Icinga 2 v2.4.1 bugfix release

Icinga StickerThis release fixes a problem when using recurring downtimes (“ScheduledDowntime”) causing Icinga 2 to crash on startup. There are further fixes for old compilers on Debian Squeeze, Ubuntu Precise and RHEL 6. The API setup wizard does not overwrite existing certificates anymore. The node setup wizards also incorporate the NodeName and ZoneName constant by default, not the previously used FQDN.

The ITL CheckCommand ‘running_kernel’ now allows you to optionally use the ‘running_kernel_use_sudo’ attribute. One further addition are global constants to fetch PlatformName. PlatformVersion, PlatformKernel and PlatformKernelVersion.

A common problem which we’ve analysed in our community support channels is the usage of existing SSL certificates with the Icinga 2 API. In case you are encountering the SSL error “SSL3_READ_BYTES:sslv3 alert unsupported certificate” when querying the API using curl or a modern browser, please ensure that the host’s SSL certificate version is 3, not 1. More details on the mailing lists.

Icinga 2 v2.4.1 packages should be available soon, meanwhile make sure to check the Changelog below.





  • ITL
    • Add running_kernel_use_sudo option for the running_kernel check
  • Configuration
    • Add global constants: `PlatformName`. `PlatformVersion`, `PlatformKernel` and `PlatformKernelVersion`
  • CLI
    • Use NodeName and ZoneName constants for ‘node setup’ and ‘node wizard’


  • Feature 10622: Add by_ssh_options argument for the check_by_ssh plugin
  • Feature 10693: Add running_kernel_use_sudo option for the running_kernel check
  • Feature 10716: Use NodeName and ZoneName constants for ‘node setup’ and ‘node wizard’


  • Bug 10528: Documentation example in “Access Object Attributes at Runtime” doesn’t work correctly
  • Bug 10615: Build fails on SLES 11 SP3 with GCC 4.8
  • Bug 10632: “node wizard” does not ask user to verify SSL certificate
  • Bug 10641: API setup command incorrectly overwrites existing certificates
  • Bug 10643: Icinga 2 crashes when ScheduledDowntime objects are used
  • Bug 10645: Documentation for schedule-downtime is missing required paremeters
  • Bug 10648: lib/base/process.cpp SIGSEGV on Debian squeeze / RHEL 6
  • Bug 10661: Incorrect web inject URL in documentation
  • Bug 10663: Incorrect redirect for stderr in /usr/lib/icinga2/prepare-dirs
  • Bug 10667: Indentation in command-plugins.conf
  • Bug 10677: node wizard checks for /var/lib/icinga2/ca directory but not the files
  • Bug 10690: CLI command ‘repository add’ doesn’t work
  • Bug 10692: Fix typos in the documentation
  • Bug 10708: Windows setup wizard crashes when InstallDir registry key is not set
  • Bug 10710: Incorrect path for icinga2 binary in development documentation
  • Bug 10720: Remove –master_zone from –help because it is currently not implemented

Icinga 2 v2.4.0 & Icinga Web 2 v2.1.0 released

We’ve come a long way… after months of hard development we’re proud to release Icinga 2 v2.4.0 and Icinga Web 2 v2.1.0.


Icinga 2 v2.4.0

icinga2_apiIcinga 2 v2.4 feels even bigger than our first v2.0 release 1.5 years ago. “We want an API” you said – and we sat down in April and started design one. Kicking off the development in June, it’s been 5 months and 3 developers working full-time on Icinga 2 v2.4.

We’ve put a lot of effort into designing and refining a unified REST API allowing you to create configuration objects at runtime without a restart (e.g. a host auto-discovered from config management, cloud, etc) and also delete them. You can also modify existing configuration objects at runtime. All object updates are synchronised in cluster zones. In case you’re using a configuration tool for deployment you can manage configuration packages and stages.

icinga2_api_dashingWhile there are existing interfaces to query the current object states we’ve now added the full capabilities of exposing all object attributes to the user, helped with (complex) filters and joins to limit the output. List all services for hosts in a hostgroup, but only if they are in a critical state – a breeze to interact with.

You want to schedule maintenance downtimes or acknowledge problems at once? The former external commands have been revamped into Actions providing clear-cut interfaces and feedback on errors.

Event streams allow you to subscribe to specific core events, be it check results, notifications, acknowledgements. Forward these events to your umbrella monitoring system applications and use these metrics for your integration with other tools.

You can also fetch the runtime state of the Icinga 2 daemon and its features gaining insights on what’s going on. There’s also support for executing expressions and fetching the type hierarchy of config objects if you are planning to implement your own API client.

icinga-studioYou can use the icinga2 console to connect to the API and fetch the check result and its executed command line for example. The Icinga Studio application provides a GUI to fetch all objects from the API. And yet, use Dashing on your monitoring dashboards. If you want to start programming your own API clients, we’ve made sure to add programmatic examples for your convenience.

The Icinga 2 API uses HTTPS with basic auth or client SSL certificates and fully supports IPv4 and IPv6 similar to the Icinga 2 cluster. You can even set permissions for API users for specific URL endpoints with optional object filters. That way for example scripts may only schedule a downtime, or users are limited to hosts only in a specific host group.

icinga2_grafanaIcinga 2 v2.4 also introduces a new Graphite schema revamped from community feedback. Tackling configuration errors with dynamic apply rules is now helped with Icinga 2 script debugger.

Grab a coffee, or two, and get into the details in the API documentation. If you can’t wait to put Icinga 2 v2.4 in production – packages for all distributions should be available soon. Meanwhile you can test-drive the Icinga 2 API using Docker and Vagrant.


Icinga Web 2 v2.1.0

icingaweb2_dashboard_overviewThe 10th Open Source Monitoring Conference (OSMC) starts this week and team Icinga is attending for the 7th time. After our exciting release of Icinga Web 2 v2.0.0 right before Icinga Camp Portland the developers have been working hard to resolve bugs and also refine the UI styling once more.
This includes an enhanced service- and hostdetail area and a redefined table control element. A clear CSS structure makes the implementation of individual themes and styles even simpler.

Icinga Web 2 v2.1.0 is ready for download – and we’ll sure have it as live demo at our OSMC Icinga booth.



Icinga 2 v2.4.0 Changelog

Icinga Web 2 v2.1.0 Changelog

Icinga 2 v2.3.11 bugfix release

While we are working hard on our next feature release v2.4 we’ve come across several bugs and backported them into a new bugfix release v2.3.11.

This release improves the cluster stability and adds a couple of new plugin check command definitions for the ITL. It also introduces a new function called “cidr_match”:

$ icinga2 console
Icinga (version: v2.3.0-672-g35cbcde)
<1> cidr_match("", "")
<2> cidr_match("", "")
<3> cidr_match("2a03:2880::/29", "2a03:2880:f022:6:face:b00c:0:2")

Furthermore this release adds a new function resolve_arguments which lets users resolve commands+arguments in exactly the same way Icinga does internally as shown in the example below:

arguments = {
  "-C" = {{
    var command = macro("$by_ssh_command$")
    var arguments = macro("$by_ssh_arguments$")

    if (typeof(command) == String && !arguments) {
      return command

    var escaped_args = []
    for (arg in resolve_arguments(command, arguments)) {
    return escaped_args.join(" ")

Package updates are available soon. Please report any findings on bugs to our development tracker.

What’s New in Version 2.3.11


  • Function for performing CIDR matches: cidr_match()
  • New methods: String#reverse and Array#reverse
  • New ITL command definitions: nwc_health, hpasm, squid, pgsql
  • Additional arguments for ITL command definitions: by_ssh, dig, pop, spop, imap, simap
  • Documentation updates
  • Various bugfixes


  • Feature 9183: Add timestamp support for OpenTsdbWriter
  • Feature 9466: Add FreeBSD setup to getting started
  • Feature 9812: add check command for check_nwc_health
  • Feature 9854: check_command for plugin check_hpasm
  • Feature 10004: escape_shell_arg() method
  • Feature 10006: Implement a way for users to resolve commands+arguments in the same way Icinga does
  • Feature 10057: Command Execution Bridge: Use of same endpoint names in examples for a better understanding
  • Feature 10109: Add check command squid
  • Feature 10112: Add check command pgsql
  • Feature 10129: Add ipv4/ipv6 only to nrpe CheckCommand
  • Feature 10139: expand check command dig
  • Feature 10142: Update debug docs for core dumps and full backtraces
  • Feature 10157: Update graphing section in the docs
  • Feature 10158: Make check_disk.exe CheckCommand Config more verbose
  • Feature 10161: Improve documentation for check_memory
  • Feature 10197: Implement the Array#reverse and String#reverse methods
  • Feature 10207: Find a better description for cluster communication requirements
  • Feature 10216: Clarify on cluster/client naming convention and add troubleshooting section
  • Feature 10219: Add timeout argument for pop, spop, imap, simap commands
  • Feature 10352: Improve timeperiod documentation
  • Feature 10354: New method: cidr_match()
  • Feature 10379: Add a debug log message for updating the program status table in DB IDO


  • Bug 8805: check cluster-zone returns wrong log lag
  • Bug 9322: sending multiple Livestatus commands rejects all except the first
  • Bug 10002: Deadlock in WorkQueue::Enqueue
  • Bug 10079: Improve error message for socket errors in Livestatus
  • Bug 10093: Rather use unique SID when granting rights for folders in NSIS on Windows Client
  • Bug 10177: Windows Check Update -> Access denied
  • Bug 10191: String methods cannot be invoked on an empty string
  • Bug 10192: null + null should not be “”
  • Bug 10199: Remove unnecessary MakeLiteral calls in SetExpression::DoEvaluate
  • Bug 10204: Config parser problem with parenthesis and newlines
  • Bug 10205: config checker reports wrong error on apply for rules
  • Bug 10235: Deadlock in TlsStream::Close
  • Bug 10239: Don’t throw an exception when replaying the current replay log file
  • Bug 10245: Percent character whitespace on Windows
  • Bug 10254: Performance Data Labels including ‘=’ will not be displayed correct
  • Bug 10262: Don’t log messages we’ve already relayed to all relevant zones
  • Bug 10266: “Not after” value overflows in X509 certificates on RHEL5
  • Bug 10348: Checkresultreader is unable to process host checks
  • Bug 10349: Missing Start call for base class in CheckResultReader
  • Bug 10351: Broken table layout in chapter 20
  • Bug 10365: ApiListener::SyncRelayMessage doesn’t send message to all zone members
  • Bug 10377: Wrong connection log message for global zones


Icinga Web 2.0.0 – The final version is unleashed

After tons of hours of work, we are proud to present today the final version of our interface Icinga Web 2. The new interface comes with a completely new design and many user-friendly enhancements to find the relevant information even faster.

With the new design you can see at glance whether Icinga runs properly or significant problems occurred. We enhanced the dashboard with new views to easily see overdue or disabled checks, and muted hosts and services which have already been acknowledged. In contrast to previous versions, the interface has now a detailed view for host and service checks which are not being executed in time.

To provide additional security, we added many new features, for example accessing modules now requires appropriate permissions. All existing permissions and restrictions of the predecessors are of course retained in the new version. Roles containing permissions and restrictions can be assigned to users and user groups in order to permit or restrict their access.

We also improved the integration of Active Directory and other LDAP servers. The new version supports to load users, users groups and group memberships of them as well as authenticating against Kerberos and loading user groups from Active Directory. A major advance is the creation of hosts and services actions; instead of defining them via Icinga’s configuration files, every user is now enabled to create them with the web interface and even share them to others.

The configuration allows to add actions only to certain hosts or services and supports macros like the host and service name, and custom variables. The new web interface provides yet a very basic API for scheduling and removing host and service downtimes. Basic access authentication is also a new feature to ease usage of the API.


For the future, you can expect more API actions and the creation of modules to integrate various popular tools to enhance the DevOps stack.

Find the current version on GitHub right know, while packages will be available soon.

Icinga 2 v2.3.10 bugfix release

Dear all,

apart from importing the missing fix for the Windows reload in 2.3.9, we’ve also tackled a couple of other stability problems whilst working on the 2.4 api branch.

Packages should be available soon as always, find the Changelog below.


What’s New in Version 2.3.10


  • Feature 9218: Use the command_endpoint name as check_source value if defined


  • Bug 9244: String escape problem with PostgreSQL >= 9.1 and standard_conforming_strings=on
  • Bug 10003: Nested “outer” macro calls fails on (handled) missing “inner” values
  • Bug 10051: Missing fix for reload on Windows in 2.3.9
  • Bug 10058: Wrong calculation for host compat state “UNREACHABLE” in DB IDO
  • Bug 10074: Missing zero padding for generated CA serial.txt

Icinga 2 bugfix release v2.3.9

The Icinga team is currently working on implementing the API which is scheduled to be included as part of the 2.4.0 release. However, in parallel we’ve also been fixing a number of issues in 2.3. Today we’re releasing these fixes and a few other ITL and documentation updates as version 2.3.9.

As usual packages for 2.3.9 should be available at packages.icinga.org shortly.

Here’s a list of all changes for this release:


What’s New in Version 2.3.9


  • Fix that the first SOFT state is recognized as second SOFT state
  • Implemented reload functionality for Windows
  • New ITL check commands
  • Documentation updates
  • Various other bugfixes


  • Feature 9527: CheckCommand for check_interfaces
  • Feature 9671: Add check_yum to ITL
  • Feature 9675: Add check_redis to ITL
  • Feature 9686: Update gdb pretty printer docs w/ Python 3
  • Feature 9699: Adding “-r” parameter to the check_load command for dividing the load averages by the number of CPUs.
  • Feature 9747: check_command for plugin check_clamd
  • Feature 9796: Implement Dictionary#get and Array#get
  • Feature 9801: Add check_jmx4perl to ITL
  • Feature 9811: add check command for check_mailq
  • Feature 9827: snmpv3 CheckCommand section improved
  • Feature 9882: Implement the Dictionary#keys method
  • Feature 9883: Use an empty dictionary for the ‘this’ scope when executing commands with Livestatus
  • Feature 9985: add check command nscp-local-counter
  • Feature 9996: Add new arguments openvmtools for Open VM Tools


  • Bug 8979: Missing DEL_DOWNTIME_BY_HOST_NAME command required by Classic UI 1.x
  • Bug 9262: cluster check w/ immediate parent and child zone endpoints
  • Bug 9623: missing config warning on empty port in endpoints
  • Bug 9769: Set correct X509 version for certificates
  • Bug 9773: Add log for missing EventCommand for command_endpoints
  • Bug 9779: Trying to set a field for a non-object instance fails
  • Bug 9782: icinga2 node wizard don’t take zone_name input
  • Bug 9806: Operator + is inconsistent when used with empty and non-empty strings
  • Bug 9814: Build fix for Boost 1.59
  • Bug 9835: Dict initializer incorrectly re-initializes field that is set to an empty string
  • Bug 9860: missing check_perfmon.exe
  • Bug 9867: Agent freezes when the check returns massive output
  • Bug 9884: Warning about invalid API function icinga::Hello
  • Bug 9897: First SOFT state is recognized as second SOFT state
  • Bug 9902: typo in docs
  • Bug 9912: check_command interfaces option match_aliases has to be boolean
  • Bug 9913: Default disk checks on Windows fail because check_disk doesn’t support -K
  • Bug 9928: Add missing category for IDO query
  • Bug 9947: Serial number field is not properly initialized for CA certificates
  • Bug 9961: Don’t re-download NSCP for every build
  • Bug 9962: Utility::Glob on Windows doesn’t support wildcards in all but the last path component
  • Bug 9972: Icinga2 – too many open files – Exception
  • Bug 9984: fix check command nscp-local
  • Bug 9992: Duplicate severity type in the documentation for SyslogLogger