Friday, September 13, 2024

Installation from NSCP

NSClient++ (nscp) is a simple and powerful secure monitoring daemon. It can be used in many other scenarios where somebody want to receive/distribute check metrics. We use it for the plugins we build. That means NSClient++ (nscp) will trigger the *.PS1 one files if Nagios asked him to do it.

So to use any from the scripts we build:

1.) Download the NSCP Client (Former known as NSClient++) (e.g. version 4.2.x NSCP-0.4.2.93-x64.msi or NSCP-0.4.2.93-Win32.msi)

2.) Install it on the Server you wish to monitor (not your Nagios server) and in the allowed hosts field enter the IP from your nagios server (you can also do it later).

3.) Configure it. Do do so edit the nsclient.ini in the programm folder (e.g. C:\Program Files\NSClient++). Here is a sample config you can use and modifize so that it fits your needs (e.g. changing powershell scripts, IPs, …)

 ; A list of modules.


[/modules]

; Helper function - Various helper function to extend other checks. This is also only supported through NRPE.
CauseCrashes = 0

; Event log Checker. - Check for errors and warnings in the event log. This is only supported through NRPE so if you plan to use only NSClient this wont help you at all.
CheckLogFile = 0

; check_mk client - A simple check_mk client for checking remote check_mk servers.
CheckMKClient = 0

; NSCP server - A simple server that listens for incoming NSCP connection and handles them.
CheckMKServer = 0

; CheckTaskSched - CheckTaskSched can check various file and disk related things. The current version has commands to check Size of hard drives and directories.
CheckTaskSched = 0

; CheckTaskSched2 - CheckTaskSched2 can check various file and disk related things. The current version has commands to check Size of hard drives and directories.
CheckTaskSched2 = 0

; DotnetPlugin - Plugin to load and manage plugins written in dot net.
DotnetPlugins = 0

; GraphiteClient - Graphite client
GraphiteClient = 0

; LUAScript - LUAScript...
LUAScript = 0

; NRDPClient - Passive check support over NRDP
NRDPClient = 0

; NRPE client - NRPE client
NRPEClient = 0

; NSCAClient - Passive check support over NSCA.
NSCAClient = 0

; NSCA server (no encryption) - A simple server that listens for incoming NSCA connection and handles them.
NSCAServer = 0

; NSCP client - A simple client for checking remote NSCP servers.
NSCPClient = 0

; NSCP server - A simple server that listens for incoming NSCP connection and handles them.
NSCPServer = 0

; PythonScript - PythonScript...
PythonScript = 0

; SMTPClient - Passive check support via SMTP
SMTPClient = 0

; Sample plugin - A sample plugin to display how to make plugins...
SamplePluginSimple = 0

; SimpleCache module - Caches results for later checking.
SimpleCache = 0

; SimpleFileWriter module - FileWriters results for later checking.
SimpleFileWriter = 0

; SyslogClient - Passive check support via Syslog
SyslogClient = 0

; CheckDisk - CheckDisk can check various file and disk related things. The current version has commands to check Size of hard drives and directories.
CheckDisk = 0

; Event log Checker. - Check for errors and warnings in the event log. This is only supported through NRPE so if you plan to use only NSClient this wont help you at all.
CheckEventLog = 0

; Check External Scripts - A simple wrapper to run external scripts and batch files.
CheckExternalScripts = 1

; Helper function - Various helper function to extend other checks. This is also only supported through NRPE.
CheckHelpers = 1

; Check NSCP - Checkes the state of the agent
CheckNSCP = 1

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 0

; CheckWMI - CheckWMI can check various file and disk related things. The current version has commands to check Size of hard drives and directories.
CheckWMI = 0

; NRPE server - A simple server that listens for incoming NRPE connection and handles them.
NRPEServer = 1

; NSClient server - A simple server that listens for incoming NSClient (check_nt) connection and handles them. Although NRPE is the preferred method NSClient is fully supported and can be used for simplicity or for compatibility.
NSClientServer = 0

; Scheduler - A scheduler which schedules checks at regular intervals
Scheduler = 1




; Section for NRPE active/passive check module.
[/settings/NRPE/client]

; CHANNEL - The channel to listen to.
channel = NRPE




; Target definition for: default
[/settings/NRPE/client/targets/default]

; TARGET ADDRESS - Target host address
address =

; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
; allowed ciphers = ADH
allowed ciphers = TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH

; SSL CERTIFICATE -
certificate =

; PAYLOAD LENGTH - Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work.
payload length = 1024

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 180

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true

; allow old “legacy” check_nrpe connect to NSClient++ requited to enable the insecure mode via:
; VERIFY MODE -
verify mode = none




; Section for NRPE (NRPEServer.dll) (check_nrpe) protocol options.
[/settings/NRPE/server]

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = false

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; PORT NUMBER - Port to use for NRPE.
port = 5666

; http://docs.nsclient.org/faq/
insecure = true



; Section for simple cache module (SimpleCache.dll).
[/settings/cache]

; CHANNEL - The channel to listen to.
channel = CACHE

; PRIMARY CACHE INDEX - Set this to the value you want to use as unique key for the cache (host, command, result,...).
primary index = ${alias-or-command}


; Section for system checks and system settings
[/settings/check/task schedule]

; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one)
default buffer length = %title% last run: %most-recent-run-time% (%exit-code%)





; Configure crash handling properties.
[/settings/crash]

; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true

; folder - The archive folder for crash dunpes.
archive folder = ${shared-path}/crash-dumps

; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true

; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSClientpp

; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = true

; SUBMISSION URL - The url to submit crash reports to
submit url = http://crash.nsclient.org/submit





; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = false

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = false

; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path =

; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60




; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]

; check_exchange_mailqueue - Alias for check_exchange_mailqueue. To configure this item add a section called: /settings/external scripts/scripts/check_exchange_mailqueue
check_exchange_mailqueue = cmd /c echo D:\NagiosMonitoring\NagiosMonitoring_ExchangeQueueHealth.ps1 | PowerShell.exe -Command -
check_exchange_service_state=cmd /c echo D:\NagiosMonitoring\NagiosMonitoring_Exchange_HUBServicesCheck.ps1 | PowerShell.exe -Command -


; default - Alias for default. To configure this item add a section called: /settings/external scripts/scripts/default
default =






; A list of templates for wrapped scripts
[/settings/external scripts/wrappings]

; BATCH FILE WRAPPING -
bat = scripts\\%SCRIPT% %ARGS%

; POWERSHELL WRAPPING -
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -

;DomainControllerServicesCheck=cmd /c echo | PowerShell.exe -Command "& 'C:\NagiosMonitoring\NagiosMonitoring_AD_DomainControllerServicesCheck.ps1'"
;ADDCReplicationCheck=cmd /c echo | PowerShell.exe -Command "& 'C:\NagiosMonitoring\NagiosMonitoring_AD_ReplicationCheck.ps1'"

; VISUAL BASIC WRAPPING -
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%





; Configure log properties.
[/settings/log]

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log

; LOG LEVEL - Log level to use. Avalible levels are error,warning,info,debug,trace
level = info



; Configure log file properties.
[/settings/log/file]

; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 100





; Section for log file checker
[/settings/logfile]

; DEBUG - Log more information to help diagnose errors and configuration problems.
debug = false

; SYNTAX - Set the default syntax to use
syntax =



; Section for NSCP active/passive check module.
[/settings/nscp/client]

; CHANNEL - The channel to listen to.
channel = NSCP




; Target definition for: default
[/settings/nscp/client/targets/default]

; TARGET ADDRESS - Target host address
address =

; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed ciphers = ADH

; SSL CERTIFICATE -
certificate =

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 30

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true

; VERIFY MODE -
verify mode = none




; Section for NSCP (NSCPListener.dll) (check_nscp) protocol options.
[/settings/nscp/server]

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = false

; PORT NUMBER - Port to use for NSCP.
port = 5668


; Section for the Scheduler module.
[/settings/scheduler]

; THREAD COUNT - Number of threads to use.
threads = 5


; Section for the Scheduler module.
[/settings/scheduler/schedules]


; Section for configuring the shared session.
[/settings/shared session]

; LOG LEVEL - Log level to use
enabled = false


; Section for system checks and system settings
[/settings/system/windows]

; DEFAULT LENGTH - Used to define the default intervall for range buffer checks (ie. CPU).
default buffer length = 1h



[/settings/default]

; INBOX - The default channel to post incoming messages on
inbox = inbox

; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed ciphers = ADH

; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 10.10.1.19,10.10.2.19

; CACHE ALLOWED HOSTS - If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server.
cache allowed hosts = true

; SSL CERTIFICATE -
certificate =

; PASSWORD - Password used to authenticate againast server
password =

; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true

; VERIFY MODE -
verify mode = none

 4.) Restart the NSClient ++ Service in order to load the config.

If you wish to install it unattended you can use the following batchfile:

@echo off
REM log complete installation via:
REM msiexec /i NSCP-0.4.1.90-x64.msi /l*vx C:\00Install\logfile.txt
msiexec /i NSCP-0.4.1.90-x64.msi /passive /norestart ALLOWED_HOSTS=”10.204.204.204″

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

35FollowersFollow
- Advertisement -

Latest Articles