Skip to content

CheckSystem

Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.

Enable module

To enable this module and and allow using the commands you need to ass CheckSystem = enabled to the [/modules] section in nsclient.ini:

[/modules]
CheckSystem = enabled

Queries

A quick reference for all available queries (check commands) in the CheckSystem module.

List of commands:

A list of all available queries (check commands)

Command Description
check_battery Check battery status including charge level, power source, and battery health.
check_cpu Check that the load of the CPU(s) are within bounds.
check_cpu_frequency Check CPU clock frequency (current vs max) per processor.
check_memory Check free/used memory on the system.
check_network Check network interface status.
check_os_updates Check for available Windows updates via the Windows Update Agent (WUA) API.
check_os_version Check the version of the underlying OS.
check_pagefile Check the size of the system pagefile(s).
check_pdh Check the value of a performance (PDH) counter on the local or remote system.
check_process Check state/metrics of one or more of the processes running on the computer.
check_process_history Check the history of processes that have been running since NSClient++ started. Useful for verifying if certain applications have been executed.
check_process_history_new Check for new processes that appeared within a specified time window. Useful for detecting unexpected or unauthorized applications.
check_service Check the state of one or more of the computer services.
check_temperature Check ACPI thermal zone temperatures.
check_uptime Check time since last server re-boot.

List of command aliases:

A list of all short hand aliases for queries (check commands)

Command Description
check_counter Alias for: :query:check_pdh

check_battery

Check battery status including charge level, power source, and battery health.

Jump to section:

Command-line Arguments

Option Default Value Description
filter battery_present = 'true' Filter which marks interesting items.
warning charge < 20 Filter which marks items which generates a warning state.
warn Short alias for warning
critical charge < 10 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state warning Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax %(status): No battery found or all batteries ok. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${name}: ${charge}% (${power_source}, ${status}) Detail level syntax.
perf-syntax ${name} Performance alias syntax.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

Default Value: battery_present = 'true'

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: charge < 20

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: charge < 10

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: warning

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): No battery found or all batteries ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${name}: ${charge}% (${power_source}, ${status})

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${name}

Filter keywords

Option Description
battery_present Whether a battery is present: 'true' or 'false'
charge Battery charge level in percent (0-100)
charge_rate Current charge rate in mW (when charging)
design_capacity Design capacity in mWh
discharge_rate Current discharge rate in mW (when discharging)
full_capacity Current full charge capacity in mWh
health Battery health in percent (full_capacity / design_capacity * 100)
name Battery name/identifier
power_source Power source: 'ac', 'battery', or 'unknown'
remaining_capacity Current remaining capacity in mWh
time_remaining Estimated time remaining in seconds (-1 if unknown or on AC)

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_cpu

Check that the load of the CPU(s) are within bounds.

The check_cpu command is a query based command which means it has a filter where you can use a filter expression with filter keywords to define which rows are relevant to the check. The filter is written using the filter query language and in it you can use various filter keywords to define the filtering logic. The filter keywords can also be used to create the bound expressions for the warning and critical which defines when a check returns warning or critical.

How CPU load is measured (historical buffer)

check_cpu does not measure the CPU load at the moment the check is executed. Instead, NSClient++ runs a background collector thread that samples the CPU load roughly once per second and pushes each sample into an in-memory ring buffer. Whenever you run check_cpu the values reported are averages computed from this buffer for one or more time windows.

The time windows are controlled by the time= option. The default is to compute three averages: 5m, 1m and 5s (which is why the default output contains rows like total 5m load, total 1m load and total 5s load). You can override this with one or more time= arguments, for example time=10m or time=30s time=2m.

Buffer size and configuration

The size of the historical buffer is controlled by the default buffer length setting on the CheckSystem section. The default is 1h, meaning the last hour of samples is retained. The buffer size puts an upper bound on the time windows you can use:

  • If you ask for a window that is shorter than or equal to the buffer length, the result is the average of all samples collected during that window.
  • If you ask for a window that is longer than the buffer length, the result will only cover the samples that are actually present in the buffer (effectively capped to the buffer length).
  • If NSClient++ was started less time ago than the requested window, the result will only reflect the samples collected since startup. Right after start-up 5m and 1m averages will therefore be based on fewer samples than they normally would be.

If you need to check on longer windows (for example 2h or 6h) you must increase default buffer length accordingly. Note that a larger buffer uses more memory, so only increase it as far as you actually need.

Impact on measurements

Because every value reported by check_cpu is an average over a time window, the choice of time= has a direct impact on what the check sees:

  • Short windows (e.g. 5s, 10s) are very reactive and will show short spikes in CPU load, but they also produce a lot of noise. They are useful for catching transient bursts but can also generate flapping alerts.
  • Medium windows (e.g. 1m, 5m) are a good compromise for most monitoring use cases. They smooth out short spikes while still reacting to sustained load within a few minutes.
  • Long windows (e.g. 15m, 1h) smooth out almost all transients and only fire when the CPU has been busy for an extended period of time. They are well suited to detecting sustained load but will be slow to react and slow to recover.

A common pattern is to combine windows, for example warning on a long window and critical on a short one (or vice versa), so that the check both catches sustained problems and ignores brief spikes. The default check (5m, 1m, 5s) is an example of this approach.

Because the values are averages, they will not match the instantaneous CPU load shown by tools such as top at the moment the check is executed, and very short spikes that fall between collection ticks may be missed entirely.

Jump to section:

Sample Commands

To edit these sample please edit this page

Default check:

check_cpu
CPU Load ok
'total 5m load'=0%;80;90 'total 1m load'=0%;80;90 'total 5s load'=7%;80;90

Checking all cores by adding filter=none (disabling the default filter):

check_cpu filter=none "warn=load > 80" "crit=load > 90"
CPU Load ok
'core 0 5m kernel'=1%;10;0 'core 0 5m load'=3%;80;90 'core 1 5m kernel'=0%;10;0 'core 1 5m load'=0%;80;90 ...  'core 7 5s load'=15%;80;90 'total 5s kernel'=3%;10;0 'total 5s load'=7%;80;90

Adding kernel times to the check:

check_cpu filter=none "warn=kernel > 10 or load > 80" "crit=load > 90" "top-syntax=${list}"
core 0 > 3, core 1 > 0, core 2 > 0, core  ... , core 7 > 15, total > 7
'core 0 5m kernel'=1%;10;0 'core 0 5m load'=3%;80;90 'core 1 5m kernel'=0%;10;0 'core 1 5m load'=0%;80;90 ...  'core 7 5s load'=15%;80;90 'total 5s kernel'=3%;10;0 'total 5s load'=7%;80;90

Default check via NRPE:

check_nscp --host 192.168.56.103 --command check_cpu
CPU Load ok|'total 5m'=16%;80;90 'total 1m'=13%;80;90 'total 5s'=13%;80;90

Customizing the output syntax to include CPU load in text:

check_cpu "top-syntax=%(status): %(list)"
L        cli OK: OK: 5m: 16%, 1m: 30%, 5s: 23%

Customizing the output syntax to only show CPU load as text:

check_cpu "top-syntax=%(status): Cpu usage is %(list)" time=5m "detail-syntax=%(load) %"
L        cli OK: OK: Cpu usage is 26 %

Command-line Arguments

Option Default Value Description
filter core = 'total' Filter which marks interesting items.
warning load > 80 Filter which marks items which generates a warning state.
warn Short alias for warning
critical load > 90 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${problem_list} Top level syntax.
ok-syntax %(status): CPU load is ok. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${time}: ${load}% Detail level syntax.
perf-syntax ${core} ${time} Performance alias syntax.
time The time to check
cores N/A This will remove the filter to include the cores, if you use filter dont use this as well.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

Default Value: core = 'total'

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: load > 80

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: load > 90

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${problem_list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): CPU load is ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${time}: ${load}%

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${core} ${time}

Filter keywords

Option Description
core The core to check (total or core ##)
core_id The core to check (total or core_##)
idle The current idle load for a given core
kernel deprecated (use system instead)
load deprecated (use total instead)
system The current load used by the system (kernel)
time The time frame to check
user The current load used by user applications

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_cpu_frequency

Check CPU clock frequency (current vs max) per processor.

Jump to section:

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning frequency_pct < 50 Filter which marks items which generates a warning state.
warn Short alias for warning
critical frequency_pct < 30 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state warning Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax %(status): All CPU frequencies seem ok. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${name}: ${current_mhz}/${max_mhz} MHz (${frequency_pct}%) Detail level syntax.
perf-syntax ${name} Performance alias syntax.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: frequency_pct < 50

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: frequency_pct < 30

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: warning

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): All CPU frequencies seem ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${name}: ${current_mhz}/${max_mhz} MHz (${frequency_pct}%)

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${name}

Filter keywords

Option Description
cores Number of physical cores
current_mhz Current clock speed in MHz
frequency_pct Current frequency as percentage of maximum
logical_processors Number of logical processors (threads)
max_mhz Maximum clock speed in MHz
name CPU name / model string

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_memory

Check free/used memory on the system.

Kinds of memory

There are several different kinds of memory that a computer system uses to manage data and processes. Here are the main types:

  • physical Memory (RAM): This is the actual, tangible memory chips installed in your computer. It's often referred to as RAM (Random Access Memory).
  • committed Memory: Committed memory refers to the amount of virtual memory that has been reserved by processes. When a program requests memory from the operating system, that memory is "committed." This committed memory is guaranteed to be available to the process, meaning Windows has set aside enough resources (either physical RAM or space in the page file) to back that memory.
  • virtual Memory: Virtual memory is an abstraction layer created by the operating system (Windows) to provide a larger, contiguous address space to each process than the physical RAM actually available.

Jump to section:

Sample Commands

To edit these sample please edit this page

Default check:

check_memory
OK memory within bounds.
'page used'=8G;19;21 'page used %'=33%;79;89 'physical used'=7G;9;10 'physical used %'=65%;79;89

Using --show-all to show the result:

check_memory "warn=free < 20%" "crit=free < 10G" --show-all
page = 8.05G, physical = 7.85G
'page free'=15G;4;2 'page free %'=66%;19;9 'physical free'=4G;2;1 'physical free %'=34%;19;9

Changing the return syntax to include more information::

check_memory "top-syntax=${list}" "detail-syntax=${type} free: ${free} used: ${used} size: ${size}"
page free: 16G used: 7.98G size: 24G, physical free: 4.18G used: 7.8G size: 12G

Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_memory
OK memory within bounds.|'page'=531G;3;3;0;3 'page %'=12%;79;89;0;100 'physical'=530G;1;1;0;1 'physical %'=25%;79;89;0;100
Overriding the unit:

Most "byte" checks such as memory have an auto scaling feature which means values will go from 800M to 1.2G between checks. Some graphing systems does not honor the units in performance data in which case you can get unexpected large values (such as 800G). To remedy this you can lock the unit by adding perf-config=*(unit:G)

check_memory perf-config=*(unit:G)
page = 8.05G, physical = 7.85G
'page free'=15G;4;2 'page free %'=66%;19;9 'physical free'=4G;2;1 'physical free %'=34%;19;9

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning used > 80% Filter which marks items which generates a warning state.
warn Short alias for warning
critical used > 90% Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax ${type}: ${used}/${size} Detail level syntax.
perf-syntax ${type} Performance alias syntax.
type The type of memory to check (physical = Physical memory (RAM), committed = total memory (RAM+PAGE)
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: used > 80%

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: used > 90%

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${type}: ${used}/${size}

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${type}

Filter keywords

Option Description
free Free memory in bytes (g,m,k,b) or percentages %
free_pct % free memory
size Total size of memory
type The type of memory to check
used Used memory in bytes (g,m,k,b) or percentages %
used_pct % used memory

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_network

Check network interface status.

Jump to section:

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning total > 10000 Filter which marks items which generates a warning state.
warn Short alias for warning
critical total > 100000 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state critical Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax %(status): Network interfaces seem ok. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${name} >${sent} <${received} bps Detail level syntax.
perf-syntax ${name} Performance alias syntax.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: total > 10000

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: total > 100000

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: critical

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): Network interfaces seem ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${name} >${sent} <${received} bps

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${name}

Filter keywords

Option Description
MAC The MAC address
enabled True if the network interface is enabled
name Network interface name
net_connection_id Network connection id
received Bytes received per second
sent Bytes sent per second
speed The network interface speed

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_os_updates

Check for available Windows updates via the Windows Update Agent (WUA) API.

Jump to section:

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning count > 0 Filter which marks items which generates a warning state.
warn Short alias for warning
critical security > 0 or critical > 0 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ok Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${count} updates available (${security} security, ${critical} critical) Top level syntax.
ok-syntax %(status): No updates available. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${count} updates (${security} security, ${critical} critical) Detail level syntax.
perf-syntax updates Performance alias syntax.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: count > 0

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: security > 0 or critical > 0

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: ok

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${count} updates available (${security} security, ${critical} critical)

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): No updates available.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${count} updates (${security} security, ${critical} critical)

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: updates

Filter keywords

Option Description
critical Number of critical updates
error Last error message from the WUA search (if any)
important Number of updates with MSRC severity 'Important'
reboot_required Number of updates requiring a reboot
security Number of security updates
titles Semicolon separated list of available update titles

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_os_version

Check the version of the underlying OS.

Jump to section:

Sample Commands

To edit these sample please edit this page

Default check:

check_os_Version
L     client CRITICAL: Windows 7 (6.1.7601)
L     client  Performance data: 'version'=61;50;50

Making sure the OS version is Windows 8:

check_os_Version "warn=version < 62"
L     client WARNING: Windows 7 (6.1.7601)
L     client  Performance data: 'version'=61;62;0

Default check via NRPE:

check_nrpe --host 192.168.56.103 --command check_os_version
Windows 2012 (6.2.9200)|'version'=62;50;50

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning version <= 50 Filter which marks items which generates a warning state.
warn Short alias for warning
critical version <= 50 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax ${version} (${major}.${minor}.${build}) Detail level syntax.
perf-syntax version Performance alias syntax.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: version <= 50

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: version <= 50

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${version} (${major}.${minor}.${build})

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: version

Filter keywords

Option Description
build Build version number
major Major version number
minor Minor version number
suite Which suites are installed on the machine (Microsoft BackOffice, Web Edition, Compute Cluster Edition, Datacenter Edition, Enterprise Edition, Embedded, Home Edition, Remote Desktop Support, Small Business Server, Storage Server, Terminal Services, Home Server)
version The system version

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_pagefile

Check the size of the system pagefile(s).

Jump to section:

Sample Commands

To edit these sample please edit this page

Default options:

check_pagefile
L     client WARNING: \Device\HarddiskVolume2\pagefile.sys 24.3M (32M)
L     client  Performance data: '\??\D:\pagefile.sys'=1G;14;19;0;23 '\??\D:\pagefile.sys %'=6%;59;79;0;100 '\Device\HarddiskVolume2\pagefile.sys'=24M;19;25;0;32 '\Device\HarddiskVolume2\pagefile.sys %'=75%;59;79;0;100 'total'=1G;14;19;0;23 'total %'=6%;59;79;0;100

Only showing the total amount of pagefile usage::

check_pagefile "filter=name = 'total'" "top-syntax=${list}"
OK: total 1.66G (24G)
Performance data: 'total'=1G;14;19;0;23 'total %'=6%;59;79;0;100

Getting help on available options::

check_pagefile help
...
  filter=ARG           Filter which marks interesting items.
                       Interesting items are items which will be included in
                       the check.
                       They do not denote warning or critical state but they
                       are checked use this to filter out unwanted items.
                           Available options:
                       free          Free memory in bytes (g,m,k,b) or percentages %
                       name          The name of the page file (location)
                       size          Total size of pagefile
                       used          Used memory in bytes (g,m,k,b) or percentages %
                       count         Number of items matching the filter
                       total         Total number of items
                       ok_count      Number of items matched the ok criteria
                       warn_count    Number of items matched the warning criteria
                       crit_count    Number of items matched the critical criteria
                       problem_count Number of items matched either warning or critical criteria
...

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning used > 60% Filter which marks items which generates a warning state.
warn Short alias for warning
critical used > 80% Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax ${name} ${used} (${size}) Detail level syntax.
perf-syntax ${name} Performance alias syntax.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: used > 60%

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: used > 80%

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${name} ${used} (${size})

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${name}

Filter keywords

Option Description
free Free memory in bytes (g,m,k,b) or percentages %
free_pct % free memory
name The name of the page file (location)
size Total size of pagefile
used Used memory in bytes (g,m,k,b) or percentages %
used_pct % used memory

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_pdh

Check the value of a performance (PDH) counter on the local or remote system. The counters can also be added and polled periodically to get average values. Performance Log Users group membership is required to check performance counters.

Jump to section:

Sample Commands

To edit these sample please edit this page

Checking specific Counter (\System\System Up Time):

check_pdh "counter=\\System\\System Up Time" "warn=value > 5" "crit=value > 9999"
\System\System Up Time = 204213
'\System\System Up Time value'=204213;5;9999

Using the expand index to check for translated counters::

check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999" expand-index
Everything looks good
'\Minne\Dedikationsgräns value'=-2147483648;5;9999

Checking translated counters without expanding indexes::

check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999"
Everything looks good
'\4\30 value'=-2147483648;5;9999

Checking large values using the type=large keyword::

check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999" flags=nocap100 expand-index type=large
\Minne\Dedikationsgräns = 25729224704
'\Minne\Dedikationsgräns value'=25729224704;5;9999

Using real-time checks to check average values over time.

Here we configure a counter to be checked at regular intervals and the value is added to a rrd buffer. The configuration from nsclient.ini::

[/settings/system/windows/counters/foo]
collection strategy=rrd
type=large
counter=\Processor(_total)\% Processor Time

Then we can check the value (current snapshot)::

check_pdh "counter=foo" "warn=value > 80" "crit=value > 90"
Everything looks good
'foo value'=18;80;90

To check averages from the same counter we need to specify the time option::

check_pdh "counter=foo" "warn=value > 80" "crit=value > 90" time=30s
Everything looks good
'foo value'=3;80;90

Checking all instances of a given counter::

    check_pdh "counter=\Processor(*)\% processortid" instances
L     client OK: \\MIME-LAPTOP\Processor(0)\% processortid = 100, \\MIME-LAPTOP\Processor(1)\% processortid = 100, \\MIME-LAPTOP\Processor(2)\% processortid = 100, \\MIME-LAPTOP\Processor(3)\% processortid = 100, \\MIME-LAPTOP\Processor(4)\% processortid = 100, \\MIME-LAPTOP\Processor(5)\% processortid = 100, \\MIME-LAPTOP\Processor(6)\% processortid = 100, \\MIME-LAPTOP\Processor(7)\% processortid = 100, \\MIME-LAPTOP\Processor(_Total)\% processortid = 100
    L     client  Performance data: '\Processor(*)\% processortid_0'=100;0;0 '\Processor(*)\% processortid_1'=100;0;0 '\Processor(*)\% processortid_2'=100;0;0 '\Processor(*)\% processortid_3'=100;0;0 '\Processor(*)\% processortid_4'=100;0;0 '\Processor(*)\% processortid_5'=100;0;0 '\Processor(*)\% processortid_6'=100;0;0 '\Processor(*)\% processortid_7'=100;0;0 '\Processor(*)\% processortid__Total'=100;0;0

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning Filter which marks items which generates a warning state.
warn Short alias for warning
critical Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state unknown Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax ${alias} = ${value} Detail level syntax.
perf-syntax ${alias} Performance alias syntax.
counter Performance counter to check
expand-index N/A Expand indexes in counter strings
instances N/A Expand wildcards and fetch all instances
reload N/A Reload counters on errors (useful to check counters which are not added at boot)
averages N/A Check average values (ie. wait for 1 second to collecting two samples)
time Timeframe to use for named rrd counters
flags Extra flags to configure the counter (nocap100, 1000, noscale)
type large Format of value (double, long, large)
ignore-errors N/A If we should ignore errors when checking counters, for instance missing counters or invalid counters will return 0 instead of errors
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: unknown

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${alias} = ${value}

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${alias}

type:

Format of value (double, long, large)

Default Value: large

Filter keywords

Option Description
alias The counter alias
counter The counter name
time The time for rrd checks
value The counter value (either float or int)
value_f The counter value (force float value)
value_i The counter value (force int value)

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_process

Check state/metrics of one or more of the processes running on the computer.

Jump to section:

Sample Commands

To edit these sample please edit this page

Default check:

check_process
SetPoint.exe=hung
Performance data: 'taskhost.exe'=1;1;0 'dwm.exe'=1;1;0 'explorer.exe'=1;1;0 ... 'chrome.exe'=1;1;0 'vcpkgsrv.exe'=1;1;0 'vcpkgsrv.exe'=1;1;0

Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_process
SetPoint.exe=hung|'smss.exe state'=1;0;0 'csrss.exe state'=1;0;0...

Check that specific process are running::

check_process process=explorer.exe process=foo.exe
foo.exe=stopped
Performance data: 'explorer.exe'=1;1;0 'foo.exe'=0;1;0

Check memory footprint from specific processes::

check_process process=explorer.exe "warn=working_set > 70m"
explorer.exe=started
Performance data: 'explorer.exe ws_size'=73M;70;0

Extend the syntax to display the attributes we are interested in::

check_process process=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set}, handles: ${handles}, user time:${user}s"
WARNING: Explorer.EXE ws:431.812MB, handles: 5639, user time:2535s
Performance data: 'explorer.exe ws_size'=73M;70;0

List all processes which use more then 200m virtual memory Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_process --arguments "filter=virtual > 200m"
OK all processes are ok.|'csrss.exe state'=1;0;0 'svchost.exe state'=1;0;0 'AvastSvc.exe state'=1;0;0 ...

Command-line Arguments

Option Default Value Description
filter state != 'unreadable' Filter which marks interesting items.
warning state not in ('started') Filter which marks items which generates a warning state.
warn Short alias for warning
critical state = 'stopped', count = 0 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state unknown Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${problem_list} Top level syntax.
ok-syntax %(status): all processes are ok. ok syntax.
empty-syntax UNKNOWN: No processes found Empty syntax.
detail-syntax ${exe}=${state} Detail level syntax.
perf-syntax ${exe} Performance alias syntax.
process The service to check, set this to * to check all services
scan-info If all process metrics should be fetched (otherwise only status is fetched)
scan-16bit If 16bit processes should be included
delta Calculate delta over one elapsed second.
scan-unreadable If unreadable processes should be included (will not have information)
total N/A Include the total of all matching files
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

Default Value: state != 'unreadable'

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: state not in ('started')

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: state = 'stopped', count = 0

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: unknown

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${problem_list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): all processes are ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

Default Value: UNKNOWN: No processes found

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${exe}=${state}

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${exe}

delta:

Calculate delta over one elapsed second. This call will measure values and then sleep for 2 second and then measure again calculating deltas.

Filter keywords

Option Description
command_line Command line of process (not always available)
creation Creation time
error Any error messages associated with fetching info
exe The name of the executable
filename Name of process (with path)
gdi_handles Number of handles
handles Number of handles
hung Process is hung
kernel Kernel time in seconds
legacy_state Get process status (for legacy use via check_nt only)
new Process is new (can inly be used for real-time filters)
page_fault Page fault count
pagefile Peak page file use in bytes (g,m,k,b)
peak_pagefile Page file usage in bytes (g,m,k,b)
peak_virtual Peak virtual size in bytes (g,m,k,b)
peak_working_set Peak working set in bytes (g,m,k,b)
pid Process id
started Process is started
state The current state (started, stopped hung)
stopped Process is stopped
time User-kernel time in seconds
user User time in seconds
user_handles Number of handles
virtual Virtual size in bytes (g,m,k,b)
working_set Working set in bytes (g,m,k,b)

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_process_history

Check the history of processes that have been running since NSClient++ started. Useful for verifying if certain applications have been executed.

Jump to section:

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning Filter which marks items which generates a warning state.
warn Short alias for warning
critical Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ok Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${problem_list} Top level syntax.
ok-syntax %(status): ${count} processes in history. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${exe} (${running}) Detail level syntax.
perf-syntax ${exe} Performance alias syntax.
process Filter to specific process names. Can be specified multiple times. If not specified, all processes in history are shown.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: ok

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${problem_list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): ${count} processes in history.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${exe} (${running})

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${exe}

Filter keywords

Option Description
currently_running Whether the process is currently running (1/0)
exe The name of the executable
first_seen Unix timestamp when process was first seen
last_seen Unix timestamp when process was last seen
running Whether the process is currently running: 'true' or 'false'
times_seen Number of times the process has been observed running

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_process_history_new

Check for new processes that appeared within a specified time window. Useful for detecting unexpected or unauthorized applications.

Jump to section:

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning Filter which marks items which generates a warning state.
warn Short alias for warning
critical Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ok Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax %(status): No new processes found. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${exe} (first seen: ${first_seen}) Detail level syntax.
perf-syntax ${exe} Performance alias syntax.
time 5m Time window to check for new processes (e.g., 5m, 1h, 30s). Processes first seen within this window are considered new.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: ok

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): No new processes found.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${exe} (first seen: ${first_seen})

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${exe}

time:

Time window to check for new processes (e.g., 5m, 1h, 30s). Processes first seen within this window are considered new.

Default Value: 5m

Filter keywords

Option Description
currently_running Whether the process is currently running (1/0)
exe The name of the executable
first_seen Unix timestamp when process was first seen
last_seen Unix timestamp when process was last seen
running Whether the process is currently running: 'true' or 'false'
times_seen Number of times the process has been observed running

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_service

Check the state of one or more of the computer services.

state_is_ok

Helper function that checks if the state of a service is "OK". It returns True if the state is "OK" and False otherwise. This can be used in filter expressions to warn about services that are not running properly.

Configured State exit_code Result of state_is_ok
auto-start running any ✅ ok
delayed auto-start stopped any ✅ ok
auto-start + triggers stopped any ✅ ok
auto-start stopped 0 ✅ ok
auto-start stopped non zero ❌ not ok
demand-start any state any ✅ ok

state_is_perfect

Helper function that checks if the state of a service is "perfect". It returns True if the state is "perfect" and False otherwise. This can be used in filter expressions to warn about services that are not running perfectly.

Configured State Result of state_is_perfect
auto-start running ✅ perfect
auto-start stopped ❌ not perfect
auto-start + triggers stopped ✅ perfect
demand-start any state ✅ perfect
disabled stopped ✅ perfect

Jump to section:

Sample Commands

To edit these sample please edit this page

Default check:

check_service
OK all services are ok.

Excluding services using exclude::

check_service "exclude=clr_optimization_v4.0.30319_32"  "exclude=clr_optimization_v4.0.30319_64"
WARNING: gupdate=stopped (auto), Net Driver HPZ12=stopped (auto), NSClientpp=stopped (auto), nscp=stopped (auto), Pml Driver HPZ12=stopped (auto), SkypeUpdate=stopped (auto), sppsvc=stopped (auto)

Show all service by changing the syntax::

check_service "top-syntax=${list}" "detail-syntax=${name}:${state}"
AdobeActiveFileMonitor10.0:running, AdobeARMservice:running, AdobeFlashPlayerUpdateSvc:stopped, ..., WwanSvc:stopped

Excluding services using the filter::

check_service "filter=start_type = 'auto' and name not in ('Bonjour Service', 'Net Driver HPZ12')"
AdobeActiveFileMonitor10.0: running, AdobeARMservice: running, AMD External Events Utility: running,  ... wuauserv: running

Exclude versus filter::

You can use both exclude and filter to exclude services the befnefit of exclude is that it is faster with the obvious drawback that it only works on the service name. The upside to filters are that they are richer in terms of functionality i.e. substring matching (as below).

Regular check 

check_service
L        cli CRITICAL: CRITICAL: nfoo=stopped (auto), nscp=stopped (auto), nscp2=stopped (auto), ...

Excluding nfoo service with exclude: 

check_service exclude=nfoo
L        cli CRITICAL: CRITICAL: nscp=stopped (auto), nscp2=stopped (auto), ...

Excluding nscp2 with substring like matching filter: 

check_service exclude=nfoo "filter=name not like 'nscp'"
L        cli CRITICAL: CRITICAL: ...

Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_service
WARNING: DPS=stopped (auto), MSDTC=stopped (auto), sppsvc=stopped (auto), UALSVC=stopped (auto)

Check that a service is not started::

check_service service=nscp "crit=state = 'started'" warn=none

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning not state_is_perfect() Filter which marks items which generates a warning state.
warn Short alias for warning
critical not state_is_ok() Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state unknown Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${crit_list}, delayed (${warn_list}) Top level syntax.
ok-syntax %(status): All %(count) service(s) are ok. ok syntax.
empty-syntax %(status): No services found Empty syntax.
detail-syntax ${name}=${state}, exit=%(exit_code), type=%(start_type) Detail level syntax.
perf-syntax ${name} Performance alias syntax.
computer The name of the remote computer to check
service The service to check, set this to * to check all services
exclude A list of services to ignore (mainly useful in combination with service=*)
type service The types of services to enumerate available types are driver, file-system-driver, kernel-driver, service, service-own-process, service-share-process
state all The types of services to enumerate available states are active, inactive or all
only-essential N/A Set filter to classification = 'essential'
only-ignored N/A Set filter to classification = 'ignored'
only-role N/A Set filter to classification = 'role'
only-supporting N/A Set filter to classification = 'supporting'
only-system N/A Set filter to classification = 'system'
only-user N/A Set filter to classification = 'user'
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: not state_is_perfect()

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: not state_is_ok()

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: unknown

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${crit_list}, delayed (${warn_list})

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): All %(count) service(s) are ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

Default Value: %(status): No services found

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${name}=${state}, exit=%(exit_code), type=%(start_type)

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${name}

type:

The types of services to enumerate available types are driver, file-system-driver, kernel-driver, service, service-own-process, service-share-process

Default Value: service

state:

The types of services to enumerate available states are active, inactive or all

Default Value: all

Filter keywords

Option Description
classification Get classification
delayed If the service is delayed
desc Service description
exit_code The Win32 exit code of the service
is_trigger If the service is has associated triggers
legacy_state Get legacy state (deprecated and only used by check_nt)
name Service name
pid Process id
start_type The configured start type ()
state The current state ()
state_is_ok() Check if the state is ok, i.e. all running services are running (delayed services are allowed to be stopped)
state_is_perfect() Check if the state is ok, i.e. all running services are running
triggers The number of associated triggers for this service

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_temperature

Check ACPI thermal zone temperatures.

Jump to section:

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning temperature > 70 Filter which marks items which generates a warning state.
warn Short alias for warning
critical temperature > 90 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state critical Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax %(status): All thermal zones seem ok. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${name}: ${temperature} C Detail level syntax.
perf-syntax ${name} Performance alias syntax.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: temperature > 70

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: temperature > 90

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: critical

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Default Value: %(status): All thermal zones seem ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${name}: ${temperature} C

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: ${name}

Filter keywords

Option Description
active True if the thermal zone is active
name Thermal zone name
temperature Temperature in degrees Celsius
throttle_reasons Throttle reasons bitmask

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

check_uptime

Check time since last server re-boot.

Jump to section:

Sample Commands

To edit these sample please edit this page

Default check:

check_uptime
uptime: -9:02, boot: 2013-aug-18 08:29:13
'uptime uptime'=1376814553s;1376760683;1376803883

Adding warning and critical thresholds::

check_uptime "warn=uptime < -2d" "crit=uptime < -1d"
...

Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_uptime
uptime: -0:3, boot: 2013-sep-08 18:41:06 (UCT)|'uptime'=1378665666;1378579481;1378622681

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning uptime < 2d Filter which marks items which generates a warning state.
warn Short alias for warning
critical uptime < 1d Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax uptime: ${uptime}h, boot: ${boot} (UTC) Detail level syntax.
perf-syntax uptime Performance alias syntax.
filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Default Value: uptime < 2d

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Default Value: uptime < 1d

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Default Value: ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to escape on linux).

Default Value: uptime: ${uptime}h, boot: ${boot} (UTC)

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Default Value: uptime

Filter keywords

Option Description
boot System boot time
uptime Time since last boot

Common options for all checks:

Option Description
count Number of items matching the filter.
crit_count Number of items matched the critical criteria.
crit_list A list of all items which matched the critical criteria.
detail_list A special list with critical, then warning and finally ok.
list A list of all items which matched the filter.
ok_count Number of items matched the ok criteria.
ok_list A list of all items which matched the ok criteria.
problem_count Number of items matched either warning or critical criteria.
problem_list A list of all items which matched either the critical or the warning criteria.
status The returned status (OK/WARN/CRIT/UNKNOWN).
total Total number of items.
warn_count Number of items matched the warning criteria.
warn_list A list of all items which matched the warning criteria.

Configuration

Path / Section Description
/settings/system/windows Windows system
/settings/system/windows/counters PDH Counters
/settings/system/windows/real-time/checks Legacy generic filters
/settings/system/windows/real-time/cpu Realtime cpu filters
/settings/system/windows/real-time/memory Realtime memory filters
/settings/system/windows/real-time/process Realtime process filters

Windows system

Section for system checks and system settings

Key Default Value Description
default buffer length 1h Default buffer time
disable Disable automatic checks
fetch core loads true Fetch core load
process history false Track process history
subsystem default PDH subsystem
use pdh for cpu false Use PDH to fetch CPU load 
# Section for system checks and system settings
[/settings/system/windows]
default buffer length=1h
fetch core loads=true
process history=false
subsystem=default
use pdh for cpu=false

Default buffer time

Used to define the default size of range buffer checks (ie. CPU).

Key Description
Path: /settings/system/windows
Key: default buffer length
Default value: 1h
Used by: CheckSystem

Sample:

[/settings/system/windows]
# Default buffer time
default buffer length=1h

Disable automatic checks

A comma separated list of checks to disable in the collector: battery,cpu,handles,network,temperature,cpu_frequency,os_updates,metrics,pdh. Please note disabling these will mean part of NSClient++ will no longer function as expected.

Key Description
Path: /settings/system/windows
Key: disable
Advanced: Yes (means it is not commonly used)
Default value: N/A
Used by: CheckSystem

Sample:

[/settings/system/windows]
# Disable automatic checks
disable=

Fetch core load

Set to false to use a different API for fetching CPU load (will not provide core load, and will not show exact same values as task manager).

Key Description
Path: /settings/system/windows
Key: fetch core loads
Advanced: Yes (means it is not commonly used)
Default value: true
Used by: CheckSystem

Sample:

[/settings/system/windows]
# Fetch core load
fetch core loads=true

Track process history

Enable tracking of process history for use with check_process_history and check_process_history_new commands.

Key Description
Path: /settings/system/windows
Key: process history
Default value: false
Used by: CheckSystem

Sample:

[/settings/system/windows]
# Track process history
process history=false

PDH subsystem

Set which pdh subsystem to use. Currently default and thread-safe are supported where thread-safe is slower but required if you have some problematic counters.

Key Description
Path: /settings/system/windows
Key: subsystem
Advanced: Yes (means it is not commonly used)
Default value: default
Used by: CheckSystem

Sample:

[/settings/system/windows]
# PDH subsystem
subsystem=default

Use PDH to fetch CPU load

When using PDH you might get better accuracy and hel alleviate invalid CPU values on multi core systems. The drawback is that PDH counters are sometimes missing and have invalid indexes so your milage may vary

Key Description
Path: /settings/system/windows
Key: use pdh for cpu
Advanced: Yes (means it is not commonly used)
Default value: false
Used by: CheckSystem

Sample:

[/settings/system/windows]
# Use PDH to fetch CPU load
use pdh for cpu=false

PDH Counters

Add counters to check

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
alias ALIAS
buffer size BUFFER SIZE
collection strategy COLLECTION STRATEGY
counter COUNTER
flags FLAGS
instances Interpret instances
is template false IS TEMPLATE
parent default PARENT
type COUNTER TYPE

Sample:

# An example of a PDH Counters section
[/settings/system/windows/counters/sample]
#alias=...
#buffer size=...
#collection strategy=...
#counter=...
#flags=...
#instances=...
is template=false
parent=default
#type=...

Known instances:

  • disk_queue_length

Legacy generic filters

A set of filters to use in real-time mode

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
check cpu TYPE OF CHECK
command COMMAND NAME
critical CRITICAL FILTER
debug DEBUG
destination DESTINATION
detail syntax SYNTAX
empty message eventlog found no records EMPTY MESSAGE
escape html ESCAPE HTML
filter FILTER
maximum age 5m MAXIMUM AGE
ok OK FILTER
ok syntax SYNTAX
perf config PERF CONFIG
severity SEVERITY
silent period false Silent period
source id SOURCE ID
target DESTINATION
target id TARGET ID
time TIME
times FILES
top syntax SYNTAX
warning WARNING FILTER

Sample:

# An example of a Legacy generic filters section
[/settings/system/windows/real-time/checks/sample]
check=cpu
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
silent period=false
#source id=...
#target=...
#target id=...
#time=...
#times=...
#top syntax=...
#warning=...

Realtime cpu filters

A set of filters to use in real-time mode

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
command COMMAND NAME
critical CRITICAL FILTER
debug DEBUG
destination DESTINATION
detail syntax SYNTAX
empty message eventlog found no records EMPTY MESSAGE
escape html ESCAPE HTML
filter FILTER
maximum age 5m MAXIMUM AGE
ok OK FILTER
ok syntax SYNTAX
perf config PERF CONFIG
severity SEVERITY
silent period false Silent period
source id SOURCE ID
target DESTINATION
target id TARGET ID
time TIME
top syntax SYNTAX
warning WARNING FILTER

Sample:

# An example of a Realtime cpu filters section
[/settings/system/windows/real-time/cpu/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
silent period=false
#source id=...
#target=...
#target id=...
#time=...
#top syntax=...
#warning=...

Realtime memory filters

A set of filters to use in real-time mode

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
command COMMAND NAME
critical CRITICAL FILTER
debug DEBUG
destination DESTINATION
detail syntax SYNTAX
empty message eventlog found no records EMPTY MESSAGE
escape html ESCAPE HTML
filter FILTER
maximum age 5m MAXIMUM AGE
ok OK FILTER
ok syntax SYNTAX
perf config PERF CONFIG
severity SEVERITY
silent period false Silent period
source id SOURCE ID
target DESTINATION
target id TARGET ID
top syntax SYNTAX
type MEMORY TYPE
warning WARNING FILTER

Sample:

# An example of a Realtime memory filters section
[/settings/system/windows/real-time/memory/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
silent period=false
#source id=...
#target=...
#target id=...
#top syntax=...
#type=...
#warning=...

Realtime process filters

A set of filters to use in real-time mode

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
command COMMAND NAME
critical CRITICAL FILTER
debug DEBUG
destination DESTINATION
detail syntax SYNTAX
empty message eventlog found no records EMPTY MESSAGE
escape html ESCAPE HTML
filter FILTER
maximum age 5m MAXIMUM AGE
ok OK FILTER
ok syntax SYNTAX
perf config PERF CONFIG
process PROCESS
severity SEVERITY
silent period false Silent period
source id SOURCE ID
target DESTINATION
target id TARGET ID
top syntax SYNTAX
warning WARNING FILTER

Sample:

# An example of a Realtime process filters section
[/settings/system/windows/real-time/process/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#process=...
#severity=...
silent period=false
#source id=...
#target=...
#target id=...
#top syntax=...
#warning=...