Presentation is loading. Please wait.

Presentation is loading. Please wait.

rg Michael Medin SOA/Middleware Architect Michael Medin

Published byEdgar Boone Modified over 9 years ago

Similar presentations

Presentation on theme: "rg Michael Medin SOA/Middleware Architect Michael Medin"— Presentation transcript:

1 http://nsclient.o rg Michael Medin (@mickem) michael@medin.name http://blog.medin.name SOA/Middleware Architect Michael Medin (@mickem) michael@medin.name http://blog.medin.name SOA/Middleware Architect

2 http://nsclient.o rg Michael Medin (@mickem) michael@medin.name http://blog.medin.name SOA/Middleware Architect Michael Medin (@mickem) michael@medin.name http://blog.medin.name SOA/Middleware Architect Monitorin g Simpli fied Monitorin g Simpli fied

3 NS-what did he say? ?#@*&%! I’m in the wrong room! NS-what did he say? ?#@*&%! I’m in the wrong room!

4 ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters:..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters:..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters:..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters:

5 CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"

6

7 NSClient ++

8

9 0.4.1 is stable

10

11

12 Get your a** over here and play NOW!

13

14

15 What’s New!

16

17 Build 90 (2013-02-xx) ◦ ◦ nsclient-full.ini ◦ ◦ Reload from script ◦ ◦ (re)added check_filesize (ie. Check_nt –v FILESIZE) ◦ ◦ Encoding support for NRPE ◦ ◦ New option: scan-range for CheckEventLog ◦ ◦ Various minor bug fixes Build 96 (2013-04-xx) ◦ ◦ Reverted external script quoting issues ◦ ◦ (re)added check_fileage (ie. Check_nt –v FILEAGE) ◦ ◦ Added support for binding to both ipv6 and ipv4 ◦ ◦ Various minor bug fixes Build 102 (2013-08-xx) ◦ ◦ PDH improvements ◦ ◦ Performance data: pass through ◦ ◦ Encoding support through out ◦ ◦ Various minor bug fixes and enhacements

18 Modern Windows support Simplified monitoring Real-time monitoring Linux checks

19 Modern Windows support Simplified monitoring Real-time monitoring Linux checksNSCP protocol Check_xxx clients

20 Check_os_Version Check_pagefile Check_process NO MORE PDH Check_service Nrpe_client

21 Filters

22

23 filter=” level = ’error’ ”

24 filter=” source = ’App1’ ”

25 filter=” source = ’App1 ”

26 filter=” source = ’App1’ or source = ’App3’ ”

27 filter=” source = ’App1’ or source = ’App3’ or level = ’error’ ”

28 filter=” source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’ ”

29 filter=” (source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’) and source != ’Excel’ ”

30 filter=” (source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’) and source != ’Excel’ ” filter=” (source in (’App1’, ’App3’) or level in (’error’, ’warning’)) and source != ’Excel’ ”

31 filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key- Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key- Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices- RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory- Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))

32

33

34 Filter Warnin g Critic al Ok

35 filter=” source = ’App1’ “ warn=” level = ’Warning’ “

36 Custom strings Supports substitutions ${…} top- and detail-syntax

37 detail-syntax=”s: ${source} “ top-syntax=“Hello: ${list}” Hello: s: App1, s: App1, s: App3

38 check_pagefile "filter=name = 'total'” check_uptime "warn=uptime < -2d“ "crit=uptime < -1d“ check_process process=explorer.exe "warn=working_set > 70m" "detail-syntax= ${exe} ws:${working_set}, handles: ${handles}, user time:${user}s”

39 Simple?

40 This all seems Like a lot of typing!

41 Sensible defaults !

42 check_cp u Just works!

43 Real time monitorin g

44

45

46

47 No CPU overhead Notified instantly Powerful filtering

48 [/modules] CheckLogFile = enabled NSCAClient = enabled SimpleFileWriter = enabled [/settings/logfile/real-time/checks/my_check] destination = FILE,NSCA file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NSCA/client/targets/default] address = 10.11.12.13 encryption = aes password = secreter

49 But I use NRP E

50 No CPU overhead Powerful filtering Stored in cache Check latest result Fetched instantly

51 [/modules] CheckLogFile = enabled SimpleCache = enabled NRPEServer = enabled [/settings/logfile/real-time/checks/my_check] destination = CACHE file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NRPE/server] allowed hosts = 10.11.12.13 allow arguments = true

52 But HOW ABOUT Graphin g?

53

54 LIN UX

55

56

57

58

59 AGEN T less

60 Native Secure Simple Fast Light weight A work in progress

61 check_service computer=192.168.0.1 check_disk drive=\\192.168.0.1\c$ check_task_sched computer=192.168.0.1 check_wmi computer=192.168.0.1

62 Light weight remote deployable agent Same as psexec check_cpu check_memory check_process External scripts!

63 http://nsclient.o rg Michael Medin (@mickem) michael@medin.name http://blog.medin.name SOA/Middleware Architect Michael Medin (@mickem) michael@medin.name http://blog.medin.name SOA/Middleware Architect Monitorin g Simpli fied Monitorin g Simpli fied

64 CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"

65 check_eventlogcheck_eventlog

66 Photo by Olga Berrios

67 THANK YOU!

68 Information about NSClient++ http://nsclient.org facebook.com/nsclient Slides, and examples http://nsclient.org/nscp/conferances/nwc/2013/ My Blog http://blog.medin.name Michael Medin (@mickem) michael@medin.name http://blog.medin.name SOA/Middleware Architect Michael Medin (@mickem) michael@medin.name http://blog.medin.name SOA/Middleware Architect

Download ppt "rg Michael Medin SOA/Middleware Architect Michael Medin"

Similar presentations

Lecture 10 Sharing Resources. Basics of File Sharing The core component of any server is its ability to share files. In fact, the Server service in all.

Lecture 10 Sharing Resources. Basics of File Sharing The core component of any server is its ability to share files. In fact, the Server service in all.
NSClient++ in the new millenium!

NSClient++ in the new millenium!
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Chapter 14 Chapter 14: Server Monitoring and Optimization.

Chapter 14 Chapter 14: Server Monitoring and Optimization.
Chapter 11 Monitoring and Analyzing the Web Environment.

Chapter 11 Monitoring and Analyzing the Web Environment.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
October 2003 Iosif Legrand Iosif Legrand California Institute of Technology.

October 2003 Iosif Legrand Iosif Legrand California Institute of Technology.
TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.

TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Ch. 31 Q and A IS 333 Spring 2015 Victor Norman. SNMP, MIBs, and ASN.1 SNMP defines the protocol used to send requests and get responses. MIBs are like.

Ch. 31 Q and A IS 333 Spring 2015 Victor Norman. SNMP, MIBs, and ASN.1 SNMP defines the protocol used to send requests and get responses. MIBs are like.
CH 13 Server and Network Monitoring. Hands-On Microsoft Windows Server 20082 Objectives Understand the importance of server monitoring Monitor server.

CH 13 Server and Network Monitoring. Hands-On Microsoft Windows Server Objectives Understand the importance of server monitoring Monitor server.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
CONTENTS:-  What is Event Log Service ?  Types of event logs and their purpose.  How and when the Event Log is useful?  What is Event Viewer?  Briefing.

CONTENTS:-  What is Event Log Service ?  Types of event logs and their purpose.  How and when the Event Log is useful?  What is Event Viewer?  Briefing.
Emanuele Pasqualucci Extending AppManager Monitoring with the SNMP Toolkit.

Emanuele Pasqualucci Extending AppManager Monitoring with the SNMP Toolkit.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.

1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
13/09/2015 Michael Chai; Behrouz Forouzan Staffordshire University School of Computing Transport layer and Application Layer Slide 1.

13/09/2015 Michael Chai; Behrouz Forouzan Staffordshire University School of Computing Transport layer and Application Layer Slide 1.
Web Based Inventory Site Building Room Asset Number Category Type Description Serial Number Manufacturer Model Vendor Name Acquired Date P O Number Budget.

Web Based Inventory Site Building Room Asset Number Category Type Description Serial Number Manufacturer Model Vendor Name Acquired Date P O Number Budget.

Similar presentations

Ads by Google