Auditing External Commands

Laack,Jacob C Jacob.Laack at alegent.org
Thu Sep 18 21:15:39 CEST 2008

Previous message: Nagios takes too much time to send notifications
Next message: Auditing External Commands
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

All-
I'm running Nagios 3.0.3 with httpd on RHEL 5. I have CGI Authentication enabled for a couple dozen users. Some of them make "mistakes" when issuing External Commands and I'm looking for a way to log or know who turned of notifications for a server that shouldn't have been modified, etc. I see that the /usr/local/nagios/var/nagios.log file shows...

[1221748066] EXTERNAL COMMAND: DISABLE_SVC_NOTIFICATIONS;fileserv;Download-WellsFargoBP

...while the apache logs show...

160.76.51.177 - ekaj [18/Sep/2008:09:27:46 -0500] "POST /cgi-bin/cmd.cgi HTTP/1.1" 200 1961

Is there a native way for Nagios to attach to attach the CGI user, ekaj in this case, to the DISABLE_SVC_NOTIFICATIONS command in either the nagios.log file or somewhere else? Any non-native way to do it?

Thanks for reading.

Jake Laack
Alegent Health, Open Systems Engineer

________________________________
Sponsored by Catholic Health Initiatives and Immanuel Health Systems, Alegent Health is faithful to the healing ministry of Jesus Christ, providing high quality care for the body, mind and spirit of every person.

The information contained in this communication, including attachments, is confidential and private and intended only for the use of the addressees. Unauthorized use, disclosure, distribution or copying is strictly prohibited and may be unlawful. If you received this communication in error, please inform us of the erroneous delivery by return e-mail message from your computer. Additionally, although all attachments have been scanned at the source for viruses, the recipient should check any attachments for the presence of viruses before opening. Alegent Health accepts no liability for any damage caused by any virus transmitted by this e-mail. Thank you for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080918/ceef9e7c/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Nagios takes too much time to send notifications
Next message: Auditing External Commands
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list