SlideShare una empresa de Scribd logo

Nagios Conference 2013 - Michael Medin - NSClient++ Whats New

Nagios
Nagios

NSClient++ is an open source agent for monitoring servers. It has been in development since 2003 and supports both Windows and Linux. It provides a modular, extensible agent that can monitor various system metrics and events in real-time. Some key features mentioned include support for new protocols like Graphite and syslog, simplified command line syntax, and the ability to perform real-time checks of things like event logs and log files.

Tecnología
1 de 68
Descargar para leer sin conexión
NSClient++ Whats new? http://nsclient.org
http://nsclient.org Monitoring Simplified
How many use NSClient++ NS-whatdid he say? ?#@*&%! wrong room!
How many like NSClient++? ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters: ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters:
simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
dev worked in ops a long time ago not ops work with soa not, C/C++, nagios Michael Medin
NSClient++
agent Since 2003? windowslinux and modular by design Highly extensible 0.4.1: 2012-10-xx 0.4.2: 2013-10-xx? <0.4.0 not open coreOpen source 0.4.3: 2014-02-xx?
is stable
one-man-band no company, no commercial version, no payed time
Please Some times I am busy 
Please Some times I am busy  Get your a** over here and play NOW!
one-man-band no company sponsoring! donations! support! , no commercial version, no payed time
Thank you!
Sockets: ipv6, ssl (true) New protocols: NRDP, check_mk,Graphite, syslog, smtp Real-time checks: eventlog, logfiles Simplified: Command line syntax Modernized: NRPE, NSCA, check_nt 0.4.1
0.4.1 Build 90 (2013-02-xx) ◦ nsclient-full.ini ◦ Reload from script ◦ (re)added check_filesize (ie. Check_nt –v FILESIZE) ◦ Encoding support for NRPE ◦ New option: scan-range for CheckEventLog ◦ Various minor bug fixes Build 96 (2013-04-xx) ◦ Reverted external script quoting issues ◦ (re)added check_fileage (ie. Check_nt –v FILEAGE) ◦ Added support for binding to both ipv6 and ipv4 ◦ Various minor bug fixes Build 102 (2013-08-xx) ◦ PDH improvements ◦ Performance data: pass through ◦ Encoding support through out ◦ Various minor bug fixes and enhacements
0.4.2: The goals Modern Windows support Simplifiedmonitoring Real-time monitoring Linux checks
0.4.2: The STATUS Modern Windows support Simplified monitoring Real-time monitoring Linux checks NSCP protocol Check_xxx clients
0.4.2: Some Examples Check_os_Version Check_pagefile Check_process NO MORE PDH Check_service Nrpe_client
Filters
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … ( )
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … (source or level )
filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices- RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))
Numbers, constants etc Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list
Strings Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list like Substring matching regexp Regular expression not like Opposite of like not regexp Opposite of regexp
All good things are three! Filter Warning Critical Ok
Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
Display Custom strings Supports top- and detail-syntax
Display detail- ${source} top- ${list} Hello: s: App1, s: App1, s: App3
check_pagefile "filter=name = 'total check_uptime "warn=uptime< - "crit=uptime< - check_processprocess=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set},handles: ${handles},user time:${user
Simple?
Let me guess This all seems Like a lot of typing!
Sensible defaults!
check_cpu Just works!
Real time monitoring
Active monitoring! Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ...
Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Passive monitoring!
Real-time monitoring! Monitored Server (Windows) Monitoring Server (Nagios) Error detected in eventlog Everything is ok Monitored Server (Windows) Monitoring Server (Nagios) Error detected in eventlog Everything is ok
CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File No CPU overhead Notified instantly Powerful filtering
CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File [/modules] CheckLogFile = enabled NSCAClient = enabled SimpleFileWriter = enabled [/settings/logfile/real-time/checks/my_check] destination = FILE,NSCA file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NSCA/client/targets/default] address = 10.11.12.13 encryption = aes password = secreter
But I use
CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer No CPU overhead Powerful filtering Stored in cache Check latest result Fetched instantly
CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer [/modules] CheckLogFile = enabled SimpleCache = enabled NRPEServer = enabled [/settings/logfile/real-time/checks/my_check] destination = CACHE file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NRPE/server] allowed hosts = 10.11.12.13 allow arguments = true
But HOW ABOUT Graphing?
Two options: 1, store/fetch from cache 2, submit passively but not to Nagios!
apt-get git clone git://github.com/mickem/nscp.git mkdir build ; cd build cmake ../nscp make
Manually install visual studio, python and cmake Download and unpack nscp source python nscpbuildpythonfetchdeps.py --target x64 --cmake-config dist cmake ../nscp msbuild /p:Configuration=RelWithDebInfo NSCP.sln
Please help with packages! I will give you free* beer! *Free as in your free to buy it your self!
Native Secure Simple FastLight weight A work in progress
check_service computer=192.168.0.1 check_disk drive=192.168.0.1c$ check_task_sched computer=192.168.0.1 check_wmi computer=192.168.0.1
Light weight remote deployable agent Same as psexec check_cpu check_memory check_process External scripts!
http://nsclient.org Monitoring Simplified
simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
simple? check_eventlog
Photo by Olga Berrios
THANK YOU!
Information about NSClient++ http://nsclient.org facebook.com/nsclient Slides, and examples http://nsclient.org/nscp/conferances/nwc/2013/ My Blog http://blog.medin.name

Recomendados

Ns client++ icinga camp
Ns client++ icinga campNs client++ icinga camp
Ns client++ icinga camp
Michael Medin
 
OSMC 2013 | Making monitoring simple? by Michael Medin
OSMC 2013 | Making monitoring simple? by Michael MedinOSMC 2013 | Making monitoring simple? by Michael Medin
OSMC 2013 | Making monitoring simple? by Michael Medin
NETWAYS
 
NSClient++ whats new for 0.3.9 users
NSClient++ whats new for 0.3.9 usersNSClient++ whats new for 0.3.9 users
NSClient++ whats new for 0.3.9 users
Michael Medin
 
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
Michael Medin
 
Application security
Application securityApplication security
Application security
krusty43
 
Review unknown code with static analysis php ce 2018
Review unknown code with static analysis php ce 2018Review unknown code with static analysis php ce 2018
Review unknown code with static analysis php ce 2018
Damien Seguy
 
Samrt attendance system using fingerprint
Samrt attendance system using fingerprintSamrt attendance system using fingerprint
Samrt attendance system using fingerprint
praful borad
 
Proposed PHP function: is_literal()
Proposed PHP function: is_literal()Proposed PHP function: is_literal()
Proposed PHP function: is_literal()
Craig Francis
 

Recomendados

Ns client++ icinga camp
Ns client++ icinga campNs client++ icinga camp
Ns client++ icinga camp
Michael Medin
 
OSMC 2013 | Making monitoring simple? by Michael Medin
OSMC 2013 | Making monitoring simple? by Michael MedinOSMC 2013 | Making monitoring simple? by Michael Medin
OSMC 2013 | Making monitoring simple? by Michael Medin
NETWAYS
 
NSClient++ whats new for 0.3.9 users
NSClient++ whats new for 0.3.9 usersNSClient++ whats new for 0.3.9 users
NSClient++ whats new for 0.3.9 users
Michael Medin
 
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
Michael Medin
 
Application security
Application securityApplication security
Application security
krusty43
 
Review unknown code with static analysis php ce 2018
Review unknown code with static analysis php ce 2018Review unknown code with static analysis php ce 2018
Review unknown code with static analysis php ce 2018
Damien Seguy
 
Samrt attendance system using fingerprint
Samrt attendance system using fingerprintSamrt attendance system using fingerprint
Samrt attendance system using fingerprint
praful borad
 
Proposed PHP function: is_literal()
Proposed PHP function: is_literal()Proposed PHP function: is_literal()
Proposed PHP function: is_literal()
Craig Francis
 
IcingaCamp Stockholm - NSClient++
IcingaCamp Stockholm - NSClient++IcingaCamp Stockholm - NSClient++
IcingaCamp Stockholm - NSClient++
Icinga
 
NSClient++ Workshop: 05 Monitoring
NSClient++ Workshop: 05 MonitoringNSClient++ Workshop: 05 Monitoring
NSClient++ Workshop: 05 Monitoring
Michael Medin
 
Ss7 isup homer
Ss7 isup homerSs7 isup homer
Ss7 isup homer
Jöran Vinzens
 
SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingSSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and Scheduling
David Evans
 
Implementing Server Side Data Synchronization for Mobile Apps
Implementing Server Side Data Synchronization for Mobile AppsImplementing Server Side Data Synchronization for Mobile Apps
Implementing Server Side Data Synchronization for Mobile Apps
Michele Orselli
 
Esperwhispering
EsperwhisperingEsperwhispering
Esperwhispering
Theo Schlossnagle
 
Analyzing Log Data With Apache Spark
Analyzing Log Data With Apache SparkAnalyzing Log Data With Apache Spark
Analyzing Log Data With Apache Spark
Spark Summit
 
Deploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero DowntimeDeploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero Downtime
Twilio Inc
 
Exact Real Arithmetic for Tcl
Exact Real Arithmetic for TclExact Real Arithmetic for Tcl
Exact Real Arithmetic for Tcl
ke9tv
 
AWS IoTで家庭内IoTをやってみた【JAWS DAYS 2016】
AWS IoTで家庭内IoTをやってみた【JAWS DAYS 2016】AWS IoTで家庭内IoTをやってみた【JAWS DAYS 2016】
AWS IoTで家庭内IoTをやってみた【JAWS DAYS 2016】
tsuchimon
 
Eventsourcing with PHP and MongoDB
Eventsourcing with PHP and MongoDBEventsourcing with PHP and MongoDB
Eventsourcing with PHP and MongoDB
Jacopo Nardiello
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find Fraudsters
Ian Barber
 
APIs and Synthetic Biology
APIs and Synthetic BiologyAPIs and Synthetic Biology
APIs and Synthetic Biology
Uri Laserson
 
To Err Is Human
To Err Is HumanTo Err Is Human
To Err Is Human
Alex Liu
 
DomCode 2015 - Abusing phones to make the internet of things
DomCode 2015 - Abusing phones to make the internet of thingsDomCode 2015 - Abusing phones to make the internet of things
DomCode 2015 - Abusing phones to make the internet of things
Jan Jongboom
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011
Angelo van der Sijpt
 
Reporte vhd10
Reporte vhd10Reporte vhd10
Reporte vhd10
Miguel Angel Peña
 
m4_VHDL_ED.pdf
m4_VHDL_ED.pdfm4_VHDL_ED.pdf
m4_VHDL_ED.pdf
JonGarciario
 
Database Implementation Final Document
Database Implementation Final DocumentDatabase Implementation Final Document
Database Implementation Final Document
Conor O'Callaghan
 
Synack at ShmooCon 2015
Synack at ShmooCon 2015Synack at ShmooCon 2015
Synack at ShmooCon 2015
Synack
 
Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best Practices
Nagios
 
Jesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewJesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture Overview
Nagios
 

Más contenido relacionado

Similar a Nagios Conference 2013 - Michael Medin - NSClient++ Whats New

Database Implementation Final Document
Database Implementation Final DocumentDatabase Implementation Final Document
Database Implementation Final Document
Conor O'Callaghan
 

Similar a Nagios Conference 2013 - Michael Medin - NSClient++ Whats New (20)

IcingaCamp Stockholm - NSClient++
IcingaCamp Stockholm - NSClient++IcingaCamp Stockholm - NSClient++
IcingaCamp Stockholm - NSClient++
 
NSClient++ Workshop: 05 Monitoring
NSClient++ Workshop: 05 MonitoringNSClient++ Workshop: 05 Monitoring
NSClient++ Workshop: 05 Monitoring
 
Ss7 isup homer
Ss7 isup homerSs7 isup homer
Ss7 isup homer
 
SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingSSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and Scheduling
 
Implementing Server Side Data Synchronization for Mobile Apps
Implementing Server Side Data Synchronization for Mobile AppsImplementing Server Side Data Synchronization for Mobile Apps
Implementing Server Side Data Synchronization for Mobile Apps
 
Esperwhispering
EsperwhisperingEsperwhispering
Esperwhispering
 
Analyzing Log Data With Apache Spark
Analyzing Log Data With Apache SparkAnalyzing Log Data With Apache Spark
Analyzing Log Data With Apache Spark
 
Deploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero DowntimeDeploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero Downtime
 
Exact Real Arithmetic for Tcl
Exact Real Arithmetic for TclExact Real Arithmetic for Tcl
Exact Real Arithmetic for Tcl
 
AWS IoTで家庭内IoTをやってみた【JAWS DAYS 2016】
AWS IoTで家庭内IoTをやってみた【JAWS DAYS 2016】AWS IoTで家庭内IoTをやってみた【JAWS DAYS 2016】
AWS IoTで家庭内IoTをやってみた【JAWS DAYS 2016】
 
Eventsourcing with PHP and MongoDB
Eventsourcing with PHP and MongoDBEventsourcing with PHP and MongoDB
Eventsourcing with PHP and MongoDB
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find Fraudsters
 
APIs and Synthetic Biology
APIs and Synthetic BiologyAPIs and Synthetic Biology
APIs and Synthetic Biology
 
To Err Is Human
To Err Is HumanTo Err Is Human
To Err Is Human
 
DomCode 2015 - Abusing phones to make the internet of things
DomCode 2015 - Abusing phones to make the internet of thingsDomCode 2015 - Abusing phones to make the internet of things
DomCode 2015 - Abusing phones to make the internet of things
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011
 
Reporte vhd10
Reporte vhd10Reporte vhd10
Reporte vhd10
 
m4_VHDL_ED.pdf
m4_VHDL_ED.pdfm4_VHDL_ED.pdf
m4_VHDL_ED.pdf
 
Database Implementation Final Document
Database Implementation Final DocumentDatabase Implementation Final Document
Database Implementation Final Document
 
Synack at ShmooCon 2015
Synack at ShmooCon 2015Synack at ShmooCon 2015
Synack at ShmooCon 2015
 

Más de Nagios

Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nagios
 

Más de Nagios (20)

Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best Practices
 
Jesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewJesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture Overview
 
Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodTrevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The Hood
 
Sean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsSean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient Notifications
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
 
Janice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsJanice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios Plugins
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical Experience
 
Mike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksMike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service Checks
 
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationMike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
 
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
 
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosMatt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With Nagios
 
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal Nagios
 
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
 
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson Opening
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
Nagios Log Server - Features
Nagios Log Server - FeaturesNagios Log Server - Features
Nagios Log Server - Features
 
Nagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios Network Analyzer - Features
Nagios Network Analyzer - Features
 
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Nagios Conference 2013 - Michael Medin - NSClient++ Whats New

  • 3. How many use NSClient++ NS-whatdid he say? ?#@*&%! wrong room!
  • 4. How many like NSClient++? ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters: ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters:
  • 5. simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
  • 6. dev worked in ops a long time ago not ops work with soa not, C/C++, nagios Michael Medin
  • 8. agent Since 2003? windowslinux and modular by design Highly extensible 0.4.1: 2012-10-xx 0.4.2: 2013-10-xx? <0.4.0 not open coreOpen source 0.4.3: 2014-02-xx?
  • 10. one-man-band no company, no commercial version, no payed time
  • 11. Please Some times I am busy 
  • 12. Please Some times I am busy  Get your a** over here and play NOW!
  • 15.
  • 16. Sockets: ipv6, ssl (true) New protocols: NRDP, check_mk,Graphite, syslog, smtp Real-time checks: eventlog, logfiles Simplified: Command line syntax Modernized: NRPE, NSCA, check_nt 0.4.1
  • 17. 0.4.1 Build 90 (2013-02-xx) ◦ nsclient-full.ini ◦ Reload from script ◦ (re)added check_filesize (ie. Check_nt –v FILESIZE) ◦ Encoding support for NRPE ◦ New option: scan-range for CheckEventLog ◦ Various minor bug fixes Build 96 (2013-04-xx) ◦ Reverted external script quoting issues ◦ (re)added check_fileage (ie. Check_nt –v FILEAGE) ◦ Added support for binding to both ipv6 and ipv4 ◦ Various minor bug fixes Build 102 (2013-08-xx) ◦ PDH improvements ◦ Performance data: pass through ◦ Encoding support through out ◦ Various minor bug fixes and enhacements
  • 18. 0.4.2: The goals Modern Windows support Simplifiedmonitoring Real-time monitoring Linux checks
  • 19. 0.4.2: The STATUS Modern Windows support Simplified monitoring Real-time monitoring Linux checks NSCP protocol Check_xxx clients
  • 22. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 23. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 24. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 25. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 26. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 27. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 28. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 29. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … ( )
  • 30. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … (source or level )
  • 31. filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices- RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))
  • 32. Numbers, constants etc Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list
  • 33. Strings Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list like Substring matching regexp Regular expression not like Opposite of like not regexp Opposite of regexp
  • 34. All good things are three! Filter Warning Critical Ok
  • 35. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 38. check_pagefile "filter=name = 'total check_uptime "warn=uptime< - "crit=uptime< - check_processprocess=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set},handles: ${handles},user time:${user
  • 40. Let me guess This all seems Like a lot of typing!
  • 44. Active monitoring! Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ...
  • 45. Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Passive monitoring!
  • 46. Real-time monitoring! Monitored Server (Windows) Monitoring Server (Nagios) Error detected in eventlog Everything is ok Monitored Server (Windows) Monitoring Server (Nagios) Error detected in eventlog Everything is ok
  • 47. CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File No CPU overhead Notified instantly Powerful filtering
  • 48. CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File [/modules] CheckLogFile = enabled NSCAClient = enabled SimpleFileWriter = enabled [/settings/logfile/real-time/checks/my_check] destination = FILE,NSCA file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NSCA/client/targets/default] address = 10.11.12.13 encryption = aes password = secreter
  • 50. CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer No CPU overhead Powerful filtering Stored in cache Check latest result Fetched instantly
  • 51. CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer [/modules] CheckLogFile = enabled SimpleCache = enabled NRPEServer = enabled [/settings/logfile/real-time/checks/my_check] destination = CACHE file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NRPE/server] allowed hosts = 10.11.12.13 allow arguments = true
  • 53. Two options: 1, store/fetch from cache 2, submit passively but not to Nagios!
  • 54.
  • 55.
  • 56. apt-get git clone git://github.com/mickem/nscp.git mkdir build ; cd build cmake ../nscp make
  • 57. Manually install visual studio, python and cmake Download and unpack nscp source python nscpbuildpythonfetchdeps.py --target x64 --cmake-config dist cmake ../nscp msbuild /p:Configuration=RelWithDebInfo NSCP.sln
  • 58. Please help with packages! I will give you free* beer! *Free as in your free to buy it your self!
  • 59.
  • 61. check_service computer=192.168.0.1 check_disk drive=192.168.0.1c$ check_task_sched computer=192.168.0.1 check_wmi computer=192.168.0.1
  • 62. Light weight remote deployable agent Same as psexec check_cpu check_memory check_process External scripts!
  • 64. simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
  • 66. Photo by Olga Berrios
  • 68. Information about NSClient++ http://nsclient.org facebook.com/nsclient Slides, and examples http://nsclient.org/nscp/conferances/nwc/2013/ My Blog http://blog.medin.name

Notas del editor

  1. My name is Michael Medin and I am from Stockholm, SwedenNSClient++: I am here to talk about NSClient++ (as always) and about Windows (as always) this timeDifferent: For those of you who have seen me beforeI read this nifty book about how to make awesome presentations.And I am not saying this will be an awesome presentation I am just saying I read this book.Questions: Any questions: feel free to chime in at any time
  2. This presentation is called: What’s new, and the resound for that is I sent in my proposal a year ago and I had no idea what to talk about.Had I sent in the proposal now the title would have been: monitoring simplified
  3. It is an agent, which means it is designed to be deployed (ish)It has been around since around 2003 (I don’t know)It was for Windows (pre 0.4.0) now it is for Linux and WindowsModular: Which means out of the box it does nothing.Open source (not open core)0.4.1 release last year, 0.4.2 hopefully soon.
  4. 0.4.1 is Stable, please use it
  5. One man band: This means:I am the one playing the harmonic, the guitar whilst driving the rocket propelled car
  6. The reason I mention this is please don’t be angry, sometimes I am busy…
  7. I often get questions which I reply “I will fix it tonight” and then I forget…It is not because I hate you or dislike you or think your question was stupid…
  8. Sponsoring is available for those who want to get their logo and link on the page.Donations are available for the too-rich-for-their-own-good people out there.And we will be launching support later this year.The goal of the support is to get a better understanding of what is important
  9. Thank you to my sponsors
  10. Sockets: ipv6 and true ssl (certificate based authentication with real encryption)Protocols: improvements (timeouts for instance), and many new onesReal-time checks: Something I personally like a lotCommand line syntax: Good or bad, it is there!
  11. It is important to understand that when 0.4.1 was released it was not the end, since then newer version of NSClient++ has been out as well.So please check back periodically for updates.
  12. The kernel sends us an event once the file is updatedWe DON’T!!! Poll (ish)We filter the file for important changes: for instance column1 contains a bad wordWe forward the stste4 (if we found a match) to the various outbound pluginsWe send the event to Nagios
  13. CONFIG is easy!
  14. The kernel sends us an event once the file is updatedWe Still don’t poll!We store results in a databaseNRPE can quickly poll the cache.
  15. CONFIG is still easy!
  16. Speaking of Linux: How do I actually get it on Linux?
  17. No Packages (yet) but it is simple to build your self
  18. Comparing that to windows where it is a pint to build.But a new script in 0.4.1 makes building all dependencies on windows much much simpler.
  19. If you love Linux!Please help out and provide me with spec files and packages!
  20. Remember this was about making monitoring simple: right
  21. Questions?
  22. The end!