28. 09. 2020 Mattia Codato Contribution, Development, Icinga News, NetEye, Unified Monitoring

NetEye – Icinga2 Execute Command API

In the last few weeks, we collaborated with the Icinga2 developers to create a new powerful API, called “Execute Command“.

The main purpose of this new API is to execute specific commands on a node by sending the request to the parent node. This is useful when the user cannot reach the desired node (an agent) from its network but can go through the parent node (a satellite or the master). This scenario is possible by taking advantage of the secure Icinga2 infrastructure already in place.

The above schema shows the “Execute Command” flow.

How It Works

The user, via the API, sends a request to the master saying that he wants to execute a specific command on the agent. The master at this point, after validating the request, forwards it to the satellites. When a satellite receives the execution request, it checks if the agent is part of its zone and forwards the request to the agent, otherwise it ignores the request. In the end, the agent receives the execution request, executes the command and sends back the result. Finally, the user is able to check the status of the execution and to retrieve the result.

Of course, it’s also possible to send an “execute command” request to a satellite or directly to an agent, as long as it is reachable.

Macro Override

Another point of strength is the ability to override all the command’s macros directly from the request. This feature allows us to test the desired command with different variable values and see what happens in each case.

An additional use of this feature is to create a custom check command that executes any shell commands, accepting them from the macros. Remember though that with great power comes great responsibility: in fact, this last example is an edge case and from a security point of view, it must be treated with special caution.

Next Steps

This was really a great collaboration between the two teams, resulting in the creation of the following pull requests:

and soon as they are approved and merged, the new API will be available in Icinga2. As for NetEye, the API will already be available on NetEye 4.14 since we have built our own version of Icinga2.

Mattia Codato

Mattia Codato

Software Developer - IT System & Service Management Solutions at Würth IT Italy

Author

Mattia Codato

Software Developer - IT System & Service Management Solutions at Würth IT Italy

Latest posts by Mattia Codato

05. 12. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.43
05. 12. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.44
05. 12. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.45
01. 12. 2025 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.45 Release Notes
25. 09. 2025 CTF Writeups, Development, Events
Preparing for WP CTF 2025
See All

Related Content

Tags: , , , , , ,

01. 12. 2025 NetEye, Unified Monitoring

Running the Icinga Agent as SYSTEM? No Thanks.

A safer way to run privileged Windows checks with SystemRunner If you’ve been monitoring Windows for a while, you’ve probably seen this pattern: some checks must run as LocalSystem (S-1-5-18), and the “quick fix” is to run the Icinga Agent Read More
27. 11. 2025 NetEye

Deploying a Podman Container for NetEye Plugin Execution

This document describes the steps required to build, configure, and operate a Podman container based on php:8.2-cli, with the SNMP extension enabled, intended for executing monitoring plugins within a NetEye/Icinga environment. Pulling the base image podman pull docker.io/php:8.2-cli Containerfile for Read More
24. 11. 2025 Log-SIEM, NetEye

How to Fix Transformation Problems After Upgrading to Elasticsearch 9.0

With the upgrade to NetEye 4.44, we've added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9. This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new Read More
28. 10. 2025 ITOA, NetEye, Unified Monitoring

Grafana – Node Graph and Icinga

Among the several plugins that Grafana provides is Node Graph, a useful plugin for visualizing elements and relationships between them. This plugin, as described in the article: https://grafana.com/docs/grafana/latest/panels-visualizations/visualizations/node-graph/ , can be used to represent: Solution topologies Networks Infrastructure Organizational charts Read More
23. 10. 2025 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Icinga 2)

Important: Icinga2 security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the icinga2 packages is now available for NetEye 4. Security Fix for NetEye 4.44 2.15.1_neteye1.61.3-1 CVEs CVE-2025-61907: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N CVE-2025-61908: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-61909: Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive