ITRS OP5 Monitor 9.x Release Notes
Overview
ITRS OP5 Monitor release notes contain the list of enhancements of features, and a set of issues fixed in the 9.x release version of OP5 Monitor.
For more information on versioning, including standard and rolling release, see Release tracks in OP5 Monitor 9.x Compatibility Matrix.
Known issues
To view the list of known issues for all OP5 Monitor 9.x releases, see OP5 Monitor 9.x Known Issues. The known issues that are resolved will be added on this page.
Compatibility and lifecycle
To view all the changes to OP5 Monitor compatibility and lifecycle, see OP5 Monitor 9.x Compatibility Matrix.
OP5 Monitor 9.2
Released: 6 September 2022
To download ITRS OP5 Monitor, including all components, see ITRS Downloads.
Highlights
These are the highlights of this release:
-
Updated logging so that the host name or template name is indicated in logs when an invalid host configuration is found by Nachos.
-
Added the new
check_http_jsonplugin as a replacement forcheck_jsonwhich has been removed in OP5 Monitor 9.0. -
Added the selector command-line option to the
check_k8splugin to enable resource queries using labels. -
Added a new plugin for checking the REST API of NSClient++. You can use this plugin instead of
check_nrpefor gathering check results. -
Automatically detected services when adding a new host now use
check_nrpeinstead ofcheck_nt. -
Removed the debug log setting from
/etc/op5/check_vmware/service.cfg. Debug logs are now enabled by setting loglevel = 'debug' in/etc/op5/check_vmare/gunicorn.cfg. -
Fixed an issue where updating using the tarball installer always update OP5 Monitor to the latest version available in online OP5 RPM repositories, not the version supplied in the tarball.
New features and enhancements
These are the new features and enhancements of this release:
| Issue key | Component | Release description |
|---|---|---|
| MON-12774 | Nachos | Updated logging so that the host name or template name is indicated in logs when an invalid host configuration is found by Nachos. |
| MON-13162 | Plugins | Added the new check_http_json plugin as a replacement for check_json which has been removed in OP5 Monitor 9.0. |
| MON-13168 | Plugins, check_k8s | Added the selector command-line option to the check_k8s plugin to enable resource queries using labels. |
| MON-13172 | Plugins, NSClient | Added a new plugin for checking the REST API of NSClient++. You can use this plugin instead of check_nrpe for gathering check results. |
Issues fixed
These are the issues we have fixed in this release:
| Issue key | Component | Release description |
|---|---|---|
| MON-12701 | Nacoma | Removed the default value of stalking_options, n, when new hosts are created. |
| MON-12796 | Merlin, Naemon | Fixed an issue where the host notification suppressed events are not displayed in event log. |
| MON-13027 | Nacoma | Automatically detected services when adding a new host now use check_nrpe instead of check_nt. |
| MON-13142 | Nacoma | Fixed an issue in the Host configuration page where the Advanced toggle button was not working. |
| MON-13160 | Plugins, check_k8s | Improved error handling. |
| MON-13180 | Merlin | Updated the rename tool to preserve file permissions when log files are updated. |
| MON-13185 | Backup, Nacoma | Fixed an issue in backup and restore that caused an error when restoring the management_pack table for the Nacoma database. |
| MON-13194 | PNP | The /opt/monitor/etc/pnp/npcd.cfg now has a root user and group ownership on fresh installs and updates. |
| MON-13197 | Plugins | Removed the debug log setting from /etc/op5/check_vmware/service.cfg. Debug logs are now enabled by setting loglevel = 'debug' in /etc/op5/check_vmare/gunicorn.cfg. |
| MON-13198 | Install/Upgrade | Fixed an issue where updating using the tarball installer always update OP5 Monitor to the latest version available in online OP5 RPM repositories, not the version supplied in the tarball. |
OP5 Monitor 9.1
Released: 15 June 2022
To download ITRS OP5 Monitor, including all components, see ITRS Downloads.
Highlights
These are the highlights of this release:
-
Removed the
urlizeplugin since it was vulnerable to remote code execution. -
Security hardening. The
negateplugin has been updated to only accept commands and scripts to execute from the plugin path/opt/plugin/. -
Security hardening has been improved to set the Apache policy to never include referrer URLs.
-
Improved security by disabling auto-complete on sensitive input fields.
-
Improved security of HTTP response headers.
-
The Secure and HttpOnly attributes are now set on the PHPSESSID cookie in the HTTP API.
-
The Kubernetes management pack now has fields for the namespace, while the namespace parameter for
check_k8s_nodescheck command has been removed. -
Added the
--ignorecommand-line option to thecheck_k8splugin to exclude specified resource names from the check result. -
Added capability to check multiple namespaces to
check_k8splugin. -
Attributions, in Nagvis and Geomap, to Map and Data have been updated in accordance with terms and conditions with providers.
Breaking changes
These are the breaking changes in this release:
-
Pollers which depend on
ssh-lesstest-this-check, particularly pollers with connect=no set on the master side will need to add the node settingaccept_runcmd=1in order to keep on usingtest this check. -
The changes in the
negateplugin may break the existing configurations if this plugin is used to execute applications and scripts outside the/opt/plugin/path. -
The changes in the Kubernetes management pack and
check_k8s_nodescheck command may break existing hosts configured using the Kubernetes management pack due to the addition of a custom variable for the namespace. To restore the functionality of the existing Kubernetes checks, add a custom variable named_NAME_SPACEwith a value set to""(blank) to the existing host configuration. It is also necessary to configure and activate the updated management packs, see Management packs. -
The updates made to all NSClient checks to use the
check_nrpeversion 4 (version 2 is no longer working on EL8 operating systems) will have some implications, so take note of the following:-
Configure and activate the updated management packs. See Management packs.
-
Import the updated check commands. See Import commands.
-
All servers with NSClient that are still using 512-bit keys for their NRPE SSL encryption require updating to use 2048-bit keys. For more information, see the check_nrpe article.
-
New features and enhancements
These are the new features and enhancements of this release:
| Issue key | Component | Release description |
|---|---|---|
| MON-13076 | Plugins, check_k8s | Added capability to check multiple namespaces. |
| MON-13083 | Host-wizard | Fixed UI issues in the Host Wizard. |
| MON-13089 | Plugins, check_k8s | The Succeeded phase is now counted as an OK state. |
| MON-13092 | API | The Secure and HttpOnly attributes are now set on the PHPSESSID cookie in the HTTP API. |
| MON-13106 | Autodiscovery | Updated to Bootstrap 5 in Autodiscovery which removes the dependency on jQuery. |
| MON-13108 | Generic | Improved security of HTTP response headers. |
| MON-13110 | Generic | Implemented a Content Security Policy (CSP) in the OP5 Monitor. |
| MON-13111 | Ninja | Improved security by disabling auto-complete on sensitive input fields. |
| MON-13131 | Generic | Security hardening has been improved to set the Apache policy to never include referrer URLs. |
| MON-13138 | Nacoma | Removed the automatic discovery of Sensatronic and NetWare devices since the required plugins are no longer shipped. |
| MON-13140 | Plugins | Removed the urlize plugin since it was vulnerable to remote code execution. |
| MON-13141 | Plugins, negate | Security hardening. The negate plugin has been updated to only accept commands and scripts to execute from the plugin path /opt/plugin/. |
| MON-13152 | Plugins, check_k8s | Added the --ignore command-line option to the check_k8s plugin to exclude specified resource names from the check result. |
| MON-13153 | Plugins, check_k8s | Added the --version command-line option. |
| MON-13161 | Livestatus, Naemon | Livestatus and Naemon have been updated to version 1.3.1 to stay in sync with upstream. |
| MON-13163 | Geomap, NagVis | Attributions, in Geomap and NagVis, to Map and Data have been updated in accordance with terms and conditions with providers. |
| MON-13166 | Plugins, check_k8s | The Kubernetes management pack now has fields for the namespace, while the namespace parameter for check_k8s_nodes check command has been removed. |
Issues fixed
These are the issues we have fixed in this release:
| Issue key | Component | Release description |
|---|---|---|
| MON-13188 | Ninja | Fixed an issue where scheduled reports were sent every minute. |
| MON-6729 | Plugins, check_radius | Updated the check_radius check command to use the correct path to the config file. |
| MON-13014 | Geomap | The default map in Geomap now works correctly. |
| MON-13058 | Ninja | Improved jQuery compatibility. |
| MON-13091 | API | Mitigated XSS vulnerability in the API error messages. |
| MON-13093 | API | Removed ability to spoof the URLs generated in the API documentation by setting the host header to something malicious. |
| MON-13121 | Reports | Improved error messages in the UI. |
| MON-13125 | Nacoma, WMIC | Updated WMI network scanning to work with the latest version of check_wmi and made it compatible with DCOM security hardening. |
| MON-13126 | Backup | Fixed an issue where the wrong SNMP user would be recreated after restoring a backup. |
| MON-13129 | Autodiscovery | Fixed an issue in the Autodiscovery where having spaces around an ip-range would result in an error. |
| MON-13135 | Ninja | Improved UI in the date picker component. |
| MON-13139 | Nacoma | The Remove button for custom variable now works correctly. |
| MON-13146 | Ninja, Reports | Fixed manual sending of scheduled reports and saving of reports to system /tmp folder now works correctly. |
| MON-13147 | Nachos | The migration script now checks if configurations are correctly encoded in UTF-8. |
| MON-13148 | Merlin | Added the new accept_runcmd node setting. This node setting must be enabled in order to use test this check on that node. Note that this only affects the ssh-less test this check. |
| MON-13157 | Ninja, Reports | Fixed UI issues when editing reports. |
| MON-13159 | Plugins, check_yum_update | GPG keys are now imported for users when using the check_yum_update plugin. |
| MON-13169 | Plugins, management-packs | Updated all NSClient checks to use the check_nrpe version 4, and removed the check_nrpe version 2 from OP5 Monitor. |
OP5 Monitor 9.0
Released: 5 April 2022
To download ITRS OP5 Monitor, including all components, see ITRS Downloads.
Highlights
These are the highlights of this release:
-
Support for EL8 to provide a modern operating system as a base, including Red Hat Enterprise Linux 8, CentOS 8 Stream, and Rocky Linux 8.x distributions. To view the upgrade notes for OP5 Monitor 9, see Upgrade to OP5 Monitor 9.
-
Security improvements through upgrades to PHP 7.4 and MariaDB 10.5 as well as dependency removal of RabbitMQ.
-
Updated plugins to provide a more relevant set of plugins.
-
Email templates have been updated with a newer and fresher look.
-
The OP5 Monitor UI has been refreshed with new logos and colours.
-
You can now set the root password of MySQL without impacting OP5 Monitor functionality.
-
Session IDs are now regenerated on login.
-
Cronjobs have been replaced with systemd timers.
-
PNP4Nagios and NagVis have been updated to the latest versions.
-
Logger has been removed from the OP5 Monitor since its functionality is obsolete.
New features and enhancements
These are the new features and enhancements of this release:
| Issue key | Component | Release description |
|---|---|---|
| MON-10355 | Plugins | Updated monitoring-plugins suite to version 2.3.1. |
| MON-11847 | Nacoma | The maximum size of configuration fields in the Nacoma database has been increased. |
| MON-12319 | Nachos | The character set used in the Nacoma database has been updated to UTF-8. This change does not have any functional impact on the product. |
| MON-12535 | Mayi | The Test this host and Test this service group rights have been removed from the limited_edit role. |
| MON-12574 | Nachos | Enabled change of root password for MySQL. |
| MON-12621 | Notify | Email templates have been updated with a newer and fresher look. |
| MON-12622 | Portal | OP5 Monitor Portal has been removed. |
| MON-12697 | Plugins | The default behavior of the check_aws shipped check_command has been changed to not include the unit argument. |
| MON-12700 | Ninja | Removed cookie usage banner from OP5 Monitor. |
| MON-12877 | Ninja, Nacoma, Merlin | Cron jobs have been replaced with systemd timers. |
| MON-12889 | Nacoma, Ninja, Reports | Multiple OP5 Monitor components have been updated to use the upgraded version of jQuery 3.6.x and jQuery-UI 1.13.x. |
| MON-12908 | Nacoma | The Help link in the configuration UI now points to the ITRS OP5 Monitor documentation instead of an internal help page. |
| MON-12935 | Ninja | Removed option to change themes in the UI. |
| MON-12946 | Plugins | Updated the check_wmi_plus plugin to work with DCOM hardening. |
| MON-12965 | Generic | PHP version has been upgraded from 7.2 to 7.4. |
| MON-12999 | Plugins |
All default NRPE checks, except for specific to , now use |
| MON-13024 | NagVis | NagVis has been updated to 1.9.30 to address the security vulnerability: CVE-2021-33178. |
| MON-13035 | Autodiscovery | Removed RabbitMQ dependency and switched worker model for Magellan Autodiscovery service. |
| MON-13045 | Plugins | The check_mssql plugin has been removed, and the recommended check_mssql_health plugin has been updated to 2.7.2.2. |
| MON-13061 | Ninja | Updated the About menu to include the OP5 Monitor version, and removed the Naemon version. |
| MON-13062 | API | Removed the deprecated Status API endpoints (/api/status and /api/help/status). Use the Filter API instead. |
| MON-13064 |
Plugins |
Updated the check_wmi_plus plugin to 1.66. |
| MON-13077 | Ninja | Successful login attempts are now logged on level notice. |
Issues fixed
These are the issues we have fixed in this release:
| Issue key | Component | Release description |
|---|---|---|
| MON-13020 | Ninja, pnp | Clicking the Make default graph button on a PNP graphs page now works correctly. The default graph is displayed when hovering over the graph image in the list views. |
| MON-13039 | Nacoma, Ninja | Forced a complete reimport of the configuration files when restoring a backup to ensure the configuration database is in sync. |
| MON-13101 | Plugins | Added the missing -a option in the check_oracle_query and check_oracle_query_regex check commands.
|
Other releases
Click the links below to view other versions of OP5 Monitor release notes.
| ITRS OP5 Monitor 9.x Release Notes | Released: April 2022 |
| ITRS OP5 Monitor 8.x Release Notes |
Released: January 2019 Last updated: April 2022 |
| ITRS OP5 Monitor 7.x Release Notes |
Released: March 2019 Last updated: October 2020 |
Disclaimer: The information contained in this document is for general information and guidance on our products, services, and other matters. It is only for information purposes and is not intended as advice which should be relied upon. We try to ensure that the content of this document is accurate and up-to-date, but this cannot be guaranteed. Changes may be made to our products, services, and other matters which are not noted or recorded herein. All liability for loss and damage arising from reliance on this document is excluded (except where death or personal injury arises from our negligence or loss or damage arises from any fraud on our part).