NSClient++ is an open source agent for monitoring servers. It has been in development since 2003 and supports both Windows and Linux. It provides a modular, extensible agent that can monitor various system metrics and events in real-time. Some key features mentioned include support for new protocols like Graphite and syslog, simplified command line syntax, and the ability to perform real-time checks of things like event logs and log files.
3. How many use NSClient++
NS-whatdid he say?
?#@*&%!
wrong room!
4. How many like NSClient++?
..pdh collection thread not running…
ERROR: Missing argument exception
PdhCollectQueryData? failed: : -
2147481643: No data to return.
Failed to query performance counters:
..pdh collection thread not running…
ERROR: Missing argument exception
PdhCollectQueryData? failed: : -
2147481643: No data to return.
Failed to query performance counters:
17. 0.4.1
Build 90 (2013-02-xx)
◦ nsclient-full.ini
◦ Reload from script
◦ (re)added check_filesize (ie. Check_nt –v FILESIZE)
◦ Encoding support for NRPE
◦ New option: scan-range for CheckEventLog
◦ Various minor bug fixes
Build 96 (2013-04-xx)
◦ Reverted external script quoting issues
◦ (re)added check_fileage (ie. Check_nt –v FILEAGE)
◦ Added support for binding to both ipv6 and ipv4
◦ Various minor bug fixes
Build 102 (2013-08-xx)
◦ PDH improvements
◦ Performance data: pass through
◦ Encoding support through out
◦ Various minor bug fixes and enhacements
18. 0.4.2: The goals
Modern Windows support
Simplifiedmonitoring
Real-time monitoring
Linux checks
19. 0.4.2: The STATUS
Modern Windows support
Simplified monitoring
Real-time monitoring
Linux checks NSCP protocol
Check_xxx clients
30. Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
(source or level )
31. filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073',
'1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026',
'7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND
level IN ('error', 'warning'))
OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning'))
OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id
IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error',
'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR
(id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning'))
OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN
('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN
('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND
source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source
NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source
NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND
source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND
source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager')
AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND
level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT
IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN
('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents')
AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-
RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source
NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN
('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon')
AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level
IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND
level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control
manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN
('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND
source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN
('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error',
'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND
strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source
NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN
('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026')
AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND
source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016')
AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR
(id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error',
'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error',
'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error',
'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error',
'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))
32. Numbers, constants etc
Key Safe Key Description
= eq Equals
!= ne Not equals
> gt Greater than
< lt Less than
>= ge Greater or equal than
<= le Less or equal than
in ( <LIST OF VALUES>) In a given list
not in (…) Not in a given list
33. Strings
Key Safe Key Description
= eq Equals
!= ne Not equals
> gt Greater than
< lt Less than
>= ge Greater or equal than
<= le Less or equal than
in ( <LIST OF VALUES>) In a given list
not in (…) Not in a given list
like Substring matching
regexp Regular expression
not like Opposite of like
not regexp Opposite of regexp
My name is Michael Medin and I am from Stockholm, SwedenNSClient++: I am here to talk about NSClient++ (as always) and about Windows (as always) this timeDifferent: For those of you who have seen me beforeI read this nifty book about how to make awesome presentations.And I am not saying this will be an awesome presentation I am just saying I read this book.Questions: Any questions: feel free to chime in at any time
This presentation is called: What’s new, and the resound for that is I sent in my proposal a year ago and I had no idea what to talk about.Had I sent in the proposal now the title would have been: monitoring simplified
It is an agent, which means it is designed to be deployed (ish)It has been around since around 2003 (I don’t know)It was for Windows (pre 0.4.0) now it is for Linux and WindowsModular: Which means out of the box it does nothing.Open source (not open core)0.4.1 release last year, 0.4.2 hopefully soon.
0.4.1 is Stable, please use it
One man band: This means:I am the one playing the harmonic, the guitar whilst driving the rocket propelled car
The reason I mention this is please don’t be angry, sometimes I am busy…
I often get questions which I reply “I will fix it tonight” and then I forget…It is not because I hate you or dislike you or think your question was stupid…
Sponsoring is available for those who want to get their logo and link on the page.Donations are available for the too-rich-for-their-own-good people out there.And we will be launching support later this year.The goal of the support is to get a better understanding of what is important
Thank you to my sponsors
Sockets: ipv6 and true ssl (certificate based authentication with real encryption)Protocols: improvements (timeouts for instance), and many new onesReal-time checks: Something I personally like a lotCommand line syntax: Good or bad, it is there!
It is important to understand that when 0.4.1 was released it was not the end, since then newer version of NSClient++ has been out as well.So please check back periodically for updates.
The kernel sends us an event once the file is updatedWe DON’T!!! Poll (ish)We filter the file for important changes: for instance column1 contains a bad wordWe forward the stste4 (if we found a match) to the various outbound pluginsWe send the event to Nagios
CONFIG is easy!
The kernel sends us an event once the file is updatedWe Still don’t poll!We store results in a databaseNRPE can quickly poll the cache.
CONFIG is still easy!
Speaking of Linux: How do I actually get it on Linux?
No Packages (yet) but it is simple to build your self
Comparing that to windows where it is a pint to build.But a new script in 0.4.1 makes building all dependencies on windows much much simpler.
If you love Linux!Please help out and provide me with spec files and packages!
Remember this was about making monitoring simple: right