NSClient++ Monitoring Agent: What's New?

advertisement
NSClient+
+
Whats new?
http://nsclient.org
Monitoring
Simplified
http://nsclient.org
How many use NSClient++
NS-what did he
say?
?#@*&%!
I’m in the wrong
room!
How many like NSClient++?
..pdh collection thread not running…
ERROR: Missing argument exception
PdhCollectQueryData? failed: : 2147481643: No data to return.
Failed to query performance counters:
..pdh collection thread not running…
ERROR: Missing argument exception
PdhCollectQueryData? failed: : 2147481643: No data to return.
Failed to query performance counters:
How many thinks it’s simple?
CheckEventLog file=application
file=system MaxWarn=1
MaxCrit=1 "filter=generated gt
-2d AND severity NOT IN
('success', 'informational')
AND source != 'SideBySide'"
truncate=800 unique
descriptions
"syntax=%severity%: %source%:
%message% (%count%)"
dev not ops
Michael Medin
worked in ops a long time ago
work with “soa” not, C/C++, nagios, …
NSClient+
+
agent
linux and windows
<0.4.0
modular by design
Since 2003?
Open source not open core
Highly extensible
0.4.1: 2012-10-xx
0.4.2: 2013-10-xx?
0.4.3: 2014-02-xx?
is stable
one-man-band
no company
, no commercial version
, no payed time
Please don’t be angry!
Some times I am busy 
Get your a** over
here and play
NOW!
Please don’t be angry!
Some times I am busy 
one-man-band
no company
but…
, no commercial version
sponsoring!
donations!
support!
, no payed time
Thank you!
What’s New!
0.4.1
Sockets: ipv6, ssl (true)
Modernized: NRPE, NSCA,
New protocols: NRDP,
check_mk, Graphite, syslog,
check_nt
smtp
Real-time checks: eventlog, logfiles
Simplified: Command line syntax
0.4.1
Build 90 (2013-02-xx)
◦
◦
◦
◦
◦
◦
nsclient-full.ini
Reload from script
(re)added check_filesize (ie. Check_nt –v FILESIZE)
Encoding support for NRPE
New option: scan-range for CheckEventLog
Various minor bug fixes
Build 96 (2013-04-xx)
◦
◦
◦
◦
Reverted external script quoting issues
(re)added check_fileage (ie. Check_nt –v FILEAGE)
Added support for binding to both ipv6 and ipv4
Various minor bug fixes
Build 102 (2013-08-xx)
◦
◦
◦
◦
PDH improvements
Performance data: pass through
Encoding support through out
Various minor bug fixes and enhacements
0.4.2: The goals
Modern Windows suppor
Real-time monitoring
Simplified monitoring
Linux checks
0.4.2: The STATUS
Modern Windows suppor
Real-time monitoring
Simplified monitoring
Linux checks NSCP protoco
Check_xxx clients
0.4.2: Some Examples
Check_os_Version
Check_process
Check_pagefile
NO MORE PDH
Check_service
Nrpe_client
Filters
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” level = ’error’ ”
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” source = ’App1’ ”
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” source = ’App1 ”
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” source = ’App1’ or source = ’App3’ ”
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” source = ’App1’ or source = ’App3’
or level = ’error’ ”
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” source = ’App1’ or source = ’App3’
or level = ’error’ or level = ’warning’ ”
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” (source = ’App1’ or source = ’App3’
or level = ’error’ or level = ’warning’) and source != ’Excel’ ”
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” (sourcefilter=”
in (’App1’,
(source
’App3’)
= ’App1’
or levelorinsource
(’error’,=’warning’))
’App3’ and source
or level = ’error’ or level !=
= ’warning’)
’Excel’ ” and source != ’Excel’ ”
filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112',
'1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010',
'10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning'))
OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning'))
OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center')
AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN
('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id
IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error',
'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND
level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN
('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error',
'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND
level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level
IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN
('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error',
'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level
IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN
('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR
(id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error',
'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN
('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND
source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND
level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023')
AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager')
AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN
('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND
source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error',
'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND
level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source
NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN
('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel')
AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN
('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))
Numbers, constants etc
Key
Safe Key
Description
=
eq
Equals
!=
ne
Not equals
>
gt
Greater than
<
lt
Less than
>=
ge
Greater or equal than
<=
le
Less or equal than
in ( <LIST OF VALUES>)
In a given list
not in (…)
Not in a given list
Strings
Key
Safe Key
Description
=
eq
Equals
!=
ne
Not equals
>
gt
Greater than
<
lt
Less than
>=
ge
Greater or equal than
<=
le
Less or equal than
in ( <LIST OF VALUES>)
In a given list
not in (…)
Not in a given list
like
Substring matching
regexp
Regular expression
not like
Opposite of like
not regexp
Opposite of regexp
All good things are three!
Warning
Filter
Ok
Critical
Level
Source
…
…
Error
Word
…
…
Error
Excel
…
…
Info
Word
…
…
Warning
Excel
…
…
Error
App1
…
…
Warning
App1
…
…
Error
App3
…
…
filter=” source = ’App1’ “
warn=” level = ’Warning’ “
Display
Custom strings
Supports substitutions ${…}
top- and detail-syntax
Display
detail-syntax=”s: ${source} “
top-syntax=“Hello: ${list}”
Hello: s: App1, s: App1, s: App3
check_pagefile
"filter=name = 'total'”
check_uptime
"warn=uptime < -2d“
"crit=uptime < -1d“
check_process process=explorer.exe
"warn=working_set > 70m"
"detail-syntax=${exe} ws:${working_set}, handles: ${handles}, user time:${user}s”
Simple?
Let me guess
This all seems
Like a lot of
typing!
Sensible
defaults!
check_cpu
Just works!
Real time
monitoring
Active monitoring!
check_cpu
check_mem
check_uptime
check_eventlog
check_updates
...
...
Monitoring Server
(Nagios)
Monitored Server
(Windows)
Passive monitoring!
check_cpu
check_mem
check_uptime
check_eventlog
check_updates
...
...
Monitoring Server
(Nagios)
Monitored Server
(Windows)
Real-time monitoring!
Error detected in eventlog
Everything is ok
Monitoring Server
(Nagios)
Monitored Server
(Windows)
Linux Kernel
No CPU overhead
NSClient++ Core
NSCA
NSCAClientNotified
instantly
CheckLogFile
Powerful
filtering
FILE
SimpleFileWriter
File
Linux Kernel
[/modules]
CheckLogFile = enabled
NSCAClient = enabled
SimpleFileWriter = enabled
NSClient++ Core
[/settings/logfile/real-time/checks/my_check]
NSCAClient
NSCA
destination = FILE,NSCA
file = test.txt
CheckLogFile
warning = column1 like ‘warn’
SimpleFileWriter
FILE
critical = column2 like ‘crit’
[/settings/NSCA/client/targets/default]
address = 10.11.12.13
encryption = aes
password = secreter
File
But I use
Linux Kernel
NSClient++ Core
No CPU overhead
CheckLogFile
Powerful filtering
NSCA
NSCAClient
FILE
SimpleFileWriter
CACHEStored
Check latest
NRPEServer
result
in cacheSimpleCache
Fetched instantly
Linux Kernel
[/modules]
NSClient++ Core
CheckLogFile = enabled
SimpleCache = enabled
NSCA
NRPEServer = enabled
NSCAClient
[/settings/logfile/real-time/checks/my_check]
SimpleFileWriter
CheckLogFile
FILE
destination = CACHE
file = test.txt
warning = column1 like ‘warn’
SimpleCache
CACHE
critical = column2 like ‘crit’
[/settings/NRPE/server]
allowed hosts = 10.11.12.13
NRPEServer
allow arguments = true
But HOW
ABOUT
Graphing?
Two options:
1, store/fetch from cache
2, submit passively
but not to Nagios!
apt-get install …
git clone git://github.com/mickem/nscp.git
mkdir build ; cd build
cmake ../nscp
make
Manually install visual studio, python and cmake
Download and unpack nscp source
python nscp\build\python\fetchdeps.py
--target x64 --cmake-config dist
cmake ../nscp
msbuild /p:Configuration=RelWithDebInfo NSCP.sln
Please help with packages!
I will give you free* beer!
*Free as in your free to buy it your self!
Native Simple
Secure
FastLight weight
A work in progress
check_service computer=192.168.0.1
check_disk drive=\\192.168.0.1\c$
check_task_sched computer=192.168.0.1
check_wmi computer=192.168.0.1
What’s coming: 0.4.3
Light weight remote deployable agent
Same as psexec
check_cpu
check_memory
check_process
External scripts!
Monitoring
Simplified
http://nsclient.org
How many thinks it’s simple?
CheckEventLog file=application
file=system MaxWarn=1
MaxCrit=1 "filter=generated gt
-2d AND severity NOT IN
('success', 'informational')
AND source != 'SideBySide'"
truncate=800 unique
descriptions
"syntax=%severity%: %source%:
%message% (%count%)"
How many thinks it’s simple?
check_eventlog
Photo by Olga Berrios
THANK
YOU!
Information about NSClient++
http://nsclient.org
facebook.com/nsclient
Slides, and examples
http://nsclient.org/nscp/conferances/nwc/2013/
My Blog
http://blog.medin.name
Download