Nagios XI 5.5
Now helping you do even more “cool monitoring stuff” (that’s the technical term)
Here’s some of the big new features in 5.5
Restricted CCM Access for Users
Don’t want someone to edit all of your hosts and services? No problem!
Advanced users are now able to be given “Limited” permissions in the Core Config Manger. Limited permissions allow users to access objects they are normally allowed to see in the interface and edit them. This allows more granular user permissions in XI.
Automatic Passive Check Configuration
Automatically configure your incoming passive checks.
Instead of running the passive check wizard on what shows up in the Unconfigured Objects page, Nagios XI can automatically add the incoming checks and start monitoring them in the interface right away.
Two Factor Authentication
We’ve improved the overall security in Nagios XI by implementing Email and Duo two factor authentication.
If you’re the techy type, we’ve provided new callbacks in 5.5 so you can integrate other 2FA systems.
We’ve updated NagVis to the latest version (1.9.8) and have fully integrated it into the XI experience.
Take advantage of the new and improved NagVis software and no need to log in a second time. If you’re logged into XI you can click right into NagVis.
We’ve added some great new enterprise features as well
SNMP Trap Interface
Do you love SNMP traps? We promise we don’t think you’re crazy. This new version of XI comes with a new Enhanced SNMP Trap Management Interface that alows you to modify, record, and see all the SNMP traps that come into the system from within XI.
What more is there to love?
Manage Scheduled Reports
Knowing when scheduled reports are going out, and knowing who sends them is important in a large business. Now admins can view, modify, and copy scheduled reports for any user in XI.
All the Changes
A comprehensive list of the changes in XI 5.5
There are a lot of changes in Nagios XI 5.5. We’ve built a more robust backend with better performance, upgraded the internal, added various new and improved features, and upgraded the base components. We’ve also improved the security of the software.
Two Factor Authentication TPS#12189
Email two factor authentication can be enabled in the Security tab in Admin > System Settings. You can also allow users to check a box to save the browser they are logging in from for a period of time you specify after successfully completing two factor authentication. This feature is turned off by default.
Passwords and Sensitive Info TPS#4689
We have started using stronger hashing algorithms for password storage. We have also added encryption/decryption of stored password data for passwords that are stored by the server throughout the UI. We have also included SSH key authentication as an option for SSH Scheduled Backups.
Session Timeout TPS#9938
You can now turn on and set a session timeout in the Admin > Global Settings > Security section. The Nagios XI system will logout the user if their session expires without moving pages. A few pages (NOC screen, Birdseye, Operations Center) will not adhere to the timeout and won’t log you out.
Mobile Phone Verification TPS#12042
Users are now required to verify mobile phone numbers before receiving SMS/text notifications. If you are upgrading XI to 5.5 and a user already has SMS/text notifications enabled, it will be considered verified after upgrade and would only need to be verified again if changed.
User Account Changes TPS#12158 TPS#12132 TPS#7099 TPS#10895
Passwords are now stored with a more secure hashing algorithm. In the Passwords & Account tab in Admin > System Settings admins can Disallow Old Passwords so that users are not able to use previously used passwords when changing their password. Users can now leave the text message subject field blank in SMS templates. Emails can now be sent in plain text only, using a checkbox in the User’s Notification Methods page.
Restricted Rapid Response URL
The new rapid response URL links only allow a response for a certain amount of time. They also will only authenticate you for the rapid response page and not let users go into the full XI interface without logging in first.
Single Use Auth Tokens
With the new
api/v1/authenticate API endpoint, you can create authentication tokens by passing your username and password over an HTTP POST request. Auth tokens can then be used to authenticate a user into the interface. This can also be used for 3rd party auth services.
File Permissions TPS#12730
Permissions for backend scripts and files have been updated to be more secure. This includes scripts that are ran through sudo, config files in Nagios Core, and the files in Nagios XI.
Host and Service Status Pages TPS#7893 TPS#12059 TPS#12055 TPS#7112
Added a notes_url and actions_url icon in the main service and host status details pages. These can be hovered over and/or clicked to see the information that is put in the config option. These options can be set in the CCM. Also updated the names of the pages to remove the word details from the menu links for host and service status. Added links to the host/service details pages to hostgroups and servicegroups. Updated the displaying of host/service aliases to accurately reflect the display name.
Updated Help TPS#12830
Added a help document about how to contribute to translations of the XI interface. Also added a help document about how to use single use auth tokens.
SNMP Trap Interface Enterprise
We added a new feature for managing incoming traps. This new component allows you to define, test, view, and keep track of incoming SNMP traps easily from an interface. You can also edit the trap definitions with helpful popup information.
We’ve updated the version of NagVis to the latest. We have also added a new module, to allow session login from the XI interface. This means if you’re logged into XI you will not need to log into NagVis separately.
Report Filtering Options TPS#5970 TPS#9194 TPS#12048
You can now filter by state (OK, WARNING, CRITICAL, UNKNOWN, DOWN, UP, UNREACHABLE) in the state history report. Tables in the scheduled downtime page can now be sorted by clicking on the table header. Added a date time and timeperiod picker to all the main XI reports so you can now add in the time through the dropdown time picker. Useful for reporting on only a few hours or even minutes of data.
User Settings TPS#8082
Users can now set the start of the week using the week format setting. They can set the start of the week to be Sunday or Monday in the user settings.
Manage Scheduled Reports Page Enterprise TPS#11609
Admins can now manage user’s scheduled reports (edit, copy, delete) from a new admin page located in the reports tab.
We have updated the installation interface to be simple, informative, and to allow you to set up more general options on install.
Extended Options TPS#12073
Added option to enable SSL/HTTPS redirect. You will need to install a valid SSL certificate if you’d like to see a green bar. Added ability to setup the Admin email notification settings during the install.
Automatic Passive Check Configuration TPS#2231
In the Unconfigured Objects page, you can now set up automatic processing of incoming unknown passive checks. This allows you to have Nagios XI automatically set up these passive checks with templates, contacts, and even restart Core.
Activation and Renewals
You can now activate the product from inside of XI once you’ve put in your License Key, click on the “Activate Now” button on the License page and you can activate by adding in your client ID or unique code. You can also stop renewal reminders from being given to users in the Global Settings area.
SSH Terminal Changes Enterprise TPS#12202
We removed Ajaxterm and replaced it with shellinabox, which is a better, easier to use SSH terminal.
Manage User Changes TPS#6186 TPS#8239 TPS#11608
Admins can now edit a user by clicking their username on the manage users page. When users are deleted, the cron jobs for scheduled reports are deleted for that user. Account usernames can now be up to 255 characters long.
System Profile Changes TPS#1456 TPS#9108
Profile download now comes with versions in an html file. Profile download now contains the versions of all components, wizards, and dashlets. Added the
ipcs command output to the profile zip. Added the versions of Nagios Core, Nagios-Plugins, SSH Terminal, NRPE, NSCA, PNP, etc.
Performance Options TPS#8345
Added a new setting to Admin > Performance Settings to set the amount of Snapshots to keep for Core/CCM configurations.
Restricted CCM Access for Users
We have added the ability for users to be able to be automatically logged into the CCM just like admins. This can be with limited permissions for only what the users themselves can see, or with permissions to view everything. You get to choose.
Apply Config Changes TPS#6127
Now after an apply config, the BPI configuration will sync for hostgroups and servicegroups. These are part of an enterprise feature that is available inside the Business Process Intelligence component.
Ease of Use TPS#13227 TPS#12270 TPS#10049 TPS#13158
Regular users are now able to be given session-style access just like admins. They can also be given limited access to only view objects they are able to view. Copying services will no longer create a new config name. Config search is no longer case sensitive. Added contact alias next to contact names. Also added the services that are applied to a host via hostgroups to the service groups list.
Service Import Updates TPS#13303
The CCM will now properly import services that have multiple hosts or hostgroups applied to then.
Apply Config Audit Logging TPS#7954
When someone applies config in the CCM it is now logged in the audit log.
Added multiple API endpoints such as
bpi, and many more. You can also send raw Core configs in to be important and send Core commands to new API endpoints.
API Encoding Changes
Objects API calls will no longer return with
<object>list root. JSON is now valid and using the json_encode() function built into PHP instead of a 3rd party library, allowing for better PHP version compatibility in PHP 7+.
Backend Script Changes TPS#9908 TPS#12386
The scripts for applying config, resetting system permissions, importing and exporting configs have been changed. We also updated the scripts to no longer call
wget. Some scripts have also changed, below is a list of old scripts and their equivalents. Scripts italicized below are still available on upgraded systems, but not on new installs.
- Apply Config Scripts
- scripts no longer require the
nagiosql_login.phpscript to log into the ccm and is no longer in XI
- Object Deletion Scripts
ccm_delete_object.php --type <type> --id <id>replaces
ccm_delete_object.php --type contactreplaces
ccm_delete_object.php --type timeperiodreplaces
ccm_delete_object.php --type hostreplaces
ccm_delete_object.php --type servicereplaces
Various Bug Fixes TPS#13163 TPS#13211 TPS#13213 TPS#13251
Cleaned up some bugs that were causing some issues throughout the interface.
Use cases for the new features in XI 5.5
Scheduled Report Management
In XI 5.5, administrators now have a centralized way to view and manage who has scheduled reports and who they’re going to. The new feature enables you to share reports with other users, to copy reports, and to edit those that are currently set up.
The update to Scheduled Reports enables you to view, manage, copy, and share scheduled reports across your XI users. In a situation where a report is being delivered to a contact who doesn’t want to receive it, you can quickly determine which user has configured it to be delivered. Alternately if one user is receiving a report and another user request that it be sent to them as well, you can now quickly add their email address to the recipients list. If you have a report that you’d like to copy from a user you will be deleting, you can copy that report to someone else.
This is another subtle improvement, but one that will be a welcome update for users who leverage BPI to monitor the overall health of complex processes. Now, if a host or service object which is part of a BPI group is not found, the BPI interface and checks will continue to function. You can choose whether to mark the missing objects as UNKNOWN or UNREACHABLE. You will also notice an error above the group indicating which objects were not found so that you can investigate further.
This is especially useful in dynamic environments with many users, where hosts could be taken offline regularly. If this occurs, BPI groups will provide clear details on which objects are not found, and continue to work as it would if the object did indeed go into an UNKNOWN or UNREACHABLE state.
The Capacity Planning graphs have been re-designed to better utilize screen space, making it easier for you to leverage the results.
Capacity Planning has always been a high value feature, and now the graphs are larger and easier to configure than ever before.
If you plan to add Capacity Planning graphs to Dashboards, and add those Dashboards to your Views rotation, the graphs will now be easier to read on your NOC screen.
CCM Power Users
In the past, the Core Config Manager was only available to administrative users with full visibility of all host and service objects. With the new Power Users feature, you can enable your users to take granular control of configurations, while limiting visibility to just a select subset of objects.
In situations where you have some advanced admins on your team, but policy prohibits them from seeing everything that is being monitored by your Nagios install, you can now give them full configuration power without sacrificing the necessary limited visibility.
REST API Updates
In version 5.5 Nagios XI’s REST API is now more powerful and streamlined than ever. New features include the ability to import raw Core configs, schedule downtime, generate report data, and execute a vast collection of Core external commands.
A great use-case for the new schedule downtime option would be in a scenario where you have an automation script that shuts down certain services or systems when a maintenance window begins. You could include a call to XI’s API in the automation script to place the related systems in scheduled downtime so that notifications would be suppressed during maintenance, and so that the period could later be filtered out of reports to avoid impacting SLAs.
SNMP Trap Interface
SNMP traps are a powerful monitoring approach capable of providing you with nearly real-time alerts when problems occur. Traditionally things like trap definitions have been managed from the CLI.
Now with Nagios XI’s new SNMP Trap Interface, you’ll be able to add, edit, and delete trap definitions, as well as view any traps that have been received, all within XI’s web GUI. In situations where you need to know right away if certain events occur on SNMP enabled devices, doing so will now be more accessible and easier to manage than ever.
Two Factor Authentication (2FA)
XI now supports optional Two Factor Authentication using a token emailed to users who wish to access the web interface. You can also hook into the callbacks in XI to connect your current 2FA system. Duo 2FA also works out of the box as a component in Nagios XI 5.5.
In many organizations, 2FA has become mandatory, so this new feature will help ensure that you are compliant and can continue to leverage Nagios XI’s powerful features going forward. In other organizations where 2FA is not a hard requirement, it will still serve as a great way to further enhance the security of your Nagios XI frontend, and all of the vital information it can provide.
Automatic Passive Check Provisioning
Automated host management is a popular request from our global client base and something that we wanted to expand on to compliment existing features such as the Deadpool (an Enterprise edition feature), which can be used to automatically decommission hosts and services that remain in a problem state for an extended time period.
Now in XI 5.5 you can set XI to automatically import hosts and services into the CCM (Core Config Manager) when passive check data is first received from them. The new Auto Configure tool enables you to customize notification, group, and template settings which will be applied to the new objects, as well as whether the config will be applied automatically once they are created.
An example use-case would be one wherein you’ve configured your deployment mechanisms such that each new system that is brought online in your environment is pre-loaded with a send_nrdp client, or with NCPA configured to send passive results. In this scenario, as soon as passive results from new hosts are received by XI monitoring will begin automatically, saving you the time you would usually spend manually configuring the newly received passive results.