How to make Indirect checks
-
- Posts: 142
- Joined: Fri Jan 16, 2015 5:22 am
Re: How to make Indirect checks
i did what you told me tgriep and i see that its ok and logic , but i got this :
Host Status: DOWN
Status Information: CHECK_NRPE: Error - Could not complete SSL handshake.
any help ?
Host Status: DOWN
Status Information: CHECK_NRPE: Error - Could not complete SSL handshake.
any help ?
Re: How to make Indirect checks
SSL needs to be enabled in NSClient
Edit the nsclient.ini file and under this section.
Add this
Save the file and restart the nsclient service.
Edit the nsclient.ini file and under this section.
Code: Select all
[/settings/NRPE/server]
Code: Select all
use ssl = true
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 142
- Joined: Fri Jan 16, 2015 5:22 am
Re: How to make Indirect checks
i've done it but same problem , i will put my nsclient configuration file :tgriep wrote:SSL needs to be enabled in NSClient
Edit the nsclient.ini file and under this section.Add thisCode: Select all
[/settings/NRPE/server]
Save the file and restart the nsclient service.Code: Select all
use ssl = true
Code: Select all
# If you want to fill this file with all avalible options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help
; Undocumented section
[/settings/default]
; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30
; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true
; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 127.0.0.1,192.168.0.11/24
; PASSWORD - Password used to authenticate against server
password = nagiosadmin
; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to =
; Undocumented section
[/settings/NRPE/server]
; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = true
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; PORT NUMBER - Port to use for NRPE.
port = 5666
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. none The server will not send a client certificate request to the client, so the client will not send a certificate. peer The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert Alias for peer and fail-if-no-cert. workarounds Various bug workarounds. single Always create a new key when using tmp_dh parameters. client-once Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer
verify mode = peer-cert
; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = false
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. default-workarounds Various workarounds for what I understand to be broken ssl implementations no-sslv2 Do not use the SSLv2 protocol. no-sslv3 Do not use the SSLv3 protocol. no-tlsv1 Do not use the TLSv1 protocol. single-dh-use Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).
ssl options = no-sslv2,no-sslv3
; Undocumented section
[/modules]
; Undocumented key
NSCAClient = 0
; Undocumented key
Scheduler = 0
; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1
; CheckExternalScripts - Execute external scripts
CheckExternalScripts = enabled
; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1
; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1
; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1
; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1
; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1
; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1
; A list of templates for wrapped scripts.
[/settings/external scripts/wrappings]
; WRAPPING - An external script wrapping
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -
; WRAPPING - An external script wrapping
bat = scripts\\%SCRIPT% %ARGS%
; WRAPPING - An external script wrapping
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%
; WRAPPING - An external script wrapping
An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop = check_a, check_a=check_loop)
[/settings/external scripts/alias]
; ALIAS - Query alias
alias_volumes = check_drivesize
; ALIAS - Query alias
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"
; ALIAS - Query alias
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10
; ALIAS - Query alias
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc
; ALIAS - Query alias
alias_event_log = check_eventlog
; ALIAS - Query alias
default =
; ALIAS - Query alias
alias_cpu = check_cpu
; ALIAS - Query alias
alias_mem = check_memory
; ALIAS - Query alias
alias_volumes_loose = check_drivesize
; ALIAS - Query alias
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"
; ALIAS - Query alias
alias_up = check_uptime
; ALIAS - Query alias
alias_service = check_service
; ALIAS - Query alias
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"
; ALIAS - Query alias
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"
; ALIAS - Query alias
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"
; ALIAS - Query alias
alias_disk_loose = check_drivesize
; ALIAS - Query alias
alias_disk = check_drivesize
; ALIAS - Query alias
alias_process_hung = check_process "filter=is_hung" "crit=count>0"
; ALIAS - Query alias
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"
; ALIAS - Query alias
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s
; ALIAS - Query alias
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10
; Configure which services has to be in which state
[/settings/system/windows/service mapping]
; A set of options to configure the real time checks
[/settings/system/windows/real-time]
; Add counters to check
[/settings/system/windows/counters]
; Section for system checks and system settings
[/settings/system/windows]
; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h
; Configure log file properties.
[/settings/log/file]
; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0
; Configure log properties.
[/settings/log]
; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info
; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S
; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log
; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]
; A set of options to configure the real time checks
[/settings/eventlog/real-time]
; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false
; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = false
; LOGS TO CHECK - Comma separated list of logs to check
log = application,system
; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
; Undocumented key
indirect_check_ping = scripts\\check_ping.bat 192.168.0.24
; Section for configuring the shared session.
[/settings/shared session]
; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false
; Section for configuring the crash handler.
[/settings/crash]
; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post
; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP
; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true
; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true
; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false
; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps
; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]
; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true
; PORT NUMBER - Port to use for check_nt.
port = 12489
; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60
; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path =
; Files to be included in the configuration
[/includes]
; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]
; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax =
; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false
; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072
; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true
; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]
[/paths]
; Path for certificate-path -
certificate-path = ${shared-path}/security
; Path for base-path -
base-path = C:\Program Files\NSClient++
; Path for crash-folder -
crash-folder = C:\Program Files\NSClient++
; Path for module-path -
module-path = ${shared-path}/modules
; Path for shared-path -
shared-path = C:\Program Files\NSClient++
; Path for exe-path -
exe-path = C:\Program Files\NSClient++
Re: How to make Indirect checks
Well, the "indirect_check_disk" command is not defined in the nsclient.ini file... You will need to define it, restart the NSClient++ service and try your check again./usr/local/nagios/libexec$ ./check_nrpe -H 192.168.0.100 -t 60 -c indirect_check_disk
No handler for command: indirect_check_disk
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 142
- Joined: Fri Jan 16, 2015 5:22 am
Re: How to make Indirect checks
lmiltchev , that's not my problem , i solved it long time ago ; but when i upgraded to the stable version of NSclient i got this problem :lmiltchev wrote:Well, the "indirect_check_disk" command is not defined in the nsclient.ini file... You will need to define it, restart the NSClient++ service and try your check again./usr/local/nagios/libexec$ ./check_nrpe -H 192.168.0.100 -t 60 -c indirect_check_disk
No handler for command: indirect_check_disk
Host Status: DOWN
Status Information: CHECK_NRPE: Error - Could not complete SSL handshake
and before upgrade the ping was working fine
-
- Posts: 142
- Joined: Fri Jan 16, 2015 5:22 am
Re: How to make Indirect checks
also after the upgrade the services for this host were working fine but now many unknown status .
-
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: How to make Indirect checks
ziedmahjoub,
Try changing "insecure = false" to true and restart nsclient++
Try changing "insecure = false" to true and restart nsclient++
- Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: How to make Indirect checks
Please post your nsclient.ini file if you are still having problems after jdalrymple's suggestion. Also, what is the version you installed?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 142
- Joined: Fri Jan 16, 2015 5:22 am
Re: How to make Indirect checks
the problems remains , i was using NSClient++ 0.4.1.105 for the indirect checks , after jdalrymple told me to upgrade to the stable version so i upgraded to NSCP-0.4.3.131
this is my current nsclient configuration file :
this is my current nsclient configuration file :
Code: Select all
# If you want to fill this file with all avalible options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help
; Undocumented section
[/settings/default]
; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30
; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true
; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 127.0.0.1,192.168.0.11/24
; PASSWORD - Password used to authenticate against server
password = nagiosadmin
; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to =
; Undocumented section
[/settings/NRPE/server]
; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = true
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; PORT NUMBER - Port to use for NRPE.
port = 5666
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. none The server will not send a client certificate request to the client, so the client will not send a certificate. peer The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert Alias for peer and fail-if-no-cert. workarounds Various bug workarounds. single Always create a new key when using tmp_dh parameters. client-once Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer
verify mode = peer-cert
; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. default-workarounds Various workarounds for what I understand to be broken ssl implementations no-sslv2 Do not use the SSLv2 protocol. no-sslv3 Do not use the SSLv3 protocol. no-tlsv1 Do not use the TLSv1 protocol. single-dh-use Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).
ssl options = no-sslv2,no-sslv3
; Undocumented section
[/modules]
; Undocumented key
NSCAClient = 0
; Undocumented key
Scheduler = 0
; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1
; CheckExternalScripts - Execute external scripts
CheckExternalScripts = enabled
; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1
; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1
; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1
; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1
; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1
; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1
; A list of templates for wrapped scripts.
[/settings/external scripts/wrappings]
; WRAPPING - An external script wrapping
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -
; WRAPPING - An external script wrapping
bat = scripts\\%SCRIPT% %ARGS%
; WRAPPING - An external script wrapping
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%
; WRAPPING - An external script wrapping
An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop = check_a, check_a=check_loop)
[/settings/external scripts/alias]
; ALIAS - Query alias
alias_volumes = check_drivesize
; ALIAS - Query alias
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"
; ALIAS - Query alias
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10
; ALIAS - Query alias
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc
; ALIAS - Query alias
alias_event_log = check_eventlog
; ALIAS - Query alias
default =
; ALIAS - Query alias
alias_cpu = check_cpu
; ALIAS - Query alias
alias_mem = check_memory
; ALIAS - Query alias
alias_volumes_loose = check_drivesize
; ALIAS - Query alias
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"
; ALIAS - Query alias
alias_up = check_uptime
; ALIAS - Query alias
alias_service = check_service
; ALIAS - Query alias
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"
; ALIAS - Query alias
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"
; ALIAS - Query alias
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"
; ALIAS - Query alias
alias_disk_loose = check_drivesize
; ALIAS - Query alias
alias_disk = check_drivesize
; ALIAS - Query alias
alias_process_hung = check_process "filter=is_hung" "crit=count>0"
; ALIAS - Query alias
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"
; ALIAS - Query alias
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s
; ALIAS - Query alias
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10
; Configure which services has to be in which state
[/settings/system/windows/service mapping]
; A set of options to configure the real time checks
[/settings/system/windows/real-time]
; Add counters to check
[/settings/system/windows/counters]
; Section for system checks and system settings
[/settings/system/windows]
; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h
; Configure log file properties.
[/settings/log/file]
; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0
; Configure log properties.
[/settings/log]
; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info
; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S
; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log
; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]
; A set of options to configure the real time checks
[/settings/eventlog/real-time]
; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false
; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = false
; LOGS TO CHECK - Comma separated list of logs to check
log = application,system
; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
; Undocumented key
;indirect_check_ping = scripts\\check_ping.bat 192.168.0.24
; Section for configuring the shared session.
[/settings/shared session]
; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false
; Section for configuring the crash handler.
[/settings/crash]
; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post
; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP
; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true
; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true
; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false
; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps
; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]
; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true
; PORT NUMBER - Port to use for check_nt.
port = 12489
; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60
; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path =
; Files to be included in the configuration
[/includes]
; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]
; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax =
; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false
; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072
; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true
; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]
[/paths]
; Path for certificate-path -
certificate-path = ${shared-path}/security
; Path for base-path -
base-path = C:\Program Files\NSClient++
; Path for crash-folder -
crash-folder = C:\Program Files\NSClient++
; Path for module-path -
module-path = ${shared-path}/modules
; Path for shared-path -
shared-path = C:\Program Files\NSClient++
; Path for exe-path -
exe-path = C:\Program Files\NSClient++
Re: How to make Indirect checks
Edit the nsclient.ini file and comment out the following or just delete it.
Also, the allowed host line needs to be changed. replace the 127.0.0.1 address for the actual IP address of the system
Restart NSClient and is should work for you.
Code: Select all
verify mode = peer-cert
Code: Select all
allowed hosts = 127.0.0.1,192.168.0.11/24
Be sure to check out our Knowledgebase for helpful articles and solutions!