[NSClient++] Topic #939 - questions about 4.0 config http://nsclient.org/nscp/discussion/topic/939 <p> questions about 4.0 config </p> en-us NSClient++ /trac/nswide.png http://nsclient.org/nscp/discussion/topic/939 Trac 1.0beta1 - DiscussionPlugin mikep Tue, 27 Mar 2012 05:26:24 GMT Topic #939 - questions about 4.0 config http://nsclient.org/nscp/discussion/topic/939#topic http://nsclient.org/nscp/discussion/topic/939#topic <p> Hello. I have a couple of questions about how the 4.0 config sections work for a couple of modules. </p> <p> With the real-time filters, I have the following config sections. </p> <pre class="wiki">[/modules] CheckEventLog = 1 app1_test_eventlog = CheckEventLog [/settings/app1_test_eventlog/real-time] enabled=true maximum age=2m filter=id = 1000 destination=NSCA descriptions="syntax=%type% %source%: %message%" [/settings/app1_test_eventlog/real-time/filters] App1 Test=id = 1000 AND source = 'App1 Test' </pre><p> This works, but I have a couple of questions. </p> <p> 1) What does the following line do? </p> <pre class="wiki">app1_test_eventlog = CheckEventLog </pre><p> 2) Do I need to include the folowing setting? </p> <pre class="wiki">filter=id = 1000 </pre><p> Obviously, the filter value could be something diffenrent. The "App1 Test" filter works as expected. But when I include the line above, I get a passive service check for the service "filter". If I don't include this line, I get the follow error in the nscp log file. </p> <pre class="wiki">2012-Mar-26 12:43:57: error:D:\source\nscp\trunk\include\parsers/filter/where_filter_impl.hpp:84: Parsing failed of 'filter' at: filter 2012-Mar-26 12:43:57: error:..\..\..\..\trunk\modules\CheckEventLog\CheckEventLog.cpp:225: Error validating filter: Parsing failed: filter </pre><p> I also have the follow config file section. </p> <pre class="wiki">[/settings/NSCA/client] hostname = server01 [/settings/NSCA/client/targets/default] host = 10.10.10.10 encryption = aes password = xxxxxxxxx [/settings/scheduler/schedules/default] channel = NSCA interval = 5m report = all [/settings/scheduler/schedules/Memory Usage] alias = Memory Usage command = CheckMEM MaxWarn=90% MaxCrit=95% ShowAll=long type=physical </pre><p> I keep getting the following message in the event log. </p> <pre class="wiki">2012-Mar-26 12:51:01: error:..\..\..\..\trunk\modules\NSCAClient\NSCAClient.cpp:275: Target not found (using default): </pre><p> 3) What should I change in the config to eliminate this error message? </p> <p> Thanks. </p> <p> mikep </p> Topic mickem Mon, 02 Apr 2012 04:58:37 GMT Reply #2490 to topic #939 - questions about 4.0 config http://nsclient.org/nscp/discussion/message/2490#message2490 http://nsclient.org/nscp/discussion/message/2490#message2490 <p> There was a problem with parsing old NSCA data (which will be fixed) in next build. Which should hopefully fix this issue... </p> <p> <em> Michael Medin </em></p> Message stasovon Thu, 29 Mar 2012 07:56:51 GMT Reply #2488 to topic #939 - questions about 4.0 config http://nsclient.org/nscp/discussion/message/2488#message2488 http://nsclient.org/nscp/discussion/message/2488#message2488 <p> Hello, </p> <p> i want to start by saying i'm a huge nsclient++ fan, and am pretty excited to start playing with the new and improved NSCP. </p> <p> i'm having problems migrating from the old NSC.ini file to the new nsclient.ini file. i would really appreciate you posting an example nsclient.ini file that's configured with some typical NSCA checks. </p> <p> this is how my usual passive NSC.ini looks like : ( " i've started working with encryption method number 4 after having issues with time stamps, but now after encountering multiple problems, i've started working with the XOR method ) </p> <pre class="wiki">[modules] NSCAAgent.dll FileLogger.dll CheckSystem.dll CheckDisk.dll CheckEventLog.dll CheckHelpers.dll ;# NSCLIENT++ MODULES ;# A list with DLLs to load at startup. ; You will need to enable some of these for NSClient++ to work. ; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ; * * ; * N O T I C E ! ! ! - Y O U H A V E T O E D I T T H I S * ; * * ; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ;FileLogger.dll ;CheckSystem.dll ;CheckDisk.dll ;NSClientListener.dll ;NRPEListener.dll ;SysTray.dll ;CheckEventLog.dll ;CheckHelpers.dll ;CheckWMI.dll ;CheckNSCP.dll ; ; Script to check external scripts and/or internal aliases. ;CheckExternalScripts.dll ; ; NSCA Agent if you enable this NSClient++ will talk to NSCA hosts repeatedly (so dont enable unless you want to use NSCA) ;NSCAAgent.dll ; ; LUA script module used to write your own "check deamon". ;LUAScript.dll ; ; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR PRODUCTION ENVIROMNEMTS! ;RemoteConfiguration.dll ; Check other hosts through NRPE extreme beta and probably a bit dangerous! :) ;NRPEClient.dll ; Extreamly early beta of a task-schedule checker ;CheckTaskSched.dll [crash] ; Archive crash dump files if a crash is detected ;archive=1 ; Submit crash reports to a crash report server (this overrrides archive) ;submit=0 ; Restart service if a crash is detected ;restart=1 [Settings] ;# OBFUSCATED PASSWORD ; This is the same as the password option but here you can store the password in an obfuscated manner. ; *NOTICE* obfuscation is *NOT* the same as encryption, someone with access to this file can still figure out the ; password. Its just a bit harder to do it at first glance. ;obfuscated_password=Jw0KAUUdXlAAUwASDAAB ; ;# PASSWORD ; This is the password (-s) that is required to access NSClient remotely. If you leave this blank everyone will be able to access the daemon remotly. ;password=secret-password ; ;# ALLOWED HOST ADDRESSES ; This is a comma-delimited list of IP address of hosts that are allowed to talk to the all daemons. ; If leave this blank anyone can access the deamon remotly (NSClient still requires a valid password). ; The syntax is host or ip/mask so 192.168.0.0/24 will allow anyone on that subnet access ;allowed_hosts=127.0.0.1/32 ; ;# USE THIS FILE ; Use the INI file as opposed to the registry if this is 0 and the use_reg in the registry is set to 1 ; the registry will be used instead. use_file=1 allowed_hosts= ; ; # USE SHARED MEMORY CHANNELS ; This is the "new" way for using the system tray based on an IPC framework on top shared memmory channels and events. ; It is brand new and (probably has bugs) so dont enable this unless for testing! ; If set to 1 shared channels will be created and system tray icons created and such and such... ;shared_session=0 [log] ;# LOG DEBUG ; Set to 1 if you want debug message printed in the log file (debug messages are always printed to stdout when run with -test) ;debug=1 ; ;# LOG FILE ; The file to print log statements to ;file=nsclient.log ; ;# LOG DATE MASK ; The format to for the date/time part of the log entry written to file. ;date_mask=%Y-%m-%d %H:%M:%S ; ;# LOG ROOT FOLDER ; The root folder to use for logging. ; exe = the folder where the executable is located ; local-app-data = local application data (probably a better choice then the old default) ;root_folder=exe [NSClient] ;# ALLOWED HOST ADDRESSES ; This is a comma-delimited list of IP address of hosts that are allowed to talk to NSClient deamon. ; If you leave this blank the global version will be used instead. ;allowed_hosts= ; ;# NSCLIENT PORT NUMBER ; This is the port the NSClientListener.dll will listen to. ;port=12489 ; ;# BIND TO ADDRESS ; Allows you to bind server to a specific local address. This has to be a dotted ip adress not a hostname. ; Leaving this blank will bind to all avalible IP adresses. ;bind_to_address= ; ;# SOCKET TIMEOUT ; Timeout when reading packets on incoming sockets. If the data has not arrived withint this time we will bail out. ;socket_timeout=30 [NRPE] ;# NRPE PORT NUMBER ; This is the port the NRPEListener.dll will listen to. ;port=5666 ; ;# COMMAND TIMEOUT ; This specifies the maximum number of seconds that the NRPE daemon will allow plug-ins to finish executing before killing them off. ;command_timeout=60 ; ;# COMMAND ARGUMENT PROCESSING ; This option determines whether or not the NRPE daemon will allow clients to specify arguments to commands that are executed. ;allow_arguments=0 ; ;# COMMAND ALLOW NASTY META CHARS ; This option determines whether or not the NRPE daemon will allow clients to specify nasty (as in |`&amp;&gt;&lt;'"\[]{}) characters in arguments. ;allow_nasty_meta_chars=0 ; ;# USE SSL SOCKET ; This option controls if SSL should be used on the socket. ;use_ssl=1 ; ;# BIND TO ADDRESS ; Allows you to bind server to a specific local address. This has to be a dotted ip adress not a hostname. ; Leaving this blank will bind to all avalible IP adresses. ; bind_to_address= ; ;# ALLOWED HOST ADDRESSES ; This is a comma-delimited list of IP address of hosts that are allowed to talk to NRPE deamon. ; If you leave this blank the global version will be used instead. ;allowed_hosts= ; ;# SCRIPT DIRECTORY ; All files in this directory will become check commands. ; *WARNING* This is undoubtedly dangerous so use with care! ;script_dir=scripts\ ; ;# SOCKET TIMEOUT ; Timeout when reading packets on incoming sockets. If the data has not arrived withint this time we will bail out. ;socket_timeout=30 [Check System] ;# CPU BUFFER SIZE ; Can be anything ranging from 1s (for 1 second) to 10w for 10 weeks. Notice that a larger buffer will waste memory ; so don't use a larger buffer then you need (ie. the longest check you do +1). ;CPUBufferSize=1h ; ;# CHECK RESOLUTION ; The resolution to check values (currently only CPU). ; The value is entered in 1/10:th of a second and the default is 10 (which means ones every second) ;CheckResolution=10 ; ;# CHECK ALL SERVICES ; Configure how to check services when a CheckAll is performed. ; ...=started means services in that class *has* to be running. ; ...=stopped means services in that class has to be stopped. ; ...=ignored means services in this class will be ignored. ;check_all_services[SERVICE_BOOT_START]=ignored ;check_all_services[SERVICE_SYSTEM_START]=ignored ;check_all_services[SERVICE_AUTO_START]=started ;check_all_services[SERVICE_DEMAND_START]=ignored ;check_all_services[SERVICE_DISABLED]=stopped [External Script] ;# COMMAND TIMEOUT ; This specifies the maximum number of seconds that the NRPE daemon will allow plug-ins to finish executing before killing them off. ;command_timeout=60 ; ;# COMMAND ARGUMENT PROCESSING ; This option determines whether or not the NRPE daemon will allow clients to specify arguments to commands that are executed. ;allow_arguments=0 ; ;# COMMAND ALLOW NASTY META CHARS ; This option determines whether or not the NRPE daemon will allow clients to specify nasty (as in |`&amp;&gt;&lt;'"\[]{}) characters in arguments. ;allow_nasty_meta_chars=0 ; ;# SCRIPT DIRECTORY ; All files in this directory will become check commands. ; *WARNING* This is undoubtedly dangerous so use with care! ;script_dir=c:\my\script\dir [Script Wrappings] vbs=cscript.exe //T:30 //NoLogo scripts\lib\wrapper.vbs %SCRIPT% %ARGS% ps1=cmd /c echo scripts\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command - bat=scripts\%SCRIPT% %ARGS% [External Scripts] ;check_es_long=scripts\long.bat ;check_es_ok=scripts\ok.bat ;check_es_nok=scripts\nok.bat ;check_vbs_sample=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs ;check_powershell_warn=cmd /c echo scripts\powershell.ps1 | powershell.exe -command - [External Alias] alias_cpu=checkCPU warn=80 crit=90 time=5m time=1m time=30s alias_cpu_ex=checkCPU warn=$ARG1$ crit=$ARG2$ time=5m time=1m time=30s alias_mem=checkMem MaxWarn=80% MaxCrit=90% ShowAll=long type=physical type=virtual type=paged type=page alias_up=checkUpTime MinWarn=1d MinWarn=1h alias_disk=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED alias_disk_loose=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED ignore-unreadable alias_volumes=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll=volumes FilterType=FIXED alias_volumes_loose=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll=volumes FilterType=FIXED ignore-unreadable alias_service=checkServiceState CheckAll alias_service_ex=checkServiceState CheckAll "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc alias_process=checkProcState "$ARG1$=started" alias_process_stopped=checkProcState "$ARG1$=stopped" alias_process_count=checkProcState MaxWarnCount=$ARG2$ MaxCritCount=$ARG3$ "$ARG1$=started" alias_process_hung=checkProcState MaxWarnCount=1 MaxCritCount=1 "$ARG1$=hung" alias_event_log=CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)" alias_file_size=CheckFiles "filter=size &gt; $ARG2$" "path=$ARG1$" MaxWarn=1 MaxCrit=1 "syntax=%filename% %size%" max-dir-depth=10 alias_file_age=checkFile2 filter=out "file=$ARG1$" filter-written=&gt;1d MaxWarn=1 MaxCrit=1 "syntax=%filename% %write%" alias_sched_all=CheckTaskSched "filter=exit_code ne 0" "syntax=%title%: %exit_code%" warn=&gt;0 alias_sched_long=CheckTaskSched "filter=status = 'running' AND most_recent_run_time &lt; -$ARG1$" "syntax=%title% (%most_recent_run_time%)" warn=&gt;0 alias_sched_task=CheckTaskSched "filter=title eq '$ARG1$' AND exit_code ne 0" "syntax=%title% (%most_recent_run_time%)" warn=&gt;0 alias_updates=check_updates -warning 0 -critical 0 check_ok=CheckOK Everything is fine! [Wrapped Scripts] ;check_test_vbs=check_test.vbs /arg1:1 /arg2:1 /variable:1 ;check_test_ps1=check_test.ps1 arg1 arg2 ;check_test_bat=check_test.bat arg1 arg2 ;check_battery=check_battery.vbs ;check_printer=check_printer.vbs ;check_updates=check_updates.vbs ; [includes] ;# The order when used is "reversed" thus the last included file will be "first" ;# Included files can include other files (be carefull only do basic recursive checking) ; ; myotherfile.ini ; real.ini [NSCA Agent] ;# CHECK INTERVALL (in seconds) ; How often we should run the checks and submit the results. interval=180 ; ;# ENCRYPTION METHOD ; This option determines the method by which the send_nsca client will encrypt the packets it sends ; to the nsca daemon. The encryption method you choose will be a balance between security and ; performance, as strong encryption methods consume more processor resources. ; You should evaluate your security needs when choosing an encryption method. ; ; Note: The encryption method you specify here must match the decryption method the nsca daemon uses ; (as specified in the nsca.cfg file)!! ; Values: ; 0 = None (Do NOT use this option) ; 1 = Simple XOR (No security, just obfuscation, but very fast) ; 2 = DES ; 3 = 3DES (Triple DES) ; 4 = CAST-128 ; 6 = xTEA ; 8 = BLOWFISH ; 9 = TWOFISH ; 11 = RC2 ; 14 = RIJNDAEL-128 (AES) ; 20 = SERPENT encryption_method=4 ; ;# ENCRYPTION PASSWORD ; This is the password/passphrase that should be used to encrypt the sent packets. password=blablabla ; ;# BIND TO ADDRESS ; Allows you to bind server to a specific local address. This has to be a dotted ip adress not a hostname. ; Leaving this blank will bind to "one" local interface. ; -- not supported as of now -- ;bind_to_address= ; ;# LOCAL HOST NAME ; The name of this host (if empty "computername" will be used. hostname=mailsrv ; ;# NAGIOS SERVER ADDRESS ; The address to the nagios server to submit results to. nsca_host=8.8.8.8 ; ;# NAGIOS SERVER PORT ; The port to the nagios server to submit results to. ;nsca_port=5667 ; ;# CHECK COMMAND LIST ; The checks to run everytime we submit results back to nagios ; Any command(alias/key) starting with a host_ is sent as HOST_COMMAND others are sent as SERVICE_COMMANDS ; where the alias/key is used as service name. ; [NSCA Commands] my_cpu_check=checkCPU warn=90 crit=95 time=20m time=10s time=4 my_mem_check=checkMem MaxWarn=90% MaxCrit=95% ShowAll type=page my_svc_check=checkServiceState CheckAll exclude=wampmysqld exclude=MpfService exclude=ShellHWDetection exclude=SysmonLog exclude=WLMS exclude=wuauserv exclude=CryptSvc exclude=dmserver "exclude=Ati HotKey Poller" exclude=Fax exclude=clr_optimization_v4.0.30319_32 my_volume_check=CheckDriveSize MinWarn=2G MinCrit=1G CheckAll=volumes FilterType=FIXED host_check=check_ok ;# REMOTE NRPE PROXY COMMANDS ; A list of commands that check other hosts. ; Used by the NRPECLient module [NRPE Client Handlers] check_other=-H 192.168.0.1 -p 5666 -c remote_command -a arguments ;# LUA SCRIPT SECTION ; A list of all Lua scripts to load. ;[LUA Scripts] ;scripts\test.lua </pre> Message mickem Wed, 28 Mar 2012 07:07:01 GMT Reply #2486 to topic #939 - questions about 4.0 config http://nsclient.org/nscp/discussion/message/2486#message2486 http://nsclient.org/nscp/discussion/message/2486#message2486 <p> Sorry... No new build yesterday... </p> <p> Was struggling with service failing to start on boot... I'll let you know when I have that settled and then I will do a new rebuild... </p> <p> I will also look into the parsing thing, shouldn't report errors if things are not broken... </p> <p> <em> Michael Medin </em></p> Message mikep Tue, 27 Mar 2012 20:53:15 GMT Reply #2485 to topic #939 - questions about 4.0 config http://nsclient.org/nscp/discussion/message/2485#message2485 http://nsclient.org/nscp/discussion/message/2485#message2485 <p> Using your config above, I am seeing the following. </p> <pre class="wiki">2012-Mar-27 13:37:06: message:..\..\..\..\trunk\modules\FileLogger\FileLogger.cpp:148: Starting to log for: NSClient++ - 0,4,0,151 2012-03-26 2012-Mar-27 13:37:43: error:D:\source\nscp\trunk\include\parsers/filter/where_filter_impl.hpp:84: Parsing failed of 'filter' at: filter 2012-Mar-27 13:37:43: error:..\..\..\..\trunk\modules\CheckEventLog\CheckEventLog.cpp:225: Error validating filter: Parsing failed: filter 2012-Mar-27 13:37:43: error:..\..\..\..\trunk\modules\NSCAClient\NSCAClient.cpp:275: Target not found (using default): 2012-Mar-27 13:37:48: error:..\..\..\..\trunk\modules\NSCAClient\NSCAClient.cpp:275: Target not found (using default): </pre><p> I think that the error regarding "Parsing failed of 'filter'" is due to me removing the line that starts with "filter=". </p> <p> The real-time filters appear to be working fine, so I guess I can just ignore this. I would prefer to have this not logged as an error, if it isn't truly an error. I think this will be reported as an error, if I use the CheckNSCP command. </p> <p> I was also expecting the final two lines to go away with this newer build. Is the fix for those lines in a release later than 151? </p> <p> Thanks! </p> <p> mikep </p> Message mickem Tue, 27 Mar 2012 09:12:03 GMT Reply #2484 to topic #939 - questions about 4.0 config http://nsclient.org/nscp/discussion/message/2484#message2484 http://nsclient.org/nscp/discussion/message/2484#message2484 <p> Forgot to include the final config: </p> <pre class="wiki">[/modules] CheckEventLog = 1 [/settings/eventlog/real-time] enabled=true maximum age=2m destination=NSCA descriptions="syntax=%type% %source%: %message%" [/settings/eventlog/real-time/filters] App1 Test=id = 1000 AND source = 'App1 Test' </pre> Message mickem Tue, 27 Mar 2012 09:09:45 GMT Reply #2483 to topic #939 - questions about 4.0 config http://nsclient.org/nscp/discussion/message/2483#message2483 http://nsclient.org/nscp/discussion/message/2483#message2483 <p> Yaay... Really nice questions... </p> <h2 id="a1.Whatdoesthefollowinglinedo">1. What does the following line do?</h2> <p> Simply put it creates an alias for the module. Another way of explaining it is saying the following is equivalent: </p> <pre class="wiki">[/modules] CheckEventLog = 1 [/settings/eventlog] ... </pre><p> and </p> <pre class="wiki">[/modules] foo=CheckEventLog [/settings/foo] ... </pre><p> In your case you actually load the checkEventLog module twice giving it an alias the second time and using the default alias the first time. For event logger it generally does not make sense to load them twic (could even cause problems as the commands (<a class="wiki" href="/nscp/wiki/CheckEventLog">CheckEventLog</a> and CHeckEventLogCache can only be added once). </p> <p> But for instance loading two NRPE module on different ports makes excelent sense. When I write test scripts I tend to always alias things in some wain attempt to create the illusion of isolation... </p> <p> So were I you I would replace with the following (see below): </p> <pre class="wiki">[/modules] CheckEventLog = 1 [/settings/eventlog/real-time] enabled=true maximum age=2m filter=id = 1000 destination=NSCA descriptions="syntax=%type% %source%: %message%" [/settings/eventlog/real-time/filters] App1 Test=id = 1000 AND source = 'App1 Test' </pre><h2 id="a2.DoIneedtoincludethefolowingsetting">2. Do I need to include the folowing setting?</h2> <p> NO, not at all... Filters (like many other "lists") are loaded in two places: So the following is (almost) equivalent: </p> <pre class="wiki">[/settings/eventlog/real-time] filter=id = 1000 </pre><p> and </p> <pre class="wiki">[/settings/eventlog/real-time/filters] foo=id = 1000 </pre><p> The difference is that the "alias" foo will be something default in the first case. </p> <p> The idea is "Hey, I just want a single filter" then you don't have to bother with adding a new section for it. Again in this case it doesn't really make sense but in other places (like defining commands) it does... </p> <h2 id="a3.WhatshouldIchangeintheconfigtoeliminatethiserrormessage">3. What should I change in the config to eliminate this error message?</h2> <p> If you upgrade tomorrow it will be eliminated I am getting reeealy annoyed at the message... It is not really configuration per see instead it stems from the the command line interface where you can specify a "target" for sending the NSCA command. Don't have an example of the top of my head but I can dig one up if you want. I your case you are using the default target so it is fine... </p> <p> <em> Michael Medin </em></p> Message