Nagios-Plugins Brouhaha

I’m really not a fan of political infighting. It’s bad for an organization, and it’s bad for the people who rely on the organization. But it happens, because we’re people, and people have ideas and egos and goals that are mutually exclusive of each other.

Such as it is with Nagios at the moment. Although there’s been some strife for the IP and trademarks surrounding Nagios for a while, the most recent thing is that the plugins site was…reassigned, I suppose you would say.

For a brief timeline, Nagios began as NetSaint, back in 1999. It was renamed Nagios in 2001 according to the WayBack Machine, apparently because of potential trademark issues. The plugins were apparently spun off from the main NetSaint project around this time as well, although the domain creation date is 2008-05-23 for and 2007-01-15 for

So what’s going on now? Well, according to a news entry on the site, the Nagios Plugin Team had some changes:

The Nagios Plugin team is undergoing some changes, including the introduction of a new maintainer. The website will remain the official location of the Nagios Plugins, and development of the plugins will continue on github at

Changes are being made to the team as the result of unethical behavior of the previous maintainer Holger Weiss. Weiss had repeatedly ignored our requests to make minor changes to the plugins website to reflect their relation to Nagios, rather than unrelated projects and companies. After failing to acknowledge our reasonable requests, we updated the website to reflect the changes we had requested. Rather than contacting us regarding the change, Weiss decided to embark on a vitriolic path of attacking Nagios and spreading mistruths about what had happened.

We believe that this type of unethical behavior is not beneficial for the Nagios community nor is it in keeping with the high standards people have come to rely on from Nagios. Thus, we have decided to find a new maintainer for the plugins. A new maintainer has already stepped forward and will be announced shortly.

We would like to thank all current and past plugin developers for their contributions and welcome anyone new who is interested in contributing to the project moving forward.

So that’s what Nagios has to say.

The reason that they specify the official location for the plugins is because the original team is continuing development on the (their?) project, at According to a news post there:

In the past, the domain pointed to a server independently maintained by us, the Nagios Plugins Development Team. Today, the DNS records were modified to point to web space controlled by Nagios Enterprises instead. This change was done without prior notice.

This means the project can no longer use the name “Nagios Plugins”. We, the Nagios Plugins Development Team, therefore renamed the Nagios Plugins to Monitoring Plugins.

We’re not too happy having to make this move. Renaming the project will lead to some confusion, and to quite a bit of work for others and for ourselves. We would’ve preferred to save everyone this trouble.

However, we do like how the new name indicates that our plugins are also used with various other monitoring applications these days. While the Nagios folks created the original implementation of the core plugins bundle, an independent team has taken over development more than a decade ago, and the product is intended to be useful for all users, including, but not limited to, the customers of Nagios Enterprises.

It’ll probably take us a few days to sort out various issues caused by the new project name, but we’re confident that we can resume our development work towards the next stable releases very soon.

We’d like to take the chance to thank you, our community, for your countless contributions, which made the plugins what they are today. You guys are awesome. We’re looking forward to the next chapter of Monitoring Plugins development, and we hope you are, too!

Throwing gasoline onto the fire is Michael Friedrich, Lead Developer of Icinga, a Nagios Fork, who submitted a RedHat bug claiming:

The website has been compromised, and the project team therefore moved to including the tarball releases. They also renamed their project from ‘nagios-plugins’ to ‘monitoring-plugins’ and it’s most likely that the tarball release names will be changed to the new name in future releases.

Additional info:

While I wouldn’t suggest to rename the package unless there’s an immediate requirement, the source and URL location should be updated in order to use official releases provided by the Monitoring Plugins Development Team. Further, users should use official online references and stay safe.

then later in the thread

Actually the old Nagios Plugins Development Team was required to rename their project due to the fact that Nagios Enterprises hijacked the DNS and website and kicked them out.

Whilst the original memebers are now known as ‘Monitoring Plugins Development Team’, the newly formed ‘Nagios Core Plugin Development Team’ is actually providing a fork of their work under the old name.

For any clarifications required, you should follow the discussion here:

Imho the official former nagios plugins are now provided by the same developers under a new URL and that should be reflected for any future updates.

Though, I’m leaving that to you who to trust here. I’m just a community member appreciating the work done by the original Nagios Plugins Development team, accepting their origin and the fact that there’s no censorship of Icinga, Shinken or Naemon (as Nagios forks) needed.

Clearly, the site was not compromised – neither Nagios nor the Monitoring Plugins team is claiming that. I’ll kindly assume that Mr Freidrich was mistaken when he posted the original bug. Hanlon’s Razor and all.

So what’s my opinion? Glad you asked.

The Nagios news post states that there had been continued requests to change small content. When that didn’t happen, they pulled the rug out from under half a dozen community contributors who have collectively done a great deal of good for the project. That’s not the way you show appreciation where I’m from, but hey, I don’t know the particulars. I only know what I see on the web, just like you.

What does this all mean for us? Well, if you run anything that uses Nagios plugins, it means you’ve got a choice – go with the official package, or go with the community-maintained version. Which will be better? Which will the distros use? Probably the official plugins, though I expect the more rapidly-moving distros to offer a package from the monitoring-plugin team as soon as there’s any noticeable difference.

But on the bigger picture scale, Nagios’s previously solid position as the principle Open Source monitoring solution isn’t as unassailable as it seems they think it is. Cutting off a volunteer team that produces a big part of your product isn’t really a good way to advertise stability and unification. There are a lot of options for monitoring today, and a lot more of them are way more viable than was the case 4 or 5 years ago. Instead of this political crap that does nothing to advance the project, I think Nagios should focus on improving the core product. But what do I know? I’m just some blogger on the internet.

Strangely, as I write this, the Nagios Exchange is down. I don’t know what that means.

  • Just for clarification purposes:

    When I remark “compromised” my native German translation would indicate the following situation:

    – open
    – check the main page
    – hey, where did the text with icinga / neamon / shinken (and urls) go?
    – hm. that webserver is in the us, not hosted by holger
    – edit the main page
    – no change reflected

    So rather – they copied the entire website 1:1 (and violated the copyright in many terms, even if no-one states confirms that). Removing the mentions of Icinga / Naemon / Shinken.

    That way the website on looks like it was before, only experienced users will notice the change. That in terms means, that they’re offering something stolen from others making it look like everything is ok.

    I consider this dangerous in terms of installing software from a trusted platform, and therefore chose the term “compromised”. “Hijacked” or “Illegaly copied claiming identify” would probably have been better, sorry for the wrong naming – it’s a matter of language here imho.

    Kind regards,

  • I can kinda see the logic from Nagios Enterprises perspective. You’ve got an offering that you control most of but not the part that really sets your product apart, the Nagios plugins.

    As you say Matt, it isn’t 2004 any more. Nagios isn’t competing with MRTG for mindshare. It is competing with monitoring tools that are fully open and very good at what they do.

    Tarus Balog has an interesting take on the story too.

  • Michael,

    Thanks for the comment and the clarification. I appreciate it. I think we’re in agreement that what went down is not in the community’s best interest.


  • Chris St. Pierre

    Sam Kottler, who maintains the nagios-plugins package (and tons of other stuff) for Fedora/EPEL) has an interesting post, too:

  • Jack: I can see things from their perspective too, and I can understand wanting to exercise some amount of control over a project that they are, in many ways, responsible for. I think it’s more that the way they handled this was counter-productive. Again, I’m seeing it from the outside, so I don’t know the details, only what’s been posted. Nice link.

    Nice like, Chris, thanks! I knew that Sam was involved, but I wasn’t aware of the extent. Good info.

  • Steve

    This childish behavior by all the parties involved lead me to investigate other Open Source monitoring options, because I can no longer trust these players to do the right thing.

  • Matt: agree. Copying the website does not look good.

  • D.F.

    This drama has been building for a while though, hasn’t it? Nagios earned its reputation on its openness, its community built up enough demand for them to become a commercial entity and earn a few bucks doing what they had always done. The community fueled the growth of their product and provided a steady stream of customers for the commercial support. I guess at some point someone read a “How to run a business” book written by some nimrod that thinks Oracle has the market cornered on printing money.
    I’m not sure how accurate my perception is on this, because even though I’ve used Nagios for years, I’ve mainly stayed out of this kind of political B.S. But, there _was_ a reason why Icinga and others forked from Nagios and I’m willing to bet that it was because NE was trying a bit too hard to monetize every single thing they possibly could.
    Its a shame, it really is, but there is someone over at NE that is getting some seriously bad advice. In the long term, this strategy of theirs has created more competitors and lost them more customers, than if they had left well enough alone.

  • Matt: Yep. The community is what matters most in this regard.

    I consider myself part of the plugins community – I use them on a daily basis, they support me during Icinga 2 development at work, and hacking away Icinga 1.x at home. They generate the fancy interface when a user installs Icinga the first time, seeing the current localhost being monitored. Hey, all is green, that’s pretty awesome! Many people forget how feature rich these plugins are, and how important the work of a fellow team of volunteers is keeping this project alive.

    I’ve actually feared long time that the plugins development would rest as dead as nagios core development was back in 2009/2010. But I’ve seen Thomas, Ton, Holger and all the others doing a great job. They’ve taken plenty of their spare time just to make sure that 1.4.16 got released. And recently, 1.5 even – what a milestone after all those years.

    There was only one thing stopping me stepping further towards them in regards of my background being an Icinga developer, and pushing so many resources into Icinga that competitors would actually really hate me for that. (also kind of a motivation, eh?).
    In the past years I’ve contributed various Icinga patches to Nagios. I’ve sent them back in my name, and they got accepted most of the time. Then I tried something new – we’ve rebuilt a patch by Opsview into Icinga, and wanted to share that knowledge with Nagios too. While Eric Stanley accepted the patch, containing a mention to its originator, Ethan Galstad edited the Changelog withour prior notice, adding kudos to someone else.
    At that time when I complained about that fact, claiming the copyright Icinga owns on that patch, I got banned at and the (now closed) mailinglists. Proof is to be read here:

    While I do not use that as an argument to generally hate Nagios, you may figure that I am biased in many ways. I’ve added most of that sad things already happened into a comment onto a well written, but imho incomplete article here (grab a coffee or two):
    (I am now ‘abusing’ your blog to add some historical entries for the google bot: I’ve switched jobs in Dec 2012 and am now working for Netways located in Nuremberg. I’m paid to develop Icinga 2 and other stuff. So I do make a living of Icinga, but such a thing doesn’t change my love towards the community).

    When sending a patch to the nagios plugins team, it wasn’t assured what would happen with patch. Furthermore, the project could’ve been still closed down, and then everyone would have to maintain the plugins additional to their forks. So yeah, we were also benefiting a lot in the Icinga ecosystem. But their independence was pretty unclear, especially when the domain was transferred to Nagios Enterprises for trademark reasons.

    Changing the DNS entries / forwarder is one thing, copying the website (a community member called it “defacement” today) another. In any attempt, it’s pure evilness. No-one in the outside world would find out. That was my feeling when I saw it, and therefore wrote a blog post about it, whilst discussing the with team what to do.

    I do care about the community, and that’s not entirely the Icinga community where I contribute my stuff to the most. I really care about people working their ass off, and getting nothing in return. Being lied to even, and what’s even worse, being attacked publicly on a company’s blog. I expected that one though – I am familiar with their strategy, since they’ve already attacked by friend Julian the same way back in the days for their trademark dramas. I feel for Holger, and so do I for Andreas, who got kicked out of Nagios core dev team after implementing Nagios 4 for them.

    While I admit, that I used the wrong terms when creating the initial bug reports, I did not expect that the RHEL bug would be used for spreading wrong information further. Well, yeah, obviously I was. But apparently Sam Kottler is a smart guy, and so are all other (Redhat) guys subscribed to that bug (except the Nagios Enterprises guys, they are excluded from that, sorry).

    In terms of resolving that issue the path is “easy” – work on creating new packages for the community. Those who care and appreciate the work done. Those who will send you pull requests on github, report bugs, feedback and test your patches. Those who really appreciate what you do. A community where free speech matters most. And a bad feature can be fixed, and made a good one for anyone else. A community, where competitors work with each other, sharing all the goods. One big happy family who meets at conferences & talks celebrating a new release.

    Leave the drama to all those who forgot to put enough beer into the refrigerator. I’m here for the party (after work on the plugins is done of course). Let’s dive into the magic rpmbuild.

    Kind regards,

  • Hi Matt –

    There certainly seems to be a lot of drama around this issue, fueled by some FUD and “incorrect” statements made by a few individuals. An explanation of why Nagios made the changes we did, as well as what’s been happening behind the scenes, is covered in this blog post:

  • Pingback: Nagios - Cloud Monitotring | Basics of Java and Cloud Computing()

  • Pingback: Nagios – More drama for the mama | Legendiary()