CheckSystem
Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
Enable module
To enable this module and and allow using the commands you need to ass CheckSystem = enabled to the [/modules] section in nsclient.ini:
[/modules]
CheckSystem = enabled
Queries
A quick reference for all available queries (check commands) in the CheckSystem module.
List of commands:
A list of all available queries (check commands)
| Command | Description |
|---|---|
| check_cpu | Check that the load of the CPU(s) are within bounds. |
| check_memory | Check free/used memory on the system. |
| check_network | Check network interface status. |
| check_os_version | Check the version of the underlying OS. |
| check_pagefile | Check the size of the system pagefile(s). |
| check_pdh | Check the value of a performance (PDH) counter on the local or remote system. |
| check_process | Check state/metrics of one or more of the processes running on the computer. |
| check_service | Check the state of one or more of the computer services. |
| check_uptime | Check time since last server re-boot. |
| checkcounter | Legacy version of check_pdh |
| checkcpu | Legacy version of check_cpu |
| checkmem | Legacy version of check_mem |
| checkprocstate | Legacy version of check_process |
| checkservicestate | Legacy version of check_service |
| checkuptime | Legacy version of check_uptime |
List of command aliases:
A list of all short hand aliases for queries (check commands)
| Command | Description |
|---|---|
| check_counter | Alias for: :query:check_pdh |
check_cpu
Check that the load of the CPU(s) are within bounds.
The check_cpu command is a query based command which means it has a filter where you can use a filter expression with filter keywords to define which rows are relevant to the check. The filter is written using the filter query language and in it you can use various filter keywords to define the filtering logic. The filter keywords can also be used to create the bound expressions for the warning and critical which defines when a check returns warning or critical.
Sample Commands
To edit these sample please edit this page
Default check:
check_cpu
CPU Load ok
'total 5m load'=0%;80;90 'total 1m load'=0%;80;90 'total 5s load'=7%;80;90
Checking all cores by adding filter=none (disabling the filter):
check_cpu filter=none "warn=load > 80" "crit=load > 90"
CPU Load ok
'core 0 5m kernel'=1%;10;0 'core 0 5m load'=3%;80;90 'core 1 5m kernel'=0%;10;0 'core 1 5m load'=0%;80;90 ... 'core 7 5s load'=15%;80;90 'total 5s kernel'=3%;10;0 'total 5s load'=7%;80;90
Adding kernel times to the check::
check_cpu filter=none "warn=kernel > 10 or load > 80" "crit=load > 90" "top-syntax=${list}"
core 0 > 3, core 1 > 0, core 2 > 0, core ... , core 7 > 15, total > 7
'core 0 5m kernel'=1%;10;0 'core 0 5m load'=3%;80;90 'core 1 5m kernel'=0%;10;0 'core 1 5m load'=0%;80;90 ... 'core 7 5s load'=15%;80;90 'total 5s kernel'=3%;10;0 'total 5s load'=7%;80;90
Default check via NRPE::
check_nscp --host 192.168.56.103 --command check_cpu
CPU Load ok|'total 5m'=16%;80;90 'total 1m'=13%;80;90 'total 5s'=13%;80;90
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | core = 'total' | Filter which marks interesting items. |
| warning | load > 80 | Filter which marks items which generates a warning state. |
| warn | Short alias for warning | |
| critical | load > 90 | Filter which marks items which generates a critical state. |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | ignored | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${problem_list} | Top level syntax. |
| ok-syntax | %(status): CPU load is ok. | ok syntax. |
| empty-syntax | Empty syntax. | |
| detail-syntax | ${time}: ${load}% | Detail level syntax. |
| perf-syntax | ${core} ${time} | Performance alias syntax. |
| time | The time to check | |
| cores | N/A | This will remove the filter to include the cores, if you use filter dont use this as well. |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
Default Value: core = 'total'
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
Default Value: load > 80
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
Default Value: load > 90
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: ignored
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${problem_list}
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
Default Value: %(status): CPU load is ok.
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${time}: ${load}%
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: ${core} ${time}
Filter keywords
| Option | Description |
|---|---|
| core | The core to check (total or core ##) |
| core_id | The core to check (total or core_##) |
| count | Number of items matching the filter. Common option for all checks. |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| idle | The current idle load for a given core |
| kernel | deprecated (use system instead) |
| list | A list of all items which matched the filter. Common option for all checks. |
| load | deprecated (use total instead) |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| system | The current load used by the system (kernel) |
| time | The time frame to check |
| total | Total number of items. Common option for all checks. |
| user | The current load used by user applications |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
check_memory
Check free/used memory on the system.
Sample Commands
To edit these sample please edit this page
Default check:
check_memory
OK memory within bounds.
'page used'=8G;19;21 'page used %'=33%;79;89 'physical used'=7G;9;10 'physical used %'=65%;79;89
Using --show-all to show the result:
check_memory "warn=free < 20%" "crit=free < 10G" --show-all
page = 8.05G, physical = 7.85G
'page free'=15G;4;2 'page free %'=66%;19;9 'physical free'=4G;2;1 'physical free %'=34%;19;9
Changing the return syntax to include more information::
check_memory "top-syntax=${list}" "detail-syntax=${type} free: ${free} used: ${used} size: ${size}"
page free: 16G used: 7.98G size: 24G, physical free: 4.18G used: 7.8G size: 12G
Default check via NRPE::
check_nrpe --host 192.168.56.103 --command check_memory
OK memory within bounds.|'page'=531G;3;3;0;3 'page %'=12%;79;89;0;100 'physical'=530G;1;1;0;1 'physical %'=25%;79;89;0;100
Most "byte" checks such as memory have an auto scaling feature which means values will go from 800M to 1.2G between checks.
Some graphing systems does not honor the units in performance data in which case you can get unexpected large values (such as 800G).
To remedy this you can lock the unit by adding perf-config=*(unit:G)
check_memory perf-config=*(unit:G)
page = 8.05G, physical = 7.85G
'page free'=15G;4;2 'page free %'=66%;19;9 'physical free'=4G;2;1 'physical free %'=34%;19;9
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | Filter which marks interesting items. | |
| warning | used > 80% | Filter which marks items which generates a warning state. |
| warn | Short alias for warning | |
| critical | used > 90% | Filter which marks items which generates a critical state. |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | ignored | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${list} | Top level syntax. |
| ok-syntax | ok syntax. | |
| empty-syntax | Empty syntax. | |
| detail-syntax | ${type} = ${used} | Detail level syntax. |
| perf-syntax | ${type} | Performance alias syntax. |
| type | The type of memory to check (physical = Physical memory (RAM), committed = total memory (RAM+PAGE) |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
Default Value: used > 80%
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
Default Value: used > 90%
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: ignored
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${list}
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${type} = ${used}
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: ${type}
Filter keywords
| Option | Description |
|---|---|
| count | Number of items matching the filter. Common option for all checks. |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| free | Free memory in bytes (g,m,k,b) or percentages % |
| free_pct | % free memory |
| list | A list of all items which matched the filter. Common option for all checks. |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| size | Total size of memory |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| total | Total number of items. Common option for all checks. |
| type | The type of memory to check |
| used | Used memory in bytes (g,m,k,b) or percentages % |
| used_pct | % used memory |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
check_network
Check network interface status.
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | Filter which marks interesting items. | |
| warning | total > 10000 | Filter which marks items which generates a warning state. |
| warn | Short alias for warning | |
| critical | total > 100000 | Filter which marks items which generates a critical state. |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | critical | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${list} | Top level syntax. |
| ok-syntax | %(status): Network interfaces seem ok. | ok syntax. |
| empty-syntax | Empty syntax. | |
| detail-syntax | ${name} >${sent} <${received} bps | Detail level syntax. |
| perf-syntax | ${name} | Performance alias syntax. |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
Default Value: total > 10000
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
Default Value: total > 100000
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: critical
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${list}
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
Default Value: %(status): Network interfaces seem ok.
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${name} >${sent} <${received} bps
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: ${name}
Filter keywords
| Option | Description |
|---|---|
| MAC | The MAC address |
| count | Number of items matching the filter. Common option for all checks. |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| enabled | True if the network interface is enabled |
| list | A list of all items which matched the filter. Common option for all checks. |
| name | Network interface name |
| net_connection_id | Network connection id |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| received | Bytes received per second |
| sent | Bytes sent per second |
| speed | The network interface speed |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| total | Total number of items. Common option for all checks. |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
check_os_version
Check the version of the underlying OS.
Sample Commands
To edit these sample please edit this page
Default check:
check_os_Version
L client CRITICAL: Windows 7 (6.1.7601)
L client Performance data: 'version'=61;50;50
Making sure the OS version is Windows 8:
check_os_Version "warn=version < 62"
L client WARNING: Windows 7 (6.1.7601)
L client Performance data: 'version'=61;62;0
Default check via NRPE:
check_nrpe --host 192.168.56.103 --command check_os_version
Windows 2012 (6.2.9200)|'version'=62;50;50
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | Filter which marks interesting items. | |
| warning | version <= 50 | Filter which marks items which generates a warning state. |
| warn | Short alias for warning | |
| critical | version <= 50 | Filter which marks items which generates a critical state. |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | ignored | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${list} | Top level syntax. |
| ok-syntax | ok syntax. | |
| empty-syntax | Empty syntax. | |
| detail-syntax | ${version} (${major}.${minor}.${build}) | Detail level syntax. |
| perf-syntax | version | Performance alias syntax. |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
Default Value: version <= 50
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
Default Value: version <= 50
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: ignored
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${list}
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${version} (${major}.${minor}.${build})
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: version
Filter keywords
| Option | Description |
|---|---|
| build | Build version number |
| count | Number of items matching the filter. Common option for all checks. |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| list | A list of all items which matched the filter. Common option for all checks. |
| major | Major version number |
| minor | Minor version number |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| suite | Which suites are installed on the machine (Microsoft BackOffice, Web Edition, Compute Cluster Edition, Datacenter Edition, Enterprise Edition, Embedded, Home Edition, Remote Desktop Support, Small Business Server, Storage Server, Terminal Services, Home Server) |
| total | Total number of items. Common option for all checks. |
| version | The system version |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
check_pagefile
Check the size of the system pagefile(s).
Sample Commands
To edit these sample please edit this page
Default options:
check_pagefile
L client WARNING: \Device\HarddiskVolume2\pagefile.sys 24.3M (32M)
L client Performance data: '\??\D:\pagefile.sys'=1G;14;19;0;23 '\??\D:\pagefile.sys %'=6%;59;79;0;100 '\Device\HarddiskVolume2\pagefile.sys'=24M;19;25;0;32 '\Device\HarddiskVolume2\pagefile.sys %'=75%;59;79;0;100 'total'=1G;14;19;0;23 'total %'=6%;59;79;0;100
Only showing the total amount of pagefile usage::
check_pagefile "filter=name = 'total'" "top-syntax=${list}"
OK: total 1.66G (24G)
Performance data: 'total'=1G;14;19;0;23 'total %'=6%;59;79;0;100
Getting help on available options::
check_pagefile help
...
filter=ARG Filter which marks interesting items.
Interesting items are items which will be included in
the check.
They do not denote warning or critical state but they
are checked use this to filter out unwanted items.
Available options:
free Free memory in bytes (g,m,k,b) or percentages %
name The name of the page file (location)
size Total size of pagefile
used Used memory in bytes (g,m,k,b) or percentages %
count Number of items matching the filter
total Total number of items
ok_count Number of items matched the ok criteria
warn_count Number of items matched the warning criteria
crit_count Number of items matched the critical criteria
problem_count Number of items matched either warning or critical criteria
...
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | Filter which marks interesting items. | |
| warning | used > 60% | Filter which marks items which generates a warning state. |
| warn | Short alias for warning | |
| critical | used > 80% | Filter which marks items which generates a critical state. |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | ignored | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${list} | Top level syntax. |
| ok-syntax | ok syntax. | |
| empty-syntax | Empty syntax. | |
| detail-syntax | ${name} ${used} (${size}) | Detail level syntax. |
| perf-syntax | ${name} | Performance alias syntax. |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
Default Value: used > 60%
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
Default Value: used > 80%
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: ignored
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${list}
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${name} ${used} (${size})
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: ${name}
Filter keywords
| Option | Description |
|---|---|
| count | Number of items matching the filter. Common option for all checks. |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| free | Free memory in bytes (g,m,k,b) or percentages % |
| free_pct | % free memory |
| list | A list of all items which matched the filter. Common option for all checks. |
| name | The name of the page file (location) |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| size | Total size of pagefile |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| total | Total number of items. Common option for all checks. |
| used | Used memory in bytes (g,m,k,b) or percentages % |
| used_pct | % used memory |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
check_pdh
Check the value of a performance (PDH) counter on the local or remote system. The counters can also be added and polled periodically to get average values. Performance Log Users group membership is required to check performance counters.
Sample Commands
To edit these sample please edit this page
Checking specific Counter (\System\System Up Time):
check_pdh "counter=\\System\\System Up Time" "warn=value > 5" "crit=value > 9999"
\System\System Up Time = 204213
'\System\System Up Time value'=204213;5;9999
Using the expand index to check for translated counters::
check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999" expand-index
Everything looks good
'\Minne\Dedikationsgräns value'=-2147483648;5;9999
Checking translated counters without expanding indexes::
check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999"
Everything looks good
'\4\30 value'=-2147483648;5;9999
Checking large values using the type=large keyword::
check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999" flags=nocap100 expand-index type=large
\Minne\Dedikationsgräns = 25729224704
'\Minne\Dedikationsgräns value'=25729224704;5;9999
Using real-time checks to check average values over time.
Here we configure a counter to be checked at regular intervals and the value is added to a rrd buffer. The configuration from nsclient.ini::
[/settings/system/windows/counters/foo]
collection strategy=rrd
type=large
counter=\Processor(_total)\% Processor Time
Then we can check the value (current snapshot)::
check_pdh "counter=foo" "warn=value > 80" "crit=value > 90"
Everything looks good
'foo value'=18;80;90
To check averages from the same counter we need to specify the time option::
check_pdh "counter=foo" "warn=value > 80" "crit=value > 90" time=30s
Everything looks good
'foo value'=3;80;90
Checking all instances of a given counter::
check_pdh "counter=\Processor(*)\% processortid" instances
L client OK: \\MIME-LAPTOP\Processor(0)\% processortid = 100, \\MIME-LAPTOP\Processor(1)\% processortid = 100, \\MIME-LAPTOP\Processor(2)\% processortid = 100, \\MIME-LAPTOP\Processor(3)\% processortid = 100, \\MIME-LAPTOP\Processor(4)\% processortid = 100, \\MIME-LAPTOP\Processor(5)\% processortid = 100, \\MIME-LAPTOP\Processor(6)\% processortid = 100, \\MIME-LAPTOP\Processor(7)\% processortid = 100, \\MIME-LAPTOP\Processor(_Total)\% processortid = 100
L client Performance data: '\Processor(*)\% processortid_0'=100;0;0 '\Processor(*)\% processortid_1'=100;0;0 '\Processor(*)\% processortid_2'=100;0;0 '\Processor(*)\% processortid_3'=100;0;0 '\Processor(*)\% processortid_4'=100;0;0 '\Processor(*)\% processortid_5'=100;0;0 '\Processor(*)\% processortid_6'=100;0;0 '\Processor(*)\% processortid_7'=100;0;0 '\Processor(*)\% processortid__Total'=100;0;0
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | Filter which marks interesting items. | |
| warning | Filter which marks items which generates a warning state. | |
| warn | Short alias for warning | |
| critical | Filter which marks items which generates a critical state. | |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | unknown | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${list} | Top level syntax. |
| ok-syntax | ok syntax. | |
| empty-syntax | Empty syntax. | |
| detail-syntax | ${alias} = ${value} | Detail level syntax. |
| perf-syntax | ${alias} | Performance alias syntax. |
| counter | Performance counter to check | |
| expand-index | N/A | Expand indexes in counter strings |
| instances | N/A | Expand wildcards and fetch all instances |
| reload | N/A | Reload counters on errors (useful to check counters which are not added at boot) |
| averages | N/A | Check average values (ie. wait for 1 second to collecting two samples) |
| time | Timeframe to use for named rrd counters | |
| flags | Extra flags to configure the counter (nocap100, 1000, noscale) | |
| type | large | Format of value (double, long, large) |
| ignore-errors | N/A | If we should ignore errors when checking counters, for instance missing counters or invalid counters will return 0 instead of errors |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: unknown
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${list}
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${alias} = ${value}
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: ${alias}
type:
Format of value (double, long, large)
Default Value: large
Filter keywords
| Option | Description |
|---|---|
| alias | The counter alias |
| count | Number of items matching the filter. Common option for all checks. |
| counter | The counter name |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| list | A list of all items which matched the filter. Common option for all checks. |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| time | The time for rrd checks |
| total | Total number of items. Common option for all checks. |
| value | The counter value (either float or int) |
| value_f | The counter value (force float value) |
| value_i | The counter value (force int value) |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
check_process
Check state/metrics of one or more of the processes running on the computer.
Sample Commands
To edit these sample please edit this page
Default check:
check_process
SetPoint.exe=hung
Performance data: 'taskhost.exe'=1;1;0 'dwm.exe'=1;1;0 'explorer.exe'=1;1;0 ... 'chrome.exe'=1;1;0 'vcpkgsrv.exe'=1;1;0 'vcpkgsrv.exe'=1;1;0
Default check via NRPE::
check_nrpe --host 192.168.56.103 --command check_process
SetPoint.exe=hung|'smss.exe state'=1;0;0 'csrss.exe state'=1;0;0...
Check that specific process are running::
check_process process=explorer.exe process=foo.exe
foo.exe=stopped
Performance data: 'explorer.exe'=1;1;0 'foo.exe'=0;1;0
Check memory footprint from specific processes::
check_process process=explorer.exe "warn=working_set > 70m"
explorer.exe=started
Performance data: 'explorer.exe ws_size'=73M;70;0
Extend the syntax to display the attributes we are interested in::
check_process process=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set}, handles: ${handles}, user time:${user}s"
explorer.exe ws:77271040, handles: 800, user time:107s
Performance data: 'explorer.exe ws_size'=73M;70;0
List all processes which use more then 200m virtual memory Default check via NRPE::
check_nrpe --host 192.168.56.103 --command check_process --arguments "filter=virtual > 200m"
OK all processes are ok.|'csrss.exe state'=1;0;0 'svchost.exe state'=1;0;0 'AvastSvc.exe state'=1;0;0 ...
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | state != 'unreadable' | Filter which marks interesting items. |
| warning | state not in ('started') | Filter which marks items which generates a warning state. |
| warn | Short alias for warning | |
| critical | state = 'stopped', count = 0 | Filter which marks items which generates a critical state. |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | unknown | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${problem_list} | Top level syntax. |
| ok-syntax | %(status): all processes are ok. | ok syntax. |
| empty-syntax | UNKNOWN: No processes found | Empty syntax. |
| detail-syntax | ${exe}=${state} | Detail level syntax. |
| perf-syntax | ${exe} | Performance alias syntax. |
| process | The service to check, set this to * to check all services | |
| scan-info | If all process metrics should be fetched (otherwise only status is fetched) | |
| scan-16bit | If 16bit processes should be included | |
| delta | Calculate delta over one elapsed second. | |
| scan-unreadable | If unreadable processes should be included (will not have information) | |
| total | N/A | Include the total of all matching files |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
Default Value: state != 'unreadable'
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
Default Value: state not in ('started')
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
Default Value: state = 'stopped', count = 0
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: unknown
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${problem_list}
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
Default Value: %(status): all processes are ok.
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
Default Value: UNKNOWN: No processes found
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${exe}=${state}
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: ${exe}
delta:
Calculate delta over one elapsed second. This call will measure values and then sleep for 2 second and then measure again calculating deltas.
Filter keywords
| Option | Description |
|---|---|
| command_line | Command line of process (not always available) |
| count | Number of items matching the filter. Common option for all checks. |
| creation | Creation time |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| error | Any error messages associated with fetching info |
| exe | The name of the executable |
| filename | Name of process (with path) |
| gdi_handles | Number of handles |
| handles | Number of handles |
| hung | Process is hung |
| kernel | Kernel time in seconds |
| legacy_state | Get process status (for legacy use via check_nt only) |
| list | A list of all items which matched the filter. Common option for all checks. |
| new | Process is new (can inly be used for real-time filters) |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| page_fault | Page fault count |
| pagefile | Peak page file use in bytes |
| peak_pagefile | Page file usage in bytes |
| peak_virtual | Peak virtual size in bytes |
| peak_working_set | Peak working set in bytes |
| pid | Process id |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| started | Process is started |
| state | The current state (started, stopped hung) |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| stopped | Process is stopped |
| time | User-kernel time in seconds |
| total | Total number of items. Common option for all checks. |
| user | User time in seconds |
| user_handles | Number of handles |
| virtual | Virtual size in bytes |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
| working_set | Working set in bytes |
check_service
Check the state of one or more of the computer services.
Sample Commands
To edit these sample please edit this page
Default check:
check_service
OK all services are ok.
Excluding services using exclude::
check_service "exclude=clr_optimization_v4.0.30319_32" "exclude=clr_optimization_v4.0.30319_64"
WARNING: gupdate=stopped (auto), Net Driver HPZ12=stopped (auto), NSClientpp=stopped (auto), nscp=stopped (auto), Pml Driver HPZ12=stopped (auto), SkypeUpdate=stopped (auto), sppsvc=stopped (auto)
Show all service by changing the syntax::
check_service "top-syntax=${list}" "detail-syntax=${name}:${state}"
AdobeActiveFileMonitor10.0:running, AdobeARMservice:running, AdobeFlashPlayerUpdateSvc:stopped, ..., WwanSvc:stopped
Excluding services using the filter::
check_service "filter=start_type = 'auto' and name not in ('Bonjour Service', 'Net Driver HPZ12')"
AdobeActiveFileMonitor10.0: running, AdobeARMservice: running, AMD External Events Utility: running, ... wuauserv: running
Exclude versus filter::
You can use both exclude and filter to exclude services the befnefit of exclude is that it is faster with the obvious drawback that it only works on the service name. The upside to filters are that they are richer in terms of functionality i.e. substring matching (as below).
Regular check
check_service
L cli CRITICAL: CRITICAL: nfoo=stopped (auto), nscp=stopped (auto), nscp2=stopped (auto), ...
Excluding nfoo service with exclude:
check_service exclude=nfoo
L cli CRITICAL: CRITICAL: nscp=stopped (auto), nscp2=stopped (auto), ...
Excluding nscp2 with substring like matching filter:
check_service exclude=nfoo "filter=name not like 'nscp'"
L cli CRITICAL: CRITICAL: ...
Default check via NRPE::
check_nrpe --host 192.168.56.103 --command check_service
WARNING: DPS=stopped (auto), MSDTC=stopped (auto), sppsvc=stopped (auto), UALSVC=stopped (auto)
Check that a service is not started::
check_service service=nscp "crit=state = 'started'" warn=none
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | Filter which marks interesting items. | |
| warning | not state_is_perfect() | Filter which marks items which generates a warning state. |
| warn | Short alias for warning | |
| critical | not state_is_ok() | Filter which marks items which generates a critical state. |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | unknown | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${crit_list}, delayed (${warn_list}) | Top level syntax. |
| ok-syntax | %(status): All %(count) service(s) are ok. | ok syntax. |
| empty-syntax | %(status): No services found | Empty syntax. |
| detail-syntax | ${name}=${state} (${start_type}) | Detail level syntax. |
| perf-syntax | ${name} | Performance alias syntax. |
| computer | The name of the remote computer to check | |
| service | The service to check, set this to * to check all services | |
| exclude | A list of services to ignore (mainly useful in combination with service=*) | |
| type | service | The types of services to enumerate available types are driver, file-system-driver, kernel-driver, service, service-own-process, service-share-process |
| state | all | The types of services to enumerate available states are active, inactive or all |
| only-essential | N/A | Set filter to classification = 'essential' |
| only-ignored | N/A | Set filter to classification = 'ignored' |
| only-role | N/A | Set filter to classification = 'role' |
| only-supporting | N/A | Set filter to classification = 'supporting' |
| only-system | N/A | Set filter to classification = 'system' |
| only-user | N/A | Set filter to classification = 'user' |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
Default Value: not state_is_perfect()
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
Default Value: not state_is_ok()
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: unknown
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${crit_list}, delayed (${warn_list})
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
Default Value: %(status): All %(count) service(s) are ok.
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
Default Value: %(status): No services found
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${name}=${state} (${start_type})
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: ${name}
type:
The types of services to enumerate available types are driver, file-system-driver, kernel-driver, service, service-own-process, service-share-process
Default Value: service
state:
The types of services to enumerate available states are active, inactive or all
Default Value: all
Filter keywords
| Option | Description |
|---|---|
| classification | Get classification |
| count | Number of items matching the filter. Common option for all checks. |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| delayed | If the service is delayed |
| desc | Service description |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| is_trigger | If the service is has associated triggers |
| legacy_state | Get legacy state (deprecated and only used by check_nt) |
| list | A list of all items which matched the filter. Common option for all checks. |
| name | Service name |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| pid | Process id |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| start_type | The configured start type () |
| state | The current state () |
| state_is_ok() | Check if the state is ok, i.e. all running services are runningelayed services are allowed to be stopped) |
| state_is_perfect() | Check if the state is ok, i.e. all running services are running |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| total | Total number of items. Common option for all checks. |
| triggers | The number of associated triggers for this service |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
check_uptime
Check time since last server re-boot.
Sample Commands
To edit these sample please edit this page
Default check:
check_uptime
uptime: -9:02, boot: 2013-aug-18 08:29:13
'uptime uptime'=1376814553s;1376760683;1376803883
Adding warning and critical thresholds::
check_uptime "warn=uptime < -2d" "crit=uptime < -1d"
...
Default check via NRPE::
check_nrpe --host 192.168.56.103 --command check_uptime
uptime: -0:3, boot: 2013-sep-08 18:41:06 (UCT)|'uptime'=1378665666;1378579481;1378622681
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| filter | Filter which marks interesting items. | |
| warning | uptime < 2d | Filter which marks items which generates a warning state. |
| warn | Short alias for warning | |
| critical | uptime < 1d | Filter which marks items which generates a critical state. |
| crit | Short alias for critical. | |
| ok | Filter which marks items which generates an ok state. | |
| debug | N/A | Show debugging information in the log |
| show-all | N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
| empty-state | ignored | Return status to use when nothing matched filter. |
| perf-config | Performance data generation configuration | |
| escape-html | N/A | Escape any < and > characters to prevent HTML encoding |
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| top-syntax | ${status}: ${list} | Top level syntax. |
| ok-syntax | ok syntax. | |
| empty-syntax | Empty syntax. | |
| detail-syntax | uptime: ${uptime}h, boot: ${boot} (UTC) | Detail level syntax. |
| perf-syntax | uptime | Performance alias syntax. |
filter:
Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.
warning:
Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.
Default Value: uptime < 2d
critical:
Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.
Default Value: uptime < 1d
ok:
Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.
empty-state:
Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.
Default Value: ignored
perf-config:
Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
top-syntax:
Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: ${status}: ${list}
ok-syntax:
ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).
empty-syntax:
Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.
detail-syntax:
Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).
Default Value: uptime: ${uptime}h, boot: ${boot} (UTC)
perf-syntax:
Performance alias syntax. This is the syntax for the base names of the performance data.
Default Value: uptime
Filter keywords
| Option | Description |
|---|---|
| boot | System boot time |
| count | Number of items matching the filter. Common option for all checks. |
| crit_count | Number of items matched the critical criteria. Common option for all checks. |
| crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
| detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
| list | A list of all items which matched the filter. Common option for all checks. |
| ok_count | Number of items matched the ok criteria. Common option for all checks. |
| ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
| problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
| problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
| status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
| total | Total number of items. Common option for all checks. |
| uptime | Time since last boot |
| warn_count | Number of items matched the warning criteria. Common option for all checks. |
| warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
checkcounter
Legacy version of check_pdh
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| Counter | The time to check | |
| ShowAll | short | Configures display format (if set shows all items not only failures, if set to long shows all cores). |
| MaxWarn | Maximum value before a warning is returned. | |
| MaxCrit | Maximum value before a critical is returned. | |
| MinWarn | Minimum value before a warning is returned. | |
| MinCrit | Minimum value before a critical is returned. |
ShowAll:
Configures display format (if set shows all items not only failures, if set to long shows all cores).
Default Value: short
checkcpu
Legacy version of check_cpu
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| time | The time to check | |
| ShowAll | short | Configures display format (if set shows all items not only failures, if set to long shows all cores). |
| MaxWarn | Maximum value before a warning is returned. | |
| MaxCrit | Maximum value before a critical is returned. | |
| MinWarn | Minimum value before a warning is returned. | |
| MinCrit | Minimum value before a critical is returned. | |
| warn | Maximum value before a warning is returned. | |
| crit | Maximum value before a critical is returned. |
ShowAll:
Configures display format (if set shows all items not only failures, if set to long shows all cores).
Default Value: short
checkmem
Legacy version of check_mem
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| type | The types to check | |
| ShowAll | short | Configures display format (if set shows all items not only failures, if set to long shows all cores). |
| MaxWarn | Maximum value before a warning is returned. | |
| MaxCrit | Maximum value before a critical is returned. | |
| MinWarn | Minimum value before a warning is returned. | |
| MinCrit | Minimum value before a critical is returned. | |
| warn | Maximum value before a warning is returned. | |
| crit | Maximum value before a critical is returned. |
ShowAll:
Configures display format (if set shows all items not only failures, if set to long shows all cores).
Default Value: short
checkprocstate
Legacy version of check_process
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| ShowAll | short | Configures display format (if set shows all items not only failures, if set to long shows all cores). |
| MaxWarnCount | Maximum value before a warning is returned. | |
| MaxCritCount | Maximum value before a critical is returned. | |
| MinWarnCount | Minimum value before a warning is returned. | |
| MinCritCount | Minimum value before a critical is returned. |
ShowAll:
Configures display format (if set shows all items not only failures, if set to long shows all cores).
Default Value: short
checkservicestate
Legacy version of check_service
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| CheckAll | true | Check all services. |
| exclude | Exclude services | |
| ShowAll | short | Configures display format (if set shows all items not only failures, if set to long shows all cores). |
CheckAll:
Check all services.
Default Value: true
ShowAll:
Configures display format (if set shows all items not only failures, if set to long shows all cores).
Default Value: short
checkuptime
Legacy version of check_uptime
Command-line Arguments
| Option | Default Value | Description |
|---|---|---|
| help | N/A | Show help screen (this screen) |
| help-pb | N/A | Show help screen as a protocol buffer payload |
| show-default | N/A | Show default values for a given command |
| help-short | N/A | Show help screen (short format). |
| ShowAll | short | Configures display format (if set shows all items not only failures, if set to long shows all cores). |
| MaxWarn | Maximum value before a warning is returned. | |
| MaxCrit | Maximum value before a critical is returned. | |
| MinWarn | Minimum value before a warning is returned. | |
| MinCrit | Minimum value before a critical is returned. | |
| warn | Maximum value before a warning is returned. | |
| crit | Maximum value before a critical is returned. |
ShowAll:
Configures display format (if set shows all items not only failures, if set to long shows all cores).
Default Value: short
Configuration
| Path / Section | Description |
|---|---|
| /settings/system/windows | Windows system |
| /settings/system/windows/counters | PDH Counters |
| /settings/system/windows/real-time/checks | Legacy generic filters |
| /settings/system/windows/real-time/cpu | Realtime cpu filters |
| /settings/system/windows/real-time/memory | Realtime memory filters |
| /settings/system/windows/real-time/process | Realtime process filters |
Windows system
Section for system checks and system settings
| Key | Default Value | Description |
|---|---|---|
| default buffer length | 1h | Default buffer time |
| disable | Disable automatic checks | |
| fetch core loads | true | Fetch core load |
| subsystem | default | PDH subsystem |
| use pdh for cpu | false | Use PDH to fetch CPU load |
# Section for system checks and system settings
[/settings/system/windows]
default buffer length=1h
fetch core loads=true
subsystem=default
use pdh for cpu=false
Default buffer time
Used to define the default size of range buffer checks (ie. CPU).
| Key | Description |
|---|---|
| Path: | /settings/system/windows |
| Key: | default buffer length |
| Default value: | 1h |
| Used by: | CheckSystem |
Sample:
[/settings/system/windows]
# Default buffer time
default buffer length=1h
Disable automatic checks
A comma separated list of checks to disable in the collector: cpu,handles,network,metrics,pdh. Please note disabling these will mean part of NSClient++ will no longer function as expected.
| Key | Description |
|---|---|
| Path: | /settings/system/windows |
| Key: | disable |
| Advanced: | Yes (means it is not commonly used) |
| Default value: | N/A |
| Used by: | CheckSystem |
Sample:
[/settings/system/windows]
# Disable automatic checks
disable=
Fetch core load
Set to false to use a different API for fetching CPU load (will not provide core load, and will not show exact same values as task manager).
| Key | Description |
|---|---|
| Path: | /settings/system/windows |
| Key: | fetch core loads |
| Advanced: | Yes (means it is not commonly used) |
| Default value: | true |
| Used by: | CheckSystem |
Sample:
[/settings/system/windows]
# Fetch core load
fetch core loads=true
PDH subsystem
Set which pdh subsystem to use. Currently default and thread-safe are supported where thread-safe is slower but required if you have some problematic counters.
| Key | Description |
|---|---|
| Path: | /settings/system/windows |
| Key: | subsystem |
| Advanced: | Yes (means it is not commonly used) |
| Default value: | default |
| Used by: | CheckSystem |
Sample:
[/settings/system/windows]
# PDH subsystem
subsystem=default
Use PDH to fetch CPU load
When using PDH you might get better accuracy and hel alleviate invalid CPU values on multi core systems. The drawback is that PDH counters are sometimes missing and have invalid indexes so your milage may vary
| Key | Description |
|---|---|
| Path: | /settings/system/windows |
| Key: | use pdh for cpu |
| Advanced: | Yes (means it is not commonly used) |
| Default value: | false |
| Used by: | CheckSystem |
Sample:
[/settings/system/windows]
# Use PDH to fetch CPU load
use pdh for cpu=false
PDH Counters
Add counters to check
This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.
Keys:
| Key | Default Value | Description |
|---|---|---|
| alias | ALIAS | |
| buffer size | BUFFER SIZE | |
| collection strategy | COLLECTION STRATEGY | |
| counter | COUNTER | |
| flags | FLAGS | |
| instances | Interpret instances | |
| is template | false | IS TEMPLATE |
| parent | default | PARENT |
| type | COUNTER TYPE |
Sample:
# An example of a PDH Counters section
[/settings/system/windows/counters/sample]
#alias=...
#buffer size=...
#collection strategy=...
#counter=...
#flags=...
#instances=...
is template=false
parent=default
#type=...
Known instances:
- disk_queue_length
Legacy generic filters
A set of filters to use in real-time mode
This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.
Keys:
| Key | Default Value | Description |
|---|---|---|
| check | cpu | TYPE OF CHECK |
| command | COMMAND NAME | |
| critical | CRITICAL FILTER | |
| debug | DEBUG | |
| destination | DESTINATION | |
| detail syntax | SYNTAX | |
| empty message | eventlog found no records | EMPTY MESSAGE |
| escape html | ESCAPE HTML | |
| filter | FILTER | |
| maximum age | 5m | MAGIMUM AGE |
| ok | OK FILTER | |
| ok syntax | SYNTAX | |
| perf config | PERF CONFIG | |
| severity | SEVERITY | |
| silent period | false | Silent period |
| source id | SOURCE ID | |
| target | DESTINATION | |
| target id | TARGET ID | |
| time | TIME | |
| times | FILES | |
| top syntax | SYNTAX | |
| warning | WARNING FILTER |
Sample:
# An example of a Legacy generic filters section
[/settings/system/windows/real-time/checks/sample]
check=cpu
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
silent period=false
#source id=...
#target=...
#target id=...
#time=...
#times=...
#top syntax=...
#warning=...
Realtime cpu filters
A set of filters to use in real-time mode
This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.
Keys:
| Key | Default Value | Description |
|---|---|---|
| command | COMMAND NAME | |
| critical | CRITICAL FILTER | |
| debug | DEBUG | |
| destination | DESTINATION | |
| detail syntax | SYNTAX | |
| empty message | eventlog found no records | EMPTY MESSAGE |
| escape html | ESCAPE HTML | |
| filter | FILTER | |
| maximum age | 5m | MAGIMUM AGE |
| ok | OK FILTER | |
| ok syntax | SYNTAX | |
| perf config | PERF CONFIG | |
| severity | SEVERITY | |
| silent period | false | Silent period |
| source id | SOURCE ID | |
| target | DESTINATION | |
| target id | TARGET ID | |
| time | TIME | |
| top syntax | SYNTAX | |
| warning | WARNING FILTER |
Sample:
# An example of a Realtime cpu filters section
[/settings/system/windows/real-time/cpu/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
silent period=false
#source id=...
#target=...
#target id=...
#time=...
#top syntax=...
#warning=...
Realtime memory filters
A set of filters to use in real-time mode
This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.
Keys:
| Key | Default Value | Description |
|---|---|---|
| command | COMMAND NAME | |
| critical | CRITICAL FILTER | |
| debug | DEBUG | |
| destination | DESTINATION | |
| detail syntax | SYNTAX | |
| empty message | eventlog found no records | EMPTY MESSAGE |
| escape html | ESCAPE HTML | |
| filter | FILTER | |
| maximum age | 5m | MAGIMUM AGE |
| ok | OK FILTER | |
| ok syntax | SYNTAX | |
| perf config | PERF CONFIG | |
| severity | SEVERITY | |
| silent period | false | Silent period |
| source id | SOURCE ID | |
| target | DESTINATION | |
| target id | TARGET ID | |
| top syntax | SYNTAX | |
| type | MEMORY TYPE | |
| warning | WARNING FILTER |
Sample:
# An example of a Realtime memory filters section
[/settings/system/windows/real-time/memory/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
silent period=false
#source id=...
#target=...
#target id=...
#top syntax=...
#type=...
#warning=...
Realtime process filters
A set of filters to use in real-time mode
This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.
Keys:
| Key | Default Value | Description |
|---|---|---|
| command | COMMAND NAME | |
| critical | CRITICAL FILTER | |
| debug | DEBUG | |
| destination | DESTINATION | |
| detail syntax | SYNTAX | |
| empty message | eventlog found no records | EMPTY MESSAGE |
| escape html | ESCAPE HTML | |
| filter | FILTER | |
| maximum age | 5m | MAGIMUM AGE |
| ok | OK FILTER | |
| ok syntax | SYNTAX | |
| perf config | PERF CONFIG | |
| process | PROCESS | |
| severity | SEVERITY | |
| silent period | false | Silent period |
| source id | SOURCE ID | |
| target | DESTINATION | |
| target id | TARGET ID | |
| top syntax | SYNTAX | |
| warning | WARNING FILTER |
Sample:
# An example of a Realtime process filters section
[/settings/system/windows/real-time/process/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#process=...
#severity=...
silent period=false
#source id=...
#target=...
#target id=...
#top syntax=...
#warning=...