nsclient++ whats new?
DESCRIPTION
Michael Medin ( @mickem ) michael@ medin.name http:// blog .medin.name SOA/ Middleware Architect. NSClient++ Whats new?. http :// nsclient.org. Michael Medin ( @mickem ) michael@ medin.name http:// blog .medin.name SOA/ Middleware Architect. Monitoring Simplified. - PowerPoint PPT PresentationTRANSCRIPT
NSClient++
Whats new?http://nsclient.org
Michael Medin (@mickem)
http://blog.medin.name
SOA/Middleware Architect
http://nsclient.org
Michael Medin (@mickem)
http://blog.medin.name
SOA/Middleware Architect
Monitoring
Simplified
How many use NSClient++
NS-what did he say?
?#@*&%!I’m in the
wrong room!
How many like NSClient++?
..pdh collection thread not running…ERROR: Missing argument exceptionPdhCollectQueryData? failed: : -2147481643: No data to return.Failed to query performance counters:..pdh collection thread not running…ERROR: Missing argument exceptionPdhCollectQueryData? failed: : -2147481643: No data to return.Failed to query performance counters:
How many thinks it’s simple?
CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success',
'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=
%severity%: %source%: %message% (%count%)"
dev
worked in ops
a long time ago
not ops
work with “soa”
not, C/C++, nagios, …
Michael Medin
NSClient++
agent Since
2003?
windows
linux and modular by
design
Highly extensible
0.4.1: 2012-10-xx0.4.2: 2013-10-
xx?
<0.4.0
not open core
Open source
0.4.3: 2014-02-xx?
0.4.1is stable
one-man-bandno
company, no commercial version
, no payed time
Please don’t be angry!
Some times I am busy
Please don’t be angry!
Some times I am busy
Get your a** over here and play
NOW!
one-man-bandno
companysponsoring!donations!support!
, no commercial version
, no payed timebut…
Thank you!
What’s New!
Sockets: ipv6, ssl (true)New protocols: NRDP, check_mk, Graphite, syslog, smtpReal-time checks: eventlog, logfilesSimplified: Command
line syntax
Modernized: NRPE, NSCA, check_nt
0.4.1
0.4.1Build 90 (2013-02-xx)
◦ nsclient-full.ini◦ Reload from script◦ (re)added check_filesize (ie. Check_nt –v FILESIZE)◦ Encoding support for NRPE◦ New option: scan-range for CheckEventLog◦ Various minor bug fixes
Build 96 (2013-04-xx)◦ Reverted external script quoting issues◦ (re)added check_fileage (ie. Check_nt –v FILEAGE)◦ Added support for binding to both ipv6 and ipv4◦ Various minor bug fixes
Build 102 (2013-08-xx)◦ PDH improvements◦ Performance data: pass through◦ Encoding support through out◦ Various minor bug fixes and enhacements
0.4.2: The goalsModern Windows support
Simplified monitoringReal-time monitoring
Linux checks
0.4.2: The STATUSModern Windows support
Simplified monitoringReal-time monitoring
Linux checksNSCP protocolCheck_xxx clients
0.4.2: Some Examples
Check_os_VersionCheck_pagefile
Check_processNO MORE PDHCheck_service
Nrpe_client
Filters
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” level = ’error’ ”
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” source = ’App1’ ”
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” source = ’App1 ”
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” source = ’App1’ or source = ’App3’ ”
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” source = ’App1’ or source = ’App3’or level = ’error’ ”
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” source = ’App1’ or source = ’App3’or level = ’error’ or level = ’warning’ ”
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” (source = ’App1’ or source = ’App3’or level = ’error’ or level = ’warning’) and
source != ’Excel’ ”
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” (source = ’App1’ or source = ’App3’or level = ’error’ or level = ’warning’) and
source != ’Excel’ ”
filter=” (source in (’App1’, ’App3’) or level in (’error’, ’warning’)) and source != ’Excel’ ”
filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960',
'40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning'))
OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR
(id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND
level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND
source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN
('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036')
AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id
IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error',
'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-
RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN
('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN
('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service
control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND
level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service
control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source
NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN
('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN
('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN
('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN
('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN
('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))
Numbers, constants etcKey Safe Key Description= eq Equals!= ne Not equals> gt Greater than< lt Less than>= ge Greater or equal than<= le Less or equal thanin ( <LIST OF VALUES>)
In a given list
not in (…) Not in a given list
StringsKey Safe Key Description= eq Equals!= ne Not equals> gt Greater than< lt Less than>= ge Greater or equal than<= le Less or equal thanin ( <LIST OF VALUES>)
In a given list
not in (…) Not in a given listlike Substring matchingregexp Regular expressionnot like Opposite of likenot regexp Opposite of regexp
All good things are three!
Filter
Warning
Critical
Ok
Level Source … …Error Word … …Error Excel … …Info Word … …Warning Excel … …Error App1 … …Warning App1 … …Error App3 … …
filter=” source = ’App1’ “
warn=” level = ’Warning’ “
DisplayCustom strings
Supports substitutions ${…}top- and detail-syntax
Displaydetail-syntax=”s: $
{source} “top-syntax=“Hello: $
{list}”Hello: s: App1, s: App1, s: App3
check_pagefile "filter=name = 'total'”
check_uptime "warn=uptime < -2d“"crit=uptime < -1d“
check_process process=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set}, handles: $
{handles}, user time:${user}s”
Simple?
Let me guess
This all seems Like a lot of typing!
Sensibledefaults!
check_cpuJust
works!
Real time
monitoring
Active monitoring!
Monitored Server(Windows)
Monitoring Server(Nagios)
check_cpu
check_uptimecheck_mem
check_eventlogcheck_updates
......
Monitored Server(Windows)
Monitoring Server(Nagios)
check_cpu
check_uptimecheck_mem
check_eventlogcheck_updates
......
Passive monitoring!
Real-time monitoring!
Monitored Server(Windows)
Monitoring Server(Nagios)
Error detected in eventlog
Everything is ok
CheckLogFile
NSClient++ Core
Linux Kernel
FILE
NSCA NSCAClient
SimpleFileWriter
File
No CPU overhead Notified
instantlyPowerful filtering
CheckLogFile
NSClient++ Core
Linux Kernel
FILE
NSCA NSCAClient
SimpleFileWriter
File
[/modules]CheckLogFile = enabledNSCAClient = enabledSimpleFileWriter = enabled
[/settings/logfile/real-time/checks/my_check]destination = FILE,NSCAfile = test.txtwarning = column1 like ‘warn’critical = column2 like ‘crit’
[/settings/NSCA/client/targets/default]address = 10.11.12.13encryption = aespassword = secreter
But I use NRPE
CheckLogFile
NSClient++ Core
Linux Kernel
FILE
NSCA NSCAClient
SimpleFileWriter
SimpleCacheCACHE
NRPEServer
No CPU overhead
Powerful filtering
Stored in cache
Check latest result Fetched instantly
CheckLogFile
NSClient++ Core
Linux Kernel
FILE
NSCA NSCAClient
SimpleFileWriter
SimpleCacheCACHE
NRPEServer
[/modules]CheckLogFile = enabledSimpleCache = enabledNRPEServer = enabled
[/settings/logfile/real-time/checks/my_check]destination = CACHEfile = test.txtwarning = column1 like ‘warn’critical = column2 like ‘crit’
[/settings/NRPE/server]allowed hosts = 10.11.12.13allow arguments = true
But HOW ABOUT Graphing?
Two options:1, store/fetch from
cache2, submit passivelybut not to Nagios!
LINUX
By ~Nac-Mac-Feegle
apt-get install …git clone git://github.com/mickem/nscp.gitmkdir build ; cd buildcmake ../nscpmake
Manually install visual studio, python and cmakeDownload and unpack nscp sourcepython nscp\build\python\fetchdeps.py
--target x64 --cmake-config distcmake ../nscpmsbuild /p:Configuration=RelWithDebInfo NSCP.sln
Please help with packages!I will give you free* beer!
*Free as in your free to buy it your self!
AGENTless
NativeSecure
SimpleFastLight weight
A work in progress
check_service computer=192.168.0.1check_disk drive=\\192.168.0.1\c$check_task_sched computer=192.168.0.1check_wmi computer=192.168.0.1
What’s coming: 0.4.3Light weight remote deployable agentSame as psexeccheck_cpucheck_memorycheck_processExternal scripts!
http://nsclient.org
Michael Medin (@mickem)
http://blog.medin.name
SOA/Middleware Architect
Monitoring
Simplified
How many thinks it’s simple?
CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success',
'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=
%severity%: %source%: %message% (%count%)"
How many thinks it’s simple?
check_eventlog
Photo by Olga Berrios
Q&A
THANK YOU!
Information about NSClient++http://nsclient.org
facebook.com/nsclient
Slides, and exampleshttp://nsclient.org/nscp/conferances/nwc/2013/
My Bloghttp://blog.medin.name
Michael Medin (@mickem)
http://blog.medin.name
SOA/Middleware Architect