NSClient+ + Whats new? http://nsclient.org Monitoring Simplified http://nsclient.org How many use NSClient++ NS-what did he say? ?#@*&%! I’m in the wrong room! How many like NSClient++? ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : 2147481643: No data to return. Failed to query performance counters: ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : 2147481643: No data to return. Failed to query performance counters: How many thinks it’s simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)" dev not ops Michael Medin worked in ops a long time ago work with “soa” not, C/C++, nagios, … NSClient+ + agent linux and windows <0.4.0 modular by design Since 2003? Open source not open core Highly extensible 0.4.1: 2012-10-xx 0.4.2: 2013-10-xx? 0.4.3: 2014-02-xx? is stable one-man-band no company , no commercial version , no payed time Please don’t be angry! Some times I am busy Get your a** over here and play NOW! Please don’t be angry! Some times I am busy one-man-band no company but… , no commercial version sponsoring! donations! support! , no payed time Thank you! What’s New! 0.4.1 Sockets: ipv6, ssl (true) Modernized: NRPE, NSCA, New protocols: NRDP, check_mk, Graphite, syslog, check_nt smtp Real-time checks: eventlog, logfiles Simplified: Command line syntax 0.4.1 Build 90 (2013-02-xx) ◦ ◦ ◦ ◦ ◦ ◦ nsclient-full.ini Reload from script (re)added check_filesize (ie. Check_nt –v FILESIZE) Encoding support for NRPE New option: scan-range for CheckEventLog Various minor bug fixes Build 96 (2013-04-xx) ◦ ◦ ◦ ◦ Reverted external script quoting issues (re)added check_fileage (ie. Check_nt –v FILEAGE) Added support for binding to both ipv6 and ipv4 Various minor bug fixes Build 102 (2013-08-xx) ◦ ◦ ◦ ◦ PDH improvements Performance data: pass through Encoding support through out Various minor bug fixes and enhacements 0.4.2: The goals Modern Windows suppor Real-time monitoring Simplified monitoring Linux checks 0.4.2: The STATUS Modern Windows suppor Real-time monitoring Simplified monitoring Linux checks NSCP protoco Check_xxx clients 0.4.2: Some Examples Check_os_Version Check_process Check_pagefile NO MORE PDH Check_service Nrpe_client Filters Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” level = ’error’ ” Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ ” Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1 ” Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ or source = ’App3’ ” Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ or source = ’App3’ or level = ’error’ ” Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’ ” Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” (source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’) and source != ’Excel’ ” Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” (sourcefilter=” in (’App1’, (source ’App3’) = ’App1’ or levelorinsource (’error’,=’warning’)) ’App3’ and source or level = ’error’ or level != = ’warning’) ’Excel’ ” and source != ’Excel’ ” filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) Numbers, constants etc Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list Strings Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list like Substring matching regexp Regular expression not like Opposite of like not regexp Opposite of regexp All good things are three! Warning Filter Ok Critical Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ “ warn=” level = ’Warning’ “ Display Custom strings Supports substitutions ${…} top- and detail-syntax Display detail-syntax=”s: ${source} “ top-syntax=“Hello: ${list}” Hello: s: App1, s: App1, s: App3 check_pagefile "filter=name = 'total'” check_uptime "warn=uptime < -2d“ "crit=uptime < -1d“ check_process process=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set}, handles: ${handles}, user time:${user}s” Simple? Let me guess This all seems Like a lot of typing! Sensible defaults! check_cpu Just works! Real time monitoring Active monitoring! check_cpu check_mem check_uptime check_eventlog check_updates ... ... Monitoring Server (Nagios) Monitored Server (Windows) Passive monitoring! check_cpu check_mem check_uptime check_eventlog check_updates ... ... Monitoring Server (Nagios) Monitored Server (Windows) Real-time monitoring! Error detected in eventlog Everything is ok Monitoring Server (Nagios) Monitored Server (Windows) Linux Kernel No CPU overhead NSClient++ Core NSCA NSCAClientNotified instantly CheckLogFile Powerful filtering FILE SimpleFileWriter File Linux Kernel [/modules] CheckLogFile = enabled NSCAClient = enabled SimpleFileWriter = enabled NSClient++ Core [/settings/logfile/real-time/checks/my_check] NSCAClient NSCA destination = FILE,NSCA file = test.txt CheckLogFile warning = column1 like ‘warn’ SimpleFileWriter FILE critical = column2 like ‘crit’ [/settings/NSCA/client/targets/default] address = 10.11.12.13 encryption = aes password = secreter File But I use Linux Kernel NSClient++ Core No CPU overhead CheckLogFile Powerful filtering NSCA NSCAClient FILE SimpleFileWriter CACHEStored Check latest NRPEServer result in cacheSimpleCache Fetched instantly Linux Kernel [/modules] NSClient++ Core CheckLogFile = enabled SimpleCache = enabled NSCA NRPEServer = enabled NSCAClient [/settings/logfile/real-time/checks/my_check] SimpleFileWriter CheckLogFile FILE destination = CACHE file = test.txt warning = column1 like ‘warn’ SimpleCache CACHE critical = column2 like ‘crit’ [/settings/NRPE/server] allowed hosts = 10.11.12.13 NRPEServer allow arguments = true But HOW ABOUT Graphing? Two options: 1, store/fetch from cache 2, submit passively but not to Nagios! apt-get install … git clone git://github.com/mickem/nscp.git mkdir build ; cd build cmake ../nscp make Manually install visual studio, python and cmake Download and unpack nscp source python nscp\build\python\fetchdeps.py --target x64 --cmake-config dist cmake ../nscp msbuild /p:Configuration=RelWithDebInfo NSCP.sln Please help with packages! I will give you free* beer! *Free as in your free to buy it your self! Native Simple Secure FastLight weight A work in progress check_service computer=192.168.0.1 check_disk drive=\\192.168.0.1\c$ check_task_sched computer=192.168.0.1 check_wmi computer=192.168.0.1 What’s coming: 0.4.3 Light weight remote deployable agent Same as psexec check_cpu check_memory check_process External scripts! Monitoring Simplified http://nsclient.org How many thinks it’s simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)" How many thinks it’s simple? check_eventlog Photo by Olga Berrios THANK YOU! Information about NSClient++ http://nsclient.org facebook.com/nsclient Slides, and examples http://nsclient.org/nscp/conferances/nwc/2013/ My Blog http://blog.medin.name