Posts in category status

Conference in Italy as well as updates

Hello,

I guess the biggest news is that I will once again be attending the Open Source System Management Conference 2013 in Bolzano Italy. So if your near Italy please come by (it is free) and feel free to bump in to me if you have any thoughts, ideas or questions.

You can find more information here http://www.wuerth-phoenix.com/de/loesungen/system-management/nagios-event/die-ausgabe-2013/. And please note that even though the page is in German the conference it self is translated into German, Italian and English meaning it is open to most people in the region.

Also I am now officially back from my vacation and have hopefully responded to most questions from when I was gone if I have accidentally missed your question please don't hesitate to bump it to the top and I shall answer ASAP!

I will hopefully in the next few weeks have some news on the up-coming 0.4.2 version which will be the net major version of NSClient++.

Michael Medin

Updates on the 0.4.x branch

Hello everyone!

I have been working quite hard on the 0.4.x branch this summer (instead of fixing bugs in the 0.3.x branch) and things are finally starting to look good.

Right now the following is implemented:

  • Settings subsystem (old, ini and registry)
  • New plugin API (which is based off google protocol buffers)
  • New Settings client (for plugins, which is wicked cool)
  • NRPE client/server (all based off boost::asio)
  • NSCA client
  • CheckDisk, CheckEventLog, CheckExternalScripts, CheckHelpers, CheckSystem have all been ported and works
  • FileLogger have also been ported
  • The new scheduler is working (still needs a better grouping support though)

What is currently missing is:

  • LUAScript, CheckTaskSched, CheckWMI
  • .net wrapper plugin
  • NSClientListener (check_nt)
  • SysTray (a lot of work is required here and probably wont make it into 0.4.0)
  • The installer (probably a lot of work to handle upgrades and such)
  • Improve the scheduler to handle groups and such.

So we are getting fairly close to a set of alfa builds (sans installer) and I hope to have most of the above done in a few weeks.

It would be interesting in the next few weeks to get some people interested in testing it out and helping me with migration issues and how you like the new stuff.

Michael Medin

Answers...

Hello,

I have updated most questions and what not which has dropped in during summer so if I have missed your question please post a follow up so I can see what I have missed and I will get back ASAP.

One of the big reasons for the inactivity and the delay is that I got a baby girl last week so things have been rather hectic leading up to (and since).

Another reason is that I have migrated my VPS to another host which means installing mail and what not all over again...

And yet another reason is the warm weather and nice summer which sometimes keeps me from spending time in front of my computer :P

Michael Medin

  • Posted: 2010-07-27 22:01 (Updated: 2010-07-27 22:21)
  • Categories: status
  • Comments (2)

New nightly with support for dates in new CheckEventLog

Hello.

A new nightly build is out. It features support for date/time in the new CheckEventLog. Dates are handled somewhat differently from before, but more "logical" I hope. Dates are specified like so: 

generated gt -2d

This means event record was generated more recently then "2 days ago". In other words 'generated > (now - 2 days)'. You can of course also specify 'generated gt 2d' which means records generated "in the future" (not very sensible really) but for consistency I think this is much better then "having them then other way around".

This can be combined with the usual AND/OR expressions I mentioned earlier. 

generated gt -2d AND severity = 'error'

The above means all records from the last 2 days which has severity error.

A sample command for instance would look like this: 

CheckEventLog debug=true file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity = 'error'" truncate=800 unique descriptions "syntax=%severity%: %source%: %generated% %strings% (%count%)"

The overall scheduling for the up-coming 0.3.9 release is RC sometimes this week and unless something pops up a release set for next 2 weeks or so.

Michael Medin

The all-new eventlog checker is working!

Hello everyone (and that is you Google index bot!)

News

Today I can announce the first ever all-new EventLog? check working on my development machine. It was (actually) much much harder to make this then I had initially anticipated and halfway through I almost gave up. The checkin (in a few days or so) will be around 2000 lines of code (thats around 10% of NSClient++) so it was a pretty long haul. Given the complexity I think this will be in beta for a while but I really think the new syntax will be pretty awesome!

How it works

The check I run today looks like so: 

CheckEventLog debug=true file=application file=system MaxWarn=1 MaxCrit=1 "filter=severity = 1" truncate=1023 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"

Most of the options are the "same old":

  • debug=true Enable debugging (something I always do when I develop things :)
  • file=application / system What to check
  • MaxWarn/MaxCrit? When it is bad/worse
  • truncate Make sure it fits
  • unique Keep the result minimal (ie. don't report multiple items)
  • descriptions This might be removed as it is sort of superfluous but I am not sure yet.
  • syntax Same old same old.

And here it comes 

"filter=severity = 1"
  • filter Has a new meaning in this case saying report all messages with a severity of 1

Changing this parameter to for instance: 

"filter=severity = 1 AND severity = 2"

yields no results as severity cant be BOTH 1 and 2 at the same time where as 

"filter=severity = 1 OR severity = 2"

yields more results as we now have both 1 and 2 as allowed values.

As you can see the values are "numeric" at the moment but that will be fixed a bit later on as I get all the conversion code ready.

The nitty gritty details

Another interesting thing is how this works. The expression is parsed into a tree which is "enhanced" in several passes. If we look in the debug log we can see this: 

d \CheckEventLog.cpp(648) Using: where

Use the new "where" mode.

Parsing 

d \CheckEventLog.cpp(302) Parsing: severity = 1 OR severity = 2 AND 1='1'
d \CheckEventLog.cpp(310) Parsing succeeded: {tbd}op:or({tbd}op:=({tbd}:severity, {tbd}#1), {tbd}op:and({tbd}op:=({tbd}:severity, {tbd}#2), {tbd}op:=({tbd}#1, {tbd}'1')))

Expression was parsed into the tree. All the "tbd" here is the types which at the moment are unknown which the parser will do next.

Type inference 

d \CheckEventLog.cpp(318) Type resolution succeeded: {bool}op:or({bool}op:=({int}:severity, {int}#1), {bool}op:and({bool}op:=({int}:severity, {int}#2), {bool}op:=({int}#1, {int}fun:auto_convert({string}'1'))))

Here we have looked up the types.

Automatic conversion

An interesting point here is the 

{int}fun:auto_convert({string}'1')

This phase discovered that an "int" was compared to a "string" and "solved" this by converting the string to an int.

Static evaluation

Next up is a static evaluation 

d \CheckEventLog.cpp(326) Static evaluation succeeded: {bool}op:or({bool}op:=({int}:severity, {int}#1), {bool}op:and({bool}op:=({int}:severity, {int}#2), {bool}#1))

And as you can see here the function is removed and replaced by an "boolean value" (true). Since the expression does not contain any variables the static evaluation figures out it is pointless to do this over and over and thus removes it.

Variable Binding 

d \CheckEventLog.cpp(334) Binding succeeded: {bool}op:or({bool}op:=({int}:severity, {int}#1), {bool}op:and({bool}op:=({int}:severity, {int}#2), {bool}#1))

Here we cant really see a difference since the bindings are not showed but what has happen is that the filter is bound to the variables which will contain the data. This is actually much faster than the old version which did "string" comparisons for every check. Now it already knows what it will do and just executes the code. I have yet to run any tests on this but presumably a well written where clause will be faster then the previous version.

That is all for now good people you can expect nightly builds with this functionality either this week or the next.

Michael Medin

I am not dead! :)

Hello everyone,

Sorry for being "off-line" last few weeks but I have actually been working more diligently then usual.

What I am working on is a parser for defining filter expressions. The first use case for this is the event log check but in the future this might be added to more places.

The syntax is similar to "SQL WHERE" Clauses so the following will for instance be a valid check: 

CheckEventLog MaxWarn=1 MaxCrit=1 "filter=(id = 123 OR id = 321) AND (severity='warning' OR severity='error')"

Michael Medin

Welcome Opsview (Opsera)

Hello,

I would like to welcome Opsera as a Gold sponsor for the NSClient++ project.

In other news I have been mad busy at work and with Windows 7 installes so nothing in the ways of updates. But hopefully after the weekend.

Also I can say: "Windows 7?" I actually dont get the hype. What is "new" it is pretty much like "XP" so in that regard it is a lot better then Vista (which I hated) but I cant really say there is much of a reason to upgrade from XP?

Most of the "addons" I already had in the form of third party products...

Well, we shall see, maybe it will grow on me?

(still havent installed a US enligh spellchecker in Firefox so excuse my spelling errors :)

Michael Medin