You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(4) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(9) |
Feb
(11) |
Mar
(37) |
Apr
(50) |
May
(51) |
Jun
(31) |
Jul
(35) |
Aug
(30) |
Sep
(39) |
Oct
(85) |
Nov
(91) |
Dec
(30) |
2003 |
Jan
(65) |
Feb
(56) |
Mar
(80) |
Apr
(73) |
May
(84) |
Jun
(108) |
Jul
(62) |
Aug
(53) |
Sep
(46) |
Oct
(44) |
Nov
(59) |
Dec
(91) |
2004 |
Jan
(71) |
Feb
(25) |
Mar
(87) |
Apr
(67) |
May
(65) |
Jun
(60) |
Jul
(31) |
Aug
(100) |
Sep
(97) |
Oct
(133) |
Nov
(87) |
Dec
(65) |
2005 |
Jan
(84) |
Feb
(133) |
Mar
(67) |
Apr
(74) |
May
(108) |
Jun
(92) |
Jul
(54) |
Aug
(82) |
Sep
(22) |
Oct
(10) |
Nov
(69) |
Dec
(65) |
2006 |
Jan
(89) |
Feb
(133) |
Mar
(100) |
Apr
(69) |
May
(138) |
Jun
(85) |
Jul
(45) |
Aug
(56) |
Sep
(33) |
Oct
(69) |
Nov
(33) |
Dec
(78) |
2007 |
Jan
(120) |
Feb
(120) |
Mar
(136) |
Apr
(153) |
May
(75) |
Jun
(65) |
Jul
(64) |
Aug
(129) |
Sep
(122) |
Oct
(231) |
Nov
(145) |
Dec
(93) |
2008 |
Jan
(163) |
Feb
(157) |
Mar
(60) |
Apr
(96) |
May
(92) |
Jun
(67) |
Jul
(90) |
Aug
(75) |
Sep
(87) |
Oct
(81) |
Nov
(158) |
Dec
(71) |
2009 |
Jan
(83) |
Feb
(77) |
Mar
(94) |
Apr
(78) |
May
(210) |
Jun
(146) |
Jul
(104) |
Aug
(208) |
Sep
(80) |
Oct
(54) |
Nov
(55) |
Dec
(84) |
2010 |
Jan
(21) |
Feb
(67) |
Mar
(85) |
Apr
(20) |
May
(29) |
Jun
(11) |
Jul
(13) |
Aug
(48) |
Sep
(56) |
Oct
(70) |
Nov
(100) |
Dec
(83) |
2011 |
Jan
(59) |
Feb
(36) |
Mar
(59) |
Apr
(21) |
May
(96) |
Jun
(27) |
Jul
(17) |
Aug
(58) |
Sep
(12) |
Oct
(15) |
Nov
(27) |
Dec
(20) |
2012 |
Jan
(36) |
Feb
(3) |
Mar
(19) |
Apr
(9) |
May
(22) |
Jun
(34) |
Jul
(7) |
Aug
(31) |
Sep
(65) |
Oct
(18) |
Nov
(78) |
Dec
(24) |
2013 |
Jan
(46) |
Feb
(73) |
Mar
(50) |
Apr
(11) |
May
(32) |
Jun
(10) |
Jul
(6) |
Aug
(18) |
Sep
(36) |
Oct
|
Nov
|
Dec
|
From: Max S. <max...@op...> - 2013-08-05 12:12:50
|
From: Max Sikström <msi...@op...> Not all macros should appearently accept command line escaping, but just a few related to plugin output, and user input. This commit builds that table again, which was available earlier in another form. But this time, it isn't used to tell how to escape a macro, but just which kinds of escaping that should be possible. Signed-off-by: Max Sikström <msi...@op...> --- common/macros.c | 31 ++++++++++++++++++++++++++++--- 1 files changed, 28 insertions(+), 3 deletions(-) diff --git a/common/macros.c b/common/macros.c index fe3b4d2..fa22233 100644 --- a/common/macros.c +++ b/common/macros.c @@ -39,6 +39,7 @@ struct macro_key_code { char *name; /* macro key name */ int code; /* numeric macro code, usable in case statements */ char *value; + int options; /* Options for how the macro can be escaped. Not all macros should be able to be stripped */ }; static struct macro_key_code macro_keys[MACRO_X_COUNT]; @@ -110,6 +111,7 @@ int process_macros_r(nagios_macros *mac, char *input_buffer, char **output_buffe char *original_macro = NULL; int result = OK; int free_macro = FALSE; + int macro_options = 0; /* Meta information about macro (how it can be escaped) */ log_debug_info(DEBUGL_FUNCTIONS, 0, "process_macros_r()\n"); @@ -163,7 +165,7 @@ int process_macros_r(nagios_macros *mac, char *input_buffer, char **output_buffe /* grab the macro value */ free_macro = FALSE; - result = grab_macro_value_r(mac, temp_buffer, &selected_macro, NULL, &free_macro); + result = grab_macro_value_r(mac, temp_buffer, &selected_macro, ¯o_options, &free_macro); log_debug_info(DEBUGL_MACROS, 2, " Processed '%s', Free: %d\n", temp_buffer, free_macro); /* an error occurred - we couldn't parse the macro, so continue on */ @@ -198,7 +200,7 @@ int process_macros_r(nagios_macros *mac, char *input_buffer, char **output_buffe log_debug_info(DEBUGL_MACROS, 2, " Processed '%s', Free: %d, Cleaning options: %d\n", temp_buffer, free_macro, options); /* URL encode the macro if requested - this allocates new memory */ - if(options & URL_ENCODE_MACRO_CHARS) { + if((options & macro_options) & URL_ENCODE_MACRO_CHARS) { original_macro = selected_macro; selected_macro = get_url_encoded_string(selected_macro); if(free_macro == TRUE) { @@ -208,7 +210,7 @@ int process_macros_r(nagios_macros *mac, char *input_buffer, char **output_buffe } /* some macros are cleaned... */ - if((options & STRIP_ILLEGAL_MACRO_CHARS) || (options & ESCAPE_MACRO_CHARS)) { + if(((options & macro_options) & STRIP_ILLEGAL_MACRO_CHARS) || ((options & macro_options) & ESCAPE_MACRO_CHARS)) { char *cleaned_macro = NULL; /* add the (cleaned) processed macro to the end of the already processed buffer */ @@ -405,6 +407,8 @@ int grab_macro_value_r(nagios_macros *mac, char *macro_buffer, char **output, in if(macro_buffer == NULL || free_macro == NULL) return ERROR; + if(clean_options) + *clean_options = 0; /* * We handle argv and user macros first, since those are by far @@ -480,6 +484,12 @@ int grab_macro_value_r(nagios_macros *mac, char *macro_buffer, char **output, in /* get the macro value */ result = grab_macrox_value_r(mac, mkey->code, arg[0], arg[1], output, free_macro); + + /* Return the macro attributes */ + + if(clean_options) { + *clean_options = mkey->options; + } } /***** CONTACT ADDRESS MACROS *****/ /* NOTE: the code below should be broken out into a separate function */ @@ -2494,6 +2504,21 @@ int init_macros(void) { for (x = 0; x < MACRO_X_COUNT; x++) { macro_keys[x].code = x; macro_keys[x].name = macro_x_names[x]; + + /* This tells which escaping is possible to do on the macro */ + macro_keys[x].options = URL_ENCODE_MACRO_CHARS; + switch(x) { + case MACRO_HOSTOUTPUT: + case MACRO_HOSTPERFDATA: + case MACRO_HOSTACKAUTHOR: + case MACRO_HOSTACKCOMMENT: + case MACRO_SERVICEOUTPUT: + case MACRO_SERVICEPERFDATA: + case MACRO_SERVICEACKAUTHOR: + case MACRO_SERVICEACKCOMMENT: + macro_keys[x].options |= STRIP_ILLEGAL_MACRO_CHARS | ESCAPE_MACRO_CHARS; + break; + } } qsort(macro_keys, x, sizeof(struct macro_key_code), macro_key_cmp); -- 1.7.1 |
From: Max S. <max...@op...> - 2013-08-05 12:12:50
|
From: Max Sikström <msi...@op...> Earlier macro code broke conisitancy with the documentation. Previous commit fixed that inconsitancy, so lets patch the tests to match Signed-off-by: Max Sikström <msi...@op...> --- t-tap/test_macros.c | 16 ++++++++++------ 1 files changed, 10 insertions(+), 6 deletions(-) diff --git a/t-tap/test_macros.c b/t-tap/test_macros.c index ebc6a03..87edd02 100644 --- a/t-tap/test_macros.c +++ b/t-tap/test_macros.c @@ -109,7 +109,7 @@ int handle_async_host_check_result(host *temp_host, host test_host = { .name = "name'&%", .address = "address'&%", .notes_url = "notes_url'&%($HOSTNOTES$)", .notes = "notes'&%($HOSTACTIONURL$)", - .action_url = "action_url'&%" }; + .action_url = "action_url'&%", .plugin_output = "name'&%" }; /*****************************************************************************/ /* Helper functions */ @@ -152,16 +152,19 @@ void test_escaping(nagios_macros *mac) { /* Nothing should be changed... options == 0 */ RUN_MACRO_TEST( "$HOSTNAME$ '&%", "name'&% '&%", 0); + /* Nothing should be changed... HOSTNAME doesn't accept STRIP_ILLEGAL_MACRO_CHARS */ + RUN_MACRO_TEST( "$HOSTNAME$ '&%", "name'&% '&%", STRIP_ILLEGAL_MACRO_CHARS); + /* ' and & should be stripped from the macro, according to * init_environment(), but not from the initial string */ - RUN_MACRO_TEST( "$HOSTNAME$ '&%", "name% '&%", STRIP_ILLEGAL_MACRO_CHARS); + RUN_MACRO_TEST( "$HOSTOUTPUT$ '&%", "name% '&%", STRIP_ILLEGAL_MACRO_CHARS); /* ESCAPE_MACRO_CHARS doesn't seem to do anything... exist always in pair * with STRIP_ILLEGAL_MACRO_CHARS */ - RUN_MACRO_TEST( "$HOSTNAME$ '&%", "name'&% '&%", ESCAPE_MACRO_CHARS); - RUN_MACRO_TEST( "$HOSTNAME$ '&%", "name% '&%", + RUN_MACRO_TEST( "$HOSTOUTPUT$ '&%", "name'&% '&%", ESCAPE_MACRO_CHARS); + RUN_MACRO_TEST( "$HOSTOUTPUT$ '&%", "name% '&%", STRIP_ILLEGAL_MACRO_CHARS | ESCAPE_MACRO_CHARS); /* $HOSTNAME$ should be url-encoded, but not the tailing chars */ @@ -174,12 +177,13 @@ void test_escaping(nagios_macros *mac) { RUN_MACRO_TEST( "$HOSTNOTESURL$ '&%", "notes_url'&%(notes%27%26%25%28action_url%27%26%25%29) '&%", 0); - /* '& in the source string should be removed, as in the url. the macros + /* '& in the source string shouldn't be removed, because HOSTNOTESURL + * doesn't accept STRIP_ILLEGAL_MACRO_CHARS, as in the url. the macros * included in the string should be url-encoded, and therefore not contain & * and ' */ RUN_MACRO_TEST( "$HOSTNOTESURL$ '&%", - "notes_url%(notes%27%26%25%28action_url%27%26%25%29) '&%", + "notes_url'&%(notes%27%26%25%28action_url%27%26%25%29) '&%", STRIP_ILLEGAL_MACRO_CHARS); /* This should double-encode some chars ($HOSTNOTESURL$ should contain -- 1.7.1 |
From: Páll G. S. <pa...@ok...> - 2013-07-16 20:06:00
|
We accomplish this at our end with the mod_gearman addon. What we do is the following: * Set all the services that need limiting together in one servicegroup * Get mod_gearman up and running and have at least one mod_gearman_worker node (it may run on the nagios server or on another machine) * Set max-workers on that mod_gearman_worker to the number of checks that may be run simultaneously * mod_gearman will execute the checks instead of the nagios server, and number of checks will be limited The only other way i know how would be to implement a locking (semaphore) somehow in the plugins themselves. cheers, Palli ----- Original Message ----- From: "Paul Dubuc" <wo...@pa...> To: "Nagios Users List" <nag...@li...>, "Nagios Developers List" <nag...@li...> Sent: Tuesday, July 16, 2013 7:49:21 PM Subject: [Nagios-users] service group concurrency limit? I'm wondering if there is any way to limit the number of services that can be checked at one time based on service group. I have some service checks that use a limited pool of resources (smaller than the number of services to check) and many others that have no such limitation. So I need to set max_concurrent_checks in nagios.cfg to limit the number of concurrent checks. Unfortunately, this is a global limit. It would be nice if this sort of limit could be applied to a service group so the plugins don't have to manage concurrency. Any ideas? Thanks, Paul Dubuc ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Nagios-users mailing list Nag...@li... https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null |
From: Paul D. <wo...@pa...> - 2013-07-16 19:49:33
|
I'm wondering if there is any way to limit the number of services that can be checked at one time based on service group. I have some service checks that use a limited pool of resources (smaller than the number of services to check) and many others that have no such limitation. So I need to set max_concurrent_checks in nagios.cfg to limit the number of concurrent checks. Unfortunately, this is a global limit. It would be nice if this sort of limit could be applied to a service group so the plugins don't have to manage concurrency. Any ideas? Thanks, Paul Dubuc |
From: Andreas E. <ae...@op...> - 2013-07-15 15:42:30
|
On 2013-07-08 18:01, Robin Sonefors wrote: > There were several problems with how notified_on was loaded from > retention data. > Good catch. Thanks. -- Andreas Ericsson and...@op... OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. |
From: Robin S. <rob...@op...> - 2013-07-08 16:01:39
|
There were several problems with how notified_on was loaded from retention data. To begin with, notified_on_critical would overwrite the work any other notified_on* flag had done. That's not very social of it, is it? To continue, notified_on_warning and notified_on_critical would try to set their respective bit in the bitmask only if they were *not* set in the retention data. That's not very logical of it, is it? Finally, the wrong variable was used for shifting the state, so rather than setting the flag (1 << STATE), all the fields for both hosts and services would set the bit at ((1 << STATE) << STATE), leading to values much larger than expected. That's not very clever of it, is it? All of these things should be fixed now, so recoveries should once again work after nagios restarts. Signed-off-by: Robin Sonefors <rob...@op...> --- xdata/xrddefault.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xdata/xrddefault.c b/xdata/xrddefault.c index 209781a..a899a17 100644 --- a/xdata/xrddefault.c +++ b/xdata/xrddefault.c @@ -1160,9 +1160,9 @@ int xrddefault_read_state_information(void) { else if(!strcmp(var, "last_time_unreachable")) temp_host->last_time_unreachable = strtoul(val, NULL, 10); else if(!strcmp(var, "notified_on_down")) - temp_host->notified_on |= (atoi(val) > 0 ? 1 : 0) << OPT_DOWN; + temp_host->notified_on |= (atoi(val) > 0 ? OPT_DOWN : 0); else if(!strcmp(var, "notified_on_unreachable")) - temp_host->notified_on |= (atoi(val) > 0 ? 1 : 0) << OPT_UNREACHABLE; + temp_host->notified_on |= (atoi(val) > 0 ? OPT_UNREACHABLE : 0); else if(!strcmp(var, "last_notification")) temp_host->last_notification = strtoul(val, NULL, 10); else if(!strcmp(var, "current_notification_number")) @@ -1429,11 +1429,11 @@ int xrddefault_read_state_information(void) { temp_service->check_options = atoi(val); } else if(!strcmp(var, "notified_on_unknown")) - temp_service->notified_on |= ((atoi(val) > 0) ? 1 : 0) << OPT_UNKNOWN; + temp_service->notified_on |= ((atoi(val) > 0) ? OPT_UNKNOWN : 0); else if(!strcmp(var, "notified_on_warning")) - temp_service->notified_on |= ((atoi(val) > 0) ? 0 : 1) << OPT_WARNING; + temp_service->notified_on |= ((atoi(val) > 0) ? OPT_WARNING : 0); else if(!strcmp(var, "notified_on_critical")) - temp_service->notified_on = ((atoi(val) > 0) ? 0 : 1) << OPT_CRITICAL; + temp_service->notified_on |= ((atoi(val) > 0) ? OPT_CRITICAL : 0); else if(!strcmp(var, "current_notification_number")) temp_service->current_notification_number = atoi(val); else if(!strcmp(var, "current_notification_id")) -- 1.7.11.7 |
From: Jens H. <he...@rz...> - 2013-07-03 08:12:19
|
Hi, probably already known: we had a crash of Nagios when a downtime was given that started in the past. Here is what gdb told us: ----------------------------------------------- Core was generated by `/usr/local/nagios/bin/nagios /usr/local/nagios/etc/nagios.cfg'. Program terminated with signal 11, Segmentation fault. #0 0x00000000004722b7 in handle_scheduled_downtime () (gdb) where #0 0x00000000004722b7 in handle_scheduled_downtime () #1 0x000000000042ac65 in handle_timed_event () #2 0x000000000042b1eb in event_execution_loop () #3 0x0000000000412787 in main () (gdb) quit ----------------------------------------------- Best regards, Jens Hektor -- Dipl.-Phys. Jens Hektor, Netzbetrieb RWTH Aachen University, Center for Computing and Communication Room 2.04, Wendlingweg 10, 52074 Aachen (Germany) Phone: +49 241 80 29206 - Fax: +49 241 80 22100 http://www.rz.rwth-aachen.de - he...@rz... |
From: Anton L. <alo...@op...> - 2013-07-03 07:48:46
|
This patch makes it easier to troubleshoot why external commands fail by adding more detailed error codes as well as a cmd_error_strerror function for easy printing. It adds an extra log entry for each failed command, including malformed commands, commands stemming from OOM errors etc, as opposed to only logging the fact that those external commands did not execute properly. This should hopefully also make it eas(y/ier) to add even better error reporting and error handling in the future, if necessary. Signed-off-by: Anton Lofgren <alo...@op...> --- base/commands.c | 42 ++++++++++++++++++++++++++++++------------ include/common.h | 8 ++++++++ 2 files changed, 38 insertions(+), 12 deletions(-) diff --git a/base/commands.c b/base/commands.c index 363fc06..c30e40d 100644 --- a/base/commands.c +++ b/base/commands.c @@ -132,7 +132,7 @@ int shutdown_command_file_worker(void) { static int command_input_handler(int sd, int events, void *discard) { - int ret; + int ret, cmd_ret; char *buf; unsigned long size; @@ -150,7 +150,10 @@ static int command_input_handler(int sd, int events, void *discard) { buf[size] = 0; log_debug_info(DEBUGL_COMMANDS, 1, "Read raw external command '%s'\n", buf); } - process_external_command1(buf); + if ((cmd_ret = process_external_command1(buf)) != CMD_ERROR_OK) { + logit(NSLOG_EXTERNAL_COMMAND | NSLOG_RUNTIME_WARNING, TRUE, "External command error: %s\n", cmd_error_strerror(cmd_ret)); + } + } return 0; } @@ -364,7 +367,7 @@ int process_external_command1(char *cmd) { log_debug_info(DEBUGL_FUNCTIONS, 0, "process_external_command1()\n"); if(cmd == NULL) - return ERROR; + return CMD_ERROR_MALFORMED_COMMAND; /* strip the command of newlines and carriage returns */ strip(cmd); @@ -373,16 +376,16 @@ int process_external_command1(char *cmd) { /* get the command entry time */ if((temp_ptr = my_strtok(cmd, "[")) == NULL) - return ERROR; + return CMD_ERROR_MALFORMED_COMMAND; if((temp_ptr = my_strtok(NULL, "]")) == NULL) - return ERROR; + return CMD_ERROR_MALFORMED_COMMAND; entry_time = (time_t)strtoul(temp_ptr, NULL, 10); /* get the command identifier */ if((temp_ptr = my_strtok(NULL, ";")) == NULL) - return ERROR; + return CMD_ERROR_MALFORMED_COMMAND; if((command_id = (char *)strdup(temp_ptr + 1)) == NULL) - return ERROR; + return CMD_ERROR_INTERNAL_ERROR; /* get the command arguments */ if((temp_ptr = my_strtok(NULL, "\n")) == NULL) @@ -391,7 +394,7 @@ int process_external_command1(char *cmd) { args = (char *)strdup(temp_ptr); if(args == NULL) { my_free(command_id); - return ERROR; + return CMD_ERROR_INTERNAL_ERROR; } /* decide what type of command this is... */ @@ -853,7 +856,7 @@ int process_external_command1(char *cmd) { my_free(command_id); my_free(args); - return ERROR; + return CMD_ERROR_UNKNOWN_COMMAND; } /* update statistics for external commands */ @@ -878,7 +881,8 @@ int process_external_command1(char *cmd) { #endif /* process the command */ - if ((external_command_ret = process_external_command2(command_type, entry_time, args)) != OK) { + external_command_ret = (process_external_command2(command_type, entry_time, args) == OK) ? CMD_ERROR_OK : CMD_ERROR_FAILURE; + if (external_command_ret != CMD_ERROR_OK) { logit(NSLOG_EXTERNAL_COMMAND | NSLOG_RUNTIME_WARNING, TRUE, "Error: External command failed -> %s;%s\n", command_id, args); } @@ -895,7 +899,21 @@ int process_external_command1(char *cmd) { return external_command_ret; } - +const char *cmd_error_strerror(int code) { + switch(code) { + case CMD_ERROR_OK: + return "No error"; + case CMD_ERROR_FAILURE: + return "Command failed"; + case CMD_ERROR_INTERNAL_ERROR: + return "Internal error"; + case CMD_ERROR_UNKNOWN_COMMAND: + return "Unknown or unsupported command"; + case CMD_ERROR_MALFORMED_COMMAND: + return "Malformed command"; + } + return "Unknown error"; + } /* top-level processor for a single external command */ int process_external_command2(int cmd, time_t entry_time, char *args) { @@ -1283,7 +1301,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { break; default: - return ERROR; + return CMD_ERROR_UNKNOWN_COMMAND; break; } diff --git a/include/common.h b/include/common.h index 2c91bce..759bcdd 100644 --- a/include/common.h +++ b/include/common.h @@ -347,6 +347,14 @@ NAGIOS_END_DECL /* custom command introduced in Nagios 3.x */ #define CMD_CUSTOM_COMMAND 999 +/**************************** COMMAND ERRORS *****************************/ +#define CMD_ERROR_OK 0 /* No errors encountered */ +#define CMD_ERROR_UNKNOWN_COMMAND 1 /* Unknown/unsupported command */ +#define CMD_ERROR_MALFORMED_COMMAND 2 /* Command malformed/missing timestamp? */ +#define CMD_ERROR_INTERNAL_ERROR 3 /* Internal error */ +#define CMD_ERROR_FAILURE 4 /* Command routine failed */ + +extern const char *cmd_error_strerror(int error_code); /**************************** CHECK TYPES ********************************/ -- 1.8.3.2 |
From: Jonas M. <jo...@fr...> - 2013-06-26 15:28:42
|
Hello again, Am 2013-05-13 18:02, schrieb Jonas Meurer: > Am 12.05.2013 11:25, schrieb Andreas Ericsson: >> On 2013-05-06 10:42, Jonas Meurer wrote: >>> I fear that I discovered a security issue in Nagios 3.4.4 >>> status.cgi: >>> >>> All htaccess users, even if not listed in any authorized_for_* >>> config >>> option, have full access to service group overview, summary and >>> grid: >>> /nagios/cgi-bin/status.cgi?servicegroup=all&style=overview >>> /nagios/cgi-bin/status.cgi?servicegroup=all&style=summary >>> /nagios/cgi-bin/status.cgi?servicegroup=all&style=grid >> >> It's a bit short on info. Servicegroups should be visible if the user >> is a contact for any service in the group. If a user who has no auth >> options and is not a contact for any service can see all >> servicegroups, >> then yes, that's potentially a security issue. > > You're nearly correct with the second assumption. Users which are > contact for _some_ services are able to see all services in service > group overview, summary and grid. > > This problem affects everyone who restricts nagios access by using > contacts. Unprivleged users are able to fetch the whole list of hosts > and services on the Nagios setup in question. I now prepared a patch to fix this security issue. You can find the patch (both for nagios4 git master branch and for nagios3.4.4 release) at the bug tracker (http://tracker.nagios.org/view.php?id=456). I suggest to incorporate the patch into a security update of Nagios 3.4. The issue is also reported to Debian BTS (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714171). Kind regards, jonas PS: why do you always answer to the original sender only, keeping the discussion private? May I suggest that you reply both to sender and mailinglist in order to make the discussion public? PPS: Is there a reason that SVN hosts three nagios repositories (2x git: nagios-nagioscore, nagios-nagios, 1x svn: nagioscore) with only the git repository 'nagios-nagioscore' being up-to-date? This is rather confusing ;) |
From: Andreas E. <ae...@op...> - 2013-06-12 14:45:18
|
Applied, with a cautionary note to module maintainers on how they can change their makefiles to make test-from-sources work without pains. Thanks. I've hated that code (or rather; It's effects on gdb) a long time now but I was far too lazy to do anything about it. On 2013-06-05 13:28, Robin Sonefors wrote: > The explanation for why we did this was thus: > >> The problem with loaded modules is that if you overwrite the original >> file (e.g. using 'mv'), you do not alter the inode of the original >> file. > > Correct. > >> Since the original file/module is memory-mapped in some fashion, >> Nagios will segfault the next time an event broker call is directed to >> one of the module's callback functions. > > Of course it won't. Why not? The first quoted sentence explained it > perfectly - the same inode still points to the same fil, so putting > another inode in the original path won't make one bit of difference. > > What would cause a segfault, though, is truncating the module file and > filling it with new content so the addresses of symbols change while the > inode stays the same. You shouldn't do that. > >> This is extremely problematic when it comes to upgrading NEB modules >> while Nagios is running. > > To sum up the above: no, it isn't. > > In addition to having a bogus reason for existing in the first place, > the code itself is problematic: it tends to cause an accumulation of > weird and nonsensical nebmod files in your var directory over time, > while also breaking any sort of clever debuginfo scheme employed by most > linux distros today, because the debuginfo can't be tracked down when we > invent new, faked names literally only in order to confuse linkers. > > Signed-off-by: Robin Sonefors <rob...@op...> > --- > base/nebmods.c | 58 ++-------------------------------------------------------- > 1 file changed, 2 insertions(+), 56 deletions(-) > > diff --git a/base/nebmods.c b/base/nebmods.c > index 3d84675..f6489f8 100644 > --- a/base/nebmods.c > +++ b/base/nebmods.c > @@ -163,14 +163,10 @@ int neb_load_all_modules(void) { > } > > > -#ifndef PATH_MAX > -# define PATH_MAX 4096 > -#endif > /* load a particular module */ > int neb_load_module(nebmodule *mod) { > int (*initfunc)(int, char *, void *); > int *module_version_ptr = NULL; > - char output_file[PATH_MAX]; > int dest_fd, result = OK; > > if(mod == NULL) > @@ -184,36 +180,8 @@ int neb_load_module(nebmodule *mod) { > if(mod->should_be_loaded == FALSE || mod->filename == NULL) > return ERROR; > > - /********** > - Using dlopen() is great, but a real danger as-is. The problem with loaded modules is that if you overwrite the original file (e.g. using 'mv'), > - you do not alter the inode of the original file. Since the original file/module is memory-mapped in some fashion, Nagios will segfault the next > - time an event broker call is directed to one of the module's callback functions. This is extremely problematic when it comes to upgrading NEB > - modules while Nagios is running. A workaround is to (1) 'mv' the original/loaded module file to another name (on the same filesystem) > - and (2) copy the new module file to the location of the original one (using the original filename). In this scenario, dlopen() will keep referencing > - the original file/inode for callbacks. This is not an ideal solution. A better one is to delete the module file once it is loaded by dlopen(). > - This prevents other processed from unintentially overwriting the original file, which would cause Nagios to crash. However, if we delete the file > - before anyone else can muck with it, things should be good. 'lsof' shows that a deleted file is still referenced by the kernel and callback > - functions continue to work once the module has been loaded. Long story, but this took quite a while to figure out, as there isn't much > - of anything I could find on the subject other than some sketchy info on similar problems on HP-UX. Hopefully this will save future coders some time. > - So... the trick is to (1) copy the module to a temp file, (2) dlopen() the temp file, and (3) immediately delete the temp file. > - ************/ > - > - /* > - * open a temp file for copying the module. We use my_fdcopy() so > - * we re-use the destination file descriptor returned by mkstemp(3), > - * which we have to close ourselves. > - */ > - snprintf(output_file, sizeof(output_file) - 1, "%s/nebmodXXXXXX", temp_path); > - dest_fd = mkstemp(output_file); > - result = my_fdcopy(mod->filename, output_file, dest_fd); > - close(dest_fd); > - if(result == ERROR) { > - logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Failed to safely copy module '%s'. The module will not be loaded\n", mod->filename); > - return ERROR; > - } > - > - /* load the module (use the temp copy we just made) */ > - mod->module_handle = dlopen(output_file, RTLD_NOW | RTLD_GLOBAL); > + /* load the module */ > + mod->module_handle = dlopen(mod->filename, RTLD_NOW | RTLD_GLOBAL); > if(mod->module_handle == NULL) { > logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Could not load module '%s' -> %s\n", mod->filename, dlerror()); > > @@ -223,28 +191,6 @@ int neb_load_module(nebmodule *mod) { > /* mark the module as being loaded */ > mod->is_currently_loaded = TRUE; > > - /* delete the temp copy of the module we just created and loaded */ > - /* this will prevent other processes from overwriting the file (using the same inode), which would cause Nagios to crash */ > - /* the kernel will keep the deleted file in memory until we unload it */ > - /* NOTE: This *should* be portable to most Unices, but I've only tested it on Linux */ > - if(unlink(output_file) == -1) { > - logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Could not delete temporary file '%s' used for module '%s'. The module will be unloaded: %s\n", output_file, mod->filename, strerror(errno)); > - neb_unload_module(mod, NEBMODULE_FORCE_UNLOAD, NEBMODULE_ERROR_API_VERSION); > - > - return ERROR; > - } > - > - /* > - * now that it's loaded and removed, we create a new file in > - * its place so debuggers can find the correct symbols properly, > - * but only if we're supposed to dump core > - */ > - if(daemon_dumps_core == TRUE) { > - dest_fd = open(output_file, O_CREAT | O_WRONLY, S_IRWXU | S_IRGRP | S_IROTH); > - result = my_fdcopy(mod->filename, output_file, dest_fd); > - mod->dl_file = strdup(output_file); > - } > - > /* find module API version */ > module_version_ptr = (int *)dlsym(mod->module_handle, "__neb_api_version"); > > -- Andreas Ericsson and...@op... OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. |
From: Andreas E. <ae...@op...> - 2013-06-12 14:43:42
|
On 2013-06-04 15:43, Jonas Meurer wrote: > Hey, > > I just prepared a patch against git master (commit 758a64). I hope that > it helps. Don't hesitate to ask if you've any questions. > > Also feel free to rename the config options if you don't like the names. > > The patch is attached. > Applied. Thanks. I made the new options default to ON in the code and renamed them "navbar_search_addresses" and "navbar_search_aliases" instead od the "navbar_search_for..." since we're actually searching for hosts by searching the hosts' configured properties. -- Andreas Ericsson and...@op... OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. |
From: Andreas E. <ae...@op...> - 2013-06-12 13:17:27
|
On 2013-05-29 19:58, Jonas Meurer wrote: > Hello, > > Am 29.05.2013 15:53, schrieb Robin Sonefors: >> On 2013-05-27 10:46, Jonas Meurer wrote: >>> Hello, >>> >>> while switching from external perl interpreter to ePN, we stumbled over >>> the empty arguments bug in ePN >>> (http://tracker.nagios.org/view.php?id=88). This bug keeps us from >>> using >>> ePN for a lot of the check commands we use. >>> >>> Now I wonder: why is the bugreport closed? In my opinion the bug is not >>> fixed at all. As suggested in comment 2, patching p1.pl to ignore empty >>> arguments would be the proper fix, right? >> >> It's closed, because epn is gone from nagios 4. > > Thanks for clarifying. Will nagios 4 be released in near future? It's released now. It's a beta, but we've been using that code in production for ourselves and our customers for the past six months or so. > So far > most people still use nagios 3. I don't think that it's a good practice > to close valid bugreports for supported major releases. Instead they > should be restricted to the major release in question. Or at least a > comment describing the reason for closing would be much appreciated :) > epn was unfixable. Getting rid of it completely while increasing check performance was one of the major reasons I rewrote such large parts to begin with. I've added the note though. > Thanks a lot for the work on nagios. > You're welcome. Always nice to be appreciated :) -- Andreas Ericsson and...@op... OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. |
From: Robin S. <rob...@op...> - 2013-06-05 11:30:33
|
The explanation for why we did this was thus: > The problem with loaded modules is that if you overwrite the original > file (e.g. using 'mv'), you do not alter the inode of the original > file. Correct. > Since the original file/module is memory-mapped in some fashion, > Nagios will segfault the next time an event broker call is directed to > one of the module's callback functions. Of course it won't. Why not? The first quoted sentence explained it perfectly - the same inode still points to the same fil, so putting another inode in the original path won't make one bit of difference. What would cause a segfault, though, is truncating the module file and filling it with new content so the addresses of symbols change while the inode stays the same. You shouldn't do that. > This is extremely problematic when it comes to upgrading NEB modules > while Nagios is running. To sum up the above: no, it isn't. In addition to having a bogus reason for existing in the first place, the code itself is problematic: it tends to cause an accumulation of weird and nonsensical nebmod files in your var directory over time, while also breaking any sort of clever debuginfo scheme employed by most linux distros today, because the debuginfo can't be tracked down when we invent new, faked names literally only in order to confuse linkers. Signed-off-by: Robin Sonefors <rob...@op...> --- base/nebmods.c | 58 ++-------------------------------------------------------- 1 file changed, 2 insertions(+), 56 deletions(-) diff --git a/base/nebmods.c b/base/nebmods.c index 3d84675..f6489f8 100644 --- a/base/nebmods.c +++ b/base/nebmods.c @@ -163,14 +163,10 @@ int neb_load_all_modules(void) { } -#ifndef PATH_MAX -# define PATH_MAX 4096 -#endif /* load a particular module */ int neb_load_module(nebmodule *mod) { int (*initfunc)(int, char *, void *); int *module_version_ptr = NULL; - char output_file[PATH_MAX]; int dest_fd, result = OK; if(mod == NULL) @@ -184,36 +180,8 @@ int neb_load_module(nebmodule *mod) { if(mod->should_be_loaded == FALSE || mod->filename == NULL) return ERROR; - /********** - Using dlopen() is great, but a real danger as-is. The problem with loaded modules is that if you overwrite the original file (e.g. using 'mv'), - you do not alter the inode of the original file. Since the original file/module is memory-mapped in some fashion, Nagios will segfault the next - time an event broker call is directed to one of the module's callback functions. This is extremely problematic when it comes to upgrading NEB - modules while Nagios is running. A workaround is to (1) 'mv' the original/loaded module file to another name (on the same filesystem) - and (2) copy the new module file to the location of the original one (using the original filename). In this scenario, dlopen() will keep referencing - the original file/inode for callbacks. This is not an ideal solution. A better one is to delete the module file once it is loaded by dlopen(). - This prevents other processed from unintentially overwriting the original file, which would cause Nagios to crash. However, if we delete the file - before anyone else can muck with it, things should be good. 'lsof' shows that a deleted file is still referenced by the kernel and callback - functions continue to work once the module has been loaded. Long story, but this took quite a while to figure out, as there isn't much - of anything I could find on the subject other than some sketchy info on similar problems on HP-UX. Hopefully this will save future coders some time. - So... the trick is to (1) copy the module to a temp file, (2) dlopen() the temp file, and (3) immediately delete the temp file. - ************/ - - /* - * open a temp file for copying the module. We use my_fdcopy() so - * we re-use the destination file descriptor returned by mkstemp(3), - * which we have to close ourselves. - */ - snprintf(output_file, sizeof(output_file) - 1, "%s/nebmodXXXXXX", temp_path); - dest_fd = mkstemp(output_file); - result = my_fdcopy(mod->filename, output_file, dest_fd); - close(dest_fd); - if(result == ERROR) { - logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Failed to safely copy module '%s'. The module will not be loaded\n", mod->filename); - return ERROR; - } - - /* load the module (use the temp copy we just made) */ - mod->module_handle = dlopen(output_file, RTLD_NOW | RTLD_GLOBAL); + /* load the module */ + mod->module_handle = dlopen(mod->filename, RTLD_NOW | RTLD_GLOBAL); if(mod->module_handle == NULL) { logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Could not load module '%s' -> %s\n", mod->filename, dlerror()); @@ -223,28 +191,6 @@ int neb_load_module(nebmodule *mod) { /* mark the module as being loaded */ mod->is_currently_loaded = TRUE; - /* delete the temp copy of the module we just created and loaded */ - /* this will prevent other processes from overwriting the file (using the same inode), which would cause Nagios to crash */ - /* the kernel will keep the deleted file in memory until we unload it */ - /* NOTE: This *should* be portable to most Unices, but I've only tested it on Linux */ - if(unlink(output_file) == -1) { - logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Could not delete temporary file '%s' used for module '%s'. The module will be unloaded: %s\n", output_file, mod->filename, strerror(errno)); - neb_unload_module(mod, NEBMODULE_FORCE_UNLOAD, NEBMODULE_ERROR_API_VERSION); - - return ERROR; - } - - /* - * now that it's loaded and removed, we create a new file in - * its place so debuggers can find the correct symbols properly, - * but only if we're supposed to dump core - */ - if(daemon_dumps_core == TRUE) { - dest_fd = open(output_file, O_CREAT | O_WRONLY, S_IRWXU | S_IRGRP | S_IROTH); - result = my_fdcopy(mod->filename, output_file, dest_fd); - mod->dl_file = strdup(output_file); - } - /* find module API version */ module_version_ptr = (int *)dlsym(mod->module_handle, "__neb_api_version"); -- 1.7.11.7 |
From: Jonas M. <jo...@fr...> - 2013-06-04 13:43:52
|
Hey, I just prepared a patch against git master (commit 758a64). I hope that it helps. Don't hesitate to ask if you've any questions. Also feel free to rename the config options if you don't like the names. The patch is attached. Kind regards, jonas Am 2013-06-03 22:26, schrieb Andreas Ericsson: > Would you care to forward the patch so it applies to Nagios 4 as well? > > Otherwise it's likely to get dropped on the floor I'm afraid. > > On 05/29/2013 06:17 PM, Jonas Meurer wrote: >> Hello, >> >> Am 2013-03-01 09:05, schrieb Andreas Ericsson: >>> On 02/28/2013 10:49 PM, Jonas Meurer wrote: >>>> Am 20.02.2013 16:13, schrieb Jonas Meurer: >>>>> Hello, >>>> >>>> Hey again, >>>> >>>>> we're using Nagios as monitoring system for several hundred >>>>> systems. >>>>> While navigating through hosts and services, recently two questions >>>>> regarding the quick search (in navigation bar) raised: >>>>> >>>>> 1/ Why doesn't nagios search for host aliases as well? Is it >>>>> possible >>>>> to enable alias searching? We're using rather short values for >>>>> host_name, and tend to add information like server position to the >>>>> alias. Thus searching for host_name and alias would be awesome for >>>>> us. >>>>> >>> >>> Today it's not possible to enable alias searching. Patches welcome. >>> If you create one, please use some format that makes it possible to >>> add >>> searching on other fields as well, such as "alias~<regex>" or some >>> such. >>> >>>>> 2/ When searching for IP addresses, only the first match is >>>>> returned. >>>>> In some cases (e.g. NRPE Port forwarding through firewall), several >>>>> hosts have the same IP address. For these cases it's rather >>>>> irritating, >>>>> that only the first matching host is returned. >>>>> >>> >>> Tru dat. Patches welcome. You'll want to find and remove the correct >>> "break" statement, I guess. Other than that it shouldn't be much >>> trouble. >> >> I finally managed to prepare a patch that fixes both shortcomings. It >> adds >> two new configuration options to configure the behavior of the >> navigation >> bar search: search for hostname only, or also for addresses, or also >> for >> aliases. >> >> I reported the patch as feature request at >> http://tracker.nagios.org/view.php?id=459 >> >> Kind regards, >> jonas |
From: Andreas E. <ae...@op...> - 2013-06-03 20:26:44
|
Would you care to forward the patch so it applies to Nagios 4 as well? Otherwise it's likely to get dropped on the floor I'm afraid. On 05/29/2013 06:17 PM, Jonas Meurer wrote: > Hello, > > Am 2013-03-01 09:05, schrieb Andreas Ericsson: >> On 02/28/2013 10:49 PM, Jonas Meurer wrote: >>> Am 20.02.2013 16:13, schrieb Jonas Meurer: >>>> Hello, >>> >>> Hey again, >>> >>>> we're using Nagios as monitoring system for several hundred systems. >>>> While navigating through hosts and services, recently two questions >>>> regarding the quick search (in navigation bar) raised: >>>> >>>> 1/ Why doesn't nagios search for host aliases as well? Is it possible >>>> to enable alias searching? We're using rather short values for >>>> host_name, and tend to add information like server position to the >>>> alias. Thus searching for host_name and alias would be awesome for us. >>>> >> >> Today it's not possible to enable alias searching. Patches welcome. >> If you create one, please use some format that makes it possible to add >> searching on other fields as well, such as "alias~<regex>" or some such. >> >>>> 2/ When searching for IP addresses, only the first match is returned. >>>> In some cases (e.g. NRPE Port forwarding through firewall), several >>>> hosts have the same IP address. For these cases it's rather irritating, >>>> that only the first matching host is returned. >>>> >> >> Tru dat. Patches welcome. You'll want to find and remove the correct >> "break" statement, I guess. Other than that it shouldn't be much trouble. > > I finally managed to prepare a patch that fixes both shortcomings. It adds > two new configuration options to configure the behavior of the navigation > bar search: search for hostname only, or also for addresses, or also for > aliases. > > I reported the patch as feature request at > http://tracker.nagios.org/view.php?id=459 > > Kind regards, > jonas -- Andreas Ericsson and...@op... OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. |
From: Andreas E. <ae...@op...> - 2013-06-03 20:24:57
|
On 06/03/2013 08:54 AM, Anton Löfgren wrote: > This patch does not significantly alter program flow. It simply allows us > to log errors encountered from attempted execution of external commands, > which presumably is a good thing. > I like it. Thanks a lot :) -- Andreas Ericsson and...@op... OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. |
From: Jonas M. <jo...@fr...> - 2013-06-03 10:10:23
|
Hello, any comments on that? Kind regards, jonas Am 2013-05-29 18:17, schrieb Jonas Meurer: > Am 2013-03-01 09:05, schrieb Andreas Ericsson: >> On 02/28/2013 10:49 PM, Jonas Meurer wrote: >>> Am 20.02.2013 16:13, schrieb Jonas Meurer: >>>> we're using Nagios as monitoring system for several hundred systems. >>>> While navigating through hosts and services, recently two questions >>>> regarding the quick search (in navigation bar) raised: >>>> >>>> 1/ Why doesn't nagios search for host aliases as well? Is it >>>> possible >>>> to enable alias searching? We're using rather short values for >>>> host_name, and tend to add information like server position to the >>>> alias. Thus searching for host_name and alias would be awesome for >>>> us. >>>> >> >> Today it's not possible to enable alias searching. Patches welcome. >> If you create one, please use some format that makes it possible to >> add >> searching on other fields as well, such as "alias~<regex>" or some >> such. >> >>>> 2/ When searching for IP addresses, only the first match is >>>> returned. >>>> In some cases (e.g. NRPE Port forwarding through firewall), several >>>> hosts have the same IP address. For these cases it's rather >>>> irritating, >>>> that only the first matching host is returned. >>>> >> >> Tru dat. Patches welcome. You'll want to find and remove the correct >> "break" statement, I guess. Other than that it shouldn't be much >> trouble. > > I finally managed to prepare a patch that fixes both shortcomings. It > adds > two new configuration options to configure the behavior of the > navigation > bar search: search for hostname only, or also for addresses, or also > for > aliases. > > I reported the patch as feature request at > http://tracker.nagios.org/view.php?id=459 > > Kind regards, > jonas > > > > > > > > > ----------------------------------------------------------------------- > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > > _______________________________________________ > Nagios-devel mailing list > Nag...@li... > https://lists.sourceforge.net/lists/listinfo/nagios-devel |
From: Anton L. <alo...@op...> - 2013-06-03 07:17:10
|
This patch does not significantly alter program flow. It simply allows us to log errors encountered from attempted execution of external commands, which presumably is a good thing. Signed-off-by: Anton Lofgren <alo...@op...> --- base/commands.c | 69 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/base/commands.c b/base/commands.c index d0f65f7..363fc06 100644 --- a/base/commands.c +++ b/base/commands.c @@ -359,6 +359,7 @@ int process_external_command1(char *cmd) { time_t entry_time = 0L; int command_type = CMD_NONE; char *temp_ptr = NULL; + int external_command_ret = OK; log_debug_info(DEBUGL_FUNCTIONS, 0, "process_external_command1()\n"); @@ -877,7 +878,10 @@ int process_external_command1(char *cmd) { #endif /* process the command */ - process_external_command2(command_type, entry_time, args); + if ((external_command_ret = process_external_command2(command_type, entry_time, args)) != OK) { + logit(NSLOG_EXTERNAL_COMMAND | NSLOG_RUNTIME_WARNING, TRUE, "Error: External command failed -> %s;%s\n", command_id, args); + } + #ifdef USE_EVENT_BROKER /* send data to event broker */ @@ -888,7 +892,7 @@ int process_external_command1(char *cmd) { my_free(command_id); my_free(args); - return OK; + return external_command_ret; } @@ -896,6 +900,7 @@ int process_external_command1(char *cmd) { /* top-level processor for a single external command */ int process_external_command2(int cmd, time_t entry_time, char *args) { + int ret = OK; log_debug_info(DEBUGL_FUNCTIONS, 0, "process_external_command2()\n"); log_debug_info(DEBUGL_EXTERNALCOMMANDS, 1, "External Command Type: %d\n", cmd); @@ -911,15 +916,15 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_SHUTDOWN_PROCESS: case CMD_RESTART_PROCESS: - cmd_signal_process(cmd, args); + ret = cmd_signal_process(cmd, args); break; case CMD_SAVE_STATE_INFORMATION: - save_state_information(FALSE); + ret = save_state_information(FALSE); break; case CMD_READ_STATE_INFORMATION: - read_initial_state_information(); + ret = read_initial_state_information(); break; case CMD_ENABLE_NOTIFICATIONS: @@ -1045,7 +1050,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_STOP_OBSESSING_OVER_HOST: case CMD_SET_HOST_NOTIFICATION_NUMBER: case CMD_SEND_CUSTOM_HOST_NOTIFICATION: - process_host_command(cmd, entry_time, args); + ret = process_host_command(cmd, entry_time, args); break; @@ -1065,7 +1070,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_DISABLE_HOSTGROUP_SVC_CHECKS: case CMD_ENABLE_HOSTGROUP_PASSIVE_SVC_CHECKS: case CMD_DISABLE_HOSTGROUP_PASSIVE_SVC_CHECKS: - process_hostgroup_command(cmd, entry_time, args); + ret = process_hostgroup_command(cmd, entry_time, args); break; @@ -1087,7 +1092,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_STOP_OBSESSING_OVER_SVC: case CMD_SET_SVC_NOTIFICATION_NUMBER: case CMD_SEND_CUSTOM_SVC_NOTIFICATION: - process_service_command(cmd, entry_time, args); + ret = process_service_command(cmd, entry_time, args); break; @@ -1107,7 +1112,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_DISABLE_SERVICEGROUP_SVC_CHECKS: case CMD_ENABLE_SERVICEGROUP_PASSIVE_SVC_CHECKS: case CMD_DISABLE_SERVICEGROUP_PASSIVE_SVC_CHECKS: - process_servicegroup_command(cmd, entry_time, args); + ret = process_servicegroup_command(cmd, entry_time, args); break; @@ -1119,7 +1124,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_DISABLE_CONTACT_HOST_NOTIFICATIONS: case CMD_ENABLE_CONTACT_SVC_NOTIFICATIONS: case CMD_DISABLE_CONTACT_SVC_NOTIFICATIONS: - process_contact_command(cmd, entry_time, args); + ret = process_contact_command(cmd, entry_time, args); break; @@ -1131,7 +1136,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_DISABLE_CONTACTGROUP_HOST_NOTIFICATIONS: case CMD_ENABLE_CONTACTGROUP_SVC_NOTIFICATIONS: case CMD_DISABLE_CONTACTGROUP_SVC_NOTIFICATIONS: - process_contactgroup_command(cmd, entry_time, args); + ret = process_contactgroup_command(cmd, entry_time, args); break; @@ -1142,50 +1147,50 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_ADD_HOST_COMMENT: case CMD_ADD_SVC_COMMENT: - cmd_add_comment(cmd, entry_time, args); + ret= cmd_add_comment(cmd, entry_time, args); break; case CMD_DEL_HOST_COMMENT: case CMD_DEL_SVC_COMMENT: - cmd_delete_comment(cmd, args); + ret = cmd_delete_comment(cmd, args); break; case CMD_DELAY_HOST_NOTIFICATION: case CMD_DELAY_SVC_NOTIFICATION: - cmd_delay_notification(cmd, args); + ret = cmd_delay_notification(cmd, args); break; case CMD_SCHEDULE_SVC_CHECK: case CMD_SCHEDULE_FORCED_SVC_CHECK: - cmd_schedule_check(cmd, args); + ret =cmd_schedule_check(cmd, args); break; case CMD_SCHEDULE_HOST_SVC_CHECKS: case CMD_SCHEDULE_FORCED_HOST_SVC_CHECKS: - cmd_schedule_check(cmd, args); + ret = cmd_schedule_check(cmd, args); break; case CMD_DEL_ALL_HOST_COMMENTS: case CMD_DEL_ALL_SVC_COMMENTS: - cmd_delete_all_comments(cmd, args); + ret = cmd_delete_all_comments(cmd, args); break; case CMD_PROCESS_SERVICE_CHECK_RESULT: - cmd_process_service_check_result(cmd, entry_time, args); + ret = cmd_process_service_check_result(cmd, entry_time, args); break; case CMD_PROCESS_HOST_CHECK_RESULT: - cmd_process_host_check_result(cmd, entry_time, args); + ret = cmd_process_host_check_result(cmd, entry_time, args); break; case CMD_ACKNOWLEDGE_HOST_PROBLEM: case CMD_ACKNOWLEDGE_SVC_PROBLEM: - cmd_acknowledge_problem(cmd, args); + ret = cmd_acknowledge_problem(cmd, args); break; case CMD_REMOVE_HOST_ACKNOWLEDGEMENT: case CMD_REMOVE_SVC_ACKNOWLEDGEMENT: - cmd_remove_acknowledgement(cmd, args); + ret = cmd_remove_acknowledgement(cmd, args); break; case CMD_SCHEDULE_HOST_DOWNTIME: @@ -1197,29 +1202,29 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_SCHEDULE_SERVICEGROUP_SVC_DOWNTIME: case CMD_SCHEDULE_AND_PROPAGATE_HOST_DOWNTIME: case CMD_SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME: - cmd_schedule_downtime(cmd, entry_time, args); + ret = cmd_schedule_downtime(cmd, entry_time, args); break; case CMD_DEL_HOST_DOWNTIME: case CMD_DEL_SVC_DOWNTIME: - cmd_delete_downtime(cmd, args); + ret = cmd_delete_downtime(cmd, args); break; case CMD_DEL_DOWNTIME_BY_HOST_NAME: - cmd_delete_downtime_by_host_name(cmd, args); + ret = cmd_delete_downtime_by_host_name(cmd, args); break; case CMD_DEL_DOWNTIME_BY_HOSTGROUP_NAME: - cmd_delete_downtime_by_hostgroup_name(cmd, args); + ret = cmd_delete_downtime_by_hostgroup_name(cmd, args); break; case CMD_DEL_DOWNTIME_BY_START_TIME_COMMENT: - cmd_delete_downtime_by_start_time_comment(cmd, args); + ret = cmd_delete_downtime_by_start_time_comment(cmd, args); break; case CMD_SCHEDULE_HOST_CHECK: case CMD_SCHEDULE_FORCED_HOST_CHECK: - cmd_schedule_check(cmd, args); + ret = cmd_schedule_check(cmd, args); break; case CMD_CHANGE_GLOBAL_HOST_EVENT_HANDLER: @@ -1234,7 +1239,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_CHANGE_SVC_NOTIFICATION_TIMEPERIOD: case CMD_CHANGE_CONTACT_HOST_NOTIFICATION_TIMEPERIOD: case CMD_CHANGE_CONTACT_SVC_NOTIFICATION_TIMEPERIOD: - cmd_change_object_char_var(cmd, args); + ret = cmd_change_object_char_var(cmd, args); break; case CMD_CHANGE_NORMAL_HOST_CHECK_INTERVAL: @@ -1248,13 +1253,13 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_CHANGE_CONTACT_MODATTR: case CMD_CHANGE_CONTACT_MODHATTR: case CMD_CHANGE_CONTACT_MODSATTR: - cmd_change_object_int_var(cmd, args); + ret = cmd_change_object_int_var(cmd, args); break; case CMD_CHANGE_CUSTOM_HOST_VAR: case CMD_CHANGE_CUSTOM_SVC_VAR: case CMD_CHANGE_CUSTOM_CONTACT_VAR: - cmd_change_object_custom_var(cmd, args); + ret = cmd_change_object_custom_var(cmd, args); break; @@ -1264,7 +1269,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { case CMD_PROCESS_FILE: - cmd_process_external_commands_from_file(cmd, args); + ret = cmd_process_external_commands_from_file(cmd, args); break; @@ -1282,7 +1287,7 @@ int process_external_command2(int cmd, time_t entry_time, char *args) { break; } - return OK; + return ret; } -- 1.8.3 |
From: Andreas E. <ae...@op...> - 2013-05-31 13:21:05
|
On 2013-05-27 10:46, Jonas Meurer wrote: > Hello, > > while switching from external perl interpreter to ePN, we stumbled over > the empty arguments bug in ePN > (http://tracker.nagios.org/view.php?id=88). This bug keeps us from > using > ePN for a lot of the check commands we use. > > Now I wonder: why is the bugreport closed? In my opinion the bug is not > fixed at all. As suggested in comment 2, patching p1.pl to ignore empty > arguments would be the proper fix, right? > > I just signed up for the nagios bug tracking system, but don't have > privileges to reopen the bugreport. > The bug is closed because embedded perl has been ripped out of Nagios 4. It was impossible to make it leak-free and it caused a lot of issues for users that some dev inevitably had to answer. Since the standard answer the past three years has been "disable embedded perl and things will work again", we (well, I) decided to get rid of it once and for all. Now the standard answer can be changed to "Upgrade to Nagios 4 and whatever performance problem you had that caused you to turn to embedded perl will most likely go away". -- Andreas Ericsson and...@op... OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. |
From: Deepak K. <dee...@gm...> - 2013-05-29 20:21:50
|
Thanks Andrea for your response. With Regards Deepak Kosaraju On May 24, 2013, at 3:43 AM, Andreas Ericsson <ae...@op...> wrote: > On 2013-05-22 21:43, Deepak Kosaraju wrote: >> Hi Whether "Service Check Scheduling" concepts explained in following >> Nagios2 documentation still applies to Nagios 3 and Nagios 4, if not >> where can I find details documentation for Nagios3 and Nagios4 >> "Service Check Scheduling". >> >> http://nagios.manubulon.com/traduction/docs14en/checkscheduling.html >> > > It's mostly correct, except that Nagios 4 reaps service checks as fast > as they come in. We get that for free due to the event-driven design > implemented in Nagios 4. That also means zombie processes should be > very, very rare on a Nagios 4 system. > > The scheduling parts are still valid though. Only the backend for the > scheduling queue has changed. The logic using the backend is still > identical. > > -- > Andreas Ericsson and...@op... > OP5 AB www.op5.se > Tel: +46 8-230225 Fax: +46 8-230231 > > Considering the successes of the wars on alcohol, poverty, drugs and > terror, I think we should give some serious thought to declaring war > on peace. |
From: Jonas M. <jo...@fr...> - 2013-05-29 17:59:00
|
Hello, Am 29.05.2013 15:53, schrieb Robin Sonefors: > On 2013-05-27 10:46, Jonas Meurer wrote: >> Hello, >> >> while switching from external perl interpreter to ePN, we stumbled over >> the empty arguments bug in ePN >> (http://tracker.nagios.org/view.php?id=88). This bug keeps us from >> using >> ePN for a lot of the check commands we use. >> >> Now I wonder: why is the bugreport closed? In my opinion the bug is not >> fixed at all. As suggested in comment 2, patching p1.pl to ignore empty >> arguments would be the proper fix, right? > > It's closed, because epn is gone from nagios 4. Thanks for clarifying. Will nagios 4 be released in near future? So far most people still use nagios 3. I don't think that it's a good practice to close valid bugreports for supported major releases. Instead they should be restricted to the major release in question. Or at least a comment describing the reason for closing would be much appreciated :) Thanks a lot for the work on nagios. Kind regards, jonas > In nagios 3, the only way to get good performance for something like > perl was to build something like epn. Unfortunately, the way epn worked, > bugs in the epn implementation caused nagios to leak memory or even > crash, which is exactly what you don't want from the system you install > in order to, among other things, discover memory leaks or crashes. > > The nagios 4 alternative is to build specialized worker daemons. Doing > that should improve performance as much as epn - if not more - without > any risk for bugs to wreak havoc for anything but their own check(s). An > epn-style perl worker could be built, but hasn't yet. > |
From: Jonas M. <jo...@fr...> - 2013-05-29 16:18:01
|
Hello, Am 2013-03-01 09:05, schrieb Andreas Ericsson: > On 02/28/2013 10:49 PM, Jonas Meurer wrote: >> Am 20.02.2013 16:13, schrieb Jonas Meurer: >>> Hello, >> >> Hey again, >> >>> we're using Nagios as monitoring system for several hundred systems. >>> While navigating through hosts and services, recently two questions >>> regarding the quick search (in navigation bar) raised: >>> >>> 1/ Why doesn't nagios search for host aliases as well? Is it possible >>> to enable alias searching? We're using rather short values for >>> host_name, and tend to add information like server position to the >>> alias. Thus searching for host_name and alias would be awesome for >>> us. >>> > > Today it's not possible to enable alias searching. Patches welcome. > If you create one, please use some format that makes it possible to add > searching on other fields as well, such as "alias~<regex>" or some > such. > >>> 2/ When searching for IP addresses, only the first match is returned. >>> In some cases (e.g. NRPE Port forwarding through firewall), several >>> hosts have the same IP address. For these cases it's rather >>> irritating, >>> that only the first matching host is returned. >>> > > Tru dat. Patches welcome. You'll want to find and remove the correct > "break" statement, I guess. Other than that it shouldn't be much > trouble. I finally managed to prepare a patch that fixes both shortcomings. It adds two new configuration options to configure the behavior of the navigation bar search: search for hostname only, or also for addresses, or also for aliases. I reported the patch as feature request at http://tracker.nagios.org/view.php?id=459 Kind regards, jonas |
From: Sven N. <Sve...@Co...> - 2013-05-29 14:11:36
|
On 5/29/13 15:53, Robin Sonefors wrote: > An epn-style perl worker could be built, but hasn't yet. Thats not 100% true. Mod-Gearman still supports ePN, even with Nagios 4 and is worker based :-) Sven |
From: Robin S. <rob...@op...> - 2013-05-29 13:53:48
|
On 2013-05-27 10:46, Jonas Meurer wrote: > Hello, > > while switching from external perl interpreter to ePN, we stumbled over > the empty arguments bug in ePN > (http://tracker.nagios.org/view.php?id=88). This bug keeps us from > using > ePN for a lot of the check commands we use. > > Now I wonder: why is the bugreport closed? In my opinion the bug is not > fixed at all. As suggested in comment 2, patching p1.pl to ignore empty > arguments would be the proper fix, right? It's closed, because epn is gone from nagios 4. In nagios 3, the only way to get good performance for something like perl was to build something like epn. Unfortunately, the way epn worked, bugs in the epn implementation caused nagios to leak memory or even crash, which is exactly what you don't want from the system you install in order to, among other things, discover memory leaks or crashes. The nagios 4 alternative is to build specialized worker daemons. Doing that should improve performance as much as epn - if not more - without any risk for bugs to wreak havoc for anything but their own check(s). An epn-style perl worker could be built, but hasn't yet. |
From: Jonas M. <jo...@fr...> - 2013-05-27 08:47:00
|
Hello, while switching from external perl interpreter to ePN, we stumbled over the empty arguments bug in ePN (http://tracker.nagios.org/view.php?id=88). This bug keeps us from using ePN for a lot of the check commands we use. Now I wonder: why is the bugreport closed? In my opinion the bug is not fixed at all. As suggested in comment 2, patching p1.pl to ignore empty arguments would be the proper fix, right? I just signed up for the nagios bug tracking system, but don't have privileges to reopen the bugreport. Kind regards, jonas PS: I'm not subscribed (yet) to the list (waiting for approval), please cc me on replies. |