Post on 12-Jan-2017
http://nsclient.org
YaaaayyyyNSClient++
Agent (Passive, Active, Real-time, etc…)
since 2003? ( )
windowslinux and
modular by design
Highly extensible
<0.4.0
not open coreOpen source
one-man-band
no company
no commercial version
no paid time
Please don’t be angry!
Some times I am busy
Get your a** over here and
play NOW!
sponsoring!donations!support!
but…
What’s New!Since 0.3.9…
Modern Windows support
Simplified monitoring
Real-time monitoring
Linux checks
clients
Sockets: ipv6, ssl (true)
New protocols: NRDP, check_mk, Graphite, syslog, smtp
Real-time checks: eventlog, logfiles
Simplified: Command line syntax
Modernized: NRPE, NSCA, check_nt
WEB UI
Linux (Packages)
REST
QUALITY IMPROVMENTS
COMMAND LINE
Check_os_Version
Check_pagefileCheck_process
NO MORE PDHCheck_service
Nrpe_client
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”level=’error’”
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”source=’App1’”
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”source=’App1‘”
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”source=’App1’ or source=’App3’”
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”source=’App1’ or source=’App3’or level=’error’”
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”source=’App1’ or source=’App3’or level=’error’ or level=’warning’”
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”(source=’App1’ or source=’App3’or level=’error’ or level=’warning’) and
source!=’Excel’”
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”(source = ’App1’ or source = ’App3’or level = ’error’ or level = ’warning’) and source != ’Excel’”
filter=”(source in (’App1’,’App3’) or level in (’error’,’warning’)) and source
!= ’Excel’”
filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034',
'7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND
level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-
Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN
('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50')
AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006')
AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR
(id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND
source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND
source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error',
'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error',
'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error',
'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND
source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN
('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager')
AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN (
('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN
('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN
('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN
('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN
('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN
('error', 'warning'))
Numbers, constants etcKey Safe Key Description
= eq Equals
!= ne Not equals
> gt Greater than
< lt Less than
>= ge Greater or equal than
<= le Less or equal than
in ( <LIST OF VALUES>) In a given list
not in (…) Not in a given list
StringsKey Safe Key Description
= eq Equals
!= ne Not equals
> gt Greater than
< lt Less than
>= ge Greater or equal than
<= le Less or equal than
in ( <LIST OF VALUES>) In a given list
not in (…) Not in a given list
like Substring matching
regexp Regular expression
not like Opposite of like
not regexp Opposite of regexp
FilterWarning
Critical
Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=” source = ’App1’ “
warn=” level = ’Warning’ “
detail-syntax=”s: ${source} “top-syntax=“Hello: ${list}”
Hello: s: App1, s: App1, s: App3
check_pagefile
"filter=name = 'total'”
check_uptime
"warn=uptime < -2d“
"crit=uptime < -1d“
check_process process=explorer.exe
"warn=working_set > 70m"
"detail-syntax=${exe} ws:${working_set},
handles: ${handles},
user time:${user}s”
Simple?
Let me guess
This all seems Like a lot of
typing!
Sensibledefaults!
check_cpuJust works!
NativeSecure
Simple
Fast Light weightA work in progress
check_service computer=192.168.0.1check_disk drive=\\192.168.0.1\c$check_task_sched computer=192.168.0.1check_wmi computer=192.168.0.1
What’s comingLight weight remote deployable agentSimilar to psexeccheck_cpucheck_memorycheck_processExternal scripts!
THANK YOU!
Photo by Olga Berrios
Information about NSClient++https://nsclient.org
facebook.com/nsclient
Slideshttp://www.slideshare.net/MichaelMedin
My Bloghttps://www.medin.name