First off Linux seems to be doing great most features just works and thus far I am pretty impressed with the "portability". I have written a page on how to build on Linux if you want to try it out for your self build/04x/linux.

The new nightly has a lot of new features as well an updated installer with I hope works better. If you have upgraded previously from 0.3.9 I would recommend downgrading/upgrading again as you will most likely have a broken setup. (or you can just upgrade again removing any boot.ini / nsclient.ini fille you may have).

Main highlight is the PythonModule? which now supports many advanced features of NSClient++ (see the included script) as well as some new remote WMI stuff. As I have said before (I hope) one of the main new features of 0.4.x is the distribution so I have started to implement that now and one step there is the new remote WMI checking thingy.

The new remote checking features works like this. First you configure a remote host:

[/settings/targets]
my_test_xp_vm=

[/settings/targets/my_test_xp_vm]
hostname=192.168.0.123
username=\\foobar
password=foobar
protocol=none

Then the idea is that you can run checks on "this host" which will transparently be transported to the other host. Now since NRPE does not support this (natively) we have to fake this using an argument like so:

CheckWMI target=my_test_xp MaxCrit=3 MinWarn=1 "Query:load=Select * from win32_Processor"

But the idea is that in the future you can just do:

nscp_client --target my_test_xp --command CheckWMI  ... 

And this will happen magically using the internal routing (regardless of how nsclient++ needs to do it).

For instance the idea is that the following should be "magically":

<master node> -{NRPE}-> <main emea node> -{SSH}-> <nordics node> -{NSCP}-> <local agent> -{WMI}-> <target>

But this is pretty far down the line so dont expect anything next few days :P

Michael Medin

Hello all (not an April fools joke, BTW). I pushed a new nightly build last night which might actually fix the NSCA cant send all data sometimes issue. Please let me know how it works out!

Michael Medin

Hello,

New module out with the latest nightly. It is called CheckTaskSched2 and work the same as the new improved CheckTaskSched with the one exception being that it utilizes the new API introduced with Windows Vista. So if you run this on "modern windows" you should enable that module instead of the old one. And if you run on previous version of windows (NT/2k/xp) you should use the previous version of the module.

Changes

2011-02-16 MickeM
 * Added new module CheckTaskSched2 which is the same as CheckTaskSched but designed for Vista and beyond.
   So if you want to check "new tasks" on modern Windows use this module instead of the CheckTaskSched mosule.
   They are exactly the same excep using different APIs (and somewhat different options)
   The CheckTaskSched2 is somewhat limited as the only supported keys are: title, exit_code, status, most_recent_run_time

2011-02-10 MickeM
 * Fixed issue with where filters and & operator
 * Added exact bounds to CheckTaskSched
 * Added conversion of status from string
 * Fixed time handling in CheckTaskSched to be "UTC" (hence the %most_recent_run_time% syntax string is also UTC)

Hello everyone a new nightly build is out which has the first "feature complete" crash reporting concept. So please try it out and met me know how it goes.

I have started a tutorial on how to use both the crash reports but also how to use the new [check_nscp] command which checks the health of NSClient++.

doc/usage/nscp/crash

Michael Medin

Got some 300 dumps or so submitted on xmas so I went through them and all were crashing on the same line! Which has been fixed in the latest nightly build. It seems there was an issue with the new PDH counters where I missed to initialize a variable to NULL.

Crash pad analysis was pretty straight forward. The dump looks like this:

...
6|0|CheckSystem.dll|memmove|F:\dd\vctools\crt_bld\SELF_64_AMD64\crt\src\AMD64\memcpy.asm|224|0x0
6|1|CheckSystem.dll|memcpy_s|f:\dd\vctools\crt_bld\self_64_amd64\crt\src\memcpy_s.c|67|0xa
6|2|CheckSystem.dll|std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >::assign(std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,unsigned __int64,unsigned __int64)|c:\program files (x86)\microsoft visual studio 8\vc\include\xstring|1049|0x2c
6|3|CheckSystem.dll|PDH::PDHCounter::getName()|c:\source\nscp\branches\stable\include\pdh\counters.hpp|75|0x26
6|4|CheckSystem.dll|PDHCollectors::RoundINTPDHBufferListenerImpl<__int64,PDHCollectors::PDHCounterNormalMutex>::get_name()|c:\source\nscp\branches\stable\include\pdh\collectors.hpp|321|0x4
6|5|CheckSystem.dll|PDHCollectors::RoundINTPDHBufferListenerImpl<__int64,PDHCollectors::PDHCounterNormalMutex>::getAvrage(unsigned int)|c:\source\nscp\branches\stable\include\pdh\collectors.hpp|298|0xf
6|6|ntdll.dll||||0x117287
6|7|CheckSystem.dll|wcstoxl|f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstol.c|141|0x7
6|8|KERNELBASE.dll||||0x10ab
6|9|KERNELBASE.dll||||0x10ab
6|10|CheckSystem.dll|PDHCollector::getCPUAvrage(std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >)|c:\source\nscp\branches\stable\modules\checksystem\pdhcollector.cpp|269|0x1d
...

With the offensive line being: 6|3|CheckSystem.dll|PDH::PDHCounter::getName()|c:\source\nscp\branches\stable\include\pdh\counters.hpp|75|0x26

The problem (if we look at the code) was a bit perplexing actually:

		std::wstring get_name() const {
			if (parent_ != NULL)
				return parent_->getName();
			return _T("<UN ATTACHED>");
		}
...
		const std::wstring getName() const {
			return name_;
		}

This looks solid enough right? Whats even worse is that it seems to work fine on my box. So after digging around a bit I noticed this was NULL "after the second call" meaning something is fishy but with a check for NULL before the I was a bit puzzled until I noticed there was no default assignment for the parent_ pointer meaning in some rare cases when performance counters was not working properly we would not get a valid value which in conjunction with an problem in the counter would yield this error.

Anyways, to make a long story short: Thank you Google breakpad and whomever sent in the crash report'''

Tomorrow I will write up a quick tutorial/info page on how to enable crash report submissions and how you can help out the development by submitting (manually if you prefer) crash reports whenever you have a problem!

Michael Medin

New minor build with a new command: CheckSingleRegEntry? Used for checking registry entries (at the moment only existence) Scedule postponed 1 week since the eventlog took a bit more time ten I had anticipated and this weekend will be mountainbike weather!!! :)

SOON It is currently building and hopefully will be posted after that.

2010-04-16 MickeM
 + Added new Check to CheckSystem: CheckSingleRegEntry
   Similar to the previous CheckSIngleFile but can be used to check aspects of registry entries.
     CheckSingleRegEntry path=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MaxSize "syntax=%path%: %exists%"  warn==true crit==true check=exists ShowAll=long
	 CheckSingleRegEntry path=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MaxSizeYY "syntax=%path%: %exists%"  warn==true crit==true check=exists ShowAll=long
   Currently only supports checking existanse of keys but more checks will be added soon.

2010-04-14 MickeM
 ! Fixed erroneous error message "Failed to peek buffer"

Michael Medin

A new nightly out. Nothing major just a few fixes to the CheckFile related module.

2009-02-26 MickeM
 * Changed fo missing files and such generate an error
 * Added option to return error messages to the client [CheckDisk] show_errors=1 (defauilt is off 0)
 * Added warning message ewhen numerical filters evaluate to zero (and are not 0)
 * Fixed major issue with date mathing in CheckFile* which was not working at all.

Note though that this new release is built with a new "kit" ie. new version of boost, openssl, and what not so things might be a bit more experimental then usual...

Michael Medin

Again more improvements and changes to the disk related checks.

Highlights are:

• Better performance data for CheckDrive? (now always shows absolute sizes) so you can plot better graphs.
• Volume support for CheckDriveSize (CheckAll?=volumes)
• User support in syntax for CheckEventLog
• Support for "future dates"

Now is a very good time to submit all feature requests for disk related checks as I am working over those parts.

Full changlog

2009-12-31 MickeM
 * Fixed CheckFile* time handling so it is "signed"
   This means you can check for "future dates" as well as future dates works correctly:
   Like so:
    CheckFile2 debug path=D:\tmp\dates filter+creation=>30m MaxWarn=1 MaxCrit=1 "syntax=%filename%: %creation%"
    CRITICAL:past.txt: Thursday, December 31, 2009 08:47:30, found files: 1 > critical|'found files'=1;1;1;
    CheckFile2 debug path=D:\tmp\dates filter+creation=<-30m MaxWarn=1 MaxCrit=1 "syntax=%filename%: %creation%"
    CRITICAL:future.txt: C: Thursday, December 31, 2009 12:47:11, found files: 1 > critical|'found files'=1;1;1;
 + Added volume support for CheckDriveSize (CHeckAll) like so:
   Like so:
    CheckDriveSize MinWarn=50% MinCrit=25% CheckAll=volumes FilterType=FIXED FilterType=REMOTE
 + Added %user% to syntax to print user who generated message.
   Like so:
    CheckEventLog file=application file=system filter=new filter=out MaxWarn=1 MaxCrit=1 filter-generated=>2w filter-severity==success filter-severity==informational truncate=1023 unique descriptions "syntax=%user% (%count%)"
    CRITICAL: (1),  (2), NT INSTANS\SYSTEM (3), NT INSTANS\SYSTEM (3), NT INSTANS\SYSTEM (3), missing (3), missing (5),  (4), missing (2), missing (2), missing (2), missing (2),  (1), eventlog: 33 > critical|'eventlog'=33;1;1;

2009-12-21 MickeM
 ! BREAKING CHANGE!
 ! New perfoamcen data syntax for ALL % checks
   Alias is '<alias> %' and it also has the "full" non % data as '<alias>'
   Like so:
	CheckDriveSize CheckAll MaxWarnUsed=80% MaxCritUsed=90%
	CRITICAL:CRITICAL: C:\: Total: 146G - Used: 140G (95%) - Free: 6.31G (5%) > critical, D:\: Total: 152G - Used: 148G (97%) - Free: 3.59G (3%) > critical|'C:\ %'=95%;80;90; 'C:\'=140.17G;117.18;131.83;0;146.48; 'D:\ %'=97%;80;90; 'D:\'=147.93G;121.21;136.3;0;151.52;
	CheckDriveSize CheckAll MaxWarnFree=20% MaxCritFree=10%
	OK:OK: All drives within bounds.|'C:\ %'=5%;20;10; 'C:\'=140.17G;29.29;14.64;0;146.48; 'D:\ %'=3%;20;10; 'D:\'=147.93G;30.30;15.15;0;151.52;
	CheckDriveSize CheckAll MaxWarnUsed=100G MaxCritUsed=150G
	WARNING:WARNING: C:\: Total: 146G - Used: 140G (95%) - Free: 6.31G (5%) > warning, D:\: Total: 152G - Used: 148G (97%) - Free: 3.59G (3%) > warning|'C:\ %'=95%;32;4294967294; 'C:\'=140.17G;100;150;0;146.48; 'D:\ %'=97%;35;2; 'D:\'=147.93G;100;150;0;151.52;
	CheckDriveSize CheckAll MaxWarnFree=20G MaxCritFree=10G
	OK:OK: All drives within bounds.|'C:\ %'=5%;87;94; 'C:\'=140.17G;20;10;0;146.48; 'D:\ %'=3%;87;94; 'D:\'=147.93G;20;10;0;151.52;

Michael Medin

Mainly disk and file related additions:

• New command: CheckSingleFile?
• A few new options for CheckFile2

Full changelog here

2009-12-13 MickeM
 + Added new command: CheckSingleFile to check aspects of a single file use like so:
   CheckSingleFile file=d:\nrpe_512.pem warn=>100 check=line-count warn=>100 crit=>170 check=size
 + Added option debug to CheckFile2 to enable printing of debug information
 + Added ignore-errors to "ignore" any filesystem related errors (NOTICE this is probably not what you want)
 + Added master-syntax to CheckFile2 to change the overall message like so:
    It takes three options (and char data):
     * %list% A list of all "files" (syntax controls this)
     * %files% number of files
     * %matches% number of files matched
    CheckFile2 MinWarn=10 MinCrit=10 path=D:\WINDOWS\system32 filter+size=gt:0 truncate=10 ignore-errors "master-syntax=%matches%/%files%"
    OK:7177/7...|'found files'=7177;10;10;

2009-12-06 MickeM
 + Added != to all string filters
 + Sorted out the alias handling it is now wither what you specify or "files found" (this makes performance data work)
 + Added version to CheckFile2
   CheckFile2 path=D:\tmp pattern=*.exe filter+version=!=1.0 "syntax=%filename%: %version%" MaxWarn=1
   CheckFile2 path=D:\tmp pattern=*.exe filter+version=!=6.0.2900.5512 "syntax=%filename%: %version%" MaxWarn=1
 + Added line count to CheckFile2 to count lines
   CheckFile2 path=D:\tmp pattern=*.txt filter+line-count=!=2 "syntax=%filename%: %line-count%" MaxWarn=1
   CheckFile2 path=D:\tmp pattern=*.txt filter+line-count=ne:3 "syntax=%filename%: %line-count%" MaxWarn=1

New nightly build out. Mainly this has a much improved installer so please let me know how it work out.

Also if you have an old version of NSCLient++ (which is not upgraded/uninstalled propperly) send mt the install log (msiexec /l* log.txt /i <MSI>) so I can add it to the "uniinstall thingy" I have added.

There is also some fixes in the CheckFile department which fixes a few issues here and there.

Michael Medin