rg Michael Medin SOA/Middleware Architect Michael Medin SOA/Middleware Architect
rg Michael Medin SOA/Middleware Architect Michael Medin SOA/Middleware Architect Monitorin g Simpli fied Monitorin g Simpli fied
NS-what did he say? I’m in the wrong room! NS-what did he say? I’m in the wrong room!
..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : : No data to return. Failed to query performance counters:..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : : No data to return. Failed to query performance counters:..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : : No data to return. Failed to query performance counters:..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : : No data to return. Failed to query performance counters:
CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
NSClient ++
0.4.1 is stable
Get your a** over here and play NOW!
What’s New!
Build 90 ( xx) ◦ ◦ nsclient-full.ini ◦ ◦ Reload from script ◦ ◦ (re)added check_filesize (ie. Check_nt –v FILESIZE) ◦ ◦ Encoding support for NRPE ◦ ◦ New option: scan-range for CheckEventLog ◦ ◦ Various minor bug fixes Build 96 ( xx) ◦ ◦ Reverted external script quoting issues ◦ ◦ (re)added check_fileage (ie. Check_nt –v FILEAGE) ◦ ◦ Added support for binding to both ipv6 and ipv4 ◦ ◦ Various minor bug fixes Build 102 ( xx) ◦ ◦ PDH improvements ◦ ◦ Performance data: pass through ◦ ◦ Encoding support through out ◦ ◦ Various minor bug fixes and enhacements
Modern Windows support Simplified monitoring Real-time monitoring Linux checks
Modern Windows support Simplified monitoring Real-time monitoring Linux checksNSCP protocol Check_xxx clients
Check_os_Version Check_pagefile Check_process NO MORE PDH Check_service Nrpe_client
Filters
filter=” level = ’error’ ”
filter=” source = ’App1’ ”
filter=” source = ’App1 ”
filter=” source = ’App1’ or source = ’App3’ ”
filter=” source = ’App1’ or source = ’App3’ or level = ’error’ ”
filter=” source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’ ”
filter=” (source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’) and source != ’Excel’ ”
filter=” (source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’) and source != ’Excel’ ” filter=” (source in (’App1’, ’App3’) or level in (’error’, ’warning’)) and source != ’Excel’ ”
filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key- Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key- Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices- RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory- Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))
Filter Warnin g Critic al Ok
filter=” source = ’App1’ “ warn=” level = ’Warning’ “
Custom strings Supports substitutions ${…} top- and detail-syntax
detail-syntax=”s: ${source} “ top-syntax=“Hello: ${list}” Hello: s: App1, s: App1, s: App3
check_pagefile "filter=name = 'total'” check_uptime "warn=uptime < -2d“ "crit=uptime < -1d“ check_process process=explorer.exe "warn=working_set > 70m" "detail-syntax= ${exe} ws:${working_set}, handles: ${handles}, user time:${user}s”
Simple?
This all seems Like a lot of typing!
Sensible defaults !
check_cp u Just works!
Real time monitorin g
No CPU overhead Notified instantly Powerful filtering
[/modules] CheckLogFile = enabled NSCAClient = enabled SimpleFileWriter = enabled [/settings/logfile/real-time/checks/my_check] destination = FILE,NSCA file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NSCA/client/targets/default] address = encryption = aes password = secreter
But I use NRP E
No CPU overhead Powerful filtering Stored in cache Check latest result Fetched instantly
[/modules] CheckLogFile = enabled SimpleCache = enabled NRPEServer = enabled [/settings/logfile/real-time/checks/my_check] destination = CACHE file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NRPE/server] allowed hosts = allow arguments = true
But HOW ABOUT Graphin g?
LIN UX
AGEN T less
Native Secure Simple Fast Light weight A work in progress
check_service computer= check_disk drive=\\ \c$ check_task_sched computer= check_wmi computer=
Light weight remote deployable agent Same as psexec check_cpu check_memory check_process External scripts!
rg Michael Medin SOA/Middleware Architect Michael Medin SOA/Middleware Architect Monitorin g Simpli fied Monitorin g Simpli fied
CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
check_eventlogcheck_eventlog
Photo by Olga Berrios
THANK YOU!
Information about NSClient++ facebook.com/nsclient Slides, and examples My Blog Michael Medin SOA/Middleware Architect Michael Medin SOA/Middleware Architect