Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Introduction

There are several user configuration attributes within NMIS8 that administrators should consider changing to better suit their environment.

Related Wiki Space:

https://community.opmantek.com/x/BgAF

Settings

Authentication

The authentication section allows for many customizations such as login banner, keys, authentication servers, etc.  Here's an example of how to use an AD server for external authentication:  https://community.opmantek.com/x/WgC2

...

Below are a few commonly changed configuration items when installing a new NMIS.


Authentication

CategoryConfigurationOriginal ValuePossible ValuesLinkDescription
authenticationauth_cookie_flavournmisnmis, omkUser Management in NMIS8To configure NMIS to share authentication cookies with Opmantek Applications, it is necessary that you change the configuration item auth_cookie_flavour from the default "nmis" to "omk" and set the configuration item auth_web_key to the same value as the OMK application's first omkd_secrets configuration.
authenticationauth_default_groups

As aboveWhen accessing NMIS, you have a choice on how to handle authenticated users who do not have authorisations defined, you can reject them, or you can allow them default access. This is so that you do not have to define every user in the system if the authentication system is providing a reduced list of users, to have the users become an operator or guest by default and be able to see all groups of devices, the following would apply. 'auth_default_privilege' => 'guest', 'auth_default_groups' => 'all'. To prevent default authorisation, simply define them as blank, which is the default in the NMIS8 Install configuration.
authenticationauth_default_privilege

As aboveAs above for auth_default_groups
authenticationauth_ldap_contextou=people,dc=opmantek,dc=com

...


As aboveThe base of context to attempt to bind to 
authenticationauth_ldap_server192.168.1.5

...

<ip>As aboveThe LDAP server to use for autheitcation.
authenticationauth_method_1htpasswd
As aboveIn the NMIS configuration you can configure multiple methods which are used for auth failure, so if ms-ldap fails, it will fail back to htpasswd for example. This means if you set auth_method_1 to be ldap and auth_method_2 to be htpasswd, and login with the default NMIS credentials (and you have not changed the password), the authentication for LDAP will fail, and then authentication with the users.dat will succeed and the user will be logged in.
authenticationauth_method_2

As aboveAs above for auth_method_1
authenticationauth_ms_ldap_base

...

dc=corp,dc=opmantek,dc=com

...


As aboveThe LDAP Base to search from
authenticationauth_ms_ldap

...

_dn_accnmis
As aboveThe DomainName\account to bind with
authenticationauth_ms_ldap_

...

Email

NMIS can send email based on alerts.  Edit the email attributes below to suit your organization.

Code Block
  'email' => {
    'mail_server' => '127.0.0.1',
    'mail_server_ipproto' => undef,
    'mail_combine' => 'true',
    'mail_domain' => 'yourdomain.com',
    'mail_from' => 'nmis@yourdomain.com',
    'mail_from_reports' => 'nmis-reports@yourdomain.com',
    'mail_use_tls' => 'false',
    'mail_server_port' => '25',
    'mail_user' => 'your mail username',
    'mail_password' => ''
  },

System

The System section has many attributes.  We recommend reading through them as it will provide some insight into what level of customization is available.  At a minimum set the server_name accordingly.

...

dn_pswXXXXXXXXX
As aboveThe password for the above
authenticationauth_ms_ldap_server192.168.1.5<ip>As aboveThe Active Directory server to use for authentication
authenticationauth_sso_domain

As above
authenticationauth_user_name_regex[\w \-\.\@\`\']+<regex>As above


Email

CategoryConfigurationOriginal ValuePossible ValuesLinkDescription
emailmail_combinetruetrue, falseNMIS8 Email
emailmail_domainyourdomain.com<domain>As above
emailmail_fromnmis@yourdomain.com<email>As above
emailmail_from_reportsnmis-reports@yourdomain.com<email>As above
emailmail_password
<password>As above
emailmail_server127.0.0.1<ip>As above
emailmail_server_ipproto
ipv4, ipv6As above
emailmail_server_port25<integer>As above
emailmail_use_tlsfalsetrue, falseAs above
emailmail_useryour mail username<username>As above


Globals

CategoryConfigurationOriginal ValuePossible ValuesLinkDescription
globalsnode_name_rule



globalsthreshold_falling_reset_dampening



globalsthreshold_rising_reset_dampening



globalsuuid_add_with_node

Using Unique Identifiers (UUID) for NMIS Nodes


System

CategoryConfigurationOriginal ValuePossible ValuesLinkDescription
systemdemote_faulty_nodestruetrue, false
For nodes that have been non-collectable for a long time NMIS offers to attempt collect operations only once every 24 hours.
systemdisplay_status_summaryfalsetrue, falseNMIS Node Status
systemfastping_interval


Added in NMIS 9.0.3
systemfastping_target_interval


Added in NMIS 9.0.3
systemgraph_cache_maxage



systemnettype_listwan,lan,vpn,man,san,voice,default<list>

systemnetwork_viewNode_field_liststatus,outage,sysName,host_addr,host_addr_backup, group,customer,location,businessService,serviceStatus, nodeType,nodeModel,polling_policy,sysUpTime,sysLocation, sysContact,sysDescr,ifNumber,lastUpdate, nodeVendor,sysObjectName,roleType,netType<list>Adding or Rearranging fields in the Node Details ViewControls which fields are shown in the Node View and in what order.
systemnode_status_uses_status_summaryfalsetrue, falseNMIS Node Status
systemnon_stateful_eventsNode Configuration Change, Node Reset, NMIS runtime exceeded<list>

systemos_username



systempolling_interval_factor0.9<decimal>
Fraction of the polling interval after which node is considered for next poll
systemthreshold_period-interface-15 minutes

Added in NMIS 8.5
systemthreshold_period-pkts-15 minutes

Added in NMIS 8.5
systemthreshold_period-pkts_hc-15 minutes

Added in NMIS 8.5