Icinga 1.13.0 released

logo_icingaWhile you may have seen a lot of updates in our 2.x development head, Icinga 1.x is still alive and being patched and bug-fixed. Some smaller features have also been incorporated into 1.13.0 so consider upgrading your existing installation.


Changelog Core, IDOUtils, Classic UI


  • Remove deprecated event_profiling_enabled from icinga.cfg
  • Remove deprecated broker_module from icinga.cfg (use module object configuration instead)
  • Add module config examples in modules/ directory (livestatus, mod_gearman, pnp4nagios, flapjack)
  • Move contrib/downtimes to tools/downtimes and add ‘make install-downtimes’


  • Feature #1867: Recurring Downtimes
  • Feature #6353: deprecate icinga.cfg:broker_module; add more module examples
  • Feature #8007: Implement an option to disable transactions
  • Feature #8139: Add functions for registering file descriptors closed on fork()
  • Feature #8140: Add Check Result List Mutex for NEB modules
  • Feature #8426: Remove constraint from *dependencies tables
  • Feature #8440: Enhance idomod logging


  • Bug #6263: Race condition in init.d scripts’ stop
  • Bug #6762: Icinga crashes when “args” attribute is not specified for modules
  • Bug #7004: GET form param has no effect on cmd.cgi acks (again)
  • Bug #8202: Cool tip text for refresh of hosts and services says “I’m so lonely up here. Where should I go?”
  • Bug #8441: require the ‘config_file’ argument in idomod modules configuration
  • Bug #8445: cmd.cgi use_ack_end_time param does not enable tickbox in form

Download icinga-1.13.0 here.

Changelog Web


  • Ewoud Kohl van Wijngaarden found a way for an SQL injection in Icinga Web’s API. An authenticated user could inject SQL code via a crafted JSON filter (#7924, CVE-2015-2685)

We recommend to update your installation to 1.13.0 as the features are minimal invasive.

Notable changes and features

  • The log now contains the ip address of a user login failed, or the user just logged in and out (#7357)
  • We implemented a command log that contains any command that is send to the Icinga core by an user – written to a separate log file command-20XX-XX-XX.log (#7893)
  • (Bug) Acknowledgments where sent without a proper sticky declaration. This problem has been fixed and host or service acknowledgments are now sticky by default – what it should and was intended to be. (#5838 #7003) Please review our documentation if you are not sure what sticky means.
  • Grids can now display customvariables. Because customvariables are customised on every installation, this feature is disabled by default. See  doc/grids_and_customvars.md for further information.

Other bugs

  • When using Kerberos authentication in a web server a user could receive all credentials when he had a role that had no credentials set (#7892) In our tests that only happens with Kerberos users.
  • When a user could not be imported during login the database exception was not generated correctly (#8301)
  • Don’t contact more authentication providers than necessary during login. Thanks to Victor Hahn (#8341)
  • Fixed the irritating error during application state reset (#8523) The state was always cleared, but an error popped up for the user.

Download icinga-web-1.13.0 here.

Icinga 2 bug fix release 2.3.3

We have just released version 2.3.3. This release fixes a number of bugs and introduces a select few minor features and documentation changes:

  • Feature 8685: Show state/type filter names in notice/debug log
  • Feature 8686: Update documentation for “apply for” rules
  • Feature 8693: New function: parse_performance_data
  • Feature 8740: Add “access objects at runtime” examples to advanced section
  • Feature 8761: Include more details in –version
  • Feature 8816: Add “random” CheckCommand for test and demo purposes
  • Feature 8827: Move release info in INSTALL.md into a separate file
  • Bug 8660: Update syntax highlighting for 2.3 features
  • Bug 8677: Re-order the object types in alphabetical order
  • Bug 8724: Missing config validator for command arguments ‘set_if’
  • Bug 8734: startup.log broken when the DB schema needs an update
  • Bug 8736: Don’t update custom vars for each status update
  • Bug 8748: Don’t ignore extraneous arguments for functions
  • Bug 8749: Build warnings with CMake 3.1.3
  • Bug 8750: Flex version check does not reject unsupported versions
  • Bug 8753: Fix a typo in the documentation of ICINGA2_WITH_MYSQL and ICINGA2_WITH_PGSQL
  • Bug 8755: Fix VIM syntax highlighting for comments
  • Bug 8757: Add missing keywords in the syntax highlighting files
  • Bug 8762: Plugin “check_http” is missing in Windows environments
  • Bug 8763: Typo in doc library-reference
  • Bug 8764: Revamp migration documentation
  • Bug 8765: Explain processing logic/order of apply rules with for loops
  • Bug 8766: Remove prompt to create a TicketSalt from the wizard
  • Bug 8767: Typo and invalid example in the runtime macro documentation
  • Bug 8769: Improve error message for invalid field access
  • Bug 8770: object Notification + apply Service fails with error “…refers to service which doesn’t exist”
  • Bug 8771: Correct HA documentation
  • Bug 8829: Figure out why command validators are not triggered
  • Bug 8834: Return doesn’t work inside loops
  • Bug 8844: Segmentation fault when executing “icinga2 pki new-cert”
  • Bug 8862: wrong ‘dns_lookup’ custom attribute default in command-plugins.conf
  • Bug 8866: Fix incorrect perfdata templates in the documentation
  • Bug 8869: Array in command arguments doesn’t work

You can look up the bug ID in our issue tracker at dev.icinga.org. Updated packages should be available shortly.

Icinga conquers Asia – Fossasia in Singapore

CeBIT is still running but we take the time to talk a little bit about Singapore last week. Icinga had the chance to give a keynote at the first day of FOSSASIA and it was really a blast. FOSSASIA happened in Singapore for the first time this year. The conference featured over 100 talks and workshops covering the latest in Free and Open Source Technology projects, including those focussed on the development of Singapore as a smart nation.

On Thursday we gave a workshop at the Hackerspace in Singapore. Built by and for geeks, nerds, inventors, engineers, and entrepreneurs, Hackerspace.SG is the Singapore hacker community’s home, living room and laboratory. There was a nice group of interested people and we played around with our vagrant-setup a tried the latest features in Icinga 2.3. It was really fun!

Our slides are published on SlideShare and listed on our presentation page. Thanks to Hong Phuc Dang, Mario Behling and all the others creating this great conference in Asia. We will be back … if you want!

Icinga Web 2 Beta 3 released

Fasten your seat belts, this is the last beta release before we carry our first release candidate to the launching platform, I promise. Our team of hard working scientists locked up in our laboratory and crafted lots of usability enhancements which will boost your monitoring experience: Forms and configuration dialogs are now easy to use and self-explanatory. Many accessibility features help to find information faster and assist screen readers. Reachability information for hosts and services help to identify dependency problems in your setup and sending custom notifications is now as easy as pie.  Search functionality has been added to the documentation module. And we extended the configuration for LDAP connections now supporting encrypted communication using LDAPS or STARTTLS. Last but not least we fixed a lot of bugs along the way.

Thanks for helping us testing, finding issues and sending us pull request. We’re happy about this pretty cool beta release and we’re on a good way to the first release candidate. For detailed information have a look on our roadmap.

Head over to GitHub for the release tarball. Have a great weekend.

Bugfix release Icinga 2 v2.3.2

Thanks for your kind feedback on the initial v2.3.0 release – we’ve found a few bug reports and already implemented fixes. There’s a regression with the disk plugin check command in 2.3.0 – warning and critical thresholds now require the percent sign explicitly. The documentation has been fixed – make sure to update your configuration accordingly.

icinga2_2.3.1Cluster heartbeat does not disconnect clients on slow bandwidth, process groups are killed on timeouts instead of only the parent process and the String type provides a new method called ‘contains‘.

Update: There was a problem with the fix in #8687 which is why we’re now at v2.3.2.

Upgrade now and enjoy Icinga 2 v2.3.1 v2.3.2!


Please note that this version fixes the default thresholds for the disk check which were inadvertently broken in 2.3.0; if you’re using percent-based custom thresholds you will need to add the ‘%’ sign to your custom attributes.


  • Feature 8659: Implement String#contains
  • Bug 8540: Kill signal sent only to check process, not whole process group
  • Bug 8657: Missing program name in ‘icinga2 –version’
  • Bug 8658: Fix check_disk thresholds: make sure partitions are the last arguments
  • Bug 8672: Api heartbeat message response time problem
  • Bug 8673: Fix check_disk default thresholds and document the change of unit
  • Bug 8679: Config validation fail because of unexpected new-line
  • Bug 8680: Update documentation for DB IDO HA Run-Once
  • Bug 8683: Make sure that the /var/log/icinga2/crash directory exists
  • Bug 8684: Fix formatting for the GDB stacktrace
  • Bug 8687: Crash in Dependency::Stop
  • Bug 8691: Debian packages do not create /var/log/icinga2/crash

Icinga 2 v2.3.0 released

You may have heard it already – 2.3 adds lots of new features, for example object attribute accessors at runtime accompanied by functions, loops, conditionals and much more. Bringing you Icinga 2 v2.3.0 also means: 660 Git commits since 2.2.0, 94 features & 127 bug fixes.

While upgrading your Icinga 2 installation, you can test-drive the new language features in the new live console online on icinga.org. Grab a coffee, check additional feature details below, switch to the Changelog and once your upgrade has finished, get to work with the all new shiny Icinga 2 v2.3.0. The online documentation is currently undergoing changes, things to note: live search and removable tables of content tab.

Conditional statements

icinga2_2.3_conditions_icingaweb2This was frequently asked in the past: “How can I inherit values from the host to the service, and leave it to a default value if not set?” Consider it done with if-then-else-if-else conditions inside the Icinga 2 configuration language. The example shows a fallback to the host’s FQDN if its address6 attribute has not been set – cool, isn’t it?


Functions – what for?

You can now define your own functions including the return keyword. That includes locally scoped variables identified by the var keyword and anonymous lambda functions too. We’ve thought about functions and their use cases for Icinga 2. One thing we came up with is the Boolean return value for set_if inside command arguments – not only a macro string value, but also nearly any condition. Same applies for command argument values. The short way of assigning return values is putting them in double curly brackets {{ …. }}.


Loops, loops, loops, …

You’ve seen for loops already inside the fancy apply for rules introduced with 2.2. Using while and for loops including break and continue keywords has been experimental for Icinga Web 2’s Vagrant Box quite a while. In real-life scenarios you would use them in combination with functions and if-then-else conditions iterating over arrays and dictionaries defined in custom attributes.


Object attribute accessors for clustered checks

icinga2_2.3_object_runtime_attributes_cluster_bp_icingaweb2Digging up the old problem with so-called “on-demand macros” in Icinga 1.x and migration issues we’ve tackled this one differently: Instead of obfuscating the macro parser once again, the problem is solved differently – you’d want to access objects and their run-time attributes. Most commonly, get_host(NodeName).state for the old-fashioned check_cluster plugin. And many, many objects and attributes more …

That syntax could be used for cluster checks and business processes inside Icinga 2 – we’ll tackle the dummy check problem sooner or later, promise!


Time dependent thresholds

Right before the feature freeze one of our colleagues approached us with the request of time-dependent check threshold values. We’ve already had if-conditions and object accessor functions thus far, and so added the is_inside run-time attribute to the get_time_period() function. That way you can set thresholds depending on the current time of the day.

Type methods

Defined an array, but need it in a sorted manner? Remove a dictionary item inherited from a template? Split a string into parts? Not an issue anymore.

console CLI command

icinga_org_live_consoleTest all the language features inside the Icinga 2 console. Install rlwrap to keep history and line continuation and test-drive your new configuration before putting into the files.

Misc features

From OpenTSDB support to ignoring soft states in dependencies. Additional ITL plugin check commands (interfacetable, IPMI, webinject, vmware_esx, local ‘nscp client’ commands for the Windows agent). Livestatus header support, improved performance and additional bygroup tables. Improved cluster stability and scalability using fewer threads for socket I/O and SNI TLS support. ‘icinga2 troubleshoot’ cli command for better community support … check the Changelog below and in the documentation for more details.

PS: I’ve uploaded the configuration samples made for this blog post into the Vagrant boxes.


2.3.0 Changelog

  • Improved configuration validation
    • Unnecessary escapes are no longer permitted (e.g. \’)
    • Dashes are no longer permitted in identifier names (as their semantics are ambiguous)
    • Unused values are detected (e.g. { “-M” })
    • Validation for time ranges has been improved
    • Additional validation rules for some object types (Notification and User)
  • New language features
    • Implement a separate type for Boolean values
    • Support for user-defined functions
    • Support for conditional statements (if/else)
    • Support for ‘for’ and ‘while’ loops
    • Support for local variables using the ‘var’ keyword
    • New operators: % (modulo), ^ (xor), – (unary minus) and + (unary plus)
    • Implemented prototype-based methods for most built-in types (e.g. [ 3, 2 ].sort())
    • Explicit access to local and global variables using the ‘locals’ and ‘globals’ keywords
    • Changed the order in which filters are evaluated for apply rules with ‘for’
    • Make type objects accessible as global variables
    • Support for using functions in custom attributes
    • Access objects and their runtime attributes in functions (e.g. get_host(NodeName).state)
  • ITL improvements
    • Additional check commands were added to the ITL
    • Additional arguments for existing check commands
  • CLI improvements
    • Add the ‘icinga2 console’ CLI command which can be used to test expressions
    • Add the ‘icinga2 troubleshoot’ CLI command for collecting troubleshooting information
    • Performance improvements for the ‘icinga2 node update-config’ CLI command
    • Implement argument auto-completion for short options (e.g. daemon -c)
    • ‘node setup’ and ‘node wizard’ create backups for existing certificate files
  • Add ignore_soft_states option for Dependency object configuration
  • Fewer threads are used for socket I/O
  • Flapping detection for hosts and services is disabled by default
  • Added support for OpenTSDB
  • New Livestatus tables: hostsbygroup, servicesbygroup, servicesbyhostgroup
  • Include GDB backtrace in crash reports
  • Various documentation improvements
  • Solved a number of issues where cluster instances would not reconnect after intermittent connection problems
  • A lot of other, minor changes
  • DB IDO schema upgrade to 1.13.0 required!

Find the detailed Changelog in the “What’s new” section in the documentation!