NSClient++ Help (#1) - adding more checks to ini file. (#429) - Message List
I want to add more checks to the nsc.ini file (in section NSCA commands) but I'm not sure regarding the right command & syntax.
On the left I have the name of the check from Nagios linux and in the right I need the command (for the other basic checks I took it from the [External Alias] section –
btw, it’s a good to put with a remark all kinds of possible commands with a remark so the user will be able to pick what he want without need to add/edit (or put a section in the wiki where the users can start a list).
How can I check those:
- NSClient version
NSClient ++ Version=
- CPU of a specific service
CPU specific service=
I have those 2 but how can I change it for a specific service?
checkCPU warn=80 crit=90 time=5m time=1m time=30s
checkCPU warn=$ARG1$ crit=$ARG2$ time=5m time=1m time=30s
I would like also to have the right command and syntax for getting alerts when there's CRITICAL (red X mark) alert in the event log – not matter the reason or service for getting the CRITICAL alert.
Right now in the ini file I have those 2 examples:
CheckEventLog file=application file=system filter=new filter=out MaxWarn=1 MaxCrit=1 filter-generated=>2d filter-severity==success filter-severity==informational truncate=1023 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
CheckEventLog file=application file=system filter=new filter=in MaxWarn=1 MaxCrit=1 filter+generated=<2d "filter+eventSource==Service Control Manager" filter+severity==error truncate=1023 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"broken08/03/09 10:43:34 (4 years ago)
ideas?broken08/04/09 16:00:47 (4 years ago)
I have the following command and syntax in the nsc.ini file: CheckEventLog file=application file=security file=system filter=new filter=in MaxWarn=1 MaxCrit=1 filter_severity== error truncate=1023 descriptions= None
- Is it the right syntax for getting all error from the eventlog?
right now there's warning displayed using the above:
Injected Result: WARNING 'EvenlogBuffer? is too small (see the value of buffer_size): 122: The data area passed to a system call is too small.
- How can I handle it?
I have found the threads:
but I couldn't find buffer_size variable in the ini file – so where is it located? Is this the solution to the problem?broken08/05/09 11:47:32 (4 years ago)
bump...broken08/09/09 07:14:57 (4 years ago)
For eventlog checks there is some info in the slides from the conference (check the wiki) as well as the op5 one (op5 home page) but it is mainly the same info so either is fine.
There is also an example in the ncs.ini.
Eventlog checking is not "simple" so there is no "one solution" but the one in the ini file should do what you ask (ie. give you all errors)
MickeMmickem08/09/09 08:17:03 (4 years ago)
i'm looking for 2 specific things.
1) is my syntax ok?
there're examples in wiki,ppt, ini file etc but those are for other checks and i don't know if i changed them to what i want.
this lead me to my next question
2) how can i handle eventlog buffer/buffer_size variable error?
again, there're threads in the forum but not a definite and formal answer.
i can't find the place where i can contol the variable. not in the ini file as i can see. more details in my previous posts above.
THANKS!broken08/09/09 08:55:34 (4 years ago)
this error appear also when i use the examples given in the ini file.
btw, if that matters i'm using passive checks with nsca.broken08/09/09 09:25:39 (4 years ago)
The sample in the ini file is the following:
alias_event_log=CheckEventLog file=application file=system filter=new filter=out MaxWarn=1 MaxCrit=1 filter-generated=>2d filter-severity==success filter-severity==informational truncate=1023 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
Which (as I sida) I think does exactly what you want (ie. report all errors in the eventlog).
The flag you mention is a variable in the ini (it is explained under the FAQ section of the wiki with an example) file and set like so:
As for NSCA it works just as the "others" ie. you create a command definitions somewhere (most likely external alias) and you use that from NSCA under commands (IIRC).
Michael Medinmickem08/10/09 08:05:31 (4 years ago)
i've downloaded right now version NSClient++-0.3.6-Win32.zip and there's no buffer_size variable in the ini file or [EventLog?] section.
should i need to add it by myself to the ini file?
pls tell me i'm right/wrong regarding it.
i took the ini file out of the zip , i mean the origional without any changes and i don't see such thing.
thanks again and sorry for all the trouble.broken08/10/09 08:40:59 (4 years ago)
Yes, just add it... There are hundreds of options not in the ini file (all covered in the docs though). The default ini is more a "common ones" not a complete set.
MickeMmickem08/10/09 09:43:18 (4 years ago)
i've added it between [Log] and [NSClient] sections (does the location in the ini file matters?] like this:
but stiil have error regarding the 122 (i did after adding it /stop /start or with /test option).
pls advise. thanks.broken08/10/09 10:14:17 (4 years ago)
No it is a "regular INI file" so order is not important.
But if you have duplicate entries order will be important (don't know how though) but in general it is a bad idea to have duplicate entries I would think.
INI files are documented at Microsoft as it is a basic windows service and not really part of NSClient++.
If you still have the error maybe you need a bigger buffer? (The size depends on the size of your messages)
Michael Medinmickem08/10/09 10:24:22 (4 years ago)
i used the example from the ini you mentioned and also increased the buffer_size value no i have something new. it's somehting like:
could not scan 1 file inside c:\program files\...\..\XX.cab due to extraction errors encountered by the decomposer engines. error: EventLog?: The system uptime is 19223611 seconds. eventlog:32 > critical
any ideas?broken08/10/09 11:02:35 (4 years ago)