#################################################### # Sample NSCA Daemon Config File # Written by: Ethan Galstad (nagios@nagios.org) # # Last Modified: 01-07-2002 #################################################### # PORT NUMBER # Port number we should wait for connections on. # This must be a non-priveledged port (i.e. > 1024). server_port=5667 # SERVER ADDRESS # Address that nrpe has to bind to in case there are # more as one interface and we do not want nrpe to bind # (thus listen) on all interfaces. #server_address=192.168.1.1 # ALLOWED HOST ADDRESSES # This is a comma-delimited list of IP address of hosts that are allowed # to talk to the NSCA daemon. # # Note: The daemon only does rudimentary checking of the client's IP # address. I would highly recommend running as a service under # inetd instead of as a standalone daemon and using TCP wrappers to # limit access. allowed_hosts=127.0.0.1 # NSCA USER # This determines the effective user that the NSCA daemon should run as. # You can either supply a username or a UID. # # NOTE: This option is ignored if NSCA is running under either inetd or xinetd nsca_user=nagios # NSCA GROUP # This determines the effective group that the NSCA daemon should run as. # You can either supply a group name or a GID. # # NOTE: This option is ignored if NSCA is running under either inetd or xinetd nsca_group=nagios # DEBUGGING OPTION # This option determines whether or not debugging # messages are logged to the syslog facility. # Values: 0 = debugging off, 1 = debugging on debug=0 # COMMAND FILE # This is the location of the Nagios command file that the daemon # should write all service check results that it receives. command_file=/usr/local/nagios/var/rw/nagios.cmd # ALTERNATE DUMP FILE # This is used to specify an alternate file the daemon should # write service check results to in the event the command file # does not exist. It is important to note that the command file # is implemented as a named pipe and only exists when Nagios is # running. You may want to modify the startup script for Nagios # to dump the contents of this file into the command file after # it starts Nagios. Or you may simply choose to ignore any # check results received while Nagios was not running... alternate_dump_file=/usr/local/nagios/var/rw/nsca.dump # AGGREGATED WRITES OPTION # This option determines whether or not the nsca daemon will # aggregate writes to the external command file for client # connections that contain multiple check results. If you # are queueing service check results on remote hosts and # sending them to the nsca daemon in bulk, you will probably # want to enable bulk writes, as this will be a bit more # efficient. # Values: 0 = do not aggregate writes, 1 = aggregate writes aggregate_writes=0 # APPEND TO FILE OPTION # This option determines whether or not the nsca daemon will # will open the external command file for writing or appending. # This option should almost *always* be set to 0! # Values: 0 = open file for writing, 1 = open file for appending append_to_file=0 # MAX PACKET AGE OPTION # This option is used by the nsca daemon to determine when client # data is too old to be valid. Keeping this value as small as # possible is recommended, as it helps prevent the possibility of # "replay" attacks. This value needs to be at least as long as # the time it takes your clients to send their data to the server. # Values are in seconds. The max packet age cannot exceed 15 # minutes (900 seconds). max_packet_age=30 # DECRYPTION PASSWORD # This is the password/passphrase that should be used to descrypt the # incoming packets. Note that all clients must encrypt the packets # they send using the same password! # IMPORTANT: You don't want all the users on this system to be able # to read the password you specify here, so make sure to set # restrictive permissions on this config file! #password= # DECRYPTION METHOD # This option determines the method by which the nsca daemon will # decrypt the packets it receives from the clients. The decryption # method you choose will be a balance between security and performance, # as strong encryption methods consume more processor resources. # You should evaluate your security needs when choosing a decryption # method. # # Note: The decryption method you specify here must match the # encryption method the nsca clients use (as specified in # the send_nsca.cfg file)!! # Values: # # 0 = None (Do NOT use this option) # 1 = Simple XOR (No security, just obfuscation, but very fast) # # 2 = DES # 3 = 3DES (Triple DES) # 4 = CAST-128 # 5 = CAST-256 # 6 = xTEA # 7 = 3WAY # 8 = BLOWFISH # 9 = TWOFISH # 10 = LOKI97 # 11 = RC2 # 12 = ARCFOUR # # 14 = RIJNDAEL-128 # 15 = RIJNDAEL-192 # 16 = RIJNDAEL-256 # # 19 = WAKE # 20 = SERPENT # # 22 = ENIGMA (Unix crypt) # 23 = GOST # 24 = SAFER64 # 25 = SAFER128 # 26 = SAFER+ # decryption_method=1