Your SlideShare is downloading. ×
Ns client++ whats new (nwc2013)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ns client++ whats new (nwc2013)

86
views

Published on

Michael introduced new and upcoming features of NSClient++ such as real-time log file analytic as well as real-time system monitoring. He also introduced the new remote agent-less monitoring features …

Michael introduced new and upcoming features of NSClient++ such as real-time log file analytic as well as real-time system monitoring. He also introduced the new remote agent-less monitoring features as well as protocol enhancements and distributed setups.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
86
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. NSClient++ Whats new? http://nsclient.org
  • 2. http://nsclient.org Monitoring Simplified
  • 3. How many use NSClient++ NS-whatdid he say? ?#@*&%! wrong room!
  • 4. How many like NSClient++? ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters: ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : - 2147481643: No data to return. Failed to query performance counters:
  • 5. simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
  • 6. dev worked in ops a long time ago not ops work with soa not, C/C++, nagios Michael Medin
  • 7. NSClient++
  • 8. agent Since 2003? windowslinux and modular by design Highly extensible 0.4.1: 2012-10-xx 0.4.2: 2013-10-xx? <0.4.0 not open coreOpen source 0.4.3: 2014-02-xx?
  • 9. is stable
  • 10. one-man-band no company, no commercial version, no payed time
  • 11. Please Some times I am busy 
  • 12. Please Some times I am busy  Get your a** over here and play NOW!
  • 13. one-man-band no company sponsoring! donations! support! , no commercial version, no payed time
  • 14. Thank you!
  • 15. Sockets: ipv6, ssl (true) New protocols: NRDP, check_mk,Graphite, syslog, smtp Real-time checks: eventlog, logfiles Simplified: Command line syntax Modernized: NRPE, NSCA, check_nt 0.4.1
  • 16. 0.4.1 Build 90 (2013-02-xx) ◦ nsclient-full.ini ◦ Reload from script ◦ (re)added check_filesize (ie. Check_nt –v FILESIZE) ◦ Encoding support for NRPE ◦ New option: scan-range for CheckEventLog ◦ Various minor bug fixes Build 96 (2013-04-xx) ◦ Reverted external script quoting issues ◦ (re)added check_fileage (ie. Check_nt –v FILEAGE) ◦ Added support for binding to both ipv6 and ipv4 ◦ Various minor bug fixes Build 102 (2013-08-xx) ◦ PDH improvements ◦ Performance data: pass through ◦ Encoding support through out ◦ Various minor bug fixes and enhacements
  • 17. 0.4.2: The goals Modern Windows support Simplifiedmonitoring Real-time monitoring Linux checks
  • 18. 0.4.2: The STATUS Modern Windows support Simplified monitoring Real-time monitoring Linux checks NSCP protocol Check_xxx clients
  • 19. 0.4.2: Some Examples Check_os_Version Check_pagefile Check_process NO MORE PDH Check_service Nrpe_client
  • 20. Filters
  • 21. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 22. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 23. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 24. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 25. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 26. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 27. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 28. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … ( )
  • 29. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … (source or level )
  • 30. filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices- RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))
  • 31. Numbers, constants etc Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list
  • 32. Strings Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list like Substring matching regexp Regular expression not like Opposite of like not regexp Opposite of regexp
  • 33. All good things are three! Filter Warning Critical Ok
  • 34. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  • 35. Display Custom strings Supports top- and detail-syntax
  • 36. Display detail- ${source} top- ${list} Hello: s: App1, s: App1, s: App3
  • 37. check_pagefile "filter=name = 'total check_uptime "warn=uptime< - "crit=uptime< - check_processprocess=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set},handles: ${handles},user time:${user
  • 38. Simple?
  • 39. Let me guess This all seems Like a lot of typing!
  • 40. Sensible defaults!
  • 41. check_cpu Just works!
  • 42. Real time monitoring
  • 43. Active monitoring! Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ...
  • 44. Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Monitored Server (Windows) Monitoring Server (Nagios) check_cpu check_uptime check_mem check_eventlog check_updates ... ... Passive monitoring!
  • 45. Real-time monitoring! Monitored Server (Windows) Monitoring Server (Nagios) Error detected in eventlog Everything is ok Monitored Server (Windows) Monitoring Server (Nagios) Error detected in eventlog Everything is ok
  • 46. CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File No CPU overhead Notified instantly Powerful filtering
  • 47. CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter File [/modules] CheckLogFile = enabled NSCAClient = enabled SimpleFileWriter = enabled [/settings/logfile/real-time/checks/my_check] destination = FILE,NSCA file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NSCA/client/targets/default] address = 10.11.12.13 encryption = aes password = secreter
  • 48. But I use
  • 49. CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer No CPU overhead Powerful filtering Stored in cache Check latest result Fetched instantly
  • 50. CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer CheckLogFile NSClient++ Core Linux Kernel FILE NSCA NSCAClient SimpleFileWriter SimpleCacheCACHE NRPEServer [/modules] CheckLogFile = enabled SimpleCache = enabled NRPEServer = enabled [/settings/logfile/real-time/checks/my_check] destination = CACHE file = test.txt warning = column1 like ‘warn’ critical = column2 like ‘crit’ [/settings/NRPE/server] allowed hosts = 10.11.12.13 allow arguments = true
  • 51. But HOW ABOUT Graphing?
  • 52. Two options: 1, store/fetch from cache 2, submit passively but not to Nagios!
  • 53. apt-get git clone git://github.com/mickem/nscp.git mkdir build ; cd build cmake ../nscp make
  • 54. Manually install visual studio, python and cmake Download and unpack nscp source python nscpbuildpythonfetchdeps.py --target x64 --cmake-config dist cmake ../nscp msbuild /p:Configuration=RelWithDebInfo NSCP.sln
  • 55. Please help with packages! I will give you free* beer! *Free as in your free to buy it your self!
  • 56. Native Secure Simple FastLight weight A work in progress
  • 57. check_service computer=192.168.0.1 check_disk drive=192.168.0.1c$ check_task_sched computer=192.168.0.1 check_wmi computer=192.168.0.1
  • 58. Light weight remote deployable agent Same as psexec check_cpu check_memory check_process External scripts!
  • 59. http://nsclient.org Monitoring Simplified
  • 60. simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
  • 61. simple? check_eventlog
  • 62. Photo by Olga Berrios
  • 63. THANK YOU!
  • 64. Information about NSClient++ http://nsclient.org facebook.com/nsclient Slides, and examples http://nsclient.org/nscp/conferances/nwc/2013/ My Blog http://blog.medin.name

×