Files: exercises-nagios.txt

File exercises-nagios.txt, 26.1 KB (added by hervey, 9 years ago)

Nagios Part I exercises - TEXT

Line 
1Registry Operations Curriculum
2Nagios Installation and Configuration
3
4Notes:
5------
6* Commands preceded with "$" imply that you should execute the command as
7  a general user - not as root.
8* Commands preceded with "#" imply that you should be working as root.
9* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>")
10  imply that you are executing commands on remote equipment, or within
11  another program.
12
13Exercises
14---------
15
16Exercises Part I
17----------------
18
190. Log in to your PC or open a terminal window as the tladmain user.
20
21
221. You could nstall Nagios version 3. You would do this as root or as the tldadmin
23   user and use the "sudo" command:
24
25    # apt-get install nagios3
26   
27   Nagios version 3 is already installed, but you can still run the command.
28
29
302. Create the Web user password file:
31
32    # htpasswd -c /etc/nagios3/htpasswd.users nagiosadmin
33
34New password:         
35Re-type new password:
36
37   We suggest you use your standard user password used in class.
38
39
402. You should already have a working Nagios!
41
42    - Open a browser, and go to
43
44    http://localhost/nagios3/
45
46    - At the login prompt, login as:
47
48        user: nagiosadmin
49        pass:
50
513. Let's look at the interface together...
52
53    # cd /etc/nagios3/
54
55    # ls -l
56    -rw-r--r-- 1 root root    1882 2008-12-18 13:42 apache2.conf
57    -rw-r--r-- 1 root root   10524 2008-12-18 13:44 cgi.cfg
58    -rw-r--r-- 1 root root    2429 2008-12-18 13:44 commands.cfg
59    drwxr-xr-x 2 root root    4096 2009-02-14 12:33 conf.d
60    -rw-r--r-- 1 root root      26 2009-02-14 12:36 htpasswd.users
61    -rw-r--r-- 1 root root   42539 2008-12-18 13:44 nagios.cfg
62    -rw-r----- 1 root nagios  1293 2008-12-18 13:42 resource.cfg
63    drwxr-xr-x 2 root root    4096 2009-02-14 12:32 stylesheets
64   
65    # ls -l conf.d/
66
67    -rw-r--r-- 1 root root 1695 2008-12-18 13:42 contacts_nagios2.cfg
68    -rw-r--r-- 1 root root  418 2008-12-18 13:42 extinfo_nagios2.cfg
69    -rw-r--r-- 1 root root 1152 2008-12-18 13:42 generic-host_nagios2.cfg
70    -rw-r--r-- 1 root root 1803 2008-12-18 13:42 generic-service_nagios2.cfg
71    -rw-r--r-- 1 root root  210 2009-02-14 12:33 host-gateway_nagios3.cfg
72    -rw-r--r-- 1 root root  976 2008-12-18 13:42 hostgroups_nagios2.cfg
73    -rw-r--r-- 1 root root 2167 2008-12-18 13:42 localhost_nagios2.cfg
74    -rw-r--r-- 1 root root 1005 2008-12-18 13:42 services_nagios2.cfg
75    -rw-r--r-- 1 root root 1609 2008-12-18 13:42 timeperiods_nagios2.cfg
76
77    Notice that the package does not have renamed filenames for the conf.d
78    directory - they are the same files as used for the Nagios version 2
79    Ubuntu package. There was an update made to the host-gateway configuration
80    file so this has been renamed.
81
82PART II
83Configuring Equipment
84-----------------------------------------------------------------------------
85
860. Order of configuration
87
88Conceptually we will build our configuration files from the "top" of our network down. That
89is we define entries for our gateway router and swith first, then our group routers and switches.
90Once we have these entries we will add an entry for our NOC machine, then pc1, pc2, pc3, etc...
91
92By going in this order you will have defined the devices that act as parents for other devices.
93
94
951. Let's configure Nagios to start monitoring our classroom gateway router:
96
97    # cd /etc/nagios3/conf.d/
98
99    # vi routers.cfg
100   
101define host {
102    use         generic-host
103    host_name   bb-gw
104    alias       cctld border router
105    address     192.168.17.2
106}
107   
108   Now define entries for our two group routers:
109   
110define host {
111    use         generic-host
112    host_name   pc1-pc9-gw
113    alias       cctld group 1 router
114    address     192.168.5.129
115}
116
117define host {
118    use         generic-host
119    host_name   pc10-pc18-gw
120    alias       cctld group 2 router
121    address     192.168.5.161
122}
123
124Save and exit from the file /etc/nagios3/conf.d/routers.cfg
125
126
1272. Configure our classroom switches
128
129Now that we have our routers configured we can configure our switches. Note that each
130switch will have a parent relationship with the router next to them.
131
132        # vi switches.cfg
133
134First the switch on our classroom backbone:
135
136define host {
137    use         generic-host
138    host_name   bb-sw
139    alias       cctld backbone switch
140    address     192.168.17.4
141    parents     bb-gw
142}
143
144Notice the "parents" entry. You can only add the parent entry once you have a definition for
145"bb-gw". We did this in our routers.cfg file, so this will work.
146
147Now add in the switches for the two groups:
148
149define host {
150    use         generic-host
151    host_name   pc1-pc9-sw
152    alias       cctld group 1 switch
153    address     192.168.5.130
154    parents     pc1-pc9-gw
155}
156
157define host {
158    use         generic-host
159    host_name   pc10-pc18-sw
160    alias       cctld group 2 switch
161    address     192.168.5.162
162    parents     pc10-pc18-gw
163}
164
165Save and exit from the file switches.cfg
166
167
1683. Update the file routers.cfg with parents
169
170The border router does not have a parent for purposes of our class. In reality it does, but
171you have to stop your monitoring somewhere.
172
173Our two group routers, however, now have a parent defined. This is the backbone switch. We
174need to update our group router entries to look like this:
175
176define host {
177    use         generic-host
178    host_name   pc1-pc9-gw
179    alias       cctld group 1 router
180    address     192.168.5.129
181    parents     bb-sw
182}
183
184define host {
185    use         generic-host
186    host_name   pc10-pc18-gw
187    alias       cctld group 2 router
188    address     192.168.5.161
189    parents     bb-sw
190}
191
192Save and exit from the file routers.cfg
193
194
1954. Create entries for each PC in the classroom
196
197Now that we have our routers and switches defined it is quite easy to create entries for all our
198PCs. Think about the parent relationships. The parent of the NOC is the backbone switch. The
199parent of pc1 through pc9 is the switch for group 1. The parent for pc10-18 is the switch for
200group 2.
201
202Below are three sample entries. One for the NOC, one for pc1 and one for pc10. You should be able
203to use this example to create entries for all 18 classroom pcs plus the NOC:
204
205We could put these entries in to separate files, but as our network is small we'll use a single
206file called pcs.cfg.
207
208NOTE! You do not add in an entry for your PC. This has already been defined in the file
209/etc/nagios3/conf.d/localhost_nagios2.cfg. This definition is what define's the Nagios
210network viewpoint. So, when you come to the spot where you might add an entry for your PC
211you should skip this and go on to the next PC in the list (i.e. from pc1 to pc18).
212
213        # vi pcs.cfg
214       
215# Our classroom NOC
216
217define host {
218    use         generic-host
219    host_name   noc
220    alias       aroc cctld NOC machine
221    address     192.168.17.5
222    parents     bb-sw
223}
224
225# Group 1 PCs
226
227define host {
228    use         generic-host
229    host_name   pc1
230    alias       pc1 group 1 aroc cctld
231    address     192.168.5.131
232    parents     pc1-pc9-sw
233}
234
235# Group 2 PCs
236
237define host {
238    use         generic-host
239    host_name   pc10
240    alias       pc10 group 2 aroc cctld
241    address     192.168.5.170
242    parents     pc10-pc18-sw
243}
244
245Take the three entries above and now expand this to create the remaining entries for pc1-pc9 and
246for pc10-pc18. If you have any questions about IP addresses, etc. you can review the Network
247Diagram for the class linked off the classroom wiki main page at http://localhost/trac/.
248
249Exit and save the file pcs.cfg
250
251Now let's verify that our initial Nagios configuration is working:
252
253
2545. Verify that your configuration files are OK:
255
256    # nagios3 -v /etc/nagios3/nagios.cfg
257
258    ... You should get :
259
260Total Warnings: 0
261Total Errors:   0
262
263Things look okay - No serious problems were detected during the check.
264
265
2665. Reload/Restart Nagios
267
268    # /etc/init.d/nagios3 restart
269
2706. Go to the web interface (http://localhost/nagios3) and check that the hosts
271   you just added are now visible in the interface. Click on the "Host Detail" item
272   on the left of the Nagios screen to see this.
273
274
275PART III
276Configure Service check for your the classroom NOC
277-----------------------------------------------------------------------------
278
2790. Configuring
280
281Now that we have our hardware configured we can start telling Nagios what services to monitor
282on the configured hardware, how to group the hardware in interesting ways, how to group
283services, etc.
284
2851. Associate a service check for our classroom NOC
286
287    # vi hostgroups_nagios2.cfg
288
289    - Find the hostgroup named "ssh-servers". In the members section of the defintion
290      change the line:
291
292members                 localhost
293
294    to
295
296members                 localhost,noc
297
298Exit and save the file.
299
300Verify that your changes are OK:
301
302        # nagios3 -v /etc/nagios3/nagios.cfg
303       
304Restart Nagios to see the new service assocation with your host:
305
306        # /etc/init.d/nagios3 Restart
307
308Click on the "Service Detail" link in the Nagios web interface to see your new entry.
309
310
311PART IV
312Defining Services for all PCs
313-----------------------------------------------------------------------------
314
3151. Determine what services to define for what devices
316
317   - This is core to how you use Nagios and network monitoring tools in
318     general. So far we are simply using ping to verify that physical hosts
319     are up on our network and we have started monitoring a single service on
320     a single host (your PC). The next step is to decide what services you wish
321     to monitor for each host in the classroom.
322
323   - In this particular class we have:
324
325     routers:  running ssh and snmp
326     switches: running telnet and possibly ssh as well as snmp
327     pcs:      All PCs are running ssh and http
328               The NOC is currently running an snmp daemon
329             
330     So, let's configure Nagios to check for these services for these
331     devices.
332
3332. Check that telnet is running on the workshop switches.
334
335   If the switches in your workshop are not running telnet you can skip this
336   exercise.
337
338   - You will need to edit the file /etc/nagios3/conf.d/services_nagios2.cfg
339     to first define the "check_telnet" and to what group of hosts this
340     command will apply.
341
342   - Edit the file services_nagios2.cfg:
343
344   # vi /etc/nagios3/conf.d/services_nagios2.cfg
345
346   At the bottom of the file add in the new service definition. It will look
347   like this:
348
349# check that telnet is running
350define service {
351        hostgroup_name                  telnet-servers
352        service_description             Telnet
353        check_command                   check_telnet
354        use                             generic-service
355        notification_interval           0 ; set > 0 if you want to be renotified
356}
357
358   - By default Nagios (on Ubuntu) is pre-configured with web, ssh and ping
359     service definition. It turns out, once we are completely done, that you
360     may not need the ping service definition - but, don't remove it yet!
361
362   - Notice the parameter that says:
363
364     hostgroup_name                    telnet-servers
365
366     We need to create this before we try to restart Nagios. Edit the file
367     /etc/nagios3/conf.d/hostgroups_nagios2.cfg and at the bottom of the
368     file add the following entry:
369
370# A list of your telnet-accessible devices (switches)
371define hostgroup {
372        hostgroup_name  telnet-servers
373                alias           Telnet servers
374                members         xxxx,xxxx,xxxx
375        }
376
377   - xxxx = name of each switch (bb-sw, pc1-pc9-sw, pc10-pc18-sw)
378
379     Note the "members" section. Hopefully when you defined your switches
380     in the switches.cfg file this is what you used for the host_name directive
381     for the switches.
382
383   - Save your changes and check your configuration:
384
385   # nagios3 -v /etc/nagios3/nagios.cfg
386
387   - Restart Nagios and see if you notice the changes you've made. Note that
388     the actual check of the telnet service will most likely be in a "pending"
389     state at first.
390
3913.) Verify that SSH is running on the routers and workshop PCs images
392
393   - In the file services_nagios2.cfg there is already an entry for the SSH
394     service check, so you do not need to create this step. Instead, you
395     simply need to re-define the "ssh-servers" entry in the file
396     /etc/nagios3/conf./hostgroups_nagios2.cfg. The initial entry in the file
397     looked like:
398
399# A list of your ssh-accessible servers
400define hostgroup {
401        hostgroup_name  ssh-servers
402                alias           SSH servers
403                members         localhost
404        }
405
406     What do you think you should change? Correct, the "members" line. You should
407     add in entries for all the classroom pcs, routers and  the switches that run ssh.
408     With this information and the network diagram you should be able complete this entry.
409     
410         Note: leave in "localhost" - This is your PC and represents Nagios' network point of
411         view. So, for instance, if you are on "pc3" you would not include "pc3" in the list
412         of all the classroom pcs as it is represented by the "localhost" entry.
413         
414         The "members" entry will be a long line and will likely wrap on the screen.
415
416    - Once you are done, run the pre-flight check:
417
418    # nagios3 -v /etc/nagios3/nagios.cfg
419
420    If everything looks good, then restart Nagios and see your changes in the
421    Nagios web interface.
422
4234.) Check that http is running on all the classroom PCs.
424
425    - Like ssh, there is already a check_http service defined and it automatically
426      applies to the http-servers group. (Note, you can add additional groups of hosts
427      for any service check if you wish). So, you need to update the "http-servers" entry
428      in the file /etc/nagios3/conf.d/hostgroups_nagios2.cfg to include all the workshop
429      PCs running http (i.e. Apache Web Server).
430
431    - See the previous exercise and make the appropriate change to do this. If you have
432      any questions ask your instructor for help.
433     
434
4355.) Check that SNMP is running on the classroom NOC
436
437    - First you will need to add in the appropriate service check for SNMP in the file
438      /etc/nagios3/conf.d/services_nagios2.cfg. This is where Nagios is impressive. There
439      are hundreds, if not thousands, of service checks available via the various Nagios
440      sites on the web. You can see what plugins are installed by Ubuntu in the nagios3
441      package that we've installed by looking in the following directory:
442
443    # ls /usr/lib/nagios/plugins
444
445      As you'll see there is already a check_snmp plugin available to us. If you are
446      interested in the options the plugin takes you can execute the plugin from the
447      command line by typing:
448
449    # /usr/lib/nagios/plugins/check_snmp
450
451      to see what options are available, etc. You can use the check_snmp plugin and
452      Nagios to create very complex or specific system checks.
453
454    - Now to see all the various service/host checks that have been created using the
455      check_snmp plugin you can look in /etc/nagios-plugins/config/snmp.cfg. You will
456      see that there are a lot of preconfigured checks using snmp, including:
457
458      snmp_load
459      snmp_cpustats
460      snmp_procname
461      snmp_disk
462      snmp_mem
463      snmp_swap
464      snmp_procs
465      snmp_users
466      snmp_mem2
467      snmp_swap2
468      snmp_mem3
469      snmp_swap3
470      snmp_disk2
471      snmp_tcpopen
472      snmp_tcpstats
473      snmp_bgpstate
474      check_netapp_uptime
475      check_netapp_cupuload
476      check_netapp_numdisks
477      check_compaq_thermalCondition
478     
479      And, even better, you can create additional service checks quite easily.
480      For the case of verifying that snmpd (the SNMP service on Linux) is running we
481      need to ask SNMP a question. If we don't get an answer, then Nagios can assume
482      that the SNMP service is down on that host. When you use service checks such as
483      check_http, check_ssh and check_telnet this is what they are doing as well.
484
485    - In our case, let's create a new service check and call it "check_system". This
486      service check will connect with the specified host, use the private community
487      string we have defined in class and ask a question of snmp on that ask - in this
488      case we'll ask about the System Description, or the OID "sysDescr.0" -
489
490    - To do this start by editing the file /etc/nagios-plugins/config/snmp.cfg:
491
492    # vi /etc/nagios-plugins/config/snmp.cfg
493
494      At the top (or the bottom, your choice) add the following entry to the file:
495
496# 'check_system' command definition
497define command{
498       command_name    check_system
499       command_line    /usr/lib/nagios/plugins/check_snmp -H '$HOSTADDRESS$' -C
500'$ARG1$' -o sysDescr.0
501        }
502     
503      You may wish to copy and past this vs. trying to type this out.
504
505          Note that "command_line" is a single line. If you copy and paste in vi the line
506          may not wrap properly and you may have to manually add the part:
507         
508                        '$ARG1$' -o sysDescr.0
509                       
510          to the end of the line.
511
512    - Now you need to edit the file /etc/nagios3/conf.d/services_nagios2.cfg and add
513      in this service check. We'll run this check against all our servers in the
514      classroom, or the hostgroup "debian-servers"
515
516    - Edit the file /etc/nagios3/conf.d/services_nagios2.cfg
517
518    # vi /etc/nagios3/conf.d/services_nagios2.cfg
519
520      At the bottom of the file add the following definition:
521
522# check that snmp is up on all servers
523define service {
524        hostgroup_name                  snmp-servers
525        service_description             SNMP
526        check_command                   check_system!xxxxxx
527        use                             generic-service
528        notification_interval           0 ; set > 0 if you want to be renotified
529}
530
531      The "xxxxxx" is the community string previously (or to be) defined in class.
532     
533      Note that we have included our private community string here vs. hard-coding
534      it in the snmp.cfg file earlier. You must change the "xxxxx" to be the snmp
535      community string given in class or this check will not work.
536     
537    - Now we must create the "snmp-servers" group in our hostgroups_nagios2.cfg file.
538      Edit the file /etc/nagios3/conf.d/hostgroups_nagios2.cfg and go to the end of the
539      file. Add in the following hostgroup definition:
540     
541# A list of snmp-enabled devices on which we wish to run the snmp service check
542define hostgroup {
543           hostgroup_name       snmp-servers
544                   alias        snmp servers
545                   members      noc
546          }
547         
548        - Note that for "members" you could, also, add in the switches and routers for
549          group 1 and 2. But, the particular item (MIB) we are checking for "sysDescr.0"
550          may not be available on the switches and/or routers, so the check would then fail.
551
552    - Now verify that your changes are correct and restart Nagios.
553
554    - If you click on the Service Detail menu choice in web interface you should see
555      the SNMP check appear.
556     
557    - After we do the SNMP presentation and exercises in class, then you could come
558      back to this exercise and add in all the classroom PCs to the members list in the
559      hostgroups_nagios2.cfg file, snmp-servers hostgroup definition. Remember to list
560      your PC as "localhost".
561     
562
563PART V
564Create More Host Groups
565-----------------------------------------------------------------------------
566
5671. Update /etc/nagios3/conf.d/hostgroups_nagios2.cfg
568
569    - For the following exercises it will be very useful if we have created
570      or update the following hostgroups:
571
572      debian-servers
573      routers
574      switches
575 
576      If you edit the file /etc/nagios3/conf.d/hostgroups_nagios2.cfg you
577      will see an entry for debian-servers that just contains localhost.
578      Update this entry to include all the classroom PCs, including the
579      noc (this assumes that you created a "noc" entry in your pcs.cfg
580      file). Remember to skip your PC entry as it is represented by the
581      localhost entry.
582
583    # vi /etc/nagios3/conf.d/hostgroups_nagios2.cfg
584
585     Update the entry that says:
586
587
588# A list of your Debian GNU/Linux servers
589define hostgroup {
590        hostgroup_name  debian-servers
591                alias           Debian GNU/Linux Servers
592                members         localhost
593        }
594     
595      So that the "members" parameter contains something like this. Use your
596      classroom network diagram to confirm the exact number of machines and names
597      in your workshop.
598
599                members         localhost,pc1,pc2,pc3,pc4,pc5,pc6,pc7,pc8,pc9
600                                pc10,pc11,pc12,pc13,pc14,pc15,pc16,pc17,pc18
601
602        Be sure that the line wraps and is not on two separate lines. Otherwise
603        you will get an error when you go to restart Nagios.
604
605      - Once you have done this, add in two more entries. One for routers and
606        one for switches. Call these entries "routers" and "switches".
607
608      - When you are done be sure to verify your work and restart Nagios.
609   
610
611PART V
612Extended Host Information ("making your graphs pretty")
613-----------------------------------------------------------------------------
614
6151. Update extinfo_nagios2.cfg
616
617    - If you would like to use appropriate icons for your defined hosts in
618      Nagios this is where you do this. We have the three types of devices:
619
620      Cisco routers
621      Cisco switches
622      Ubuntu servers
623
624      There is a fairly large repository of icon images available for you to
625      use located here:
626
627      /usr/share/nagios/htdocs/images/logos/
628
629      these were installed by default as dependent packages of the nagios3
630      package in Ubuntu. In some cases you can find model-specific icons for
631      your hardware, but to make things simpler we will use the following
632      icons for our hardware:
633
634      /usr/share/nagios/htodcs/images/logos/base/debian.*
635      /usr/share/nagios/htdocs/images/logos/cook/router.*
636      /usr/share/nagios/htdocs/images/logos/cook/switch.*
637
638    - The next step is to edit the file /etc/nagios3/conf.d/extinfo_nagios2.cfg
639      and tell nagios what image you would like to use to represent your devices.
640
641    # vi /etc/nagios3/conf.d/extinfo_nagios2.cfg
642
643      Here is what an entry for your routers looks like (there is already an entry
644      for debian-servers that will work as is). Note that the router model (3600)
645      is not all that important. The image used represents a router in general.
646
647define hostextinfo {
648        hostgroup_name   routers
649        icon_image       cook/router.png
650        icon_image_alt   Cisco Routers (3600)
651        vrml_image       router.png
652        statusmap_image  cook/router.gd2
653}
654
655      Now add an entry for your switches. Once you are done check your
656      work and restart Nagios. Take a look at the Status Map in the web interface.
657      It should be much nicer.     
658
659PART VI
660Create Service Groups
661-----------------------------------------------------------------------------
662
6631. Create service groups for ssh and http for each set of pcs.
664
665   - The idea here is to create three service groups. Each service group will
666     be for the group of PCs that are connected to each router xxxxxxx,
667     yyyyyy, zzzzzz, etc. We want to see these PCs grouped together
668     and include status of their ssh and http services. To do this edit
669     and create the file:
670
671   # vi /etc/nagios3/conf.d/servicegroups.cfg
672
673     Here is a sample of the service group for group 1:
674
675define servicegroup {
676        servicegroup_name       group1-servers
677        alias                   group 1 servers
678        members                 pc1,SSH,pc1,HTTP,pc2,SSH,pc2,HTTP,pc3,SSH,pc3,HTTP,pc4,SSH,pc4,HTTP,pc5,SSH,
679                        pc5,HTTP,pc6,SSH,pc6,HTTP,pc7,SSH,pc7,HTTP,pc8,SSH,pc8,HTTP,pc9,SSH,pc9,HTTP
680        }
681
682        - Note that the members line should wrap and not be on two lines.
683       
684        - Note that "SSH" and "HTTP" need to be uppercase as this is how the service_description is
685          written in the file /etc/nagios3/conf.d/services_nagios2.cfg
686         
687        - You should create an entry for the group 2 servers as well.
688
689    - Save your changes, verify your work and restart Nagios. Now if you click on
690      the Servicegroup menu items in the Nagios web interface you should see
691      this information grouped together.
692
693    - Be sure you to this for TLD1 through TLD8 to create a servicegroup of SSH
694      and HTTP servers for all 8 TLDs in the classroom.
695
696
697PART VII
698Configure Guest Access to the Nagios Web Interface
699-----------------------------------------------------------------------------
700
7011. Edit /etc/nagios3/cgi.cfg to give read only guest user access to the Nagios
702   web interface.
703
704    - By default Nagios is configured to give full r/w access via the Nagios
705      web interface to the user nagiosadmin. You can change the name of this
706      user, add other users, change how you authenticate users, what users
707      have access to what resources and more via the cgi.cfg file.
708
709    - First, lets create a "guest" user and password in the htpasswd.users
710      file.
711     
712    # cd /etc/nagios3
713    # htpasswd /etc/nagios3/htpasswd.users guest
714
715      You can use any password you want (or none). A password of "guest" is
716      not a bad choice.
717
718    - Next, edit the file /etc/nagios3/cgi.cfg and look for what type of access
719      has been given to the nagiosadmin user. By default you will see the following
720      directives (note, there are comments between each directive):
721
722      authorized_for_system_information=nagiosadmin
723      authorized_for_configuration_information=nagiosadmin
724      authorized_for_system_commands=nagiosadmin
725      authorized_for_all_services=nagiosadmin
726      authorized_for_all_hosts=nagiosadmin
727      authorized_for_all_service_commands=nagiosadmin
728      authorized_for_all_host_commands=nagiosadmin
729
730      Now lets tell Nagios to allow the "guest" user some access to
731      information via the web interface. You can choose whatever you would
732      like, but what is pretty typical is this:
733
734      authorized_for_system_information=nagiosadmin,guest
735      authorized_for_configuration_information=nagiosadmin,guest
736      authorized_for_system_commands=nagiosadmin
737      authorized_for_all_services=nagiosadmin,guest
738      authorized_for_all_hosts=nagiosadmin,guest
739      authorized_for_all_service_commands=nagiosadmin
740      authorized_for_all_host_commands=nagiosadmin
741
742    - Once you make the changes, save the file cgi.cfg, verify your
743      work and restart Nagios.
744
745    - To see if you can log in as the "guest" user you may need to clear
746      the cookies in your web browser. You will not notice any difference
747      in the web interface. The difference is that a number of items that
748      are available via the web interface (forcing a service/host check,
749      scheduling checks, comments, etc.) will not work for the guest
750      user.
751
752Last update 20 July 2010 by HA