ITRS OP5 Monitor 9.x Release Notes

Overview

ITRS OP5 Monitor release notes contain the list of enhancements of features, and a set of issues fixed in the 9.x release version of OP5 Monitor.

For more information on versioning, including standard and rolling release, see Release tracks in OP5 Monitor 9.x Compatibility Matrix.

Upcoming OP5 Monitor release

OP5 Monitor follows a bi-monthly release cycle.

Known issues

To view the list of known issues for all OP5 Monitor 9.x releases, see OP5 Monitor 9.x Known Issues. The known issues that are resolved will be added on this page.

Compatibility and lifecycle

To view all the changes to OP5 Monitor compatibility and lifecycle, see OP5 Monitor 9.x Compatibility Matrix.

End of availability

Notice of change Effective date
End of availability for OP5 Monitor 8.x.x. September 2023
   

End of support

The end of support means that the affected components are no longer supported:

Notice of change Effective date
End of support for OP5 Monitor 8.x.x. April 2024
   

OP5 Monitor 9.4

Released: 25 January 2023

To download ITRS OP5 Monitor, including all components, see ITRS Downloads.

Highlights

These are the highlights of this release:

  • LMD has been updated to version 2.1.2 to stay in sync with the upstream project.

  • Restricted the privileges to run commands as a monitor user to service users running OP5 Monitor.

  • Magellan and Nachos have been updated to use Python 3.9.

  • The Monitoring plugins have been updated to version 2.3.2.

  • The naemon-core and naemon-livestatus have been upgraded to version 1.4.0.

  • You can now use a CLI tool that prints a list of installed OP5 Monitor software packages and their licenses.

New features and enhancements

These are the new features and enhancements of this release:

Issue key Component Release description
MON-11764 Generic

Restricted the privileges to run commands as a monitor user to service users running OP5 Monitor.

The /usr/bin/asmonitor script can now only be run by the intended internal service users and root.
MON-12997 Ninja Information on software licensing has been added to the About > License Software window.
MON-13186 Merlin, Ninja Added the Show logs from all node button to the Event Log page to display a consolidated list of event logs from all nodes. Each line in the log is appended with the node name where the log originated.
MON-13218 LMD LMD has been updated to version 2.1.2 to stay in sync with the upstream project. For more details, see LMD changes.
MON-13225 Magellan Magellan has been updated to use Python 3.9 to resolve security vulnerabilities with dependencies.
MON-13226 Nachos Nachos has been updated to use Python 3.9 to resolve security vulnerabilities with dependencies.
MON-13228 Plugins The Monitoring plugins have been updated to version 2.3.2. For more information, see the changelog.
MON-13230 Install/upgrade The configuration of the installer script repository has been improved and is now more reliable.
MON-13233 Livestatus, Naemon

The naemon-core and naemon-livestatus have been upgraded to version 1.4.0.

This release contains updated versions of all Naemon event broker modules that OP5 Monitor uses.
MON-13234 Backup, Plugins

Self-monitoring check Monitor backup - Check backup files now returns an unknown state instead of critical when no backups have been created yet. This update also improved its plugin output text.

The op5-backup now includes systemd service and timer units, which can be used to enable automatic backups by running systemctl enable --now op5-backup.timer. If an op5-backup scheduled job is configured in /etc/cron.d, it is advisable to remove that when the systemd timer is enabled.
MON-13237 ModSecurity Newly updated URLs that were previously linked to 403 pages now point to official documentation instead of support pages.
MON-13238 Generic In OP5 Monitor 8.x and 9.x, broken links to documentation, knowledge base articles, and other external resources are fixed.
MON-13250 Generic You can now use a CLI tool that prints a list of installed OP5 Monitor software packages and their licenses.
     

Issues fixed

These are the issues we have fixed in this release:

Issue key Component Release description
MON-9490 Nacoma Clicking the Complete reimport link now prompts the configuration files to be loaded into the database, regardless of the file's timestamp. This change also improved the messaging by explaining how importing the configuration files into the database will affect the current settings.
MON-12194 Nacoma Updated the popup text for the Undo button to clarify that it reverts all the changes the logged-in user has made since the last save. Additionally, if you reimport configuration files into the database, this action reverses all user configurations since the last save.
MON-13132 GUI, Config Removed the complete reimport link from the GUI after restoring from backup. Reimport already happens during a backup restore, so performing it again is redundant.
MON-13144 GUI Decreased the time it takes for the business object tree to load in order to prevent coming across a blank page.
MON-13207 Plugins All VMware check timeouts caused by connection attempts to slow-responding vSphere servers have been resolved.
MON-13209 Ninja, Widgets A validation has been added when creating a quicklink to avoid cross-site scripting attacks.
MON-13215 Nacoma Fixed an issue where all services were removed when removing an item from a selected service group.
MON-13222 Ninja Added a default value for an unset comment upon submitting a problem acknowledgment.
MON-13240 GUI The OP5 Monitor binaries now contain the fonts required for offline installation.
MON-13253 Backup The issue with restoring migration backups from OP5 Monitor 8.4.x to version 9.x has been resolved.
     

OP5 Monitor 9.3

Released: 2 November 2022

To download ITRS OP5 Monitor, including all components, see ITRS Downloads.

Highlights

These are the highlights of this release:

  • LMD has been updated to version 2.1.0 to stay in sync with the upstream project.

  • Updated the httpd directives to follow the Apache 2.4 standard.

  • The MySQL user privileges for Trapper are now only allowed to access their own database.

  • Fixed an issue in Scheduled Downtimes that prevented editing the recipients of an existing scheduled report.

  • The compatibility issue with the traped script in the Lua 5.1.4 interpreter packaged in op5-trapper-luapack has been resolved.

  • The message output for invalid requests no longer displays server config on API error.

New features and enhancements

These are the new features and enhancements of this release:

Issue key Component Release description
MON-13171 Ninja Updated the httpd directives to follow the Apache 2.4 standard.
MON-13206 LMD LMD has been updated to version 2.1.0 to stay in sync with the upstream project. For more information, see LMD changes.
     

Issues fixed

These are the issues we have fixed in this release:

Issue key Component Release description
MON-13149 GUI Improved error messages for Test this check.
MON-13174 API The message output for invalid requests no longer displays server config on API error.
MON-13190 Trapper The compatibility issue with the traped script in the Lua 5.1.4 interpreter packaged in op5-trapper-luapack has been resolved.
MON-13205 Ninja, Reports Fixed an issue in Scheduled Downtimes that prevented editing the recipients of an existing scheduled report.
MON-13210 Trapper The MySQL user privileges for Trapper are now only allowed to access their own database.
     

OP5 Monitor 9.2

Released: 6 September 2022

To download ITRS OP5 Monitor, including all components, see ITRS Downloads.

Highlights

These are the highlights of this release:

  • Updated logging so that the host name or template name is indicated in logs when an invalid host configuration is found by Nachos.​

  • Added the new check_http_json plugin as a replacement for check_json which has been removed in OP5 Monitor 9.0.

  • Added the selector command-line option to the check_k8s plugin to enable resource queries using labels.

  • Added a new plugin for checking the REST API of NSClient++. You can use this plugin instead of check_nrpe for gathering check results.

  • Automatically detected Windows services when adding a new host now use check_nrpe instead of check_nt.

  • Removed the debug log setting from /etc/op5/check_vmware/service.cfg. Debug logs are now enabled by setting loglevel = 'debug' in /etc/op5/check_vmare/gunicorn.cfg.

  • Fixed an issue where updating using the tarball installer always update OP5 Monitor to the latest version available in online OP5 RPM repositories, not the version supplied in the tarball.

New features and enhancements

These are the new features and enhancements of this release:

Issue key Component Release description
MON-12774 Nachos Updated logging so that the host name or template name is indicated in logs when an invalid host configuration is found by Nachos.
MON-13162 Plugins Added the new check_http_json plugin as a replacement for check_json which has been removed in OP5 Monitor 9.0.
MON-13168 Plugins, check_k8s Added the selector command-line option to the check_k8s plugin to enable resource queries using labels.
MON-13172 Plugins, NSClient Added a new plugin for checking the REST API of NSClient++. You can use this plugin instead of check_nrpe for gathering check results.
     

Issues fixed

These are the issues we have fixed in this release:

Issue key Component Release description
MON-12701 Nacoma Removed the default value of stalking_options, n, when new hosts are created.
MON-12796 Merlin, Naemon Fixed an issue where the host notification suppressed events are not displayed in event log.
MON-13027 Nacoma Automatically detected Windows services when adding a new host now use check_nrpe instead of check_nt.
MON-13142 Nacoma Fixed an issue in the Host configuration page where the Advanced toggle button was not working.
MON-13160 Plugins, check_k8s Improved error handling.
MON-13180 Merlin Updated the rename tool to preserve file permissions when log files are updated.
MON-13185 Backup, Nacoma Fixed an issue in backup and restore that caused an error when restoring the management_pack table for the Nacoma database.
MON-13194 PNP The /opt/monitor/etc/pnp/npcd.cfg now has a root user and group ownership on fresh installs and updates.
MON-13197 Plugins Removed the debug log setting from /etc/op5/check_vmware/service.cfg. Debug logs are now enabled by setting loglevel = 'debug' in /etc/op5/check_vmare/gunicorn.cfg.
MON-13198 Install/Upgrade Fixed an issue where updating using the tarball installer always update OP5 Monitor to the latest version available in online OP5 RPM repositories, not the version supplied in the tarball.
     

OP5 Monitor 9.1

Released: 15 June 2022

To download ITRS OP5 Monitor, including all components, see ITRS Downloads.

Highlights

These are the highlights of this release:

  • Removed the urlize plugin since it was vulnerable to remote code execution.

  • Security hardening. The negate plugin has been updated to only accept commands and scripts to execute from the plugin path /opt/plugin/.

  • Security hardening has been improved to set the Apache policy to never include referrer URLs.

  • Improved security by disabling auto-complete on sensitive input fields.

  • Improved security of HTTP response headers.

  • The Secure and HttpOnly attributes are now set on the PHPSESSID cookie in the HTTP API.

  • The Kubernetes management pack now has fields for the namespace, while the namespace parameter for check_k8s_nodes check command has been removed.

  • Added the --ignore command-line option to the check_k8s plugin to exclude specified resource names from the check result.

  • Added capability to check multiple namespaces to check_k8s plugin.

  • Attributions, in Nagvis and Geomap, to Map and Data have been updated in accordance with terms and conditions with providers.

Breaking changes

These are the breaking changes in this release:

  • Pollers which depend on ssh-less test-this-check, particularly pollers with connect=no set on the master side will need to add the node setting accept_runcmd=1 in order to keep on using test this check.

  • The changes in the negate plugin may break the existing configurations if this plugin is used to execute applications and scripts outside the /opt/plugin/ path.

  • The changes in the Kubernetes management pack and check_k8s_nodes check command may break existing hosts configured using the Kubernetes management pack due to the addition of a custom variable for the namespace. To restore the functionality of the existing Kubernetes checks, add a custom variable named _NAME_SPACE with a value set to "" (blank) to the existing host configuration. It is also necessary to configure and activate the updated management packs, see Management packs.

  • The updates made to all NSClient checks to use the check_nrpe version 4 (version 2 is no longer working on EL8 operating systems) will have some implications, so take note of the following:

    • Configure and activate the updated management packs. See Management packs.

    • Import the updated check commands. See Import commands.

    • All servers with NSClient that are still using 512-bit keys for their NRPE SSL encryption require updating to use 2048-bit keys. For more information, see the check_nrpe article.

New features and enhancements

These are the new features and enhancements of this release:

Issue key Component Release description
MON-13076 Plugins, check_k8s Added capability to check multiple namespaces.
MON-13083 Host-wizard Fixed UI issues in the Host Wizard.
MON-13089 Plugins, check_k8s The Succeeded phase is now counted as an OK state.
MON-13092 API The Secure and HttpOnly attributes are now set on the PHPSESSID cookie in the HTTP API.
MON-13106 Autodiscovery Updated to Bootstrap 5 in Autodiscovery which removes the dependency on jQuery.
MON-13108 Generic Improved security of HTTP response headers.
MON-13110 Generic Implemented a Content Security Policy (CSP) in the OP5 Monitor.
MON-13111 Ninja Improved security by disabling auto-complete on sensitive input fields.
MON-13131 Generic Security hardening has been improved to set the Apache policy to never include referrer URLs.
MON-13138 Nacoma Removed the automatic discovery of Sensatronic and NetWare devices since the required plugins are no longer shipped.
MON-13140 Plugins Removed the urlize plugin since it was vulnerable to remote code execution.
MON-13141 Plugins, negate Security hardening. The negate plugin has been updated to only accept commands and scripts to execute from the plugin path /opt/plugin/.
MON-13152 Plugins, check_k8s Added the --ignore command-line option to the check_k8s plugin to exclude specified resource names from the check result.
MON-13153 Plugins, check_k8s Added the --version command-line option.
MON-13161 Livestatus, Naemon Livestatus and Naemon have been updated to version 1.3.1 to stay in sync with upstream.
MON-13163 Geomap, NagVis Attributions, in Geomap and NagVis, to Map and Data have been updated in accordance with terms and conditions with providers.
MON-13166 Plugins, check_k8s The Kubernetes management pack now has fields for the namespace, while the namespace parameter for check_k8s_nodes check command has been removed.
     

Issues fixed

These are the issues we have fixed in this release:

Issue key Component Release description
MON-13188 Ninja Fixed an issue where scheduled reports were sent every minute.
MON-6729 Plugins, check_radius Updated the check_radius check command to use the correct path to the config file.
MON-13014 Geomap The default map in Geomap now works correctly.
MON-13058 Ninja Improved jQuery compatibility.
MON-13091 API Mitigated XSS vulnerability in the API error messages.
MON-13093 API Removed ability to spoof the URLs generated in the API documentation by setting the host header to something malicious.
MON-13121 Reports Improved error messages in the UI.
MON-13125 Nacoma, WMIC Updated WMI network scanning to work with the latest version of check_wmi and made it compatible with DCOM security hardening.
MON-13126 Backup Fixed an issue where the wrong SNMP user would be recreated after restoring a backup.
MON-13129 Autodiscovery Fixed an issue in the Autodiscovery where having spaces around an ip-range would result in an error.
MON-13135 Ninja Improved UI in the date picker component.
MON-13139 Nacoma The Remove button for custom variable now works correctly.
MON-13146 Ninja, Reports Fixed manual sending of scheduled reports and saving of reports to system /tmp folder now works correctly.
MON-13147 Nachos The migration script now checks if configurations are correctly encoded in UTF-8.
MON-13148 Merlin Added the new accept_runcmd node setting. This node setting must be enabled in order to use test this check on that node. Note that this only affects the ssh-less test this check.
MON-13157 Ninja, Reports Fixed UI issues when editing reports.
MON-13159 Plugins, check_yum_update GPG keys are now imported for users when using the check_yum_update plugin.
MON-13169 Plugins, management-packs Updated all NSClient checks to use the check_nrpe version 4, and removed the check_nrpe version 2 from OP5 Monitor.
     

OP5 Monitor 9.0

Released: 5 April 2022

To download ITRS OP5 Monitor, including all components, see ITRS Downloads.

Highlights

These are the highlights of this release:

  • Support for EL8 to provide a modern operating system as a base, including Red Hat Enterprise Linux 8, CentOS 8 Stream, and Rocky Linux 8.x distributions. To view the upgrade notes for OP5 Monitor 9, see Upgrade to OP5 Monitor 9.

  • Security improvements through upgrades to PHP 7.4 and MariaDB 10.5 as well as dependency removal of RabbitMQ.

  • Updated plugins to provide a more relevant set of plugins.

  • Email templates have been updated with a newer and fresher look.

  • The OP5 Monitor UI has been refreshed with new logos and colours.

  • You can now set the root password of MySQL without impacting OP5 Monitor functionality.

  • Session IDs are now regenerated on login.

  • Cronjobs have been replaced with systemd timers.

  • PNP4Nagios and NagVis have been updated to the latest versions.

  • Logger has been removed from the OP5 Monitor since its functionality is obsolete.

New features and enhancements

These are the new features and enhancements of this release:

Issue key Component Release description
MON-10355 Plugins Updated monitoring-plugins suite to version 2.3.1.
MON-11847 Nacoma The maximum size of configuration fields in the Nacoma database has been increased.
MON-12319 Nachos The character set used in the Nacoma database has been updated to UTF-8. This change does not have any functional impact on the product.
MON-12535 Mayi The Test this host and Test this service group rights have been removed from the limited_edit role.
MON-12574 Nachos Enabled change of root password for MySQL.
MON-12621 Notify Email templates have been updated with a newer and fresher look.
MON-12622 Portal OP5 Monitor Portal has been removed.
MON-12697 Plugins The default behavior of the check_aws shipped check_command has been changed to not include the unit argument.
MON-12700 Ninja Removed cookie usage banner from OP5 Monitor.
MON-12877 Ninja, Nacoma, Merlin Cron jobs have been replaced with systemd timers.
MON-12889 Nacoma, Ninja, Reports Multiple OP5 Monitor components have been updated to use the upgraded version of jQuery 3.6.x and jQuery-UI 1.13.x.
MON-12908 Nacoma The Help link in the configuration UI now points to the ITRS OP5 Monitor documentation instead of an internal help page.
MON-12935 Ninja Removed option to change themes in the UI.
MON-12946 Plugins Updated the check_wmi_plus plugin to work with Windows DCOM hardening.
MON-12965 Generic PHP version has been upgraded from 7.2 to 7.4.
MON-12999 Plugins

All default NRPE checks, except for specific to Windows, now use check_nrpe4.
MON-13024 NagVis NagVis has been updated to 1.9.30 to address the security vulnerability: CVE-2021-33178.
MON-13035 Autodiscovery Removed RabbitMQ dependency and switched worker model for Magellan Autodiscovery service.
MON-13045 Plugins The check_mssql plugin has been removed, and the recommended check_mssql_health plugin has been updated to 2.7.2.2.
MON-13061 Ninja Updated the About menu to include the OP5 Monitor version, and removed the Naemon version.
MON-13062 API Removed the deprecated Status API endpoints (/api/status and /api/help/status). Use the Filter API instead.
MON-13064

Plugins

 Updated the check_wmi_plus plugin to 1.66.
MON-13077 Ninja Successful login attempts are now logged on level notice.
     

Issues fixed

These are the issues we have fixed in this release:

Issue key Component Release description
MON-13020 Ninja, pnp Clicking the Make default graph button on a PNP graphs page now works correctly. The default graph is displayed when hovering over the graph image in the list views.
MON-13039 Nacoma, Ninja Forced a complete reimport of the configuration files when restoring a backup to ensure the configuration database is in sync.
MON-13101 Plugins Added the missing -a option in the check_oracle_query and check_oracle_query_regex check commands.
     

Other releases

Click the links below to view other versions of OP5 Monitor release notes.

ITRS OP5 Monitor 9.x Release Notes Released: April 2022
ITRS OP5 Monitor 8.x Release Notes

Released: January 2019

Last updated: April 2022
ITRS OP5 Monitor 7.x Release Notes

Released: March 2019

Last updated: October 2020

Disclaimer: The information contained in this document is for general information and guidance on our products, services, and other matters. It is only for information purposes and is not intended as advice which should be relied upon. We try to ensure that the content of this document is accurate and up-to-date, but this cannot be guaranteed. Changes may be made to our products, services, and other matters which are not noted or recorded herein. All liability for loss and damage arising from reliance on this document is excluded (except where death or personal injury arises from our negligence or loss or damage arises from any fraud on our part).