NSClient++ Whats new?

NSClient++

Whats new?http://nsclient.org

Michael Medin (@mickem)

michael@medin.name

http://blog.medin.name

SOA/Middleware Architect

http://nsclient.org

michael@medin.name

Monitoring

Simplified

How many use NSClient++

NS-what did he say?

?#@*&%!I’m in the

wrong room!

How many like NSClient++?

..pdh collection thread not running…ERROR: Missing argument exceptionPdhCollectQueryData? failed: : -2147481643: No data to return.Failed to query performance counters:..pdh collection thread not running…ERROR: Missing argument exceptionPdhCollectQueryData? failed: : -2147481643: No data to return.Failed to query performance counters:

How many thinks it’s simple?

CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success',

'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=

%severity%: %source%: %message% (%count%)"

worked in ops

a long time ago

not ops

work with “soa”

not, C/C++, nagios, …

Michael Medin

NSClient++

agent Since

windows

linux and modular by

design

Highly extensible

0.4.1: 2012-10-xx0.4.2: 2013-10-

<0.4.0

not open core

Open source

0.4.3: 2014-02-xx?

0.4.1is stable

one-man-bandno

company, no commercial version

, no payed time

Please don’t be angry!

Some times I am busy

Please don’t be angry!

Some times I am busy

Get your a** over here and play

one-man-bandno

companysponsoring!donations!support!

, no commercial version

, no payed timebut…

Thank you!

What’s New!

Sockets: ipv6, ssl (true)New protocols: NRDP, check_mk, Graphite, syslog, smtpReal-time checks: eventlog, logfilesSimplified: Command

line syntax

Modernized: NRPE, NSCA, check_nt

0.4.1Build 90 (2013-02-xx)

◦ nsclient-full.ini◦ Reload from script◦ (re)added check_filesize (ie. Check_nt –v FILESIZE)◦ Encoding support for NRPE◦ New option: scan-range for CheckEventLog◦ Various minor bug fixes

Build 96 (2013-04-xx)◦ Reverted external script quoting issues◦ (re)added check_fileage (ie. Check_nt –v FILEAGE)◦ Added support for binding to both ipv6 and ipv4◦ Various minor bug fixes

Build 102 (2013-08-xx)◦ PDH improvements◦ Performance data: pass through◦ Encoding support through out◦ Various minor bug fixes and enhacements

0.4.2: The goalsModern Windows support

Simplified monitoringReal-time monitoring

Linux checks

0.4.2: The STATUSModern Windows support

Simplified monitoringReal-time monitoring

Linux checksNSCP protocolCheck_xxx clients

0.4.2: Some Examples

Check_os_VersionCheck_pagefile

Check_processNO MORE PDHCheck_service

Nrpe_client

Filters

Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …

filter=” level = ’error’ ”

filter=” source = ’App1’ ”

filter=” source = ’App1 ”

filter=” source = ’App1’ or source = ’App3’ ”

filter=” source = ’App1’ or source = ’App3’or level = ’error’ ”

filter=” source = ’App1’ or source = ’App3’or level = ’error’ or level = ’warning’ ”

filter=” (source = ’App1’ or source = ’App3’or level = ’error’ or level = ’warning’) and

source != ’Excel’ ”

filter=” (source = ’App1’ or source = ’App3’or level = ’error’ or level = ’warning’) and

source != ’Excel’ ”

filter=” (source in (’App1’, ’App3’) or level in (’error’, ’warning’)) and source != ’Excel’ ”

filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960',

'40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning'))

OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR

(id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND

level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND

source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN

('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036')

AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id

IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error',

'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-

RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN

('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN

('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service

control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND

level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service

control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source

NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN

('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN

('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN

('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN

('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN

('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))

Numbers, constants etcKey Safe Key Description= eq Equals!= ne Not equals> gt Greater than< lt Less than>= ge Greater or equal than<= le Less or equal thanin ( <LIST OF VALUES>)

In a given list

not in (…) Not in a given list

StringsKey Safe Key Description= eq Equals!= ne Not equals> gt Greater than< lt Less than>= ge Greater or equal than<= le Less or equal thanin ( <LIST OF VALUES>)

In a given list

not in (…) Not in a given listlike Substring matchingregexp Regular expressionnot like Opposite of likenot regexp Opposite of regexp

All good things are three!

Filter

Warning

Critical

filter=” source = ’App1’ “

warn=” level = ’Warning’ “

DisplayCustom strings

Supports substitutions ${…}top- and detail-syntax

Displaydetail-syntax=”s: $

{source} “top-syntax=“Hello: $

{list}”Hello: s: App1, s: App1, s: App3

check_pagefile "filter=name = 'total'”

check_uptime "warn=uptime < -2d“"crit=uptime < -1d“

check_process process=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set}, handles: $

{handles}, user time:${user}s”

Simple?

Let me guess

This all seems Like a lot of typing!

Sensibledefaults!

check_cpuJust

works!

Real time

monitoring

Active monitoring!

Monitored Server(Windows)

Monitoring Server(Nagios)

check_cpu

check_uptimecheck_mem

check_eventlogcheck_updates

......

check_cpu

check_uptimecheck_mem

check_eventlogcheck_updates

......

Passive monitoring!

Real-time monitoring!

Error detected in eventlog

Everything is ok

CheckLogFile

NSClient++ Core

Linux Kernel

NSCA NSCAClient

SimpleFileWriter

No CPU overhead Notified

instantlyPowerful filtering

CheckLogFile

NSClient++ Core

Linux Kernel

NSCA NSCAClient

SimpleFileWriter

[/modules]CheckLogFile = enabledNSCAClient = enabledSimpleFileWriter = enabled

[/settings/logfile/real-time/checks/my_check]destination = FILE,NSCAfile = test.txtwarning = column1 like ‘warn’critical = column2 like ‘crit’

[/settings/NSCA/client/targets/default]address = 10.11.12.13encryption = aespassword = secreter

But I use NRPE

CheckLogFile

NSClient++ Core

Linux Kernel

NSCA NSCAClient

SimpleFileWriter

SimpleCacheCACHE

NRPEServer

No CPU overhead

Powerful filtering

Stored in cache

Check latest result Fetched instantly

CheckLogFile

NSClient++ Core

Linux Kernel

NSCA NSCAClient

SimpleFileWriter

SimpleCacheCACHE

NRPEServer

[/modules]CheckLogFile = enabledSimpleCache = enabledNRPEServer = enabled

[/settings/logfile/real-time/checks/my_check]destination = CACHEfile = test.txtwarning = column1 like ‘warn’critical = column2 like ‘crit’

[/settings/NRPE/server]allowed hosts = 10.11.12.13allow arguments = true

But HOW ABOUT Graphing?

Two options:1, store/fetch from

cache2, submit passivelybut not to Nagios!

By ~Nac-Mac-Feegle

apt-get install …git clone git://github.com/mickem/nscp.gitmkdir build ; cd buildcmake ../nscpmake

Manually install visual studio, python and cmakeDownload and unpack nscp sourcepython nscp\build\python\fetchdeps.py

--target x64 --cmake-config distcmake ../nscpmsbuild /p:Configuration=RelWithDebInfo NSCP.sln

Please help with packages!I will give you free* beer!

*Free as in your free to buy it your self!

AGENTless

NativeSecure

SimpleFastLight weight

A work in progress

check_service computer=192.168.0.1check_disk drive=\\192.168.0.1\c$check_task_sched computer=192.168.0.1check_wmi computer=192.168.0.1

What’s coming: 0.4.3Light weight remote deployable agentSame as psexeccheck_cpucheck_memorycheck_processExternal scripts!

http://nsclient.org

michael@medin.name

Monitoring

Simplified

CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success',

'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=

%severity%: %source%: %message% (%count%)"

check_eventlog

Photo by Olga Berrios

THANK YOU!

Information about NSClient++http://nsclient.org

facebook.com/nsclient

Slides, and exampleshttp://nsclient.org/nscp/conferances/nwc/2013/

My Bloghttp://blog.medin.name

michael@medin.name

NSClient++ Whats new?

Documents

Whats New ES

TFS2008 Whats New

Whats new in_postgres_enterprise_db_20130124

NSClient++ whats new for 0.3.9 users

Whats New Pussycat

Install NSClient++.v1.0.01

Whats new in_csharp4

RapidWorks Whats New

NSClient Workshop: 04 Protocols

Whats new in_juno_meetup_barcelona

Whats New 2010

NSClient++ in the new millenium! Name:Michael Medin (@mickem) Email:michael@medin.name Blog: Project:NSClient++ Web:

Whats New Whats It Do

Whats New @ WLP

CreoElementsView10 Whats New

2012 IRS Form 990 Whats New - Whats Important

whats new 7.5

Whats New 2013

IcingaCamp Stockholm - NSClient++

R11.2 Whats New