By default NSClient+ works on a different port than the old client I
used. For compatibility until I manage to modify all of my Nagios
configs, I changed the listener on NSClient+ to the old port.
Here's my nsc.ini config. Notice I masked my source addresses in blue.
[modules]
NRPEListener.dll
NSClientListener.dll
FileLogger.dll
CheckSystem.dll
CheckDisk.dll
CheckEventLog.dll
CheckHelpers.dll
;# NSCLIENT++ MODULES
;# A list with DLLs to load at startup.
; You will need to enable some of these for NSClient++ to work.
; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
; * *
; * N O T I C E ! ! ! - Y O U H A V E T O E D I T T H I S *
; * *
; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
;FileLogger.dll
;CheckSystem.dll
;CheckDisk.dll
;NSClientListener.dll
;NRPEListener.dll
;SysTray.dll
;CheckEventLog.dll
;CheckHelpers.dll
;CheckWMI.dll
;
; Script to check external scripts and/or internal aliases.
CheckExternalScripts.dll
;
; NSCA Agent if you enable this NSClient++ will talk to NSCA hosts
repeatedly (so dont enable unless you want to use NSCA)
;NSCAAgent.dll
;
; LUA script module used to write your own "check deamon".
;LUAScript.dll
;
; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR
PRODUCTION ENVIROMNEMTS!
;RemoteConfiguration.dll
; Check other hosts through NRPE extreme beta and probably a bit
dangerous! :)
;NRPEClient.dll
; Extreamly early beta of a task-schedule checker
;CheckTaskSched.dll
[Settings]
;# OBFUSCATED PASSWORD
; This is the same as the password option but here you can store the
password in an obfuscated manner.
; *NOTICE* obfuscation is *NOT* the same as encryption, someone with
access to this file can still figure out the
; password. Its just a bit harder to do it at first glance.
;obfuscated_password=Jw0KAUUdXlAAUwASDAAB
;
;# PASSWORD
; This is the password (-s) that is required to access NSClient
remotely. If you leave this blank everyone will be able to access the
daemon remotly.
;password=secret-password
;
;# ALLOWED HOST ADDRESSES
; This is a comma-delimited list of IP address of hosts that are
allowed to talk to the all daemons.
; If leave this blank anyone can access the deamon remotly (NSClient
still requires a valid password).
; The syntax is host or ip/mask so 192.168.0.0/24 will allow anyone
on that subnet access
;allowed_hosts=127.0.0.1/32
;
;# USE THIS FILE
; Use the INI file as opposed to the registry if this is 0 and the
use_reg in the registry is set to 1
; the registry will be used instead.
use_file=1
allowed_hosts=x.x.x.x,y.y.y.y
;
; # USE SHARED MEMORY CHANNELS
; This is the "new" way for using the system tray based on an IPC
framework on top shared memmory channels and events.
; It is brand new and (probably has bugs) so dont enable this unless
for testing!
; If set to 1 shared channels will be created and system tray icons
created and such and such...
;shared_session=0
[log]
;# LOG DEBUG
; Set to 1 if you want debug message printed in the log file (debug
messages are always printed to stdout when run with -test)
;debug=1
;
;# LOG FILE
; The file to print log statements to
;file=nsclient.log
;
;# LOG DATE MASK
; The format to for the date/time part of the log entry written to
file.
;date_mask=%Y-%m-%d %H:%M:%S
;
;# LOG ROOT FOLDER
; The root folder to use for logging.
; exe = the folder where the executable is located
; local-app-data = local application data (probably a better choice
then the old default)
;root_folder=exe
[NSClient]
;# ALLOWED HOST ADDRESSES
; This is a comma-delimited list of IP address of hosts that are
allowed to talk to NSClient deamon.
; If you leave this blank the global version will be used instead.
;allowed_hosts=
;
;# NSCLIENT PORT NUMBER
; This is the port the NSClientListener.dll will listen to.
port=1248
;
;# BIND TO ADDRESS
; Allows you to bind server to a specific local address. This has to
be a dotted ip adress not a hostname.
; Leaving this blank will bind to all avalible IP adresses.
;bind_to_address=
;
;# SOCKET TIMEOUT
; Timeout when reading packets on incoming sockets. If the data has
not arrived withint this time we will bail out.
;socket_timeout=30
[NRPE]
;# NRPE PORT NUMBER
; This is the port the NRPEListener.dll will listen to.
;port=5666
;
;# COMMAND TIMEOUT
; This specifies the maximum number of seconds that the NRPE daemon
will allow plug-ins to finish executing before killing them off.
;command_timeout=60
;
;# COMMAND ARGUMENT PROCESSING
; This option determines whether or not the NRPE daemon will allow
clients to specify arguments to commands that are executed.
;allow_arguments=0
;
;# COMMAND ALLOW NASTY META CHARS
; This option determines whether or not the NRPE daemon will allow
clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
;allow_nasty_meta_chars=0
;
;# USE SSL SOCKET
; This option controls if SSL should be used on the socket.
;use_ssl=1
;
;# BIND TO ADDRESS
; Allows you to bind server to a specific local address. This has to
be a dotted ip adress not a hostname.
; Leaving this blank will bind to all avalible IP adresses.
; bind_to_address=
;
;# ALLOWED HOST ADDRESSES
; This is a comma-delimited list of IP address of hosts that are
allowed to talk to NRPE deamon.
; If you leave this blank the global version will be used instead.
;allowed_hosts=
;
;# SCRIPT DIRECTORY
; All files in this directory will become check commands.
; *WARNING* This is undoubtedly dangerous so use with care!
;script_dir=scripts\
;
;# SOCKET TIMEOUT
; Timeout when reading packets on incoming sockets. If the data has
not arrived withint this time we will bail out.
;socket_timeout=30
[Check System]
;# CPU BUFFER SIZE
; Can be anything ranging from 1s (for 1 second) to 10w for 10 weeks.
Notice that a larger buffer will waste memory
; so don't use a larger buffer then you need (ie. the longest check
you do +1).
;CPUBufferSize=1h
;
;# CHECK RESOLUTION
; The resolution to check values (currently only CPU).
; The value is entered in 1/10:th of a second and the default is 10
(which means ones every second)
;CheckResolution=10
;
;# CHECK ALL SERVICES
; Configure how to check services when a CheckAll is performed.
; ...=started means services in that class *has* to be running.
; ...=stopped means services in that class has to be stopped.
; ...=ignored means services in this class will be ignored.
;check_all_services[SERVICE_BOOT_START]=ignored
;check_all_services[SERVICE_SYSTEM_START]=ignored
;check_all_services[SERVICE_AUTO_START]=started
;check_all_services[SERVICE_DEMAND_START]=ignored
;check_all_services[SERVICE_DISABLED]=stopped
[External Script]
;# COMMAND TIMEOUT
; This specifies the maximum number of seconds that the NRPE daemon
will allow plug-ins to finish executing before killing them off.
;command_timeout=60
;
;# COMMAND ARGUMENT PROCESSING
; This option determines whether or not the NRPE daemon will allow
clients to specify arguments to commands that are executed.
allow_arguments=1
;
;# COMMAND ALLOW NASTY META CHARS
; This option determines whether or not the NRPE daemon will allow
clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
;allow_nasty_meta_chars=0
;
;# COMMAND ALLOW NASTY META CHARS
; This option determines whether or not the NRPE daemon will allow
clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
;script_dir=c:\my\script\dir
[External Scripts]
;check_es_long=scripts\long.bat
;check_es_ok=scripts\ok.bat
;check_es_nok=scripts\nok.bat
;check_vbs_sample=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs
;check_powershell_warn=cmd /c echo scripts\powershell.ps1 |
powershell.exe -command -
[External Alias]
alias_cpu=checkCPU warn=50 crit=90 time=3m
alias_cpu_ex=checkCPU warn=$ARG1$ crit=$ARG2$ time=5m time=1m time=30s
alias_disk=CheckDriveSize MinWarn=5% MinCrit=3% CheckAll
FilterType=FIXED
alias_service=checkServiceState CheckAll
alias_process=checkProcState $ARG1$=started
alias_mem=checkMem MaxWarn=75% MaxCrit=90% ShowAll type=physical
alias_up=checkUpTime MinWarn=1d MinWarn=1h
alias_file_age=checkFile2 filter=out "file=$ARG1$" filter-written=>1d
MaxWarn=1 MaxCrit=1 "syntax=%filename% %write%"
alias_file_size=checkFile2 filter=out "file=$ARG1$" filter-size=>
$ARG2$ MaxWarn=1 MaxCrit=1 "syntax=%filename% %size%"
alias_file_size_in_dir=checkFile2 filter=out pattern=*.txt "file=
$ARG1$" filter-size=>$ARG2$ MaxWarn=1 MaxCrit=1 "syntax=%filename%
%size%"
alias_event_log=CheckEventLog file=application file=system filter=new
filter=out MaxWarn=1 MaxCrit=1 filter-generated=>2d filter-
severity==success filter-severity==informational truncate=1023 unique
descriptions "syntax=%severity%: %source%: %message% (%count%)"
alias_event_log2=CheckEventLog file=application file=system filter=new
filter=in MaxWarn=1 MaxCrit=1 filter+generated=<2d "filter
+eventSource==Service Control Manager" filter+severity==error
truncate=1023 unique descriptions "syntax=%severity%: %source%:
%message% (%count%)"
check_ok=CheckOK Everything is fine!
; [includes]
;# The order when used is "reversed" thus the last included file will
be "first"
;# Included files can include other files (be carefull only do basic
recursive checking)
;
; myotherfile.ini
; real.ini
[NSCA Agent]
;# CHECK INTERVALL (in seconds)
; How often we should run the checks and submit the results.
;interval=5
;
;# ENCRYPTION METHOD
; This option determines the method by which the send_nsca client
will encrypt the packets it sends
; to the nsca daemon. The encryption method you choose will be a
balance between security and
; performance, as strong encryption methods consume more processor
resources.
; You should evaluate your security needs when choosing an
encryption method.
;
; Note: The encryption method you specify here must match the
decryption method the nsca daemon uses
; (as specified in the nsca.cfg file)!!
; Values:
; 0 = None (Do NOT use this option)
; 1 = Simple XOR (No security, just obfuscation, but very fast)
; 2 = DES
; 3 = 3DES (Triple DES)
; 4 = CAST-128
; 6 = xTEA
; 8 = BLOWFISH
; 9 = TWOFISH
; 11 = RC2
; 14 = RIJNDAEL-128 (AES)
; 20 = SERPENT
;encryption_method=14
;
;# ENCRYPTION PASSWORD
; This is the password/passphrase that should be used to encrypt the
sent packets.
;password=
;
;# BIND TO ADDRESS
; Allows you to bind server to a specific local address. This has to
be a dotted ip adress not a hostname.
; Leaving this blank will bind to "one" local interface.
; -- not supported as of now --
;bind_to_address=
;
;# LOCAL HOST NAME
; The name of this host (if empty "computername" will be used.
;hostname=
;
;# NAGIOS SERVER ADDRESS
; The address to the nagios server to submit results to.
;nsca_host=192.168.0.1
;
;# NAGIOS SERVER PORT
; The port to the nagios server to submit results to.
;nsca_port=5667
;
;# CHECK COMMAND LIST
; The checks to run everytime we submit results back to nagios
; Any command(alias/key) starting with a host_ is sent as
HOST_COMMAND others are sent as SERVICE_COMMANDS
; where the alias/key is used as service name.
;
[NSCA Commands]
;my_cpu_check=checkCPU warn=80 crit=90 time=20m time=10s time=4
;my_mem_check=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=page
;my_svc_check=checkServiceState CheckAll exclude=wampmysqld
exclude=MpfService
;host_check=check_ok
;# REMOTE NRPE PROXY COMMANDS
; A list of commands that check other hosts.
; Used by the NRPECLient module
[NRPE Client Handlers]
check_other=-H 192.168.0.1 -p 5666 -c remote_command -a arguments
;# LUA SCRIPT SECTION
; A list of all Lua scripts to load.
;[LUA Scripts]
;scripts\test.lua
On Mar 24, 2011, at 2:56 PM, Jarred White wrote:
Hey Keith, thanks for your feedback. You can see from the command
line bit I pasted that it should not be necessary to include a -w
and -c value, although initially when installed the command did have
those arguments. I removed them for the sake of testing, but I'm
happy to try with them added to the command again.
Using NSClient++, was there anything you needed to do on the client-
side in order to make it play right? I'm thinking there should not be.
On Thu, Mar 24, 2011 at 2:50 PM, Keith Stokes <kei...@neill.net>
wrote:
I've been using Nagios for 5+ years and as such, have a massive
config from the old 1.x version. I use NSClient+ on the Windows side.
All of my commands for disk space require defining Critical and
Warning levels.
i.e.
define command{
command_name check_nt_disk_d
command_line /usr/local/nagios/libexec/check_nt -H
$HOSTADDRESS$ -p 1248 -v USEDDISKSPACE -l d -w 95% -c 98%
}
On Mar 24, 2011, at 2:39 PM, Jarred White wrote:
Hi all, looking for my Nagios gurus out there.
I'm trying to monitor some Windows systems using Nagios through
OSSIM. OSSIM is just an SIEM platform that rolls a bunch of open
source security stuff like snort, nagios, ntop, openvas, etc. into
one nice package with a great web interface. It ships with Nagios3,
and it sort of has its own idea of where/how nagios configs should
be placed.
Regardless, I am trying to use the "check_nt" command to poll
various information on my Windows servers. So far, a lot of the
checks are working properly, but some are not and I can't figure out
why. The cfg file for the server has the following service check for
disk usage:
# Create a service for monitoring D:\ disk usage
# Change the host_name to match the name of the host you defined above
define service{
use generic-service
host_name SERVERNAME
service_description D:\ Drive Space
check_command check_nt!USEDDISKSPACE!-l d
}
Within the actual OSSIM web site where you can see statistics/info
on your monitored systems, it shows an "OKAY" for many of the
checks, but for this USEDDISKSPACE check, it says: missing -l
parameters
That references check_nt, I am fairly certain means "nt.cfg" which
is located at /etc/nagios-plugins/config and has the following
content:
# 'check_nt' command definition
define command {
command_name check_nt
command_line /usr/lib/nagios/plugins/check_nt -H
'$HOSTADDRESS$' -p 12489 -v '$ARG1$' '$ARG2$' '$ARG3$'
}
I hardcoded the port into that command as none of the checks were
working at all without it. Now the checks for memory, CPU, etc. work
- but this one still doesn't. Moving on.
The file located at /usr/lib/nagios/plugins/check_nt seems to be a
binary file of some sort. I am assuming that because catting it just
spits out a bunch of garbage.
The "-l d" argument above tells it to check the disk space on drive
letter D. I know that check_nt is working properly because if I
manually run it from the command line, it's successful:
hostname:/etc/nagios-plugins/config# /usr/lib/nagios/plugins/
check_nt -H 10.0.10.10 -p 12489 -v USEDDISKSPACE -l d
d:\ - total: 2.00 Gb - used: 0.01 Gb (1%) - free 1.99 Gb (99%) | 'd:
\ Used Space'=0.01Gb;0.00;0.00;0.00;2.00
So, that works. Where is the disconnect between what I'm doing on
the command line and what's in the config script? I'm at a loss. Any
feedback or assistance is greatly appreciated.
Thanks all!
--
"The world's my oyster, a hotel room's my prison cell..."
_______________________________________________
General mailing list
General@brlug.net
http://brlug.net/mailman/listinfo/general_brlug.net
--
Keith Stokes
_______________________________________________
General mailing list
General@brlug.net
http://brlug.net/mailman/listinfo/general_brlug.net
--
"The world's my oyster, a hotel room's my prison cell..."
--
Keith Stokes
_______________________________________________
General mailing list
General@brlug.net
http://brlug.net/mailman/listinfo/general_brlug.net