TracNav

  1. Configuration 0.3.x
    1. Modules
    2. Settings
    3. includes
  2. Module Configuration
    1. NRPE Listener Sections
      1. NRPE Section
      2. NRPE Handlers Section
    2. File Logging Sections
      1. Log Section
    3. NSClient Sections
      1. NSClient Section
    4. Check System Sections
      1. CheckSystem Section
    5. External Script Sections
      1. External Script Section
      2. External Scripts Section
      3. External Alias Section
    6. Event Log Sections
      1. Event Log Section
    7. NSCA Agent Sections
      1. NSCA Agent Section
      2. NSCA Commands Section
    8. LUA Scripts

Configuration 0.3.x

For newer version please refer to doc/configuration/0.4.x

Configuration is fairly simple and straight forward. Open the configuration file in notepad (or your favorite editor) "notepad <installation path>\NSC.ini" and edit it accordingly. A longer description of the Configuration file is included in the following page.

The file has sections (denoted with section name in brackets) and key/value pairs (denoted by key=value). Thus it has the same syntax as pretty much any other INI file in windows.

The sections are described in short below. The default configuration file has a lot of examples and comments so make sure you change this before you use NSClient++ as some of the examples might be potential security issues.

The configuration can also be stored in the System Registry (HKLM\Software\NSClient++). There is currently no UI to configure this so the simplest way is to maintain the configuration in the INI file and "Migrate that" to the Registry. This is can be done via the [RemoteConfiguration] module but in short: 

NSClient++ -noboot RemoteConfiguration ini2reg

A sample configuration file is included in the download but can also be found here trunk/NSC.dist

Modules

This is a list of modules to load at startup. All the modules included in this list has to be NSClient++ modules and located in the modules subdirectory. This is in effect the list of plug-ins that will be available as the service is running. For information on the various plug-ins check the Modules section in the navigation box.

A good idea here is to disable all modules you don’t actually use for two reasons: less code equals less potential security holes, and less modules means less resource drain.

A complete list of all available modules: ListTagged(module)?

Settings

This section has generic options for NSClient++. Some of these settings (such as allowed_hosts) are inherited in the sections below so it is probably a better idea to set them here in the "global" section.

The options available in this section:

OptionDefault valueDescription
obfuscated_password...An obfuscated version of password. For more details refer to the password option below. To create the obfuscated Password use: "NSClient++.exe /encrypt"
password...The password used by various (presently only NSClient) daemons. If no password is set everyone will be able to use this service remotely.
allowed_hosts127.0.0.1A list (comma separated) with hosts that are allowed to connect and query data. If this is empty all hosts will be allowed to query data. BEWARE: NSClient++ will not resolve the IP address of DNS entries if the service is set to startup automatically. Use an IP address instead.
use_file0Has to be set to 1 if you want the file to be read (if set to 0, and the use_reg is set to 1 the registry will be used instead)

Advanced options:

OptionDefault valueDescription
master_key...The secret "key" used when (de)obfuscating passwords.
cache_allowed_hosts1Used to cache looked up hosts if you check dynamic/changing hosts set this to 0.

includes

A list of other configuration files to include when reading this file. Might be useful if you have a very complex setup or want to have setting split up in segments.

Module Configuration

NRPE Listener Sections

NRPE Section

This section is included from NRPEListener/config/nrpe

        1. Overview
          1. port
          2. allowed_hosts
          3. use_ssl
          4. bind_to_address
          5. command_timeout
          6. allow_arguments
          7. allow_nasty_meta_chars
          8. socket_timeout
          9. script_dir
          10. performance_data
          11. socket_back_log
          12. string_length

Overview

This is configuration for the NRPE module that controls how the NRPE listener operates.

OptionDefaultDescription
port5666The port to listen to
allowed_hosts A list of hosts allowed to connect via NRPE.
use_ssl1Boolean value to toggle SSL encryption on the socket connection
command_timeout60The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
allow_arguments0A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.
allow_nasty_meta_chars0Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).
socket_timeout30The timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. and discard the connection.

Advanced options:

OptionDefaultDescription
performance_data1Send performance data back to nagios (set this to 0 to remove all performance data)
socket_back_log Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. This is an advanced option and should not be used.
string_length1024Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work.
script_dir Load all scripts in a directory and use them as commands. Probably dangerous but usefull if you have loads of scripts :)
bind_to_address The address to bind to when listening to sockets.
port

The port to listen to

Default
5666

allowed_hosts

A list (comma separated) with hosts that are allowed to poll information from NRPE. This will replace the one found under Setting for NRPE if present. If not present the same option found under Settings will be used. If both are blank all hosts will be allowed to access the system

Default
Empty list (falls back to the one defined under [Settings]

use_ssl

Boolean value to toggle SSL (Secure Socket Layer) encryption on the socket connection. This corresponds to the -n flag in check_nrpe

Values

ValueMeaning
0Don't use SSL
1Use SSL encryption
Default
1 (enabled)
bind_to_address

The address to bind to when listening to sockets. If not specified the "first" (all?) one will be used (often the correct one).

Values
IP address of any interface of the server.
Default
Empty (first (all?) interface will be used)

command_timeout

The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones so internal commands may execute forever.

It is usually a good idea to set this to less then the timeout used with check_nrpe

Default
60

allow_arguments

A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.

NOTICE That there are more then one place to set this!

Default
0 (means don't allow arguments)
Values

ValueMeaning
0Don't allow arguments
1Allow arguments.
allow_nasty_meta_chars

Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).

Default
0 (means don't allow meta characters)
Values

ValueMeaning
0Don't allow meta characters
1Allow meta characters
socket_timeout

The timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. and discard the connection.

Default
30 seconds

script_dir

Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)

Default
Empty (don't load any scripts)

performance_data

Send performance data back to Nagios (set this to 0 to remove all performance data)

Default
1
Values

ValueMeaning
0Don't send performance data
1Send performance data
socket_back_log

Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. This is an advanced option and should not be used.

string_length

Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work.

Default
1024

NRPE Handlers Section

This section is included from NRPEListener/config/nrpe_handlers

        1. Ovreview
          1. Alias (builtin commands)
          2. NRPE_NT Syntax

Ovreview

DEPRECATED This part of the module is deprecated and should not be used. Refer to the [CheckExternalScripts] module instead. This module can add two types of command handlers.

First there are external command handlers that execute a separate program or script and simply return the output and return status from that. The other possibility is to create an alias for an internal command.

To add an external command you add a command definition under the “NRPE Handlers” section. A command definition has the following syntax: 

[NRPE Handlers]
command_name=/some/executable with some arguments
test_batch_file=c:\test.bat foo $ARG1$ bar
command[check_svc]=inject CheckService checkAll

The above example will on an incoming “test_batch_file” execute the c:\test.bat file and return the output as text and the return code as the Nagios status.

Alias (builtin commands)

To add an internal command or alias is perhaps a better word. You add a command definition under the “NRPE Handlers” section. A command definition with the following syntax: 

command_name=inject some_other_command with some arguments
check_cpu=inject checkCPU warn=80 crit=90 5 10 15

The above example will on an incoming “check_cpu” execute the internal command “checkCPU” with predefined arguments give in the command definition.

NRPE_NT Syntax

To leverage existing infrastructure you can copy your old definitions from NRPE_NT as-is. Thus the following: 

command[check_svc]=inject CheckService checkAll

translates into a command called check_svc with the following definition: 

CheckServcice checkAll

File Logging Sections

Log Section

This section is included from FileLogger/config

        1. Overview
          1. debug
          2. file
          3. date_mask
          4. root_folder

Overview

This section has options for how logging is performed with the [FileLogger] module. First off notice that for logging to make sense you need to enable the “FileLogger.dll” module that logs all log data to a text file in the same directory as the NSClient++ binary if you don’t enable any logging module nothing will be logged.

The options you have available here are

OptionDefaultDescription
debug0A Boolean value that toggles if debug information should be logged or not. This can be either 1 or 0.
filensclient.logThe file to write log data to. If no directory is used this is relative to the NSClient++ binary.
date_mask%Y-%m-%d %H:%M:%SThe date format used when logging to a file
root_folderexeRoot folder if not absolute
debug

A Boolean value that toggles if debug information should be logged or not. This can be either 1 or 0.

Default
0
Values

ValueMeaning
0Don't log debug messages
1Log debug messages
file

The file to write log data to. If no directory is used this is relative to the NSClient++ binary.

Default
nsclient.log

date_mask

The date format used when logging to a file

Default
%Y-%m-%d %H:%M:%S

root_folder

Root folder if not absolute

Default
exe
Values

local-app-dataThe file system directory that contains application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data. This folder is used for application data that is not user specific. For example, an application can store a spell-check dictionary, a database of clip art, or a log file in the CSIDL_COMMON_APPDATA folder. This information will not roam and is available to anyone using the computer.
exeLocation of NSClient++ binary

NSClient Sections

NSClient Section

This section is included from NSClientListener/config

        1. Ovreview
          1. port
          2. obfuscated_password
          3. password
          4. allowed_hosts
          5. bind_to_address
          6. socket_timeout
          7. socket_back_log
          8. version

Ovreview

This is the [NSClientListener] module configuration options.

OptionDefault valueDescription
port12489The port to listen to
obfuscated_password An obfuscated version of password.
password The password that incoming client needs to authorize themselves by.
allowed_hosts A list (coma separated) with hosts that are allowed to connect to NSClient++ via NSClient protocol.
socket_timeout30The timeout when reading packets on incoming sockets.

Advanced options:

OptionDefault valueDescription
socket_back_log Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. This is an advanced option and should not be used.
bind_to_address The address to bind to when listening to sockets, useful if you have more then one NIC/IP address and want the agent to answer on a specific one.
versionautoThe version number to return for the CLIENTVERSION check (useful to "simulate" an old/different version of the client, auto will be generated from the compiled version string inside NSClient++
port

The port to listen to

Default
12489

obfuscated_password

An obfuscated version of password. For more details refer to the password option below.

Default
Empty string whjich means we will use the value from password instead.

password

The password that incoming client needs to authorize themselves by. This option will replace the one found under Settings for NSClient. If this is blank the option found under Settings will be used. If both are blank everyone will be granted access.

Default
Empty string whjich means we will use the value from password in the [Settings] section instead.

allowed_hosts

A list (coma separated) with hosts that are allowed to poll information from NSClient++. This will replace the one found under Setting for NSClient if present. If not present the same option found under Settings will be used. If both are blank all hosts will be allowed to access the system.

BEWARE: NSClient++ will not resolve the IP address of DNS entries if the service is set to startup automatically. Use an IP address instead or set cache_allowed_hosts=0 see above.

Default
Empty list (falls back to the one defined under [Settings]

bind_to_address

The address to bind to when listening to sockets. If not specified the "first" (all?) one will be used (often the correct one).

Values
IP address of any interface of the server.
Default
Empty (first (all?) interface will be used)

socket_timeout

The timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. and discard the connection.

Default
30 seconds

socket_back_log

Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. This is an advanced option and should not be used.

version

The version number to return for the CLIENTVERSION check (useful to "simulate" an old/different version of the client, auto will be generated from the compiled version string inside NSClient++

Values:

If given any str4ing will be returned unless auto in which case the proper version will be returned

Default
auto

Check System Sections

CheckSystem Section

This section is included from CheckSystem/config

TracNav

  1. Configuration for CheckSystem module
      1. Collection Strategy
      1. CACHE ALLOWED HOSTS
      2. SSL CERTIFICATE
      3. CERTIFICATE FORMAT
      4. DH KEY
      5. SSL CERTIFICATE
      6. VERIFY MODE
      7. CA
      8. BIND TO ADDRESS
      9. ALLOWED HOSTS
      10. THREAD POOL
      11. ALLOWED CIPHERS
      12. INBOX
      13. TIMEOUT
      14. LISTEN QUEUE
      15. PASSWORD
      16. ENABLE SSL ENCRYPTION
      17. Register modern aliases for built-in commands
    3. SERVICE MAPPING SECTION
      1. SERVICE_DELAYED
      2. SERVICE_DISABLED
      3. SERVICE_DEMAND_START
      4. SERVICE_AUTO_START
      5. SERVICE_SYSTEM_START
      6. SERVICE_BOOT_START
    4. PDH COUNTER INFORMATION
    5. WINDOWS CHECK SYSTEM
      1. DEFAULT LENGTH
      2. PDH SUBSYSTEM
      3. DEFAULT INTERVALL
      4. Register modern aliases for built-in commands
    6. PDH COUNTERS
      1. memory commit bytes
      2. memory commit limit
      3. cpu
      4. uptime

Configuration for CheckSystem module

Section with configuration keys for the CheckSystem module

Path / Section Key Default value Description
/settings/system/windows/pdh/counters/cpucollection strategy round robin Collection Strategy
/settings/defaultcache allowed hosts 1 CACHE ALLOWED HOSTS
/settings/defaultcertificate SSL CERTIFICATE
/settings/defaultverify mode none VERIFY MODE
/settings/defaultallowed hosts 127.0.0.1 ALLOWED HOSTS
/settings/defaultallowed ciphers ADH ALLOWED CIPHERS
/settings/defaultinbox inbox INBOX
/settings/defaulttimeout 30 TIMEOUT
/settings/defaultpassword PASSWORD
/settings/defaultuse ssl 1 ENABLE SSL ENCRYPTION
/settings/system/windows/pdh PDH COUNTER INFORMATION
/settings/system/windowsdefault buffer length 1h DEFAULT LENGTH
/settings/system/windows/pdh/countersmemory commit bytes \4\26 memory commit bytes
/settings/system/windows/pdh/countersmemory commit limit \4\30 memory commit limit
/settings/system/windows/pdh/counterscpu \238(_total)\6 cpu
/settings/system/windows/pdh/countersuptime \2\674 uptime
/settings/defaultcertificate key SSL CERTIFICATE
/settings/defaultcertificate format PEM CERTIFICATE FORMAT
/settings/defaultdh ${certificate-path}/nrpe_dh_512.pem DH KEY
/settings/defaultca ${certificate-path}/ca.pem CA
/settings/defaultbind to BIND TO ADDRESS
/settings/defaultthread pool 10 THREAD POOL
/settings/defaultsocket queue size 0 LISTEN QUEUE
/settings/defaultmodern commands 1 Register modern aliases for built-in commands
mapping /settings/system/windows/service mappingDELAYED ignored SERVICE_DELAYED
mapping /settings/system/windows/service mappingDISABLED stopped SERVICE_DISABLED
mapping /settings/system/windows/service mappingDEMAND_START ignored SERVICE_DEMAND_START
mapping /settings/system/windows/service mappingAUTO_START started SERVICE_AUTO_START
mapping /settings/system/windows/service mappingSYSTEM_START ignored SERVICE_SYSTEM_START
mapping /settings/system/windows/service mappingBOOT_START ignored SERVICE_BOOT_START
/settings/system/windowssubsystem default PDH SUBSYSTEM
/settings/system/windowsdefault intervall 1 DEFAULT INTERVALL
/settings/system/windowsmodern commands 1 Register modern aliases for built-in commands

Section: /settings/system/windows/pdh/counters/cpu

Keys:

Key Default Title Description
collection strategyround robin Collection Strategy Collection strategy for CPU is usually round robin, for others static.

Sample: 

# 
# 
[/settings/system/windows/pdh/counters/cpu]
# Collection Strategy
# Collection strategy for CPU is usually round robin, for others static.
collection strategy=round robin

Collection Strategy

Description: Collection strategy for CPU is usually round robin, for others static.

Key: collection strategy

Default value: round robin

Used by: CheckSystem

Sample: 

# Collection Strategy
# Collection strategy for CPU is usually round robin, for others static.
[/settings/system/windows/pdh/counters/cpu]
collection strategy=round robin

Section: /settings/default

Keys:

Key Default Title Description
cache allowed hosts1 CACHE ALLOWED HOSTS If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server.
certificate SSL CERTIFICATE TODO
verify modenone VERIFY MODE TODO
allowed hosts127.0.0.1 ALLOWED HOSTS A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed ciphersADH ALLOWED CIPHERS A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
inboxinbox INBOX The default channel to post incoming messages on
timeout30 TIMEOUT Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
password PASSWORD Password used to authenticate againast server
use ssl1 ENABLE SSL ENCRYPTION This option controls if SSL should be enabled.

Advanced Keys:

Key Default Title Description
certificate key SSL CERTIFICATE TODO
certificate formatPEM CERTIFICATE FORMAT TODO
dh${certificate-path}/nrpe_dh_512.pem DH KEY TODO
ca${certificate-path}/ca.pem CA TODO
bind to BIND TO ADDRESS Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
thread pool10 THREAD POOL TODO
socket queue size0 LISTEN QUEUE Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts.
modern commands1 Register modern aliases for built-in commands Register moden alias for commands (ccheck_xxx as opposed of CheckXXX) these are the names which will be used in future version of NSClient++

Sample: 

# 
# 
[/settings/default]
# CACHE ALLOWED HOSTS
# If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server.
cache allowed hosts=1
# SSL CERTIFICATE
# 
certificate key=
# CERTIFICATE FORMAT
# 
certificate format=PEM
# DH KEY
# 
dh=${certificate-path}/nrpe_dh_512.pem
# SSL CERTIFICATE
# 
certificate=
# VERIFY MODE
# 
verify mode=none
# CA
# 
ca=${certificate-path}/ca.pem
# BIND TO ADDRESS
# Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to=
# ALLOWED HOSTS
# A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts=127.0.0.1
# THREAD POOL
# 
thread pool=10
# ALLOWED CIPHERS
# A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed ciphers=ADH
# INBOX
# The default channel to post incoming messages on
inbox=inbox
# TIMEOUT
# Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout=30
# LISTEN QUEUE
# Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts.
socket queue size=0
# PASSWORD
# Password used to authenticate againast server
password=
# ENABLE SSL ENCRYPTION
# This option controls if SSL should be enabled.
use ssl=1
# Register modern aliases for built-in commands
# Register moden alias for commands (ccheck_xxx as opposed of CheckXXX) these are the names which will be used in future version of NSClient++
modern commands=1

CACHE ALLOWED HOSTS

Description: If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server.

Key: cache allowed hosts

Default value: 1

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# CACHE ALLOWED HOSTS
# If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server.
[/settings/default]
cache allowed hosts=1

SSL CERTIFICATE

Description:

Advanced: (means it is not commonly used)

Key: certificate key

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# SSL CERTIFICATE
# 
[/settings/default]
certificate key=

CERTIFICATE FORMAT

Description:

Advanced: (means it is not commonly used)

Key: certificate format

Default value: PEM

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# CERTIFICATE FORMAT
# 
[/settings/default]
certificate format=PEM

DH KEY

Description:

Advanced: (means it is not commonly used)

Key: dh

Default value: ${certificate-path}/nrpe_dh_512.pem

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# DH KEY
# 
[/settings/default]
dh=${certificate-path}/nrpe_dh_512.pem

SSL CERTIFICATE

Description:

Key: certificate

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# SSL CERTIFICATE
# 
[/settings/default]
certificate=

VERIFY MODE

Description:

Key: verify mode

Default value: none

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# VERIFY MODE
# 
[/settings/default]
verify mode=none

CA

Description:

Advanced: (means it is not commonly used)

Key: ca

Default value: ${certificate-path}/ca.pem

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# CA
# 
[/settings/default]
ca=${certificate-path}/ca.pem

BIND TO ADDRESS

Description: Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.

Advanced: (means it is not commonly used)

Key: bind to

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# BIND TO ADDRESS
# Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
[/settings/default]
bind to=

ALLOWED HOSTS

Description: A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.

Key: allowed hosts

Default value: 127.0.0.1

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# ALLOWED HOSTS
# A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
[/settings/default]
allowed hosts=127.0.0.1

THREAD POOL

Description:

Advanced: (means it is not commonly used)

Key: thread pool

Default value: 10

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# THREAD POOL
# 
[/settings/default]
thread pool=10

ALLOWED CIPHERS

Description: A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

Key: allowed ciphers

Default value: ADH

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# ALLOWED CIPHERS
# A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
[/settings/default]
allowed ciphers=ADH

INBOX

Description: The default channel to post incoming messages on

Key: inbox

Default value: inbox

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# INBOX
# The default channel to post incoming messages on
[/settings/default]
inbox=inbox

TIMEOUT

Description: Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.

Key: timeout

Default value: 30

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# TIMEOUT
# Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
[/settings/default]
timeout=30

LISTEN QUEUE

Description: Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts.

Advanced: (means it is not commonly used)

Key: socket queue size

Default value: 0

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# LISTEN QUEUE
# Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts.
[/settings/default]
socket queue size=0

PASSWORD

Description: Password used to authenticate againast server

Key: password

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# PASSWORD
# Password used to authenticate againast server
[/settings/default]
password=

ENABLE SSL ENCRYPTION

Description: This option controls if SSL should be enabled.

Key: use ssl

Default value: 1

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# ENABLE SSL ENCRYPTION
# This option controls if SSL should be enabled.
[/settings/default]
use ssl=1

Register modern aliases for built-in commands

Description: Register moden alias for commands (ccheck_xxx as opposed of CheckXXX) these are the names which will be used in future version of NSClient++

Advanced: (means it is not commonly used)

Key: modern commands

Default value: 1

Used by: NRPEServer, CheckMKServer, CheckSystem, NSCAServer, NSClientServer, NSCPServer

Sample: 

# Register modern aliases for built-in commands
# Register moden alias for commands (ccheck_xxx as opposed of CheckXXX) these are the names which will be used in future version of NSClient++
[/settings/default]
modern commands=1

SERVICE MAPPING SECTION

Confiure which services has to be in which state

Section: /settings/system/windows/service mapping

Advanced Keys:

Key Default Title Description
DELAYEDignored SERVICE_DELAYED TODO
DISABLEDstopped SERVICE_DISABLED TODO
DEMAND_STARTignored SERVICE_DEMAND_START TODO
AUTO_STARTstarted SERVICE_AUTO_START TODO
SYSTEM_STARTignored SERVICE_SYSTEM_START TODO
BOOT_STARTignored SERVICE_BOOT_START TODO

Sample: 

# SERVICE MAPPING SECTION
# Confiure which services has to be in which state
[/settings/system/windows/service mapping]
# SERVICE_DELAYED
# TODO
DELAYED=ignored
# SERVICE_DISABLED
# TODO
DISABLED=stopped
# SERVICE_DEMAND_START
# TODO
DEMAND_START=ignored
# SERVICE_AUTO_START
# TODO
AUTO_START=started
# SERVICE_SYSTEM_START
# TODO
SYSTEM_START=ignored
# SERVICE_BOOT_START
# TODO
BOOT_START=ignored

SERVICE_DELAYED

Description: TODO

Advanced: (means it is not commonly used)

Key: DELAYED

Default value: ignored

Used by: CheckSystem

Sample: 

# SERVICE_DELAYED
# TODO
[/settings/system/windows/service mapping]
DELAYED=ignored

SERVICE_DISABLED

Description: TODO

Advanced: (means it is not commonly used)

Key: DISABLED

Default value: stopped

Used by: CheckSystem

Sample: 

# SERVICE_DISABLED
# TODO
[/settings/system/windows/service mapping]
DISABLED=stopped

SERVICE_DEMAND_START

Description: TODO

Advanced: (means it is not commonly used)

Key: DEMAND_START

Default value: ignored

Used by: CheckSystem

Sample: 

# SERVICE_DEMAND_START
# TODO
[/settings/system/windows/service mapping]
DEMAND_START=ignored

SERVICE_AUTO_START

Description: TODO

Advanced: (means it is not commonly used)

Key: AUTO_START

Default value: started

Used by: CheckSystem

Sample: 

# SERVICE_AUTO_START
# TODO
[/settings/system/windows/service mapping]
AUTO_START=started

SERVICE_SYSTEM_START

Description: TODO

Advanced: (means it is not commonly used)

Key: SYSTEM_START

Default value: ignored

Used by: CheckSystem

Sample: 

# SERVICE_SYSTEM_START
# TODO
[/settings/system/windows/service mapping]
SYSTEM_START=ignored

SERVICE_BOOT_START

Description: TODO

Advanced: (means it is not commonly used)

Key: BOOT_START

Default value: ignored

Used by: CheckSystem

Sample: 

# SERVICE_BOOT_START
# TODO
[/settings/system/windows/service mapping]
BOOT_START=ignored

PDH COUNTER INFORMATION

Section: /settings/system/windows/pdh

Sample: 

# PDH COUNTER INFORMATION
# 
[/settings/system/windows/pdh]

WINDOWS CHECK SYSTEM

Section for system checks and system settings

Section: /settings/system/windows

Keys:

Key Default Title Description
default buffer length1h DEFAULT LENGTH Used to define the default intervall for range buffer checks (ie. CPU).

Advanced Keys:

Key Default Title Description
subsystemdefault PDH SUBSYSTEM Set which pdh subsystem to use.
default intervall1 DEFAULT INTERVALL Used to define the default intervall for range buffer checks (ie. CPU).
modern commands1 Register modern aliases for built-in commands Register moden alias for commands (ccheck_xxx as opposed of CheckXXX) these are the names which will be used in future version of NSClient++ parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.

Sample: 

# WINDOWS CHECK SYSTEM
# Section for system checks and system settings
[/settings/system/windows]
# DEFAULT LENGTH
# Used to define the default intervall for range buffer checks (ie. CPU).
default buffer length=1h
# PDH SUBSYSTEM
# Set which pdh subsystem to use.
subsystem=default
# DEFAULT INTERVALL
# Used to define the default intervall for range buffer checks (ie. CPU).
default intervall=1
# Register modern aliases for built-in commands
# Register moden alias for commands (ccheck_xxx as opposed of CheckXXX) these are the names which will be used in future version of NSClient++ parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
modern commands=1

DEFAULT LENGTH

Description: Used to define the default intervall for range buffer checks (ie. CPU).

Key: default buffer length

Default value: 1h

Used by: CheckSystem

Sample: 

# DEFAULT LENGTH
# Used to define the default intervall for range buffer checks (ie. CPU).
[/settings/system/windows]
default buffer length=1h

PDH SUBSYSTEM

Description: Set which pdh subsystem to use.

Advanced: (means it is not commonly used)

Key: subsystem

Default value: default

Used by: CheckSystem

Sample: 

# PDH SUBSYSTEM
# Set which pdh subsystem to use.
[/settings/system/windows]
subsystem=default

DEFAULT INTERVALL

Description: Used to define the default intervall for range buffer checks (ie. CPU).

Advanced: (means it is not commonly used)

Key: default intervall

Default value: 1

Used by: CheckSystem

Sample: 

# DEFAULT INTERVALL
# Used to define the default intervall for range buffer checks (ie. CPU).
[/settings/system/windows]
default intervall=1

Register modern aliases for built-in commands

Description: Register moden alias for commands (ccheck_xxx as opposed of CheckXXX) these are the names which will be used in future version of NSClient++ parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.

Advanced: (means it is not commonly used)

Key: modern commands

Default value: 1

Used by: CheckSystem

Sample: 

# Register modern aliases for built-in commands
# Register moden alias for commands (ccheck_xxx as opposed of CheckXXX) these are the names which will be used in future version of NSClient++ parent for this key is found under: /settings/default this is marked as advanced in favour of the parent.
[/settings/system/windows]
modern commands=1

PDH COUNTERS

Define various PDH counters to check.

Section: /settings/system/windows/pdh/counters

Keys:

Key Default Title Description
memory commit bytes\4\26 memory commit bytes System counter for check_xx commands..
memory commit limit\4\30 memory commit limit System counter for check_xx commands..
cpu\238(_total)\6 cpu System counter for check_xx commands..
uptime\2\674 uptime System counter for check_xx commands..

Sample: 

# PDH COUNTERS
# Define various PDH counters to check.
[/settings/system/windows/pdh/counters]
# memory commit bytes
# System counter for check_xx commands..
memory commit bytes=\4\26
# memory commit limit
# System counter for check_xx commands..
memory commit limit=\4\30
# cpu
# System counter for check_xx commands..
cpu=\238(_total)\6
# uptime
# System counter for check_xx commands..
uptime=\2\674

memory commit bytes

Description: System counter for check_xx commands..

Key: memory commit bytes

Default value: \4\26

Used by: CheckSystem

Sample: 

# memory commit bytes
# System counter for check_xx commands..
[/settings/system/windows/pdh/counters]
memory commit bytes=\4\26

memory commit limit

Description: System counter for check_xx commands..

Key: memory commit limit

Default value: \4\30

Used by: CheckSystem

Sample: 

# memory commit limit
# System counter for check_xx commands..
[/settings/system/windows/pdh/counters]
memory commit limit=\4\30

cpu

Description: System counter for check_xx commands..

Key: cpu

Default value: \238(_total)\6

Used by: CheckSystem

Sample: 

# cpu
# System counter for check_xx commands..
[/settings/system/windows/pdh/counters]
cpu=\238(_total)\6

uptime

Description: System counter for check_xx commands..

Key: uptime

Default value: \2\674

Used by: CheckSystem

Sample: 

# uptime
# System counter for check_xx commands..
[/settings/system/windows/pdh/counters]
uptime=\2\674

External Script Sections

External Script Section

This section is included from CheckExternalScripts/config/external_script

        1. Overview
          1. command_timeout
          2. allow_arguments
          3. allow_nasty_meta_chars
          4. script_dir

Overview

Configure how the External Scripts module works (not to be confused with the "External Scripts" section below that holds scripts that can be run.

OptionDefault valueDescription
command_timeout60The maximum time in seconds that a command can execute.
allow_arguments0A Boolean flag to determine if arguments are accepted on the command line.
allow_nasty_meta_chars0Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands.
script_dir When set all files in this directory will be available as scripts. WARNING
command_timeout

The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.

Values:

Any number (positive integer) representing time in seconds.

Default
60 (seconds).
Example
Set timeout to 120 seconds 
[External Script]
command_timeout=120
allow_arguments

A Boolean flag to determine if arguments are accepted on the incoming socket. If arguments are not accepted you can still use external commands that need arguments but you have to define them in the NRPE handlers below. This is similar to the NRPE "dont_blame_nrpe" option.

Values

ValueMeaning
0Disallow arguments for commands
1Allow arguments for commands
Default
0 (false).
Example
Allow arguments 
[External Script]
allow_arguments=1
allow_nasty_meta_chars

Allow NRPE execution to have “nasty” meta characters that might affect execution of external commands (things like > “ etc).

Values
This list contain all possible values
ValueMeaning
0Disallow nasty arguments for commands
1Allow nasty arguments for commands
Default
0 (false)
Example
Allow nasty arguments 
[External Script]
allow_nasty_meta_chars=1
script_dir

When set all files in this directory will be available as scripts. This is pretty dangerous but can be a bit useful if you use many scripts and you are sure no one else can add files there.

Value
Any directory (can be relative to NSClient++)
Default
Empty (meaning no scripts are added)
Example
All scripts ending with bat in the scripts folder (of NSClient++ installation directory) will be added as scripts. 

[External Script]
script_dir=.\scripts\*.bat

External Scripts Section

This section is included from CheckExternalScripts/config/external_scripts

        1. Overview

Overview

A list of scripts and their aliases available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments> for instance: 

check_es_long=scripts\long.bat
check_es_ok=scripts\ok.bat
check_es_nok=scripts\nok.bat
check_vbs_sample=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs
check_es_args=scripts\args.bat static $ARG1$ foo

To configure scripts that request arguments, use the following syntax: 

check_script_with_arguments=scripts\script_with_arguments.bat $ARG1$ $ARG2$ $ARG3$

Use ./check_nrpe ... -c check_script_with_arguments -a arg1 arg2 arg3 ... Make sure you type $ARG1$ and not $arg1$ (case sensitive)

NOTICE For the above to work you need to enable allow_arguments in both NRPEListener and CheckExternalScripts!

External Alias Section

This section is included from CheckExternalScripts/config/external_alias

        1. Overview

Overview

A simple and nifty way to define aliases in NSClient++. Aliases are good for defining commands locally or just to simply the nagios configuration. There is a series of "useful" aliases defined in the included configuration file which is a good place to start. An alias is an internal command that has been "wrapped" (to add arguments). If you want to create an alias for an external command you can do so but it still needs the normal defnition and the alias will use the internal alias of the external command.

WARNING Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop) 

[External Aliases]
alias_cpu=checkCPU warn=80 crit=90 time=5m time=1m time=30s
alias_disk=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED
alias_service=checkServiceState CheckAll
alias_mem=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=physical

Event Log Sections

Event Log Section

This section is included from CheckEventLog/config

TracNav

  1. Configuration for CheckEventLog module
    1. CONFIGURE REALTIME CHECKING
      1. DEBUG
      2. REAL TIME CHECKING
      3. LOGS TO CHECK
      4. STARTUP AGE
    2. REALTIME FILTERS
    3. EVENT LOG SECTION
      1. DEBUG
      2. LOOKUP NAMES
      3. BUFFER_SIZE
      4. SYNTAX

Configuration for CheckEventLog module

Section with configuration keys for the CheckEventLog module

Path / Section Key Default value Description
/settings/eventlog/real-timedebug 0 DEBUG
/settings/eventlog/real-timeenabled 0 REAL TIME CHECKING
/settings/eventlog/real-timelog application,system LOGS TO CHECK
/settings/eventlog/real-timestartup age 30m STARTUP AGE
/settings/eventlog/real-time/filters REALTIME FILTERS
/settings/eventlogdebug 0 DEBUG
/settings/eventloglookup names 1 LOOKUP NAMES
/settings/eventlogbuffer size 131072 BUFFER_SIZE
/settings/eventlogsyntax SYNTAX

CONFIGURE REALTIME CHECKING

A set of options to configure the real time checks

Section: /settings/eventlog/real-time

Keys:

Key Default Title Description
debug0 DEBUG Log missed records (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.
enabled0 REAL TIME CHECKING Spawns a backgrounnd thread which detects issues and reports them back instantly.
logapplication,system LOGS TO CHECK Comma separated list of logs to check
startup age30m STARTUP AGE The initial age to scan when starting NSClient++

Sample: 

# CONFIGURE REALTIME CHECKING
# A set of options to configure the real time checks
[/settings/eventlog/real-time]
# DEBUG
# Log missed records (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.
debug=0
# REAL TIME CHECKING
# Spawns a backgrounnd thread which detects issues and reports them back instantly.
enabled=0
# LOGS TO CHECK
# Comma separated list of logs to check
log=application,system
# STARTUP AGE
# The initial age to scan when starting NSClient++
startup age=30m

DEBUG

Description: Log missed records (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.

Key: debug

Default value: 0

Used by: CheckEventlog?, CheckEventLog

Sample: 

# DEBUG
# Log missed records (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.
[/settings/eventlog/real-time]
debug=0

REAL TIME CHECKING

Description: Spawns a backgrounnd thread which detects issues and reports them back instantly.

Key: enabled

Default value: 0

Used by: CheckEventlog?, CheckEventLog

Sample: 

# REAL TIME CHECKING
# Spawns a backgrounnd thread which detects issues and reports them back instantly.
[/settings/eventlog/real-time]
enabled=0

LOGS TO CHECK

Description: Comma separated list of logs to check

Key: log

Default value: application,system

Used by: CheckEventlog?, CheckEventLog

Sample: 

# LOGS TO CHECK
# Comma separated list of logs to check
[/settings/eventlog/real-time]
log=application,system

STARTUP AGE

Description: The initial age to scan when starting NSClient++

Key: startup age

Default value: 30m

Used by: CheckEventlog?, CheckEventLog

Sample: 

# STARTUP AGE
# The initial age to scan when starting NSClient++
[/settings/eventlog/real-time]
startup age=30m

REALTIME FILTERS

A set of filters to use in real-time mode

Section: /settings/eventlog/real-time/filters

Sample: 

# REALTIME FILTERS
# A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]

EVENT LOG SECTION

Section for the EventLog? Checker (CheckEventLog.dll).

Section: /settings/eventlog

Keys:

Key Default Title Description
debug0 DEBUG Log more information when filtering (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.
lookup names1 LOOKUP NAMES Lookup the names of eventlog files
buffer size131072 BUFFER_SIZE The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
syntax SYNTAX Set this to use a specific syntax string for all commands (that don't specify one).

Sample: 

# EVENT LOG SECTION
# Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]
# DEBUG
# Log more information when filtering (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.
debug=0
# LOOKUP NAMES
# Lookup the names of eventlog files
lookup names=1
# BUFFER_SIZE
# The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size=131072
# SYNTAX
# Set this to use a specific syntax string for all commands (that don't specify one).
syntax=

DEBUG

Description: Log more information when filtering (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.

Key: debug

Default value: 0

Used by: CheckEventlog?, CheckEventLog

Sample: 

# DEBUG
# Log more information when filtering (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.
[/settings/eventlog]
debug=0

LOOKUP NAMES

Description: Lookup the names of eventlog files

Key: lookup names

Default value: 1

Used by: CheckEventlog?, CheckEventLog

Sample: 

# LOOKUP NAMES
# Lookup the names of eventlog files
[/settings/eventlog]
lookup names=1

BUFFER_SIZE

Description: The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.

Key: buffer size

Default value: 131072

Used by: CheckEventlog?, CheckEventLog

Sample: 

# BUFFER_SIZE
# The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
[/settings/eventlog]
buffer size=131072

SYNTAX

Description: Set this to use a specific syntax string for all commands (that don't specify one).

Key: syntax

Used by: CheckEventlog?, CheckEventLog

Sample: 

# SYNTAX
# Set this to use a specific syntax string for all commands (that don't specify one).
[/settings/eventlog]
syntax=

NSCA Agent Sections

These sections describe the configuration options for the NSCA module.

NSCA Agent Section

This section is included from NSCAAgent/config/NSCA_Agent

        1. Overview
          1. interval
          2. nsca_host
          3. nsca_port
          4. encryption_method
          5. password
          6. hostname
          7. debug_threads

Overview

Options to configure the NSCA module.

OptionDefault valueDescription
interval60Time in seconds between each report back to the server (cant as of yet be set individually so this is for all "checks")
nsca_host...The NSCA/Nagios(?) server to report results to.
nsca_port5667The NSCA server port
encryption_method1Number corresponding to the various encryption algorithms (see below). Has to be the same as the server or it wont work at all.
password The password to use. Again has to be the same as the server or it won't work at all.

Advanced options:

OptionDefault valueDescription
hostname The host name of this host if set to blank (default) the windows name of the computer will be used.
debug_threads1DEBUGNumber of threads to run, no reason to change this really (unless you want to stress test something)
interval

Time in seconds between each report back to the server (cant as of yet be set individually so this is for all "checks")

Value
Any positive integer (time in seconds)
Default
60 (seconds)

nsca_host

The NSCA/Nagios(?) server to report results to.

Values
Hostname or IP address to submit back results to.
Default
Empty string (will in 3.7 and above mean don't submit results)

nsca_port

The NSCA server port

Values
Any positive integer (port number ought to be less then 65534)
Default
5667

encryption_method

Number corresponding to the various encryption algorithms (see below). Has to be the same as the server or it wont work at all.

Values
Supported encryption methods:

#Algorithm
0None (Do NOT use this option)
1Simple XOR (No security, just obfuscation, but very fast)
2DES
33DES (Triple DES)
4CAST-128
6xTEA
8BLOWFISH
9TWOFISH
11RC2
14RIJNDAEL-128 (AES)
20SERPENT
Default
1 (I am note sure I thought default was 14?)
password

The password to use. Again has to be the same as the server or it won't work at all.

Values
Any string (should be the same as the one configured in nsca.conf

hostname

The host name of this host if set to blank (default) the windows name of the computer will be used.

Values
Any string (or auto)
Default
auto (means windows hostname will be used)

debug_threads

DEBUGNumber of threads to run, no reason to change this really (unless you want to stress test something)

Values
Any positive integer larger then or equal to 1
Default
1

NSCA Commands Section

This section is included from NSCAAgent/config/NSCA_Commands

        1. Overview

Overview

A list of commands to run and submit each time we report back to the NSCA server. A command starting with host_ will be submitted as a host command. For an example see below: This will report back one service check (called my_cpu_check) and one host check (host checks have no service name). 

[NSCA Commands]
my_cpu_check=checkCPU warn=80 crit=90 time=20m time=10s time=4
host_check=check_ok

LUA Scripts

A list of LUA script to load at startup. In difference to "external checks" all LUA scripts are loaded at startup. Names have no meaning since the script (on boot) submits the available commands and tie them to various functions. 

[LUA Scripts]
scripts\test.lua
Last modified 17 months ago Last modified on 01/12/12 19:35:53