- 浏览: 323258 次
- 性别:
- 来自: 北京
-
文章分类
最新评论
-
di1984HIT:
学习了~~
windows主机资源Snmp OIDs CPU, Memory, Disk等 -
di1984HIT:
不错!
告警日志处理过程 -
di1984HIT:
呵呵,在评论一次,类似sec这种局限性还是很乏的呢。
事件关联sec Simple Event Correlator【草稿】 -
di1984HIT:
博客更新的很慢啊,期待看到您的新思想呢~
怎样做告警事件关联分析? -
xttjso:
请教,Windows的CPU使用率怎么取的,没有看明白,我用S ...
windows主机资源Snmp OIDs CPU, Memory, Disk等
Documentation
Information
Commands/Modules
CheckDisk
CheckFileSize
CheckDriveSize
CheckFile
CheckEventLog
CheckSystem
CheckCPU
CheckUpTime
CheckServiceState
CheckProcState
CheckMem
CheckCounter
CheckHelpers
CheckAlwaysOK
CheckAlwaysCRITICAL
CheckAlwaysWARNING
CheckMultiple
FileLogger
NRPEListener
NSClientListener
SysTray
CheckWMI
CheckWMIValue
RemoteConfiguration
CheckExternalScripts
LUAScript
Guide
NSCAAgent
Donate
CheckDisk.dll
The CheckDisk module has various disk related checks currently focusing on size. But hopefully it will be extended with date existence and many other disk related checks in the future. Feel free to request checks that you need.
• CheckFileSize, Check the size of one or more files or directories.
• CheckDriveSize, Check the size of one or more Drives
• CheckFile, Check various aspects on one or more files or directories.
Configuration
This module has no configuration directives.
CheckFileSize
CheckFileSize is part of the wiki:CheckDisk module
This check does a recursive size calculation of the directory (or file) specified. A request has one or more options described in the table below. The order only matter in that the size has to be specified before the File option this becaous you can change the size for each drive by specifying multiple Size options.
Option Values Description
MaxWarn
size-value
The maximum size the directory is allowed before a warning state is returned.
MaxCrit
size-value
The maximum size the directory is allowed before a critical state is returned.
MinWarn
size-value
The minimum size the directory is allowed before a warning state is returned.
MinCrit
size-value
The minimum size the directory is allowed before a critical state is returned.
ShowAll
None A Boolean flag to show size of directories that are not in an alarm state. If this is not specified only drives with an alarm state will be listed in the resulting string.
File File or directory name The name of the file or directory that should have its size calculated. Notice that large directory structures will take a long time to check.
File:<alias> File or directory name Same as the file option but using a short alias in the returned data.
The size-value is a normal numeric-value with a unit postfix. The available postfixes are B for Byte, K for Kilobyte, M for Megabyte and finally G for Gigabyte.
Examples
Check the size of the windows directory and make sure it stays below 1 gigabyte:
CheckFileSize ShowAll MaxWarn=1024M MaxCrit=4096M File:WIN=c:\WINDOWS\*.*
WARNING: WIN: 2G (2325339822B)|WIN=2325339822;1073741824;4294967296
define command {
command_name CheckFileSize
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a ShowAll MaxWarn=$ARG1$ MaxCrit=$ARG2$ File:$ARG4$=$ARG5$
}
check_command CheckFileSize!1024M!4096M!WIN!c:\WINDOWS\*.*
Check the size of the pagefile.sys and make sure it stays above 1 gigabyte:
CheckFileSize ShowAll MinWarn=1G MinCrit=512M File=c:\pagefile.sys
OK: c:\pagefile.sys: 1G (1610612736B)
define command {
command_name CheckPageFile
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a ShowAll MinWarn=$ARG1$ MinCrit=$ARG2$ File:PageFile=c:\pagefile.sys
}
check_command CheckPageFile!1G!512M
Sample of using individual size for multiple files.:
CheckFileSize MaxWarn=2G MaxCrit=4G File=c:\\pagefile.sys MaxWarn=1K MaxCrit=512 File=c:\\boot.ini
OK all file sizes are within bounds.
define command {
command_name CheckMyFiles
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a MaxWarn=2G MaxCrit=4G File=c:\\pagefile.sys MaxWarn=1K MaxCrit=512 File=c:\\boot.ini
}
check_command CheckMyFiles
I have had to set this up like this for our Windows Servers
# Check File Size === Greg Small
define command {
command_name CheckFileSize
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a MaxWarn=$ARG1$ MaxCrit=$ARG2$ File=$ARG3$
}
define service{
use xx-app-service
host_name SERVER01
service_description Information store database
check_command CheckFileSize!13G!15.5G!'d:\\exchsrvr\\mdbdata\\priv1.edb'
}
CheckDriveSize
CheckDriveSize is part of the CheckDisk module
This check verifies the size of various drives specified on the command line. A request has one or more options described in the table below. The order only matters in that the size has to be specified before the Drive option because you can change the size for each drive by specifying multiple Size options.
Option Values Description
MaxWarnFree size-value or %
The maximum allowed free space for the drive(s).
MaxCritFree size-value or %
The maximum allowed free space for the drive(s).
MinWarnFree size-value or %
The minimum allowed free space for the drive(s).
MinCritFree size-value or %
The minimum allowed free space for the drive(s).
MaxWarnUsed size-value or %
The maximum allowed used space for the drive(s).
MaxCritUsed size-value or %
The maximum allowed used space for the drive(s).
MinWarnUsed size-value or %
The minimum allowed used space for the drive(s).
MinCritUsed size-value or %
The minimum allowed used space for the drive(s).
ShowAll Empty, long If present will display information even if an item is not reporting a state. If set to long will display more information.
Drive A Drive letter or the path of a mounted Volume The letter of the drive to check.
FilterType FIXED, CDROM, REMOVABLE, REMOTE Filter for drive type to prevent checking drives of certain kinds (most useful when using CheckAll?). The default is FIXED
CheckAll None Check all available drives
CheckAllOthers None Check all drives (matching Filters) except those specified in the Drive= clause.
The size-value or % is a normal numeric-value with an optional unit or percentage postfix to specify large sizes. The available postfixes are B for Byte, K for Kilobyte, M for Megabyte, G for Gigabyte and finally % for percent free space.
Examples
Check the size of C:\ and make sure it has 10% free space:
CheckDriveSize ShowAll MinWarnFree=10% MinCritFree=5% Drive=c:\
CRITICAL: C:: Total: 74.5G - Used: 71.2G (95%) - Free: 3.28G (5%) < critical|C:;5%;10;5;
define command {
command_name CheckDriveSize
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckDriveSize -a Drive=$ARG1$ ShowAll MaxWarn=$ARG2$ MaxCrit=$ARG3$
}
check_command CheckDriveSize!C:\!50%!75%
To check the size of mounted volume c:\volumne_test and make sure it has 1M free space
CheckDriveSize ShowAll MaxWarn=1M MaxCrit=2M Drive="c:\\volumne_test\\"
CRITICAL: c:\volumne_test\: 3M (4193280B)|c:\volumne_test\=4193280;0;0;
check_command CheckDriveSize!c:\volumne_test\!1M!2M
To check the size of all fixed and network drives and make sure they have atleast 1gig free space
CheckDriveSize MinWarn=50% MinCrit=25% CheckAll FilterType=FIXED FilterType=REMOTE
CRITICAL: D:\: Total: 186G - Used: 186G (99%) - Free: 709M (1%) < warning, Y:\: Total: 279G - Used: 279G (99%) - Free: 384M (1%) < critical|C:\;76514398208;1073741824;536870912; D:\;199303897088;1073741824;536870912; X:\;35467034624;1073741824;536870912; Y:\;299649466368;1073741824;536870912;
define command {
command_name CheckAllDrives
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckDriveSize -a CheckAll FilterType=FIXED FilterType=REMOTE MinWarn=$ARG1$ MinCrit=$ARG2$
}
check_command CheckAllDrives!25%!50%
Check all fixed and network drives but ignore C and F
define command {
command_name CheckAllDrivesExceptCF
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckDriveSize -a CheckAllOthers FilterType=FIXED FilterType=REMOTE MinWarn=$ARG1$ MinCrit=$ARG2$ "Drive=C:\\" Drive=F:\\
}
CheckFile
A new command to check a bunch of files.
BETA
Simple draft and subject to change. This works similarily to CheckEventLog and uses filters to filter out (or in) a certain amount of files and then checks the count against a given number reporting an error if the count is not within bounds.
Option Values Description
file A filename, filter or path The files to check for instance c:\*.* will check the entire drive (bad idea) c:\foo\bar\my\file.txt will check only that file.
filter in, out, any, all Specify the way you want to filter things. (See section below)
descriptions None Flag to specify if you want to include string representation of the file data (not implemented yet)
truncate length of the returned set This will truncate the output after the specified length. As NRPE can only handle 1024 chars you need to truncate the output.
MaxWarn
number of records The maximum hits to allow before reporting a warning state.
MaxCrit
number of records The maximum hits to allow before reporting a critical state.
MinWarn
number of records The minimum hits to allow before reporting a warning state.
MinCrit
number of records The minimum hits to allow before reporting a critical state.
filter-size size-expression
The size a file should have.
filter-creation time-expression
Filter on a date (the time is specified from "now" not absolute. so filter-created=>2d will mean files created more then 2 days ago will match.
filter-accessed time-expression
Filter on a date (the time is specified from "now" not absolute.)
filter-written time-expression
Filter on a date (the time is specified from "now" not absolute.)
syntax String A syntax string that describes how each matched file is shown the string can have the following keywords: %filename%, %creation%, %access%, %write%, %size%
Filter
filter = (in, out, any, all) Specify the way you want to filter things.
in means any thing matching this filter will be included in the result.
out means any thing matching this filter will be excluded from the result.
any means any of the filter rules has to match.
all means all of the filter rules have to match.
Thus filter=all filter=in and filter=any filter=out is the combinations that makes the most sense depending on your filter concept.
Examples
This command will check the date of a file (boot.ini) and alert if it's modified (written) date is greater than 3 days (3d).
checkcommand.cfg {
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c CheckFile -a file="$ARG1$" filter-written=\>"$ARG2$" syntax="%filename% last updated %write%" MaxCrit=1
}
service.cfg {
check_command nrpe_check_file_last_written!"C:\\boot.ini"!3d
}
CheckEventLog.dll
The CheckEventLog module checks for problems reported to the windows event log.
• CheckEventLog, Check to find errors in the event log.
Configuration
Option Default value Description
syntax Set this to use a specific syntax string for all commands (that don't specify one)
Advanced options:
Option Default value Description
debug 0 Log all "hits" and "misses" on the eventlog filter chain, useful for debugging eventlog checks but very very very noisy so you don't want to accidentally set this on a real machine.
CheckSystem.dll
A module to check various system related things. A list of the modules and there potential use is listed below here.
• wiki:CheckCPU, Check CPU load
• wiki:CheckUpTime, Check system uptime
• wiki:CheckServiceState, Check state of a service
• wiki:CheckProcState, Check state of a process
• wiki:CheckMem, Check memory usage (page)
Command Line
To simplify debug and setup there is two commandline options that list and test all avalible PDH counters.
• NSClient++ -noboot CheckSystem debugpdh
• NSClient++ -noboot CheckSystem listpdh
Configuration
This module should auto detect most versions of windows (if you have a problem with this let me know so I can update it). Thus you no longer need to configure the grayed out options. There is also some other tweaks that can be configured such as check resolution and buffer size. For more details on how to configure this refer to the Configuration section.
[Check System]
Option Default value Description
CPUBufferSize 1h The time to store CPU load data.
CheckResolution?
10 Time between checks in 1/10 of seconds.
Advanced options:
Option Default value Description
auto_detect_pdh 1 Set this to 0 to disable auto detect (counters.defs) PDH language and OS version.
dont_use_pdh_index 0 Set this to 1 if you dont want to use indexes for finding PDH counters.
force_language Set this to a locale ID if you want to force auto-detection of counters from that locale.
ProcessEnumerationMethod?
auto Set the method to use when enumerating processes PSAPI, TOOLHELP or auto
check_all_services[SERVICE_BOOT_START] ignored Set how to handle services set to SERVICE_BOOT_START state when checking all services
check_all_services[SERVICE_SYSTEM_START] ignored Set how to handle services set to SERVICE_SYSTEM_START state when checking all services
check_all_services[SERVICE_AUTO_START] started Set how to handle services set to SERVICE_AUTO_START state when checking all services
check_all_services[SERVICE_DEMAND_START] ignored Set how to handle services set to SERVICE_DEMAND_START state when checking all services
check_all_services[SERVICE_DISABLED] stopped Set how to handle services set to SERVICE_DISABLED state when checking all services
MemoryCommitLimit?
\Memory\Commit Limit Counter to use to check upper memory limit.
MemoryCommitByte?
\Memory\Committed Bytes Counter to use to check current memory usage.
SystemSystemUpTime?
\System\System Up Time Counter to use to check the uptime of the system.
SystemTotalProcessorTime?
\Processor(_total)\% Processor Time Counter to use for CPU load.
ProcessEnumerationMethod?
auto Set the PROCESS enumeration method (auto or TOOLHELP or PSAPI)
CheckCPU
CheckCPU is part of the wiki:CheckSystem module.
This check calculates an average of CPU usage for a specified period of time. The data is always collected in the background and the size and interval is configured from the CPUBufferSize and CheckResolution? options. A request has one or more options described in the table below.
Option Values Description
warn load in % Load to go above to generate a warning.
crit load in % Load to go above to generate a critical state.
Time time with optional prefix The time to calculate average over.
Multiple time= entries can be given - generating multiple CPU usage summaries and multiple warn/crits.
nsclient Flag to make the plug in run in NSClient compatibility mode
ShowAll
none, long Add this option to show info even if no errors are detected. Set it to long to show detailed information.
Time can use any of the following postfixes. w=week, d=day, h=hour, m=minute and s=second.
Examples
Check that the CPU load for various times is below 80%:
checkCPU warn=80 crit=90 time=20m time=10s time=4
CPU Load ok.|'20m average'=11%;80;90; '10s average'=7%;80;90; '4 average'=10%;80;90;
Showing multiple time entry usage and returned data
CheckCPU warn=2 crit=80 time=5m time=1m time=10s
WARNING: 5m: average load 8% > warning, 1m: average load 2% > warning, 10s: average load 4% > warning|'5m'=8;2;80; '1m'=2;2;80; '10s'=4;2;80;
Check CPU load with intervals like known from Linux/Unix (with example thresholds):
checkCPU warn=100 crit=100 time=1 warn=95 crit=99 time=5 warn=90 crit=95 time=15
FAQ
• Question: How does it handle multi CPU machines?
• Answer: The returned value is the average value of the CPU load of all the processors.
CheckUpTime
This check checks the uptime of a server and if the time is less then the times given as arguments a state is returned.
Option Values Description
MaxCrit
time Maximum time the system is allowed to be up
MinCrit
time Minimum time the system is allowed to be up
MaxWarn
time Maximum time the system is allowed to be up
MinWarn
time Minimum time the system is allowed to be up
nsclient Flag to make the plug in run in NSClient compatibility mode
ShowAll
Add this option to show details even if an error is not encountered.
Alias string A string to use as alias for the values (default is uptime)
Examples
Check that the system has been running for at least a day:
checkUpTime MinWarn=1d MinCrit=12h
Client has uptime (19h) < warning (24h)
CheckServiceState
This check checks the state of one or more service on the system and generates a critical state if any service is not in the required state.
Option Values Description
ShowAll
A flag to toggle if all service states should be listed.
ShowFail?
(default) A flag to indicate if only failed service states should be listed.
service=state A service name or service display name and a state the service should have. The state can be either started or stopped. If no state is given started is assumed.
CheckAll?
Check to see that all services set to auto-start are started and all set to disabled are not started.
exclude service name Exclude this service from CheckAll?
Examples
Check that myService is running and that MyStoppedService? is not running:
checkServiceState ShowAll myService MyStoppedService=stopped
myService : Running - MyStoppedService : Stopped
Check that all auto-start services are running but exclude some that are intentionaly not in the correct state:
checkServiceState CheckAll exclude=wampmysqld exclude=MpfService
OK: All services are running.
CheckMem
This check checks the memory (page) usage and generates a state if the memory is above or below give parameters.
Option Values Description
MaxWarn
size-value or %
The maximum size allowed before a warning state is returned.
MaxCrit
size-value or %
The maximum size allowed before a critical state is returned.
MinWarn
size-value or %
The minimum size allowed before a warning state is returned.
MinCrit
size-value or %
The minimum size allowed before a critical state is returned.
ShowAll
None A Boolean flag to show size even if no state is returned (?).
type page, paged, virtual, physical What kind of memory to check (does not yet support stacking to check multiple kinds)
The size-value or % is a normal numeric-value with an optional unit or percentage postfix to specify large sizes. The available postfixes are B for Byte, K for Kilobyte, M for Megabyte, G for Gigabyte and finally % for percent free space.
What the different types really mean
Type Meaning
page Number of .. ?? This is the commitlimit (same as used in NSCLient, ie. via PDH, available on NT4)
paged Number of .. ?? (Usually identical to 'page', different APIs for I think the same thing) According to M$ this is: Size of available memory to commit, in bytes.
virtual Number of pages of swap currently in use (note - it does NOT = (physical + swap) as on *nix boxes) According to M$ this is: Size of unreserved and uncommitted memory in the user mode portion of the virtual address space of the calling process, in bytes.
physical Total amount of RAM in the server ?? (does it change?) According to M$ this is: Total size of physical memory, in bytes.
Examples
Check that the page is below 80%:
checkMem MaxWarn=80% MaxCrit=90% ShowAll type=page
OK: page: 758M (795205632B)|page=30% 80%;90%;
Check that the physical is below 80%:
checkMem MaxWarn=80% MaxCrit=90% ShowAll type=physical
OK: physical: 758M (795205632B)|'physical memory'=30% 80%;90%;
CheckCounter
Used to check performance counters. This is probably how most things can be checked as there are a lot of performance counters. To find performance counters, use the program perfmon that is shipped with windows. An important note is that performance counters are language and version specific. You can list all available performance counters using the listpdh option as shown in the examples below.
Option Values Description
MaxWarn
Number Maximum allowed number
MaxCrit
Number Maximum allowed number
MinWarn
Number Minimum allowed number
MinCrit
Number Minimum allowed number
ShowAll
None A Boolean flag to show value even if no state is returned.
Counter Performance Counter Add a performance counter to this check
Counter:<name> Performance Counter Add a named performance counter. The <name> will be used as an alias.
Averages true, false Set this to false to make performance checking faster of counters that doesn't represent average values.
Examples
Check that mutex count (on WinXP) is below 500:
checkCounter "Counter:mutex=\\Objects\\Mutexes" ShowAll MaxWarn=500 MaxCrit=1000
WARNING: mutex: 673 > warning|mutex=673;500;1000;
Using instances(?) in counters
checkCounter "Counter=\\Processor(_total)\\% Processor Time" ...
...
List all available performance counters, and debug them (means, open, try to read, close, etc)
nsclient++ CheckSystem listpdh
...
"NSClient++.exe" CheckSystem debugpdh
...
I have had to set this up for Counter Checking =-= Greg Small
define command {
command_name check_counter
# command_line $USER1$/check_nt $HOSTADDRESS$ -p 12489 -v COUNTER -l $ARG1$ -d SHOWALL -w $ARG2$ -c $ARG3$
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c CheckCounter -a $ARG1$ ShowAll MaxWarn=$ARG2$ MaxCrit=$ARG3$
}
define service{
use itx-app-service
host_name HOST
service_description Microsoft Exchange 5.5 IS RPC Operations / Sec
check_command check_counter!"\\MSExchangeIS\\RPC Operations/sec"!300!400
}
define service{
use itx-app-service
host_name HOST
service_description Windows 2000/2003 Physical Disk Time
check_command check_counter!"\\PhysicalDisk(_Total)\\% Disk Time"!60!90
notes More than 60 percent indicates a problem.
}
CheckProcState
This check checks the state of one or more processes on the system and generates a critical state if any process is not in the required state
Option Values Description
ShowAll
A flag to toggle if all process states should be listed.
ShowFail?
(default) A flag to indicate if only failed process states should be listed.
process=state A process name and a state the process should have. The state can be either started or stopped. If no state is given started is assumed. The name is the name of the executable.
Alias alias Give a process an alias
ignore-perf-data If present performance data will be stripped out
Proc:<alias>=<state> A process name and a state the process should have.
(Max|Min)(Warn|Crit)Count number Process count bounds For instance: MaxCritCount?=4 means if a process has more then 4 instances it will be a critical condition.
Examples
Check that quake.exe is not running and NSClient++.exe is running:
checkProcState ShowAll quake.exe=stopped NSClient++.exe=started
quake.exe : Stopped - NSClient++.exe : Running
Check that quake.exe is not running and my.exe and NSClient++.exe is running and only show problems:
checkProcState my.exe quake.exe=stopped NSClient++.exe=started
my.exe : Stopped
checkProcState MinCritCount=50 svchost.exe=started
Check that cmd.exe with substring printloop in commandline is running:
NSClient++ /test
checkProcState match=regexp cmdline ShowAll .*cmd.*printloop.*=started
CheckWMI.dll
The CheckWMI module has various WMI related functions used to query and check the WMI (Windows Managment Instrumenation). Feel free to request checks that you need.
• CheckWMI, Check large resultsets from (for instance are there more then 5-rows matching criteria X, ie. more then 5 internet explorer processes witch uses more then 123Mb memory).
• CheckWMIValue, Check the result of a query (ie. are the current memory utilization over X)
Configuration
This module has no configuration directives.
CheckWMI
CheckWMI is part of the wiki:CheckWMI module.
New version that is *a lot* more usefull (i hope). It is still alpha need to do more testing but I would like to get some initialö feedback on the syntax and such. Also feel free to try it out and report bugs to me (might wanna keep track of memory and such as I have not done so myself yet) To debug and help you setup your queries there is also a command line interface to run queries and see the result.
nsclient++ CheckWMI <query>
The syntax for this is Similar to CheckEventLog but simpliefied in regards to syntax so I hope it shall be easier to use and udnerstand.
This check enumerates all rows returned from your query filtering results and check the count against a set war and crit threshold. If you want to check a value there will soon be a separet check for that. This is designed to find "anomalies" in result-sets.
Option Values Description
filter any, all Specify the way you want to filter things. (See section below) Not yet implemented (default is all)
truncate length of the returned set This will truncate the output after the specified length. As NRPE can only handle 1024 chars you need to truncate the output.
MaxWarn
number of records The maximum records to allow before reporting a warning state.
MaxCrit
number of records The maximum records to allow before reporting a critical state.
<mode>filter-<type>:<Column> <filter value> A number of strings to use for filtering the event log
Filters
Capturing result entries (or discarding them) are done with filters. There are three kinds of filters.
* positive requirments (+)
All these filters must match or the row is discarded.
* negative requriments (-)
None of these filters can match (if any do the row is discarded).
* normal matches (.)
If this matches the line is included.
The syntax of the filter is: <mode>filter-<type>:<Column>=<expression>
Filter <Mode>s
<mode> title description
+ required filter If you miss this filter the line is discarded
. normal filter If a hit the line is included
- negative filter If a line hits this it is discarded
Filter <Type>s
<type> Value Description
string [[string expression]] Match the column againast a string expression
numeric [[numeric expression]] Match the column againast a numeric expression
Filter <Columns>s
A Column (if specified) will make the filter woirk againast a specific column in the result set.
string expression
A string expression is a key followed by a string that specifies a string expression. Currently substr and regexp are supported. Thus you enter filter.message=regexp:(foo|bar) to enter a regular expression and filter-message=substr:foo to enter a substring patter match.
Examples
Check to see if there is 2 CPUs present (or cores)
CheckWMI MaxCrit=3 MinWarn=1 "Query:load=Select * from win32_Processor"
Check to see that no CPU has less then 2.66GHz frequency
CheckWMI MinCrit=1 MinWarn=1 "Query:load=Select CurrentClockSpeed from win32_Processor" +filter-numeric:CurrentClockSpeed=<2659
To try a query use the following syntax:
nsclient++ CheckWMI Select * from win32_Processor
(I know these are not very usefull, but hopefully they will give you an idea how to do things, there a *a lot* of things to check via the WMI so you ought to be able to do most things you want.)
CheckWMIValue
CheckWMIValue is part of the wiki:CheckWMI module.
It is still alpha need to do more testing but I would like to get some initialö feedback on the syntax and such. Also feel free to try it out and report bugs to me (might wanna keep track of memory and such as I have not done so myself yet) To debug and help you setup your queries there is also a command line interface to run queries and see the result.
nsclient++ CheckWMI <query>
The syntax for this is Similar to other check commands so it should be pretty straight forward to set it up. The plugin will run a WMI query and check the returned columns against bounds provided by the checker (nagios) and report the result.
Option Values Description
MaxWarn Numeric value The maximum allowed value for the column(s).
MaxCrit Numeric value The maximum allowed value for the column(s).
MinWarn Numeric value The minimum allowed value for the column(s).
MinCrit Numeric value The minimum allowed value for the column(s).
ShowAll Empty, long If present will display information even if an item is not reporting a state. If set to long will display more information.
Query WMI Query The WMI query to ask (not stackable, only one query at a time)
Check A column name A column name to check (if * all columns will be checked) (this is stackable, so you can compare any number of columns)
truncate numeric value The maximum length of the query-result.
AliasCol?
Column name A column to be included (prefixed) in the alias for matching columns.
Examples
Check to see if there is 2 CPUs present (or cores)
CheckWMI MaxCrit=3 MinWarn=1 "Query:load=Select * from win32_Processor"
Check the CPU load on all CPUs and warn if above 50 and critical if above 80
CheckWMIValue "Query=Select * from win32_Processor" MaxWarn=50 MaxCrit=80 Check:CPU=LoadPercentage ShowAll=long
To try a query use the following syntax:
nsclient++ CheckWMI Select * from win32_Processor
Check threads in processes and make sure a process does not have more then 50 threads (critical at 100)
CheckWMIValue "Query=select Caption, ThreadCount from Win32_Process" MaxWarn=50 MaxCrit=100 Check:threads=ThreadCount AliasCol=Caption
Gives you:
System threads: 98 > warning, svchost.exe threads: 87 > warning|'System Idle Process threads'=2;50;100; 'System threads'=98;50;100; 'smss.exe threads'=3;50;100; 'csrss.exe threads'=13;50;100; 'winlogon.exe threads'=21;50;100; 'services.exe threads'=18;50;100; 'lsass.exe threads'=21;50;100; 'svchost.exe threads'=19;50;100; 'svchost.exe threads'=11;50;100; 'svchost.exe threads'=87;50;100; 'svchost.exe threads'=6;50;100; 'svchost.exe threads'=18;50;100; 'aswUpdSv.exe threads'=3;50;100; 'ashServ.exe threads'=28;50;100; 'sdmcp.exe threads'=3;50;100; 'spoolsv.exe threads'=11;50;100; 'svchost.exe threads'=4;50;100; 'MSCamS32.exe threads'=5;50;100; 'nTuneService.exe threads'=4;50;100; 'nvsvc32.exe threads'=4;50;100; 'svchost.exe threads'=7;50;100; 'tlswrap.exe threads'=4;50;100; 'vmount2.exe threads'=4;50;100; 'vmnat.exe threads'=3;50;100; 'vmnetdhcp.exe threads'=2;50;100; 'vmware-authd.exe threads'=7;50;100; 'ashMaiSv.exe threads'=8;50;100; 'ashWebSv.exe threads'=22;50;100; 'alg.exe threads'=5;50;100; 'explorer.exe
(I know these are not very usefull, but hopefully they will give you an idea how to do things, there a *a lot* of things to check via the WMI so you ought to be able to do most things you want.)
CheckExternalScripts.dll
This module allows you to check external scripts and/or programs.
Configuration
[External Script]
Configure how the External Scripts module works (not to be confused with the "External Scripts" section below that holds scripts that can be run.
Option Default value Description
command_timeout 60 The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
allow_arguments 0 A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.
allow_nasty_meta_chars 0 Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).
script_dir When set all files in this directory will be available as scripts. This is pretty dangerous but can be a bit useful if you use many scripts and you are sure no one else can add files there.
[External Scripts]
A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments> for instance:
check_es_long=scripts\long.bat
check_es_ok=scripts\ok.bat
check_es_nok=scripts\nok.bat
check_vbs_sample=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs
[External Alias]
Works like the "inject" concept of NRPE scripts module. But in short a list of aliases available. An alias is an internal command that has been "wrapped" (to add arguments). Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
alias_cpu=checkCPU warn=80 crit=90 time=5m time=1m time=30s
alias_disk=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED
alias_service=checkServiceState CheckAll
alias_mem=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=physical
LUAScript.dll
This module allows you to write and change checks in the Lua scripting language. For a quite "guide" on how to write scripts for NSClient++ see the LUAScript/guide page. For information on the Lua scripting language and built-in modules and commands refer to the official Lua pages at: http://www.lua.org/ and http://lua-users.org/wiki/SampleCode
Configuration
[LUA Scripts]
A list of LUA script to load at startup. In difference to "external checks" all LUA scripts are loaded at startup. Names have no meaning since the script (on boot) submit which commands are available and tie that to various functions.
[LUA Scripts]
scripts\test.lua
This is just a quick intro, I will try to add more info here and also try to add more system related functions (like WMI and performance counter access) in the future.
Debugging Lua
Use the print statement to print to the console (can bee sen from nsclient++ /test).
With a Lua script like this loaded:
register_command('lua_debug', 'debug')
function debug (command)
print ('Hello world: ' .. command)
end
Then you run nsclient++ /test:
nsclient++ /test
...
lua_debug Greetings
...
d \nsclient++.cpp(540) Injecting: lua_debug: Greetings
Hello world: lua_debug
e \script_wrapper.hpp(280) No arguments returned from script.
l \nsclient++.cpp(575) No handler for command: 'lua_debug'
A simple script
print('Loading test script...') -- Just print some debug info
register_command('check_something', 'something') -- Register a check-command to a function
function something (command)
-- Check command function (notice arguments are not supported yet)
-- Inject and run another check command
code, msg, perf = inject('CheckCPU','time=5','MaxCrit=5')
-- Print the resulting code
print(code .. ': ' .. msg .. ', ' .. perf)
-- Return the information (slightly modified)
return code, 'hello from LUA: ' .. msg, perf
end
Structure of a script
First all script register all commands they will use (it is possible to register commands at a later time) So you could have a command that "turn on" other commands, but since there is no "turn off" (ie. remove) it does not make much sense as of yet.
To register command you call the register_command function like so:
register_command('command_alias', 'function_in_lua_to_use');
This will when the command command_alias is run execute the function_in_lua_to_use in your script. You can have as many commands as you like so the following is possible:
register_command('lua_1', 'lua_function_1');
register_command('lua_2', 'lua_function_2');
register_command('lua_3', 'lua_function_3');
register_command('lua_4', 'lua_function_4');
register_command('lua_5', 'lua_function_5');
The functions have the following syntax:
function lua_check_function (command)
print ('Hello world: ' .. command)
return 'ok', 'Everything is fine!', 'fine=10%;80;90;'
As of now there are no support for arguments but in the future they will be added. Printing from a check_function is useless (apart from debug) so generally don't do that. The return is a variable list If;
• 3 options are returned they are assumed to be in order: code, message and performance data
• 2 options are returned they are assumed to be in order: code, message
• 1 options are returned they are assumed to be in order: code
The code can be:
• crit (critical)
• warn (warning)
• ok (ok)
• error (critical)
A 'useful' script
-- Register the command
register_command('has', 'check_file_exists')
-- Return true if file exists and is readable.
function file_exists(path)
local file = io.open(path, "rb")
if file then file:close() end
return file ~= nil
end
function check_file_exists (command)
if file_exists('c:\\foo.bar') then
return 'ok', 'File exists'
else
return 'crit', 'File does not exist'
end
end
USAGE
TODO
for now:
If you only wish to test it or debug the client you can use the following without installing it first.
NSClient++ /test
When you see this prompt:
Enter command to inject or exit to terminate...
you can paste in examples from the Commands page at CheckCommands. For example, I get this on my system:
C:\Program Files\NSClient++>NSClient++.exe -test
Launching test mode...
d \NSClient++.cpp(375) Loading plugin: CheckDisk...
d \NSClient++.cpp(375) Loading plugin: CheckSystem...
d \CheckSystem.cpp(79) Autodetected W2K>, using TOOLHELP process enumeration.
d \PDHCollector.cpp(83) Autodetected w2k or later, using w2k PDH counters.
d \NSClient++.cpp(375) Loading plugin: NSClient server...
d \PDHCollector.cpp(103) Detected language: English US (0x0409)
l \NSClient++.cpp(123) Using settings from: INI-file
d \Socket.h(538) Bound to: 0.0.0.0:12489
l \NSClient++.cpp(124) Enter command to inject or exit to terminate...
CheckDriveSize ShowAll MinWarnFree=10% MinCritFree=5% Drive=c:\
d \NSClient++.cpp(440) Injecting: CheckDriveSize: ShowAll, MinWarnFree=10%, MinC
ritFree=5%, Drive=c:\
d \NSClient++.cpp(460) Injected Result: OK 'OK: c:\: 12.3G'
d \NSClient++.cpp(461) Injected Performance Result: ''c:\'=38%;10;5; '
OK:OK: c:\: 12.3G|'c:\'=38%;10;5;
exit
d \NSClient++.cpp(349) Unloading plugin: NSClient server...
d \Socket.h(558) Listener is preparing to shutdown...
d \NSClient++.cpp(349) Unloading plugin: CheckSystem...
d \NSClient++.cpp(349) Unloading plugin: CheckDisk...
C:\Program Files\NSClient++>
Configuration
Configuration is fairly simple and straight forward. Open the configuration file in notepad (or you favorite editor) "notepad <installation path>\NSC.ini" and edit it accordingly. A longer description of the Configuration file is included in the following page.
The file has sections (denoted with section name in brackets) and key/value pairs (denoted by key=value). Thus it has the same syntax as pretty much any other INI file in windows.
The sections are described in short below. The default configuration file has a lot of examples and comments so make sure you change this before you use NSClient++ as some of the examples might be potential security issues.
The configuration can also be stored in the system registry (HKLM\Software\NSClient++) there is currently no UI to configure this so the simplest way is to maintain the configuration in the INI file and "Migrate that" to the registry. This is can be done via the [RemoteConfiguration] module but in short:
NSClient++ -noboot RemoteConfiguration ini2reg
A sample configuration file is included in the download but can also be found here trunk/NSC.dist
Modules
This is a list of modules to load at startup. All the modules included in this list has to be NSClient++ modules and located in the modules subdirectory. This is in effect the list of plug-ins that will be available as the service is running. For information on the various plug-ins check the Modules section in the navigation box.
A good idea here is to disable all modules you don’t actually use for two reasons. One less code equals less potential security holes and two less modules means less resource drain.
Settings
This section has generic options for how NSClient++will work, some of these settings (such as allowed_hosts) is inherited in sections below so it is probably a better idea to set them here in the "global" section.
The options you have available here are
Option Default value Description
obfuscated_password ... An obfuscated version of password. For more details refer to the password option below. To create the obfuscated Password use: "NSClient++.exe /encrypt"
password ... The password used by various (presently only NSClient) daemons. If no password is set everyone will be able to use this service remotely.
allowed_hosts 127.0.0.1 A list (comma separated) with hosts that are allowed to connect and query data. If this is empty all hosts will be allowed to query data. BEWARE: NSClient++ will not resolve the IP address of DNS entries if the service is set to startup automatically. Use an IP address instead.
use_file 0 Has to be set to 1 if you want the file to be read (if set to 0, and the use_reg is set to 1 the registry will be used instead)
Advanced options:
Option Default value Description
master_key ... The secret "key" used when (de)obfuscating passwords.
cache_allowed_hosts 1 Used to cache looked up hosts if you check dynamic/changing hosts set this to 0.
Log
This section has options for how logging is performed. First off notice that for logging to make sense you need to enable the “FileLogger.dll” module that logs all log data to a text file in the same directory as the NSClient++ binary if you don’t enable any logging module nothing will be logged.
The options you have available here are
Option Default value Description
debug 0 A Boolean value that toggles if debug information should be logged or not. This can be either 1 or 0.
file nsclient.log The file to write log data to. If no directory is used this is relative to the NSClient++ binary.
date_mask %Y-%m-%d %H:%M:%S The date format used when logging to a file
NSClient
This is the NSClient module configuration options.
Option Default value Description
port 12489 The port to listen to
obfuscated_password An obfuscated version of password. For more details refer to the password option below.
password The password that incoming client needs to authorize themselves by. This option will replace the one found under Settings for NSClient. If this is blank the option found under Settings will be used. If both are blank everyone will be granted access.
allowed_hosts A list (coma separated) with hosts that are allowed to poll information from NSClient++. This will replace the one found under Setting for NSClient if present. If not present the same option found under Settings will be used. If both are blank all hosts will be allowed to access the system. BEWARE: NSClient++ will not resolve the IP address of DNS entries if the service is set to startup automatically. Use an IP address instead or set cache_allowed_hosts=0 see above.
bind_to_address The address to bind to when listening to sockets, useful if you have more then one NIC/IP address and want the agent to answer on a specific one.
socket_timeout 30 The timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. and discard the connection.
version auto The version number to return for the CLIENTVERSION check (useful to "simulate" an old/different version of the client, auto will be generated from the compiled version string inside NSClient++
Advanced options:
Option Default value Description
socket_back_log Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. This is an advanced option and should not be used.
NRPE
This is configuration for the NRPE module that controls how the NRPE listener operates.
Option Default value Description
port 5666 The port to listen to
allowed_hosts A list (coma separated) with hosts that are allowed to poll information from NRPE. This will replace the one found under Setting for NRPE if present. If not present the same option found under Settings will be used. If both are blank all hosts will be allowed to access the system
use_ssl 1 Boolean value to toggle SSL encryption on the socket connection
bind_to_address The address to bind to when listening to sockets.
command_timeout 60 The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
allow_arguments 0 A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.
allow_nasty_meta_chars 0 Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).
socket_timeout 30 The timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. and discard the connection.
script_dir Load all scripts in a directory and use them as commands. Probably dangerous but usefull if you have loads of scripts
Advanced options:
Option Default value Description
performance_data 1 Send performance data back to nagios (set this to 0 to remove all performance data)
socket_back_log Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. This is an advanced option and should not be used.
string_length 1024 Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work.
Check System
Here you can set various options to configure the System Check module.
Option Default value Description
CPUBufferSize 1h The time to store CPU load data.
CheckResolution?
10 Time between checks in 1/10 of seconds.
Advanced options:
Option Default value Description
auto_detect_pdh 1 Set this to 0 to disable auto detect (counters.defs) PDH language and OS version.
dont_use_pdh_index 0 Set this to 1 if you dont want to use indexes for finding PDH counters.
force_language Set this to a locale ID if you want to force auto-detection of counters from that locale.
ProcessEnumerationMethod?
auto Set the method to use when enumerating processes PSAPI, TOOLHELP or auto
check_all_services[SERVICE_BOOT_START] ignored Set how to handle services set to SERVICE_BOOT_START state when checking all services
check_all_services[SERVICE_SYSTEM_START] ignored Set how to handle services set to SERVICE_SYSTEM_START state when checking all services
check_all_services[SERVICE_AUTO_START] started Set how to handle services set to SERVICE_AUTO_START state when checking all services
check_all_services[SERVICE_DEMAND_START] ignored Set how to handle services set to SERVICE_DEMAND_START state when checking all services
check_all_services[SERVICE_DISABLED] stopped Set how to handle services set to SERVICE_DISABLED state when checking all services
MemoryCommitLimit?
\Memory\Commit Limit Counter to use to check upper memory limit.
MemoryCommitByte?
\Memory\Committed Bytes Counter to use to check current memory usage.
SystemSystemUpTime?
\System\System Up Time Counter to use to check the uptime of the system.
SystemTotalProcessorTime?
\Processor(_total)\% Processor Time Counter to use for CPU load.
ProcessEnumerationMethod?
auto Set the PROCESS enumeration method (auto or TOOLHELP or PSAPI)
External Script
Configure how the External Scripts module works (not to be confused with the "External Scripts" section below that holds scripts that can be run.
Option Default value Description
command_timeout 60 The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
allow_arguments 0 A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.
allow_nasty_meta_chars 0 Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).
script_dir When set all files in this directory will be available as scripts. This is pretty dangerous but can be a bit useful if you use many scripts and you are sure no one else can add files there.
External Scripts
A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments> for instance:
check_es_long=scripts\long.bat
check_es_ok=scripts\ok.bat
check_es_nok=scripts\nok.bat
check_vbs_sample=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs
External Alias
Works like the "inject" concept of NRPE scripts module. But in short a list of aliases available. An alias is an internal command that has been "wrapped" (to add arguments). Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
alias_cpu=checkCPU warn=80 crit=90 time=5m time=1m time=30s
alias_disk=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED
alias_service=checkServiceState CheckAll
alias_mem=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=physical
Eventlog
Some options for the EventLog? module.
Option Default value Description
syntax Set this to use a specific syntax string for all commands (that don't specify one)
Advanced options:
Option Default value Description
debug 0 Log all "hits" and "misses" on the eventlog filter chain, useful for debugging eventlog checks but very very very noisy so you don't want to accidentally set this on a real machine.
includes
A list of other configuration files to include when reading this file. Might be useful if you have a very complex setup or want to have setting split up in segments.
NSCA Agent
Options to configure the new NSCA module.
Option Default value Description
interval 60 Time in seconds between each report back to the server (cant as of yet be set individually so this is for all "checks")
nsca_host ... The NSCA/Nagios(?) server to report results to.
nsca_port 5667 The NSCA server port
encryption_method 1 Number corresponding to the various encryption algorithms (see below). Has to be the same as the server or it wont work at all.
password The password to use. Again has to be the same as the server or it wont work at all.
Advanced options:
Option Default value Description
hostname The host name of this host if set to blank (default) the windows name of the computer will be used.
debug_threads 1 Number of threads to run, no reason to change this really (unless you want to stress test something)
Supported encryption methods:
# Algorithm
0 None (Do NOT use this option)
1 Simple XOR (No security, just obfuscation, but very fast)
2 DES
3 3DES (Triple DES)
4 CAST-128
6 xTEA
8 BLOWFISH
9 TWOFISH
11 RC2
14 RIJNDAEL-128 (AES)
20 SERPENT
NSCA Commands
A list of commands to run and submit each time we report back to the NSCA server. A command starting with host_ will be submitted as a host command. For an example see below: This will report back one service check (called my_cpu_check) and one host check (host checks has no service name).
[NSCA Commands]
my_cpu_check=checkCPU warn=80 crit=90 time=20m time=10s time=4
host_check=check_ok
LUA Scripts
A list of LUA script to load at startup. In difference to "external checks" all LUA scripts are loaded at startup. Names have no meaning since the script (on boot) submit which commands are available and tie that to various functions.
[LUA Scripts]
scripts\test.lua
NRPE Handlers
This is a list of handlers for NRPE execution this can of course be used by any module (such as NSClient) but for historical reasons they are located in this section especially as NRPE plug-in is the one that does the actual execution.
The handlers can have two different syntaxes:
• command[my_command]=/some/executable
• my_command=/some/executable
The latter is the preferred way as it is shorter.
About NSClient++
NSClient++ (or nscp as I tend to call it nowadays) aims to be a simple yet powerful and secure monitoring daemon for Windows operating systems. It is built for Nagios, but nothing in the daemon is actually Nagios specific and could probably, with little or no change, be integrated into any monitoring software that supports running user tools for polling.
The structure of the daemon is a simple NT service that loads plug-ins to an internal stack. The plug-ins can then request data (poll performance data) from the other plug-ins through the internal stack. As of now there are a few plug-ins for basic performance data collection. For details of supplied modules, see CheckCommands.
NSClient++ can be extended in two ways: you can either write your own plug-in or you can execute an external script (as of now batch/exe/*). Writing your own plug-in is, of course, the most powerful way but requires knowledge of C++ or other languages which can produce DLLs and interface with regular C programs (generally, every other language available, but there is some simple API helpers for C/C++ as well as descriptions).
As for checking with NSClient++, I would recommend NRPE as it is a lot more flexible than check_nt. But NSClient has full support for check_nt, and if there is an interest, I could probably add support for check_nt from nc_net.
Supported OS/Platform
NSClient++ should run on the following operating systems:
• NT4 (SP5?)
• Windows 2000 W2K
• Windows XP
• Windows 2003
• Windows Vista
• ...
...as well as the following platforms:
• Win32
• x64 (AMT64/EMT64)
• IA64 (Itanium)
Whats in a name?
Since I have noticed some ppl. use other names for the client I decided to list them here to make it simpler (ie. Goggle might find it) for people to find it.
• NSClient++ (the "real" name)
• NSCP (what I sometimes use)
• NSClientpp (version of NSCLient++)
• NSClient (?)
• Saw a French (Spanish) site use: NSC++
Again I myself as stated before prefer NSClient++ or NSCP.
Installation
NSClient++ comes with simple command line option for registering (and deregistering) the service but it does not have a GUI installer.
Thus to install the Client you only need to copy the files to a directory of your choice and then run “NSClient++ /install”.
Before you start NSClient++ you need to configure it by editing the configuration file (NSC.ini). The configuration file is a simple text file and is explained in detail under Configuration. The files needed by NSClient++ varies but mainly the exe and DLL's in the NSClient++ root are required as well as all the modules you plan to use from the modules subdirectory (/modules/*).
The configuration file (NSC.ini) NEEDS to be configured as for security reasons all plug-ins are disabled by default. The reason for this is so no one will accidentally install this and get potential security issues, I believe that things should be "off" by default. Also notice that by default allowed_hosts are 127.0.0.1 so you need to modify this as well.
If you plan to use the SystemTray module (that shows a system tray icon on the desktop you need to install the SystemTray module as well as NSClient++. To install NSClient++ execute the following command:
NSClient++ /install
NSClient++ SysTray install
To uninstall NSClient++ execute the following command:
NSClient++ SysTray uninstall
NSClient++ /uninstall
To start NSClient++ execute the following command:
NSClient++ /start
To stop NSClient++ execute the following command:
NSClient++ /stop
If you only wish to test it or debug the client you can use the following without installing it first.
NSClient++ /test
Firewall
Firewall configuration should be pretty straight forward:
If you use NRPEListener (check_nrpe) you need the NRPE port open (usually 5666) from the nagios server towards the client.
nagios:* -> client:5666
If you use the NSClientListener (check_nt) you need the (modified) NSClient port open (usually 12489) from the nagios server towards the client.
nagios:* -> client:12489
If you use the NSCA Module (passive checks) you need the NSCA port open from the client towards the nagios server.
client:* -> nagios:5667
If you use the NRPEClient module to check any remote systems (use NSClient++ as a proxy) you need to have NRPE port (usually 5666) open from NSClient++ (the proxy) to the remote-client in addition to the method you use to submit the results to the server.
nsclient-proxy:* -> remote-client:5666
All these ports can be changed so check your nsc.ini.
NT4
NT4 does not come with the PDH library and you need to install that before using NSClient++. PDH can be downloaded from Microsoft: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q284996 and the simplest way to install it is to uncompress it directly into the NSClient++ directory.
NT4 also (sometimes) lack the PSAPI helper which is available in the "Platform SDK Redistributable: PSAPI for Windows NT" from Microsoft. http://www.microsoft.com/downloads/details.aspx?FamilyID=3d1fbaed-d122-45cf-9d46-1cae384097ac as with the PDH either install in system32 or local NSClient++ directory.
Information
Commands/Modules
CheckDisk
CheckFileSize
CheckDriveSize
CheckFile
CheckEventLog
CheckSystem
CheckCPU
CheckUpTime
CheckServiceState
CheckProcState
CheckMem
CheckCounter
CheckHelpers
CheckAlwaysOK
CheckAlwaysCRITICAL
CheckAlwaysWARNING
CheckMultiple
FileLogger
NRPEListener
NSClientListener
SysTray
CheckWMI
CheckWMIValue
RemoteConfiguration
CheckExternalScripts
LUAScript
Guide
NSCAAgent
Donate
CheckDisk.dll
The CheckDisk module has various disk related checks currently focusing on size. But hopefully it will be extended with date existence and many other disk related checks in the future. Feel free to request checks that you need.
• CheckFileSize, Check the size of one or more files or directories.
• CheckDriveSize, Check the size of one or more Drives
• CheckFile, Check various aspects on one or more files or directories.
Configuration
This module has no configuration directives.
CheckFileSize
CheckFileSize is part of the wiki:CheckDisk module
This check does a recursive size calculation of the directory (or file) specified. A request has one or more options described in the table below. The order only matter in that the size has to be specified before the File option this becaous you can change the size for each drive by specifying multiple Size options.
Option Values Description
MaxWarn
size-value
The maximum size the directory is allowed before a warning state is returned.
MaxCrit
size-value
The maximum size the directory is allowed before a critical state is returned.
MinWarn
size-value
The minimum size the directory is allowed before a warning state is returned.
MinCrit
size-value
The minimum size the directory is allowed before a critical state is returned.
ShowAll
None A Boolean flag to show size of directories that are not in an alarm state. If this is not specified only drives with an alarm state will be listed in the resulting string.
File File or directory name The name of the file or directory that should have its size calculated. Notice that large directory structures will take a long time to check.
File:<alias> File or directory name Same as the file option but using a short alias in the returned data.
The size-value is a normal numeric-value with a unit postfix. The available postfixes are B for Byte, K for Kilobyte, M for Megabyte and finally G for Gigabyte.
Examples
Check the size of the windows directory and make sure it stays below 1 gigabyte:
CheckFileSize ShowAll MaxWarn=1024M MaxCrit=4096M File:WIN=c:\WINDOWS\*.*
WARNING: WIN: 2G (2325339822B)|WIN=2325339822;1073741824;4294967296
define command {
command_name CheckFileSize
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a ShowAll MaxWarn=$ARG1$ MaxCrit=$ARG2$ File:$ARG4$=$ARG5$
}
check_command CheckFileSize!1024M!4096M!WIN!c:\WINDOWS\*.*
Check the size of the pagefile.sys and make sure it stays above 1 gigabyte:
CheckFileSize ShowAll MinWarn=1G MinCrit=512M File=c:\pagefile.sys
OK: c:\pagefile.sys: 1G (1610612736B)
define command {
command_name CheckPageFile
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a ShowAll MinWarn=$ARG1$ MinCrit=$ARG2$ File:PageFile=c:\pagefile.sys
}
check_command CheckPageFile!1G!512M
Sample of using individual size for multiple files.:
CheckFileSize MaxWarn=2G MaxCrit=4G File=c:\\pagefile.sys MaxWarn=1K MaxCrit=512 File=c:\\boot.ini
OK all file sizes are within bounds.
define command {
command_name CheckMyFiles
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a MaxWarn=2G MaxCrit=4G File=c:\\pagefile.sys MaxWarn=1K MaxCrit=512 File=c:\\boot.ini
}
check_command CheckMyFiles
I have had to set this up like this for our Windows Servers
# Check File Size === Greg Small
define command {
command_name CheckFileSize
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a MaxWarn=$ARG1$ MaxCrit=$ARG2$ File=$ARG3$
}
define service{
use xx-app-service
host_name SERVER01
service_description Information store database
check_command CheckFileSize!13G!15.5G!'d:\\exchsrvr\\mdbdata\\priv1.edb'
}
CheckDriveSize
CheckDriveSize is part of the CheckDisk module
This check verifies the size of various drives specified on the command line. A request has one or more options described in the table below. The order only matters in that the size has to be specified before the Drive option because you can change the size for each drive by specifying multiple Size options.
Option Values Description
MaxWarnFree size-value or %
The maximum allowed free space for the drive(s).
MaxCritFree size-value or %
The maximum allowed free space for the drive(s).
MinWarnFree size-value or %
The minimum allowed free space for the drive(s).
MinCritFree size-value or %
The minimum allowed free space for the drive(s).
MaxWarnUsed size-value or %
The maximum allowed used space for the drive(s).
MaxCritUsed size-value or %
The maximum allowed used space for the drive(s).
MinWarnUsed size-value or %
The minimum allowed used space for the drive(s).
MinCritUsed size-value or %
The minimum allowed used space for the drive(s).
ShowAll Empty, long If present will display information even if an item is not reporting a state. If set to long will display more information.
Drive A Drive letter or the path of a mounted Volume The letter of the drive to check.
FilterType FIXED, CDROM, REMOVABLE, REMOTE Filter for drive type to prevent checking drives of certain kinds (most useful when using CheckAll?). The default is FIXED
CheckAll None Check all available drives
CheckAllOthers None Check all drives (matching Filters) except those specified in the Drive= clause.
The size-value or % is a normal numeric-value with an optional unit or percentage postfix to specify large sizes. The available postfixes are B for Byte, K for Kilobyte, M for Megabyte, G for Gigabyte and finally % for percent free space.
Examples
Check the size of C:\ and make sure it has 10% free space:
CheckDriveSize ShowAll MinWarnFree=10% MinCritFree=5% Drive=c:\
CRITICAL: C:: Total: 74.5G - Used: 71.2G (95%) - Free: 3.28G (5%) < critical|C:;5%;10;5;
define command {
command_name CheckDriveSize
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckDriveSize -a Drive=$ARG1$ ShowAll MaxWarn=$ARG2$ MaxCrit=$ARG3$
}
check_command CheckDriveSize!C:\!50%!75%
To check the size of mounted volume c:\volumne_test and make sure it has 1M free space
CheckDriveSize ShowAll MaxWarn=1M MaxCrit=2M Drive="c:\\volumne_test\\"
CRITICAL: c:\volumne_test\: 3M (4193280B)|c:\volumne_test\=4193280;0;0;
check_command CheckDriveSize!c:\volumne_test\!1M!2M
To check the size of all fixed and network drives and make sure they have atleast 1gig free space
CheckDriveSize MinWarn=50% MinCrit=25% CheckAll FilterType=FIXED FilterType=REMOTE
CRITICAL: D:\: Total: 186G - Used: 186G (99%) - Free: 709M (1%) < warning, Y:\: Total: 279G - Used: 279G (99%) - Free: 384M (1%) < critical|C:\;76514398208;1073741824;536870912; D:\;199303897088;1073741824;536870912; X:\;35467034624;1073741824;536870912; Y:\;299649466368;1073741824;536870912;
define command {
command_name CheckAllDrives
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckDriveSize -a CheckAll FilterType=FIXED FilterType=REMOTE MinWarn=$ARG1$ MinCrit=$ARG2$
}
check_command CheckAllDrives!25%!50%
Check all fixed and network drives but ignore C and F
define command {
command_name CheckAllDrivesExceptCF
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckDriveSize -a CheckAllOthers FilterType=FIXED FilterType=REMOTE MinWarn=$ARG1$ MinCrit=$ARG2$ "Drive=C:\\" Drive=F:\\
}
CheckFile
A new command to check a bunch of files.
BETA
Simple draft and subject to change. This works similarily to CheckEventLog and uses filters to filter out (or in) a certain amount of files and then checks the count against a given number reporting an error if the count is not within bounds.
Option Values Description
file A filename, filter or path The files to check for instance c:\*.* will check the entire drive (bad idea) c:\foo\bar\my\file.txt will check only that file.
filter in, out, any, all Specify the way you want to filter things. (See section below)
descriptions None Flag to specify if you want to include string representation of the file data (not implemented yet)
truncate length of the returned set This will truncate the output after the specified length. As NRPE can only handle 1024 chars you need to truncate the output.
MaxWarn
number of records The maximum hits to allow before reporting a warning state.
MaxCrit
number of records The maximum hits to allow before reporting a critical state.
MinWarn
number of records The minimum hits to allow before reporting a warning state.
MinCrit
number of records The minimum hits to allow before reporting a critical state.
filter-size size-expression
The size a file should have.
filter-creation time-expression
Filter on a date (the time is specified from "now" not absolute. so filter-created=>2d will mean files created more then 2 days ago will match.
filter-accessed time-expression
Filter on a date (the time is specified from "now" not absolute.)
filter-written time-expression
Filter on a date (the time is specified from "now" not absolute.)
syntax String A syntax string that describes how each matched file is shown the string can have the following keywords: %filename%, %creation%, %access%, %write%, %size%
Filter
filter = (in, out, any, all) Specify the way you want to filter things.
in means any thing matching this filter will be included in the result.
out means any thing matching this filter will be excluded from the result.
any means any of the filter rules has to match.
all means all of the filter rules have to match.
Thus filter=all filter=in and filter=any filter=out is the combinations that makes the most sense depending on your filter concept.
Examples
This command will check the date of a file (boot.ini) and alert if it's modified (written) date is greater than 3 days (3d).
checkcommand.cfg {
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c CheckFile -a file="$ARG1$" filter-written=\>"$ARG2$" syntax="%filename% last updated %write%" MaxCrit=1
}
service.cfg {
check_command nrpe_check_file_last_written!"C:\\boot.ini"!3d
}
CheckEventLog.dll
The CheckEventLog module checks for problems reported to the windows event log.
• CheckEventLog, Check to find errors in the event log.
Configuration
Option Default value Description
syntax Set this to use a specific syntax string for all commands (that don't specify one)
Advanced options:
Option Default value Description
debug 0 Log all "hits" and "misses" on the eventlog filter chain, useful for debugging eventlog checks but very very very noisy so you don't want to accidentally set this on a real machine.
CheckSystem.dll
A module to check various system related things. A list of the modules and there potential use is listed below here.
• wiki:CheckCPU, Check CPU load
• wiki:CheckUpTime, Check system uptime
• wiki:CheckServiceState, Check state of a service
• wiki:CheckProcState, Check state of a process
• wiki:CheckMem, Check memory usage (page)
Command Line
To simplify debug and setup there is two commandline options that list and test all avalible PDH counters.
• NSClient++ -noboot CheckSystem debugpdh
• NSClient++ -noboot CheckSystem listpdh
Configuration
This module should auto detect most versions of windows (if you have a problem with this let me know so I can update it). Thus you no longer need to configure the grayed out options. There is also some other tweaks that can be configured such as check resolution and buffer size. For more details on how to configure this refer to the Configuration section.
[Check System]
Option Default value Description
CPUBufferSize 1h The time to store CPU load data.
CheckResolution?
10 Time between checks in 1/10 of seconds.
Advanced options:
Option Default value Description
auto_detect_pdh 1 Set this to 0 to disable auto detect (counters.defs) PDH language and OS version.
dont_use_pdh_index 0 Set this to 1 if you dont want to use indexes for finding PDH counters.
force_language Set this to a locale ID if you want to force auto-detection of counters from that locale.
ProcessEnumerationMethod?
auto Set the method to use when enumerating processes PSAPI, TOOLHELP or auto
check_all_services[SERVICE_BOOT_START] ignored Set how to handle services set to SERVICE_BOOT_START state when checking all services
check_all_services[SERVICE_SYSTEM_START] ignored Set how to handle services set to SERVICE_SYSTEM_START state when checking all services
check_all_services[SERVICE_AUTO_START] started Set how to handle services set to SERVICE_AUTO_START state when checking all services
check_all_services[SERVICE_DEMAND_START] ignored Set how to handle services set to SERVICE_DEMAND_START state when checking all services
check_all_services[SERVICE_DISABLED] stopped Set how to handle services set to SERVICE_DISABLED state when checking all services
MemoryCommitLimit?
\Memory\Commit Limit Counter to use to check upper memory limit.
MemoryCommitByte?
\Memory\Committed Bytes Counter to use to check current memory usage.
SystemSystemUpTime?
\System\System Up Time Counter to use to check the uptime of the system.
SystemTotalProcessorTime?
\Processor(_total)\% Processor Time Counter to use for CPU load.
ProcessEnumerationMethod?
auto Set the PROCESS enumeration method (auto or TOOLHELP or PSAPI)
CheckCPU
CheckCPU is part of the wiki:CheckSystem module.
This check calculates an average of CPU usage for a specified period of time. The data is always collected in the background and the size and interval is configured from the CPUBufferSize and CheckResolution? options. A request has one or more options described in the table below.
Option Values Description
warn load in % Load to go above to generate a warning.
crit load in % Load to go above to generate a critical state.
Time time with optional prefix The time to calculate average over.
Multiple time= entries can be given - generating multiple CPU usage summaries and multiple warn/crits.
nsclient Flag to make the plug in run in NSClient compatibility mode
ShowAll
none, long Add this option to show info even if no errors are detected. Set it to long to show detailed information.
Time can use any of the following postfixes. w=week, d=day, h=hour, m=minute and s=second.
Examples
Check that the CPU load for various times is below 80%:
checkCPU warn=80 crit=90 time=20m time=10s time=4
CPU Load ok.|'20m average'=11%;80;90; '10s average'=7%;80;90; '4 average'=10%;80;90;
Showing multiple time entry usage and returned data
CheckCPU warn=2 crit=80 time=5m time=1m time=10s
WARNING: 5m: average load 8% > warning, 1m: average load 2% > warning, 10s: average load 4% > warning|'5m'=8;2;80; '1m'=2;2;80; '10s'=4;2;80;
Check CPU load with intervals like known from Linux/Unix (with example thresholds):
checkCPU warn=100 crit=100 time=1 warn=95 crit=99 time=5 warn=90 crit=95 time=15
FAQ
• Question: How does it handle multi CPU machines?
• Answer: The returned value is the average value of the CPU load of all the processors.
CheckUpTime
This check checks the uptime of a server and if the time is less then the times given as arguments a state is returned.
Option Values Description
MaxCrit
time Maximum time the system is allowed to be up
MinCrit
time Minimum time the system is allowed to be up
MaxWarn
time Maximum time the system is allowed to be up
MinWarn
time Minimum time the system is allowed to be up
nsclient Flag to make the plug in run in NSClient compatibility mode
ShowAll
Add this option to show details even if an error is not encountered.
Alias string A string to use as alias for the values (default is uptime)
Examples
Check that the system has been running for at least a day:
checkUpTime MinWarn=1d MinCrit=12h
Client has uptime (19h) < warning (24h)
CheckServiceState
This check checks the state of one or more service on the system and generates a critical state if any service is not in the required state.
Option Values Description
ShowAll
A flag to toggle if all service states should be listed.
ShowFail?
(default) A flag to indicate if only failed service states should be listed.
service=state A service name or service display name and a state the service should have. The state can be either started or stopped. If no state is given started is assumed.
CheckAll?
Check to see that all services set to auto-start are started and all set to disabled are not started.
exclude service name Exclude this service from CheckAll?
Examples
Check that myService is running and that MyStoppedService? is not running:
checkServiceState ShowAll myService MyStoppedService=stopped
myService : Running - MyStoppedService : Stopped
Check that all auto-start services are running but exclude some that are intentionaly not in the correct state:
checkServiceState CheckAll exclude=wampmysqld exclude=MpfService
OK: All services are running.
CheckMem
This check checks the memory (page) usage and generates a state if the memory is above or below give parameters.
Option Values Description
MaxWarn
size-value or %
The maximum size allowed before a warning state is returned.
MaxCrit
size-value or %
The maximum size allowed before a critical state is returned.
MinWarn
size-value or %
The minimum size allowed before a warning state is returned.
MinCrit
size-value or %
The minimum size allowed before a critical state is returned.
ShowAll
None A Boolean flag to show size even if no state is returned (?).
type page, paged, virtual, physical What kind of memory to check (does not yet support stacking to check multiple kinds)
The size-value or % is a normal numeric-value with an optional unit or percentage postfix to specify large sizes. The available postfixes are B for Byte, K for Kilobyte, M for Megabyte, G for Gigabyte and finally % for percent free space.
What the different types really mean
Type Meaning
page Number of .. ?? This is the commitlimit (same as used in NSCLient, ie. via PDH, available on NT4)
paged Number of .. ?? (Usually identical to 'page', different APIs for I think the same thing) According to M$ this is: Size of available memory to commit, in bytes.
virtual Number of pages of swap currently in use (note - it does NOT = (physical + swap) as on *nix boxes) According to M$ this is: Size of unreserved and uncommitted memory in the user mode portion of the virtual address space of the calling process, in bytes.
physical Total amount of RAM in the server ?? (does it change?) According to M$ this is: Total size of physical memory, in bytes.
Examples
Check that the page is below 80%:
checkMem MaxWarn=80% MaxCrit=90% ShowAll type=page
OK: page: 758M (795205632B)|page=30% 80%;90%;
Check that the physical is below 80%:
checkMem MaxWarn=80% MaxCrit=90% ShowAll type=physical
OK: physical: 758M (795205632B)|'physical memory'=30% 80%;90%;
CheckCounter
Used to check performance counters. This is probably how most things can be checked as there are a lot of performance counters. To find performance counters, use the program perfmon that is shipped with windows. An important note is that performance counters are language and version specific. You can list all available performance counters using the listpdh option as shown in the examples below.
Option Values Description
MaxWarn
Number Maximum allowed number
MaxCrit
Number Maximum allowed number
MinWarn
Number Minimum allowed number
MinCrit
Number Minimum allowed number
ShowAll
None A Boolean flag to show value even if no state is returned.
Counter Performance Counter Add a performance counter to this check
Counter:<name> Performance Counter Add a named performance counter. The <name> will be used as an alias.
Averages true, false Set this to false to make performance checking faster of counters that doesn't represent average values.
Examples
Check that mutex count (on WinXP) is below 500:
checkCounter "Counter:mutex=\\Objects\\Mutexes" ShowAll MaxWarn=500 MaxCrit=1000
WARNING: mutex: 673 > warning|mutex=673;500;1000;
Using instances(?) in counters
checkCounter "Counter=\\Processor(_total)\\% Processor Time" ...
...
List all available performance counters, and debug them (means, open, try to read, close, etc)
nsclient++ CheckSystem listpdh
...
"NSClient++.exe" CheckSystem debugpdh
...
I have had to set this up for Counter Checking =-= Greg Small
define command {
command_name check_counter
# command_line $USER1$/check_nt $HOSTADDRESS$ -p 12489 -v COUNTER -l $ARG1$ -d SHOWALL -w $ARG2$ -c $ARG3$
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c CheckCounter -a $ARG1$ ShowAll MaxWarn=$ARG2$ MaxCrit=$ARG3$
}
define service{
use itx-app-service
host_name HOST
service_description Microsoft Exchange 5.5 IS RPC Operations / Sec
check_command check_counter!"\\MSExchangeIS\\RPC Operations/sec"!300!400
}
define service{
use itx-app-service
host_name HOST
service_description Windows 2000/2003 Physical Disk Time
check_command check_counter!"\\PhysicalDisk(_Total)\\% Disk Time"!60!90
notes More than 60 percent indicates a problem.
}
CheckProcState
This check checks the state of one or more processes on the system and generates a critical state if any process is not in the required state
Option Values Description
ShowAll
A flag to toggle if all process states should be listed.
ShowFail?
(default) A flag to indicate if only failed process states should be listed.
process=state A process name and a state the process should have. The state can be either started or stopped. If no state is given started is assumed. The name is the name of the executable.
Alias alias Give a process an alias
ignore-perf-data If present performance data will be stripped out
Proc:<alias>=<state> A process name and a state the process should have.
(Max|Min)(Warn|Crit)Count number Process count bounds For instance: MaxCritCount?=4 means if a process has more then 4 instances it will be a critical condition.
Examples
Check that quake.exe is not running and NSClient++.exe is running:
checkProcState ShowAll quake.exe=stopped NSClient++.exe=started
quake.exe : Stopped - NSClient++.exe : Running
Check that quake.exe is not running and my.exe and NSClient++.exe is running and only show problems:
checkProcState my.exe quake.exe=stopped NSClient++.exe=started
my.exe : Stopped
checkProcState MinCritCount=50 svchost.exe=started
Check that cmd.exe with substring printloop in commandline is running:
NSClient++ /test
checkProcState match=regexp cmdline ShowAll .*cmd.*printloop.*=started
CheckWMI.dll
The CheckWMI module has various WMI related functions used to query and check the WMI (Windows Managment Instrumenation). Feel free to request checks that you need.
• CheckWMI, Check large resultsets from (for instance are there more then 5-rows matching criteria X, ie. more then 5 internet explorer processes witch uses more then 123Mb memory).
• CheckWMIValue, Check the result of a query (ie. are the current memory utilization over X)
Configuration
This module has no configuration directives.
CheckWMI
CheckWMI is part of the wiki:CheckWMI module.
New version that is *a lot* more usefull (i hope). It is still alpha need to do more testing but I would like to get some initialö feedback on the syntax and such. Also feel free to try it out and report bugs to me (might wanna keep track of memory and such as I have not done so myself yet) To debug and help you setup your queries there is also a command line interface to run queries and see the result.
nsclient++ CheckWMI <query>
The syntax for this is Similar to CheckEventLog but simpliefied in regards to syntax so I hope it shall be easier to use and udnerstand.
This check enumerates all rows returned from your query filtering results and check the count against a set war and crit threshold. If you want to check a value there will soon be a separet check for that. This is designed to find "anomalies" in result-sets.
Option Values Description
filter any, all Specify the way you want to filter things. (See section below) Not yet implemented (default is all)
truncate length of the returned set This will truncate the output after the specified length. As NRPE can only handle 1024 chars you need to truncate the output.
MaxWarn
number of records The maximum records to allow before reporting a warning state.
MaxCrit
number of records The maximum records to allow before reporting a critical state.
<mode>filter-<type>:<Column> <filter value> A number of strings to use for filtering the event log
Filters
Capturing result entries (or discarding them) are done with filters. There are three kinds of filters.
* positive requirments (+)
All these filters must match or the row is discarded.
* negative requriments (-)
None of these filters can match (if any do the row is discarded).
* normal matches (.)
If this matches the line is included.
The syntax of the filter is: <mode>filter-<type>:<Column>=<expression>
Filter <Mode>s
<mode> title description
+ required filter If you miss this filter the line is discarded
. normal filter If a hit the line is included
- negative filter If a line hits this it is discarded
Filter <Type>s
<type> Value Description
string [[string expression]] Match the column againast a string expression
numeric [[numeric expression]] Match the column againast a numeric expression
Filter <Columns>s
A Column (if specified) will make the filter woirk againast a specific column in the result set.
string expression
A string expression is a key followed by a string that specifies a string expression. Currently substr and regexp are supported. Thus you enter filter.message=regexp:(foo|bar) to enter a regular expression and filter-message=substr:foo to enter a substring patter match.
Examples
Check to see if there is 2 CPUs present (or cores)
CheckWMI MaxCrit=3 MinWarn=1 "Query:load=Select * from win32_Processor"
Check to see that no CPU has less then 2.66GHz frequency
CheckWMI MinCrit=1 MinWarn=1 "Query:load=Select CurrentClockSpeed from win32_Processor" +filter-numeric:CurrentClockSpeed=<2659
To try a query use the following syntax:
nsclient++ CheckWMI Select * from win32_Processor
(I know these are not very usefull, but hopefully they will give you an idea how to do things, there a *a lot* of things to check via the WMI so you ought to be able to do most things you want.)
CheckWMIValue
CheckWMIValue is part of the wiki:CheckWMI module.
It is still alpha need to do more testing but I would like to get some initialö feedback on the syntax and such. Also feel free to try it out and report bugs to me (might wanna keep track of memory and such as I have not done so myself yet) To debug and help you setup your queries there is also a command line interface to run queries and see the result.
nsclient++ CheckWMI <query>
The syntax for this is Similar to other check commands so it should be pretty straight forward to set it up. The plugin will run a WMI query and check the returned columns against bounds provided by the checker (nagios) and report the result.
Option Values Description
MaxWarn Numeric value The maximum allowed value for the column(s).
MaxCrit Numeric value The maximum allowed value for the column(s).
MinWarn Numeric value The minimum allowed value for the column(s).
MinCrit Numeric value The minimum allowed value for the column(s).
ShowAll Empty, long If present will display information even if an item is not reporting a state. If set to long will display more information.
Query WMI Query The WMI query to ask (not stackable, only one query at a time)
Check A column name A column name to check (if * all columns will be checked) (this is stackable, so you can compare any number of columns)
truncate numeric value The maximum length of the query-result.
AliasCol?
Column name A column to be included (prefixed) in the alias for matching columns.
Examples
Check to see if there is 2 CPUs present (or cores)
CheckWMI MaxCrit=3 MinWarn=1 "Query:load=Select * from win32_Processor"
Check the CPU load on all CPUs and warn if above 50 and critical if above 80
CheckWMIValue "Query=Select * from win32_Processor" MaxWarn=50 MaxCrit=80 Check:CPU=LoadPercentage ShowAll=long
To try a query use the following syntax:
nsclient++ CheckWMI Select * from win32_Processor
Check threads in processes and make sure a process does not have more then 50 threads (critical at 100)
CheckWMIValue "Query=select Caption, ThreadCount from Win32_Process" MaxWarn=50 MaxCrit=100 Check:threads=ThreadCount AliasCol=Caption
Gives you:
System threads: 98 > warning, svchost.exe threads: 87 > warning|'System Idle Process threads'=2;50;100; 'System threads'=98;50;100; 'smss.exe threads'=3;50;100; 'csrss.exe threads'=13;50;100; 'winlogon.exe threads'=21;50;100; 'services.exe threads'=18;50;100; 'lsass.exe threads'=21;50;100; 'svchost.exe threads'=19;50;100; 'svchost.exe threads'=11;50;100; 'svchost.exe threads'=87;50;100; 'svchost.exe threads'=6;50;100; 'svchost.exe threads'=18;50;100; 'aswUpdSv.exe threads'=3;50;100; 'ashServ.exe threads'=28;50;100; 'sdmcp.exe threads'=3;50;100; 'spoolsv.exe threads'=11;50;100; 'svchost.exe threads'=4;50;100; 'MSCamS32.exe threads'=5;50;100; 'nTuneService.exe threads'=4;50;100; 'nvsvc32.exe threads'=4;50;100; 'svchost.exe threads'=7;50;100; 'tlswrap.exe threads'=4;50;100; 'vmount2.exe threads'=4;50;100; 'vmnat.exe threads'=3;50;100; 'vmnetdhcp.exe threads'=2;50;100; 'vmware-authd.exe threads'=7;50;100; 'ashMaiSv.exe threads'=8;50;100; 'ashWebSv.exe threads'=22;50;100; 'alg.exe threads'=5;50;100; 'explorer.exe
(I know these are not very usefull, but hopefully they will give you an idea how to do things, there a *a lot* of things to check via the WMI so you ought to be able to do most things you want.)
CheckExternalScripts.dll
This module allows you to check external scripts and/or programs.
Configuration
[External Script]
Configure how the External Scripts module works (not to be confused with the "External Scripts" section below that holds scripts that can be run.
Option Default value Description
command_timeout 60 The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
allow_arguments 0 A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.
allow_nasty_meta_chars 0 Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).
script_dir When set all files in this directory will be available as scripts. This is pretty dangerous but can be a bit useful if you use many scripts and you are sure no one else can add files there.
[External Scripts]
A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments> for instance:
check_es_long=scripts\long.bat
check_es_ok=scripts\ok.bat
check_es_nok=scripts\nok.bat
check_vbs_sample=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs
[External Alias]
Works like the "inject" concept of NRPE scripts module. But in short a list of aliases available. An alias is an internal command that has been "wrapped" (to add arguments). Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
alias_cpu=checkCPU warn=80 crit=90 time=5m time=1m time=30s
alias_disk=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED
alias_service=checkServiceState CheckAll
alias_mem=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=physical
LUAScript.dll
This module allows you to write and change checks in the Lua scripting language. For a quite "guide" on how to write scripts for NSClient++ see the LUAScript/guide page. For information on the Lua scripting language and built-in modules and commands refer to the official Lua pages at: http://www.lua.org/ and http://lua-users.org/wiki/SampleCode
Configuration
[LUA Scripts]
A list of LUA script to load at startup. In difference to "external checks" all LUA scripts are loaded at startup. Names have no meaning since the script (on boot) submit which commands are available and tie that to various functions.
[LUA Scripts]
scripts\test.lua
This is just a quick intro, I will try to add more info here and also try to add more system related functions (like WMI and performance counter access) in the future.
Debugging Lua
Use the print statement to print to the console (can bee sen from nsclient++ /test).
With a Lua script like this loaded:
register_command('lua_debug', 'debug')
function debug (command)
print ('Hello world: ' .. command)
end
Then you run nsclient++ /test:
nsclient++ /test
...
lua_debug Greetings
...
d \nsclient++.cpp(540) Injecting: lua_debug: Greetings
Hello world: lua_debug
e \script_wrapper.hpp(280) No arguments returned from script.
l \nsclient++.cpp(575) No handler for command: 'lua_debug'
A simple script
print('Loading test script...') -- Just print some debug info
register_command('check_something', 'something') -- Register a check-command to a function
function something (command)
-- Check command function (notice arguments are not supported yet)
-- Inject and run another check command
code, msg, perf = inject('CheckCPU','time=5','MaxCrit=5')
-- Print the resulting code
print(code .. ': ' .. msg .. ', ' .. perf)
-- Return the information (slightly modified)
return code, 'hello from LUA: ' .. msg, perf
end
Structure of a script
First all script register all commands they will use (it is possible to register commands at a later time) So you could have a command that "turn on" other commands, but since there is no "turn off" (ie. remove) it does not make much sense as of yet.
To register command you call the register_command function like so:
register_command('command_alias', 'function_in_lua_to_use');
This will when the command command_alias is run execute the function_in_lua_to_use in your script. You can have as many commands as you like so the following is possible:
register_command('lua_1', 'lua_function_1');
register_command('lua_2', 'lua_function_2');
register_command('lua_3', 'lua_function_3');
register_command('lua_4', 'lua_function_4');
register_command('lua_5', 'lua_function_5');
The functions have the following syntax:
function lua_check_function (command)
print ('Hello world: ' .. command)
return 'ok', 'Everything is fine!', 'fine=10%;80;90;'
As of now there are no support for arguments but in the future they will be added. Printing from a check_function is useless (apart from debug) so generally don't do that. The return is a variable list If;
• 3 options are returned they are assumed to be in order: code, message and performance data
• 2 options are returned they are assumed to be in order: code, message
• 1 options are returned they are assumed to be in order: code
The code can be:
• crit (critical)
• warn (warning)
• ok (ok)
• error (critical)
A 'useful' script
-- Register the command
register_command('has', 'check_file_exists')
-- Return true if file exists and is readable.
function file_exists(path)
local file = io.open(path, "rb")
if file then file:close() end
return file ~= nil
end
function check_file_exists (command)
if file_exists('c:\\foo.bar') then
return 'ok', 'File exists'
else
return 'crit', 'File does not exist'
end
end
USAGE
TODO
for now:
If you only wish to test it or debug the client you can use the following without installing it first.
NSClient++ /test
When you see this prompt:
Enter command to inject or exit to terminate...
you can paste in examples from the Commands page at CheckCommands. For example, I get this on my system:
C:\Program Files\NSClient++>NSClient++.exe -test
Launching test mode...
d \NSClient++.cpp(375) Loading plugin: CheckDisk...
d \NSClient++.cpp(375) Loading plugin: CheckSystem...
d \CheckSystem.cpp(79) Autodetected W2K>, using TOOLHELP process enumeration.
d \PDHCollector.cpp(83) Autodetected w2k or later, using w2k PDH counters.
d \NSClient++.cpp(375) Loading plugin: NSClient server...
d \PDHCollector.cpp(103) Detected language: English US (0x0409)
l \NSClient++.cpp(123) Using settings from: INI-file
d \Socket.h(538) Bound to: 0.0.0.0:12489
l \NSClient++.cpp(124) Enter command to inject or exit to terminate...
CheckDriveSize ShowAll MinWarnFree=10% MinCritFree=5% Drive=c:\
d \NSClient++.cpp(440) Injecting: CheckDriveSize: ShowAll, MinWarnFree=10%, MinC
ritFree=5%, Drive=c:\
d \NSClient++.cpp(460) Injected Result: OK 'OK: c:\: 12.3G'
d \NSClient++.cpp(461) Injected Performance Result: ''c:\'=38%;10;5; '
OK:OK: c:\: 12.3G|'c:\'=38%;10;5;
exit
d \NSClient++.cpp(349) Unloading plugin: NSClient server...
d \Socket.h(558) Listener is preparing to shutdown...
d \NSClient++.cpp(349) Unloading plugin: CheckSystem...
d \NSClient++.cpp(349) Unloading plugin: CheckDisk...
C:\Program Files\NSClient++>
Configuration
Configuration is fairly simple and straight forward. Open the configuration file in notepad (or you favorite editor) "notepad <installation path>\NSC.ini" and edit it accordingly. A longer description of the Configuration file is included in the following page.
The file has sections (denoted with section name in brackets) and key/value pairs (denoted by key=value). Thus it has the same syntax as pretty much any other INI file in windows.
The sections are described in short below. The default configuration file has a lot of examples and comments so make sure you change this before you use NSClient++ as some of the examples might be potential security issues.
The configuration can also be stored in the system registry (HKLM\Software\NSClient++) there is currently no UI to configure this so the simplest way is to maintain the configuration in the INI file and "Migrate that" to the registry. This is can be done via the [RemoteConfiguration] module but in short:
NSClient++ -noboot RemoteConfiguration ini2reg
A sample configuration file is included in the download but can also be found here trunk/NSC.dist
Modules
This is a list of modules to load at startup. All the modules included in this list has to be NSClient++ modules and located in the modules subdirectory. This is in effect the list of plug-ins that will be available as the service is running. For information on the various plug-ins check the Modules section in the navigation box.
A good idea here is to disable all modules you don’t actually use for two reasons. One less code equals less potential security holes and two less modules means less resource drain.
Settings
This section has generic options for how NSClient++will work, some of these settings (such as allowed_hosts) is inherited in sections below so it is probably a better idea to set them here in the "global" section.
The options you have available here are
Option Default value Description
obfuscated_password ... An obfuscated version of password. For more details refer to the password option below. To create the obfuscated Password use: "NSClient++.exe /encrypt"
password ... The password used by various (presently only NSClient) daemons. If no password is set everyone will be able to use this service remotely.
allowed_hosts 127.0.0.1 A list (comma separated) with hosts that are allowed to connect and query data. If this is empty all hosts will be allowed to query data. BEWARE: NSClient++ will not resolve the IP address of DNS entries if the service is set to startup automatically. Use an IP address instead.
use_file 0 Has to be set to 1 if you want the file to be read (if set to 0, and the use_reg is set to 1 the registry will be used instead)
Advanced options:
Option Default value Description
master_key ... The secret "key" used when (de)obfuscating passwords.
cache_allowed_hosts 1 Used to cache looked up hosts if you check dynamic/changing hosts set this to 0.
Log
This section has options for how logging is performed. First off notice that for logging to make sense you need to enable the “FileLogger.dll” module that logs all log data to a text file in the same directory as the NSClient++ binary if you don’t enable any logging module nothing will be logged.
The options you have available here are
Option Default value Description
debug 0 A Boolean value that toggles if debug information should be logged or not. This can be either 1 or 0.
file nsclient.log The file to write log data to. If no directory is used this is relative to the NSClient++ binary.
date_mask %Y-%m-%d %H:%M:%S The date format used when logging to a file
NSClient
This is the NSClient module configuration options.
Option Default value Description
port 12489 The port to listen to
obfuscated_password An obfuscated version of password. For more details refer to the password option below.
password The password that incoming client needs to authorize themselves by. This option will replace the one found under Settings for NSClient. If this is blank the option found under Settings will be used. If both are blank everyone will be granted access.
allowed_hosts A list (coma separated) with hosts that are allowed to poll information from NSClient++. This will replace the one found under Setting for NSClient if present. If not present the same option found under Settings will be used. If both are blank all hosts will be allowed to access the system. BEWARE: NSClient++ will not resolve the IP address of DNS entries if the service is set to startup automatically. Use an IP address instead or set cache_allowed_hosts=0 see above.
bind_to_address The address to bind to when listening to sockets, useful if you have more then one NIC/IP address and want the agent to answer on a specific one.
socket_timeout 30 The timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. and discard the connection.
version auto The version number to return for the CLIENTVERSION check (useful to "simulate" an old/different version of the client, auto will be generated from the compiled version string inside NSClient++
Advanced options:
Option Default value Description
socket_back_log Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. This is an advanced option and should not be used.
NRPE
This is configuration for the NRPE module that controls how the NRPE listener operates.
Option Default value Description
port 5666 The port to listen to
allowed_hosts A list (coma separated) with hosts that are allowed to poll information from NRPE. This will replace the one found under Setting for NRPE if present. If not present the same option found under Settings will be used. If both are blank all hosts will be allowed to access the system
use_ssl 1 Boolean value to toggle SSL encryption on the socket connection
bind_to_address The address to bind to when listening to sockets.
command_timeout 60 The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
allow_arguments 0 A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.
allow_nasty_meta_chars 0 Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).
socket_timeout 30 The timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. and discard the connection.
script_dir Load all scripts in a directory and use them as commands. Probably dangerous but usefull if you have loads of scripts

Advanced options:
Option Default value Description
performance_data 1 Send performance data back to nagios (set this to 0 to remove all performance data)
socket_back_log Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. This is an advanced option and should not be used.
string_length 1024 Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work.
Check System
Here you can set various options to configure the System Check module.
Option Default value Description
CPUBufferSize 1h The time to store CPU load data.
CheckResolution?
10 Time between checks in 1/10 of seconds.
Advanced options:
Option Default value Description
auto_detect_pdh 1 Set this to 0 to disable auto detect (counters.defs) PDH language and OS version.
dont_use_pdh_index 0 Set this to 1 if you dont want to use indexes for finding PDH counters.
force_language Set this to a locale ID if you want to force auto-detection of counters from that locale.
ProcessEnumerationMethod?
auto Set the method to use when enumerating processes PSAPI, TOOLHELP or auto
check_all_services[SERVICE_BOOT_START] ignored Set how to handle services set to SERVICE_BOOT_START state when checking all services
check_all_services[SERVICE_SYSTEM_START] ignored Set how to handle services set to SERVICE_SYSTEM_START state when checking all services
check_all_services[SERVICE_AUTO_START] started Set how to handle services set to SERVICE_AUTO_START state when checking all services
check_all_services[SERVICE_DEMAND_START] ignored Set how to handle services set to SERVICE_DEMAND_START state when checking all services
check_all_services[SERVICE_DISABLED] stopped Set how to handle services set to SERVICE_DISABLED state when checking all services
MemoryCommitLimit?
\Memory\Commit Limit Counter to use to check upper memory limit.
MemoryCommitByte?
\Memory\Committed Bytes Counter to use to check current memory usage.
SystemSystemUpTime?
\System\System Up Time Counter to use to check the uptime of the system.
SystemTotalProcessorTime?
\Processor(_total)\% Processor Time Counter to use for CPU load.
ProcessEnumerationMethod?
auto Set the PROCESS enumeration method (auto or TOOLHELP or PSAPI)
External Script
Configure how the External Scripts module works (not to be confused with the "External Scripts" section below that holds scripts that can be run.
Option Default value Description
command_timeout 60 The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
allow_arguments 0 A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.
allow_nasty_meta_chars 0 Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).
script_dir When set all files in this directory will be available as scripts. This is pretty dangerous but can be a bit useful if you use many scripts and you are sure no one else can add files there.
External Scripts
A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments> for instance:
check_es_long=scripts\long.bat
check_es_ok=scripts\ok.bat
check_es_nok=scripts\nok.bat
check_vbs_sample=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs
External Alias
Works like the "inject" concept of NRPE scripts module. But in short a list of aliases available. An alias is an internal command that has been "wrapped" (to add arguments). Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
alias_cpu=checkCPU warn=80 crit=90 time=5m time=1m time=30s
alias_disk=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED
alias_service=checkServiceState CheckAll
alias_mem=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=physical
Eventlog
Some options for the EventLog? module.
Option Default value Description
syntax Set this to use a specific syntax string for all commands (that don't specify one)
Advanced options:
Option Default value Description
debug 0 Log all "hits" and "misses" on the eventlog filter chain, useful for debugging eventlog checks but very very very noisy so you don't want to accidentally set this on a real machine.
includes
A list of other configuration files to include when reading this file. Might be useful if you have a very complex setup or want to have setting split up in segments.
NSCA Agent
Options to configure the new NSCA module.
Option Default value Description
interval 60 Time in seconds between each report back to the server (cant as of yet be set individually so this is for all "checks")
nsca_host ... The NSCA/Nagios(?) server to report results to.
nsca_port 5667 The NSCA server port
encryption_method 1 Number corresponding to the various encryption algorithms (see below). Has to be the same as the server or it wont work at all.
password The password to use. Again has to be the same as the server or it wont work at all.
Advanced options:
Option Default value Description
hostname The host name of this host if set to blank (default) the windows name of the computer will be used.
debug_threads 1 Number of threads to run, no reason to change this really (unless you want to stress test something)
Supported encryption methods:
# Algorithm
0 None (Do NOT use this option)
1 Simple XOR (No security, just obfuscation, but very fast)
2 DES
3 3DES (Triple DES)
4 CAST-128
6 xTEA
8 BLOWFISH
9 TWOFISH
11 RC2
14 RIJNDAEL-128 (AES)
20 SERPENT
NSCA Commands
A list of commands to run and submit each time we report back to the NSCA server. A command starting with host_ will be submitted as a host command. For an example see below: This will report back one service check (called my_cpu_check) and one host check (host checks has no service name).
[NSCA Commands]
my_cpu_check=checkCPU warn=80 crit=90 time=20m time=10s time=4
host_check=check_ok
LUA Scripts
A list of LUA script to load at startup. In difference to "external checks" all LUA scripts are loaded at startup. Names have no meaning since the script (on boot) submit which commands are available and tie that to various functions.
[LUA Scripts]
scripts\test.lua
NRPE Handlers
This is a list of handlers for NRPE execution this can of course be used by any module (such as NSClient) but for historical reasons they are located in this section especially as NRPE plug-in is the one that does the actual execution.
The handlers can have two different syntaxes:
• command[my_command]=/some/executable
• my_command=/some/executable
The latter is the preferred way as it is shorter.
About NSClient++
NSClient++ (or nscp as I tend to call it nowadays) aims to be a simple yet powerful and secure monitoring daemon for Windows operating systems. It is built for Nagios, but nothing in the daemon is actually Nagios specific and could probably, with little or no change, be integrated into any monitoring software that supports running user tools for polling.
The structure of the daemon is a simple NT service that loads plug-ins to an internal stack. The plug-ins can then request data (poll performance data) from the other plug-ins through the internal stack. As of now there are a few plug-ins for basic performance data collection. For details of supplied modules, see CheckCommands.
NSClient++ can be extended in two ways: you can either write your own plug-in or you can execute an external script (as of now batch/exe/*). Writing your own plug-in is, of course, the most powerful way but requires knowledge of C++ or other languages which can produce DLLs and interface with regular C programs (generally, every other language available, but there is some simple API helpers for C/C++ as well as descriptions).
As for checking with NSClient++, I would recommend NRPE as it is a lot more flexible than check_nt. But NSClient has full support for check_nt, and if there is an interest, I could probably add support for check_nt from nc_net.
Supported OS/Platform
NSClient++ should run on the following operating systems:
• NT4 (SP5?)
• Windows 2000 W2K
• Windows XP
• Windows 2003
• Windows Vista
• ...
...as well as the following platforms:
• Win32
• x64 (AMT64/EMT64)
• IA64 (Itanium)
Whats in a name?
Since I have noticed some ppl. use other names for the client I decided to list them here to make it simpler (ie. Goggle might find it) for people to find it.
• NSClient++ (the "real" name)
• NSCP (what I sometimes use)
• NSClientpp (version of NSCLient++)
• NSClient (?)
• Saw a French (Spanish) site use: NSC++
Again I myself as stated before prefer NSClient++ or NSCP.
Installation
NSClient++ comes with simple command line option for registering (and deregistering) the service but it does not have a GUI installer.
Thus to install the Client you only need to copy the files to a directory of your choice and then run “NSClient++ /install”.
Before you start NSClient++ you need to configure it by editing the configuration file (NSC.ini). The configuration file is a simple text file and is explained in detail under Configuration. The files needed by NSClient++ varies but mainly the exe and DLL's in the NSClient++ root are required as well as all the modules you plan to use from the modules subdirectory (/modules/*).
The configuration file (NSC.ini) NEEDS to be configured as for security reasons all plug-ins are disabled by default. The reason for this is so no one will accidentally install this and get potential security issues, I believe that things should be "off" by default. Also notice that by default allowed_hosts are 127.0.0.1 so you need to modify this as well.
If you plan to use the SystemTray module (that shows a system tray icon on the desktop you need to install the SystemTray module as well as NSClient++. To install NSClient++ execute the following command:
NSClient++ /install
NSClient++ SysTray install
To uninstall NSClient++ execute the following command:
NSClient++ SysTray uninstall
NSClient++ /uninstall
To start NSClient++ execute the following command:
NSClient++ /start
To stop NSClient++ execute the following command:
NSClient++ /stop
If you only wish to test it or debug the client you can use the following without installing it first.
NSClient++ /test
Firewall
Firewall configuration should be pretty straight forward:
If you use NRPEListener (check_nrpe) you need the NRPE port open (usually 5666) from the nagios server towards the client.
nagios:* -> client:5666
If you use the NSClientListener (check_nt) you need the (modified) NSClient port open (usually 12489) from the nagios server towards the client.
nagios:* -> client:12489
If you use the NSCA Module (passive checks) you need the NSCA port open from the client towards the nagios server.
client:* -> nagios:5667
If you use the NRPEClient module to check any remote systems (use NSClient++ as a proxy) you need to have NRPE port (usually 5666) open from NSClient++ (the proxy) to the remote-client in addition to the method you use to submit the results to the server.
nsclient-proxy:* -> remote-client:5666
All these ports can be changed so check your nsc.ini.
NT4
NT4 does not come with the PDH library and you need to install that before using NSClient++. PDH can be downloaded from Microsoft: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q284996 and the simplest way to install it is to uncompress it directly into the NSClient++ directory.
NT4 also (sometimes) lack the PSAPI helper which is available in the "Platform SDK Redistributable: PSAPI for Windows NT" from Microsoft. http://www.microsoft.com/downloads/details.aspx?FamilyID=3d1fbaed-d122-45cf-9d46-1cae384097ac as with the PDH either install in system32 or local NSClient++ directory.
发表评论
-
HypericHQ itnms HQ源码构建
2014-04-25 15:12 710HypericHQ简介、Windows上HQ源码构建及环境安装 ... -
安全标准ISO 17799/27001
2011-07-29 18:12 1431安全标准ISO 17799/27001 ISO ... -
ISO2000、ISO20000, 2千,还是2万,啥区别?
2011-07-29 18:11 5523ISO2000、ISO20000, 2千,还是2万,啥区 ... -
cim sid基于分域CMDB信息模型
2011-07-04 17:37 0IT服务管理核心 基于分域CMDB信息模型 20 ... -
Opennmsdb数据模型
2011-06-28 11:37 1128Opennmsdb数据模型 cmdb模型 hq模型 ... -
hpux snmp采集mib
2008-08-08 12:42 2202oid=".1.3.6.1.4.1.11. ... -
网管软件选择的着眼点
2006-09-12 14:38 1162网管软件 ... -
I-NMMS:网络管理监控系统介绍
2006-09-12 14:43 1258I-NMMS:网络管理监控系统介绍 I-NMMS网络管理监控系 ... -
网络管理五大发展方向
2006-09-12 14:46 1132络管理五大发展方向 ... -
数据仓库如何在电信网络资源分析系统中应用
2006-09-12 14:47 1139数据仓库如何在电信网 ... -
HP OpenView在福建移动的应用 HP OpenView在福建移动的应用
2006-09-12 14:51 1306HP OpenView在福建移动的 ... -
综合网管论坛
2006-09-12 15:18 1126http://groups.google.com/group/ ... -
Network Managament 电信管理网(TMN)
2006-09-14 12:49 2140Network Managament 网络管理 第3 ... -
公共信息模型(CIM)
2007-04-20 13:40 2344公共信息模型(CIM) ... -
snmp oid 信息记录
2008-07-24 09:11 2684磁盘信息 public static final St ... -
CLI监测方式 CLI(Command Line Interface) telent方式进行数据采集
2008-07-23 17:13 1673telent方式进行数据采集 CLI监测方式 CLI(Comm ... -
Windows 下 NSClient++ 的建置
2008-07-23 11:08 13883Windows 下 NSClient++ 的建置 1.取得最 ... -
windows服务启动管理命令
2008-07-23 10:42 2039启动该服务: C:\>net start evtsys ... -
告警关联规则引擎举例
2008-07-23 10:37 2496比如网络中某设备出现 ... -
sysServices 转换
2008-07-23 10:35 2634• sysServices - 一个值,它可指出这个实体可能会 ...
相关推荐
NSClient++可以通过NRPE(Nagios Remote Plugin Executor)协议,允许远程主机执行本地的监控插件,这样可以集中管理多台服务器,提高运维效率。 5. **警报和通知**: 当系统出现异常时,NSClient++能够触发预设...
NSClient++ 是一个专为Windows系统设计的开源服务软件,其主要功能是使Nagios以及其他监控工具能够方便地采集和监控Windows服务器的性能数据。NSClient++的设计目标是在保持与NSClient和NRPE(Nagios Remote Plugin ...
在实际应用中,NSClient++可以通过以下步骤与Nagios/Icinga等监控平台集成: 1. **配置监控服务器**:在Nagios/Icinga服务器上,添加目标主机并指定使用NSClient++作为通信协议。 2. **定义服务检查**:在监控...
内容概要:本文探讨了模糊故障树(FFTA)在工业控制系统可靠性分析中的应用,解决了传统故障树方法无法处理不确定数据的问题。文中介绍了模糊数的基本概念和实现方式,如三角模糊数和梯形模糊数,并展示了如何用Python实现模糊与门、或门运算以及系统故障率的计算。此外,还详细讲解了最小割集的查找方法、单元重要度的计算,并通过实例说明了这些方法的实际应用场景。最后,讨论了模糊运算在处理语言变量方面的优势,强调了在可靠性分析中处理模糊性和优化计算效率的重要性。 适合人群:从事工业控制系统设计、维护的技术人员,以及对模糊数学和可靠性分析感兴趣的科研人员。 使用场景及目标:适用于需要评估复杂系统可靠性的场合,特别是在面对不确定数据时,能够提供更准确的风险评估。目标是帮助工程师更好地理解和预测系统故障,从而制定有效的预防措施。 其他说明:文中提供的代码片段和方法可用于初步方案验证和技术探索,但在实际工程项目中还需进一步优化和完善。
内容概要:本文详细探讨了双馈风力发电机(DFIG)在Simulink环境下的建模方法及其在不同风速条件下的电流与电压波形特征。首先介绍了DFIG的基本原理,即定子直接接入电网,转子通过双向变流器连接电网的特点。接着阐述了Simulink模型的具体搭建步骤,包括风力机模型、传动系统模型、DFIG本体模型和变流器模型的建立。文中强调了变流器控制算法的重要性,特别是在应对风速变化时,通过实时调整转子侧的电压和电流,确保电流和电压波形的良好特性。此外,文章还讨论了模型中的关键技术和挑战,如转子电流环控制策略、低电压穿越性能、直流母线电压脉动等问题,并提供了具体的解决方案和技术细节。最终,通过对故障工况的仿真测试,验证了所建模型的有效性和优越性。 适用人群:从事风力发电研究的技术人员、高校相关专业师生、对电力电子控制系统感兴趣的工程技术人员。 使用场景及目标:适用于希望深入了解DFIG工作原理、掌握Simulink建模技能的研究人员;旨在帮助读者理解DFIG在不同风速条件下的动态响应机制,为优化风力发电系统的控制策略提供理论依据和技术支持。 其他说明:文章不仅提供了详细的理论解释,还附有大量Matlab/Simulink代码片段,便于读者进行实践操作。同时,针对一些常见问题给出了实用的调试技巧,有助于提高仿真的准确性和可靠性。
内容概要:本文详细介绍了基于西门子S7-200 PLC和组态王软件构建的八层电梯控制系统。首先阐述了系统的硬件配置,包括PLC的IO分配策略,如输入输出信号的具体分配及其重要性。接着深入探讨了梯形图编程逻辑,涵盖外呼信号处理、轿厢运动控制以及楼层判断等关键环节。随后讲解了组态王的画面设计,包括动画效果的实现方法,如楼层按钮绑定、轿厢移动动画和门开合效果等。最后分享了一些调试经验和注意事项,如模拟困人场景、防抖逻辑、接线艺术等。 适合人群:从事自动化控制领域的工程师和技术人员,尤其是对PLC编程和组态软件有一定基础的人群。 使用场景及目标:适用于需要设计和实施小型电梯控制系统的工程项目。主要目标是帮助读者掌握PLC编程技巧、组态画面设计方法以及系统联调经验,从而提高项目的成功率。 其他说明:文中提供了详细的代码片段和调试技巧,有助于读者更好地理解和应用相关知识点。此外,还强调了安全性和可靠性方面的考量,如急停按钮的正确接入和硬件互锁设计等。
内容概要:本文介绍了如何将CarSim的动力学模型与Simulink的智能算法相结合,利用模型预测控制(MPC)实现车辆的智能超车换道。主要内容包括MPC控制器的设计、路径规划算法、联合仿真的配置要点以及实际应用效果。文中提供了详细的代码片段和技术细节,如权重矩阵设置、路径跟踪目标函数、安全超车条件判断等。此外,还强调了仿真过程中需要注意的关键参数配置,如仿真步长、插值设置等,以确保系统的稳定性和准确性。 适合人群:从事自动驾驶研究的技术人员、汽车工程领域的研究人员、对联合仿真感兴趣的开发者。 使用场景及目标:适用于需要进行自动驾驶车辆行为模拟的研究机构和企业,旨在提高超车换道的安全性和效率,为自动驾驶技术研发提供理论支持和技术验证。 其他说明:随包提供的案例文件已调好所有参数,可以直接导入并运行,帮助用户快速上手。文中提到的具体参数和配置方法对于初学者非常友好,能够显著降低入门门槛。
包括:源程序工程文件、Proteus仿真工程文件、论文材料、配套技术手册等 1、采用51单片机作为主控; 2、采用AD0809(仿真0808)检测"PH、氨、亚硝酸盐、硝酸盐"模拟传感; 3、采用DS18B20检测温度; 4、采用1602液晶显示检测值; 5、检测值同时串口上传,调试助手监看; 6、亦可通过串口指令对加热器、制氧机进行控制;
内容概要:本文详细介绍了双馈永磁风电机组并网仿真模型及其短路故障分析方法。首先构建了一个9MW风电场模型,由6台1.5MW双馈风机构成,通过升压变压器连接到120kV电网。文中探讨了风速模块的设计,包括渐变风、阵风和随疾风的组合形式,并提供了相应的Python和MATLAB代码示例。接着讨论了双闭环控制策略,即功率外环和电流内环的具体实现细节,以及MPPT控制用于最大化风能捕获的方法。此外,还涉及了短路故障模块的建模,包括三相电压电流特性和离散模型与phasor模型的应用。最后,强调了永磁同步机并网模型的特点和注意事项。 适合人群:从事风电领域研究的技术人员、高校相关专业师生、对风电并网仿真感兴趣的工程技术人员。 使用场景及目标:适用于风电场并网仿真研究,帮助研究人员理解和优化风电机组在不同风速条件下的性能表现,特别是在短路故障情况下的应对措施。目标是提高风电系统的稳定性和可靠性。 其他说明:文中提供的代码片段和具体参数设置有助于读者快速上手并进行实验验证。同时提醒了一些常见的错误和需要注意的地方,如离散化步长的选择、初始位置对齐等。
适用于空手道训练和测试场景
内容概要:本文介绍了金牌音乐作词大师的角色设定、背景经历、偏好特点、创作目标、技能优势以及工作流程。金牌音乐作词大师凭借深厚的音乐文化底蕴和丰富的创作经验,能够为不同风格的音乐创作歌词,擅长将传统文化元素与现代流行文化相结合,创作出既富有情感又触动人心的歌词。在创作过程中,会严格遵守社会主义核心价值观,尊重用户需求,提供专业修改建议,确保歌词内容健康向上。; 适合人群:有歌词创作需求的音乐爱好者、歌手或音乐制作人。; 使用场景及目标:①为特定主题或情感创作歌词,如爱情、励志等;②融合传统与现代文化元素创作独特风格的歌词;③对已有歌词进行润色和优化。; 阅读建议:阅读时可以重点关注作词大师的创作偏好、技能优势以及工作流程,有助于更好地理解如何创作出高质量的歌词。同时,在提出创作需求时,尽量详细描述自己的情感背景和期望,以便获得更贴合心意的作品。
linux之用户管理教程.md
包括:源程序工程文件、Proteus仿真工程文件、配套技术手册等 1、采用51/52单片机作为主控芯片; 2、采用1602液晶显示设置及状态; 3、采用L298驱动两个电机,模拟机械臂动力、移动底盘动力; 3、首先按键配置-待搬运物块的高度和宽度(为0不能开始搬运); 4、按下启动键开始搬运,搬运流程如下: 机械臂先把物块抓取到机器车上, 机械臂减速 机器车带着物块前往目的地 机器车减速 机械臂把物块放下来 机械臂减速 机器车回到物块堆积处(此时机器车是空车) 机器车减速 蜂鸣器提醒 按下复位键,结束本次搬运
内容概要:本文详细介绍了基于下垂控制的三相逆变器电压电流双闭环控制的仿真方法及其在MATLAB/Simulink和PLECS中的具体实现。首先解释了下垂控制的基本原理,即有功调频和无功调压,并给出了相应的数学表达式。随后讨论了电压环和电流环的设计与参数整定,强调了两者带宽的差异以及PI控制器的参数选择。文中还提到了一些常见的调试技巧,如锁相环的响应速度、LC滤波器的谐振点处理、死区时间设置等。此外,作者分享了一些实用的经验,如避免过度滤波、合理设置采样周期和下垂系数等。最后,通过突加负载测试展示了系统的动态响应性能。 适合人群:从事电力电子、微电网研究的技术人员,尤其是有一定MATLAB/Simulink和PLECS使用经验的研发人员。 使用场景及目标:适用于希望深入了解三相逆变器下垂控制机制的研究人员和技术人员,旨在帮助他们掌握电压电流双闭环控制的具体实现方法,提高仿真的准确性和效率。 其他说明:本文不仅提供了详细的理论讲解,还结合了大量的实战经验和调试技巧,有助于读者更好地理解和应用相关技术。
内容概要:本文详细介绍了光伏并网逆变器的全栈开发资料,涵盖了从硬件设计到控制算法的各个方面。首先,文章深入探讨了功率接口板的设计,包括IGBT缓冲电路、PCB布局以及EMI滤波器的具体参数和设计思路。接着,重点讲解了主控DSP板的核心控制算法,如MPPT算法的实现及其注意事项。此外,还详细描述了驱动扩展板的门极驱动电路设计,特别是光耦隔离和驱动电阻的选择。同时,文章提供了并联仿真的具体实现方法,展示了环流抑制策略的效果。最后,分享了许多宝贵的实战经验和调试技巧,如主变压器绕制、PWM输出滤波、电流探头使用等。 适合人群:从事电力电子、光伏系统设计的研发工程师和技术爱好者。 使用场景及目标:①帮助工程师理解和掌握光伏并网逆变器的硬件设计和控制算法;②提供详细的实战经验和调试技巧,提升产品的可靠性和性能;③适用于希望深入了解光伏并网逆变器全栈开发的技术人员。 其他说明:文中不仅提供了具体的电路设计和代码实现,还分享了许多宝贵的实际操作经验和常见问题的解决方案,有助于提高开发效率和产品质量。
内容概要:本文详细介绍了粒子群优化(PSO)算法与3-5-3多项式相结合的方法,在机器人轨迹规划中的应用。首先解释了粒子群算法的基本原理及其在优化轨迹参数方面的作用,随后阐述了3-5-3多项式的数学模型,特别是如何利用不同阶次的多项式确保轨迹的平滑过渡并满足边界条件。文中还提供了具体的Python代码实现,展示了如何通过粒子群算法优化时间分配,使3-5-3多项式生成的轨迹达到时间最优。此外,作者分享了一些实践经验,如加入惩罚项以避免超速,以及使用随机扰动帮助粒子跳出局部最优。 适合人群:对机器人运动规划感兴趣的科研人员、工程师和技术爱好者,尤其是有一定编程基础并对优化算法有初步了解的人士。 使用场景及目标:适用于需要精确控制机器人运动的应用场合,如工业自动化生产线、无人机导航等。主要目标是在保证轨迹平滑的前提下,尽可能缩短运动时间,提高工作效率。 其他说明:文中不仅给出了理论讲解,还有详细的代码示例和调试技巧,便于读者理解和实践。同时强调了实际应用中需要注意的问题,如系统的建模精度和安全性考量。
KUKA机器人相关资料
内容概要:本文详细探讨了光子晶体中的束缚态在连续谱中(BIC)及其与轨道角动量(OAM)激发的关系。首先介绍了光子晶体的基本概念和BIC的独特性质,随后展示了如何通过Python代码模拟二维光子晶体中的BIC,并解释了BIC在光学器件中的潜在应用。接着讨论了OAM激发与BIC之间的联系,特别是BIC如何增强OAM激发效率。文中还提供了使用有限差分时域(FDTD)方法计算OAM的具体步骤,并介绍了计算本征态和三维Q值的方法。此外,作者分享了一些实验中的有趣发现,如特定条件下BIC表现出OAM特征,以及不同参数设置对Q值的影响。 适合人群:对光子晶体、BIC和OAM感兴趣的科研人员和技术爱好者,尤其是从事微纳光子学研究的专业人士。 使用场景及目标:适用于希望通过代码模拟深入了解光子晶体中BIC和OAM激发机制的研究人员。目标是掌握BIC和OAM的基础理论,学会使用Python和其他工具进行模拟,并理解这些现象在实际应用中的潜力。 其他说明:文章不仅提供了详细的代码示例,还分享了许多实验心得和技巧,帮助读者避免常见错误,提高模拟精度。同时,强调了物理离散化方式对数值计算结果的重要影响。
内容概要:本文详细介绍了如何使用C#和Halcon 17.12构建一个功能全面的工业视觉项目。主要内容涵盖项目配置、Halcon脚本的选择与修改、相机调试、模板匹配、生产履历管理、历史图像保存以及与三菱FX5U PLC的以太网通讯。文中不仅提供了具体的代码示例,还讨论了实际项目中常见的挑战及其解决方案,如环境配置、相机控制、模板匹配参数调整、PLC通讯细节、生产数据管理和图像存储策略等。 适合人群:从事工业视觉领域的开发者和技术人员,尤其是那些希望深入了解C#与Halcon结合使用的专业人士。 使用场景及目标:适用于需要开发复杂视觉检测系统的工业应用场景,旨在提高检测精度、自动化程度和数据管理效率。具体目标包括但不限于:实现高效的视觉处理流程、确保相机与PLC的无缝协作、优化模板匹配算法、有效管理生产和检测数据。 其他说明:文中强调了框架整合的重要性,并提供了一些实用的技术提示,如避免不同版本之间的兼容性问题、处理实时图像流的最佳实践、确保线程安全的操作等。此外,还提到了一些常见错误及其规避方法,帮助开发者少走弯路。
内容概要:本文探讨了分布式电源(DG)接入对9节点配电网节点电压的影响。首先介绍了9节点配电网模型的搭建方法,包括定义节点和线路参数。然后,通过在特定节点接入分布式电源,利用Matlab进行潮流计算,模拟DG对接入点及其周围节点电压的影响。最后,通过绘制电压波形图,直观展示了不同DG容量和接入位置对配电网电压分布的具体影响。此外,还讨论了电压越限问题以及不同线路参数对电压波动的影响。 适合人群:电力系统研究人员、电气工程学生、从事智能电网和分布式能源研究的专业人士。 使用场景及目标:适用于研究分布式电源接入对配电网电压稳定性的影响,帮助优化分布式电源的规划和配置,确保电网安全稳定运行。 其他说明:文中提供的Matlab代码和图表有助于理解和验证理论分析,同时也为后续深入研究提供了有价值的参考资料。