Simplified
How many use NSClient++
How many like NSClient++?
..pdh collection thread not running…
ERROR: Missing argument exception
PdhCollectQueryData? fail...
How many thinks it’s simple?
CheckEventLog file=application
file=system MaxWarn=1
MaxCrit=1 "filter=generated gt
-2d AND s...
What’s 3+8?
How many saw me last year?
Boring…
Get started
already!
dev not ops
worked in ops a long time ago

work with “soa” not, C/C++, nagios, …
0.4.1: 2012-10-xx
0.4.2: 2013-10-xx?
0.4.3: 2014-02-xx?
one-man-band
no company
no commercial version
no paid time
Please don’t be angry!
Some times I am busy 
but…

sponsoring!
donations!
support!
Sockets:

Modernized:
New protocols:

Real-time checks:
Simplified:
Secure monitoring
Build 90 (2013-02-xx)
◦
◦
◦
◦
◦
◦

nsclient-full.ini
Reload from script
(re)added check_filesize (ie. Check_nt –v FILESIZE...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Core

Load

…

…

core1

5

…

…

core2

0

…

…

core3

0

…

…

core4

5

…

…

core5

0

…

…

core6

0

…

…

Total

2...
Name

Size

…

…

Foo.txt

5k

…

…

Bar.txt

12k

…

…

Log.txt

0

…

…

Test.txt

123

…

…

Foobar.txt

1k

…

…

Test...
Name

Size

…

…

physical

8g

…

…

commited

12g

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

fil...
filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219',...
Key

Safe Key

Description

=

eq

Equals

!=

ne

Not equals

>

gt

Greater than

<

lt

Less than

>=

ge

Greater or e...
Key

Safe Key

Description

=

eq

Equals

!=

ne

Not equals

>

gt

Greater than

<

lt

Less than

>=

ge

Greater or e...
warning

filter
critical
Level

Source

…

…

Error

Word

…

…

Error

Excel

…

…

Info

Word

…

…

Warning

Excel

…

…

Error

App1

…

…

War...
Custom strings

Supports substitutions ${…}
top- and detail-syntax
detail-syntax=”s: ${source} “
top-syntax=“Hello: ${list}”
Hello: s: App1, s: App1, s: App3
defaults!
check_cpu
Just works!
check_cpu
check_mem
check_uptime
check_eventlog
check_updates
...
...

Monitoring Server
(Nagios)

Monitored Server
(Windo...
check_cpu
check_mem
check_uptime
check_eventlog
check_updates
...
...

Monitoring Server
(Nagios)

Monitored Server
(Windo...
Error detected in eventlog

Everything is ok

Monitoring Server
(Nagios)

Monitored Server
(Windows)
Zero overhead log-file checks
Composite checks
Stateful monitoring

Adaptive thresholds?
Correlation CEP
Two options:
check_service computer=192.168.0.1
check_disk drive=192.168.0.1c$
check_task_sched computer=192.168.0.1
check_wmi computer...
Light weight remote deployable agent
Similar to psexec
check_cpu
check_memory
check_process
External scripts!
How many thinks it’s simple?
CheckEventLog file=application
file=system MaxWarn=1
MaxCrit=1 "filter=generated gt
-2d AND s...
How many thinks it’s simple?

check_eventlog
Photo by Olga Berrios
Most images taken by me
whilst visiting the INTREPID

Information about NSClient++
http://nsclient.org
facebook.com/nsclie...
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
NSClient++: Monitoring Simplified at OSMC 2013
Upcoming SlideShare
Loading in …5
×

NSClient++: Monitoring Simplified at OSMC 2013

494 views

Published on

A presentation about the up-coming 0.4.2 version of NSClient++ and how it drastically makes monitoring simpler!

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
494
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

NSClient++: Monitoring Simplified at OSMC 2013

  1. 1. Simplified
  2. 2. How many use NSClient++
  3. 3. How many like NSClient++? ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : 2147481643: No data to return. Failed to query performance counters: ..pdh collection thread not running… ERROR: Missing argument exception PdhCollectQueryData? failed: : 2147481643: No data to return. Failed to query performance counters:
  4. 4. How many thinks it’s simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
  5. 5. What’s 3+8?
  6. 6. How many saw me last year? Boring… Get started already!
  7. 7. dev not ops worked in ops a long time ago work with “soa” not, C/C++, nagios, …
  8. 8. 0.4.1: 2012-10-xx 0.4.2: 2013-10-xx? 0.4.3: 2014-02-xx?
  9. 9. one-man-band no company no commercial version no paid time
  10. 10. Please don’t be angry! Some times I am busy 
  11. 11. but… sponsoring! donations! support!
  12. 12. Sockets: Modernized: New protocols: Real-time checks: Simplified:
  13. 13. Secure monitoring
  14. 14. Build 90 (2013-02-xx) ◦ ◦ ◦ ◦ ◦ ◦ nsclient-full.ini Reload from script (re)added check_filesize (ie. Check_nt –v FILESIZE) Encoding support for NRPE New option: scan-range for CheckEventLog Various minor bug fixes Build 96 (2013-04-xx) ◦ ◦ ◦ ◦ Reverted external script quoting issues (re)added check_fileage (ie. Check_nt –v FILEAGE) Added support for binding to both ipv6 and ipv4 Various minor bug fixes Build 102 (2013-08-xx) ◦ ◦ ◦ ◦ PDH improvements Performance data: pass through Encoding support through out Various minor bug fixes and enhancements
  15. 15. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … …
  16. 16. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” level = ’error’ ”
  17. 17. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ ”
  18. 18. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1 ”
  19. 19. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ or source = ’App3’ ”
  20. 20. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ or source = ’App3’ or level = ’error’ ”
  21. 21. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’ ”
  22. 22. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” (source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’) and source != ’Excel’ ”
  23. 23. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” (source in (’App1’, ’App3’) or level in (’error’, filter=” (source = ’App1’ or source = ’App3’ or level = ’error’ or level = ’warning’)!= ’Excel’ ” != ’Excel’ ” ’warning’)) and source and source
  24. 24. Core Load … … core1 5 … … core2 0 … … core3 0 … … core4 5 … … core5 0 … … core6 0 … … Total 2 … … filter=” load > 10 ”
  25. 25. Name Size … … Foo.txt 5k … … Bar.txt 12k … … Log.txt 0 … … Test.txt 123 … … Foobar.txt 1k … … Testing.txt 2k … … Barfoo.txt 24k … … filter=” size > 10k ”
  26. 26. Name Size … … physical 8g … … commited 12g … … … … … … … … … … … … … … … … … … … … … … filter=” used > 80% ”
  27. 27. filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47', '50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035', '1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131', '1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001', '7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034', '7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149', '12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN ('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50') AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN ('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142') AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219') AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006') AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR (id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error', 'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error', 'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServicesRemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN ('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error', 'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN ('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN ('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN ('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN ('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN ('error', 'warning'))
  28. 28. Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list
  29. 29. Key Safe Key Description = eq Equals != ne Not equals > gt Greater than < lt Less than >= ge Greater or equal than <= le Less or equal than in ( <LIST OF VALUES>) In a given list not in (…) Not in a given list like Substring matching regexp Regular expression not like Opposite of like not regexp Opposite of regexp
  30. 30. warning filter critical
  31. 31. Level Source … … Error Word … … Error Excel … … Info Word … … Warning Excel … … Error App1 … … Warning App1 … … Error App3 … … filter=” source = ’App1’ “ warn=” level = ’Warning’ “
  32. 32. Custom strings Supports substitutions ${…} top- and detail-syntax
  33. 33. detail-syntax=”s: ${source} “ top-syntax=“Hello: ${list}” Hello: s: App1, s: App1, s: App3
  34. 34. defaults!
  35. 35. check_cpu Just works!
  36. 36. check_cpu check_mem check_uptime check_eventlog check_updates ... ... Monitoring Server (Nagios) Monitored Server (Windows)
  37. 37. check_cpu check_mem check_uptime check_eventlog check_updates ... ... Monitoring Server (Nagios) Monitored Server (Windows)
  38. 38. Error detected in eventlog Everything is ok Monitoring Server (Nagios) Monitored Server (Windows)
  39. 39. Zero overhead log-file checks Composite checks Stateful monitoring Adaptive thresholds? Correlation CEP
  40. 40. Two options:
  41. 41. check_service computer=192.168.0.1 check_disk drive=192.168.0.1c$ check_task_sched computer=192.168.0.1 check_wmi computer=192.168.0.1
  42. 42. Light weight remote deployable agent Similar to psexec check_cpu check_memory check_process External scripts!
  43. 43. How many thinks it’s simple? CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
  44. 44. How many thinks it’s simple? check_eventlog
  45. 45. Photo by Olga Berrios
  46. 46. Most images taken by me whilst visiting the INTREPID Information about NSClient++ http://nsclient.org facebook.com/nsclient Slides, and examples http://nsclient.org/nscp/conferances/nwc/2013/ My Blog http://blog.medin.name

×