xdddb_username=someuser
#xdddb_password=somepassword
Thats the end of the cgi file
Here is the part of the apache file where i have put my script alias for nagios,
ScriptAliases are essentially the same as Aliases, except that
documents in the realname directory are treated as applications and
run by the server when requested rather than as documents sent to the client.
The same rules about trailing “/” apply to ScriptAlias directives as to
Alias.
# # Additional to mod_cgid.c settings, mod_cgid has Scriptsock # for setting UNIX socket for communicating with cgid. # Scriptsock run/httpd.cgid“/var/www/cgi-bin” should be changed to whatever your ScriptAliased
CGI directory exists, if you have that configured.
ScriptAlias /nagios/cgi-bin/ /usr/local/nagios/sbin/
<Directory “/usr/local/nagios/sbin/”>
AllowOverride AuthConfig
Options ExecCGI
Order allow,deny
Allow from all
Alias /nagios/ /usr/local/nagios/share/
<Directory “/usr/local/nagios/share”>
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
Redirect allows you to tell clients about documents which used to exist in
your server’s namespace, but do not anymore. This allows you to tell the
clients where to look for the relocated document.
Example:
Redirect permanent /foo example.com/bar
Directives controlling the display of server-generated directory listings.
I like what you have so far, but you must not have completed the rest of the instuctions, i.e.
"The second step is to create a file named .htaccess in the root your CGI directory (and optionally also you HTML directory) for Nagios (usually /usr/local/nagios/sbin and /usr/local/nagios/share, respectively). The file(s) should have contents similiar to the following…
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
require valid-user
Setting Up Authenticated Users
Now that you’ve configured the web server to require authentication for access to the CGIs, you’ll need to configure users who can access the CGIs. This is done by using the htpasswd command supplied with Apache.
Running the following command will create a new file called htpasswd.users in the /usr/local/nagios/etc directory. It will also create an username/password entry for nagiosadmin. You will be asked to provide a password that will be used when nagiosadmin authenticates to the web server.
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Continue adding more users until you’ve created an account for everyone you want to access the CGIs. Use the following command to add additional users, replacing with the actual username you want to add. Note that the -c option is not used, since you already created the initial file.
htpasswd /usr/local/nagios/etc/htpasswd.users
Okay, so you’re done with the first part of what needs to be done. If you point your web browser to your Nagios CGIs you should be asked for a username and password. If you have problems getting user authentication to work at this point, read your webserver documentation for more info.
Enabling Authentication/Authorization Functionality In The CGIs
The next thing you need to do is make sure that the CGIs are configured to use the authentication and authorization functionality in determining what information and/or commands users have access to. This is done be setting the use_authentication variable in the CGI configuration file to a non-zero value. Example:
use_authentication=1
Okay, you’re now done with setting up basic authentication/authorization functionality in the CGIs.
"
So make sure you perform all the steps, restart apache, and your browser and you MUST login.
One more thing, comment that line out please and restart nagios.
DEFAULT USER
Setting this variable will define a default user name that can
access pages without authentication. This allows people within a
secure domain (i.e., behind a firewall) to see the current status
without authenticating. You may want to use this to avoid basic
authentication if you are not using a sercure server since basic
authentication transmits passwords in the clear.
Important: Do not define a default username unless you are
running a secure web server and are sure that everyone who has
access to the CGIs has been authenticated in some manner! If you
define this variable, anyone who has not authenticated to the web
server will inherit all rights you assign to this user!
default_user_name=guest
Make it like this:
default_user_name=guest
That is most likely why you don’t have to login.
I have the htaccess.users file in place.
If i try to do 127.0.0.1/nagios/cgi-bin, i get this error
Access forbidden!
You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.
If you think this is a server error, please contact the webmaster
Error 403
localhost
Sun 22 May 2005 02:25:24 PM EDT
Apache/2.0.40 (Red Hat Linu:evil:
You can’t access that directly.
just go to nagios and then clik on some cgi link.
But first things first. Have you authenticated yet?
I"m out till tommorrow.
Sir,
after going through my configurations again, i finally found out what i really need to display the web pages. I think i need to install gd,zlib,libpng,jpegsrc packages. I did not find anything wrong in the configs. I have also been getting email alerst. As soon as i go through this process i shall update you and let you know iif it helped,
Thanks
I don’t think you need gd for all of the cgi’s, but you will for the trends, statusmap, etc.
Sir,
I appreciate all the help you have provided me. I have finally got it up and running. Installing the gd library helped.
Thanks again
Sir,
everything seems to be working fine now except one small thing. On clicking the status map, i get this error,
Object not found!
The requested URL was not found on this server. The link on the referring page seems to be wrong or outdated. Please inform the author of that page about the error.
If you think this is a server error, please contact the webmaster
Error 404
10.1.30.8
Wed 01 Jun 2005 03:14:18 PM EDT
Apache/2.0.40 (Red Hat Linu:evil:
I tried installing the libjpeg-v6b library, but it was giving an error and i think that is the reason that the status map link is not working. Most of the links are working fine but some are showing the same error.
Any suggestions would be appreciated,
Thanks,
Here is what happens when i install the libjpeg library. i think the problem is because the jconfig.h is not updating(the last 2 lines).
[root@netmon jpeg-6b]# ./configure
checking for gcc… gcc
checking whether the C compiler (gcc ) works… yes
checking whether the C compiler (gcc ) is a cross-compiler… no
checking whether we are using GNU C… yes
checking how to run the C preprocessor… gcc -E
checking for function prototypes… yes
checking for stddef.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for size_t… yes
checking for type unsigned char… yes
checking for type unsigned short… yes
checking for type void… yes
checking for working const… yes
checking for inline… inline
checking for broken incomplete types… ok
checking for short external names… ok
checking to see if char is signed… yes
checking to see if right shift is signed… yes
checking to see if fopen accepts b spec… yes
checking for a BSD compatible install… /usr/bin/install -c
checking for ranlib… ranlib
checking libjpeg version number… 62
creating ./config.status
creating Makefile
creating jconfig.h
jconfig.h is unchanged