{{last_updated_at}} by {{last_updated_by}}

Install Icinga2 and Icingaweb2

Installation (Master Node)

Steps are adapted from this guide.

Install Icinga2

# Install MySQL if you haven't yet

# These lines for Ubuntu 18.04 only:
curl | apt-key add -
echo "deb icinga-bionic main" >  /etc/apt/sources.list.d/bionic-icinga.list
apt update
apt-get install icinga2
apt-get install icinga2-ido-mysql

# These 3 lines for Debian 8 only:
echo 'deb jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list
apt-get update
apt-get -t jessie-backports install icinga2
apt-get -t jessie-backports install icinga2-ido-mysql

systemctl enable icinga2.service
systemctl start icinga2.service
apt install nagios-plugins
# nagios-plugins has Samba as a dependency, but you should remove it.
apt remove samba-common samba-libs
icinga2 feature enable ido-mysql
systemctl restart icinga2.service

Install Icingaweb2

apt install icingaweb2


  • Run icinga2 node wizard.Select "N" to create a master node.
  • Enable the api and command module to allow issuing commands from Icingaweb2 and to allow API: icinga2 feature enable api command; service icinga2 restart
  • Add an API user for remote checks.  For instance, a user that can
    receive backupninja checks. Add this to /etc/icinga2/conf.d/api-users.conf:

    object ApiUser "backupninja" {
      password = "<redacted>"
      permissions = [
          permission = "actions/process-check-result"
          filter = {{ match("backupninja", service.display_name) }}
          permission = "actions/reschedule-check"
          filter = {{ match("backupninja", service.display_name) }}

Open the firewall

Open port 5665 on the master node's firewall. Edit the files in /etc/iptables and restart netfilter-persistent.

Install additional checks

Install Plugins

Place the following two scripts in your plugins directory
(/usr/lib/nagios/plugins) and ensure they're executable:

  • check_drupal - installs with the Drupal "nagios" plugin, also available here.
  • check_civicrm - There are two scripts - one for Civi 4.6 and below, another for 4.7 and up.  4.7 version is available here, 4.6 version is here.
  • check_domain - This does a WHOIS lookup to ensure domain names aren't about to expire.  Install from here.
  • check_rbl - Check spam blacklists.  File is here, also install dependencies: apt install libreadonly-xs-perl libnagios-plugin-perl libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl

Define CheckCommand and Service objects for the new plugins

Copy the CheckCommand and Service files from
and See Add New Checks to Icinga2 for details.

Harden the TLS connection

Add this line to the bottom of the "api" object in /etc/icinga2/features-available/api.conf:

tls_protocolmin = "TLSv1.2"

Set up vim syntax highlighting on the Icinga2 server

mkdir -p ~/.vim/{syntax,ftdetect}
cd ~/.vim/syntax
cd ~/.vim/ftdetect

Updated by Jon Goldberg over 5 years ago · 16 revisions