How to make Indirect checks

[ziedmahjoub]

i did what you told me tgriep and i see that its ok and logic , but i got this :

Host Status: DOWN
Status Information: CHECK_NRPE: Error - Could not complete SSL handshake.

any help ?

[tgriep]

SSL needs to be enabled in NSClient

Edit the nsclient.ini file and under this section.

Code: Select all

[/settings/NRPE/server]

Add this

Code: Select all

use ssl = true

Save the file and restart the nsclient service.

[ziedmahjoub]

SSL needs to be enabled in NSClient

Edit the nsclient.ini file and under this section.

Code: Select all

[/settings/NRPE/server]

Add this

Code: Select all

use ssl = true

Save the file and restart the nsclient service.

i've done it but same problem , i will put my nsclient configuration file :

Code: Select all

# If you want to fill this file with all avalible options run the following command:
#   nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
#   nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


; Undocumented section
[/settings/default]

; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30

; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true

; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 127.0.0.1,192.168.0.11/24

; PASSWORD - Password used to authenticate against server
password = nagiosadmin

; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to = 

; Undocumented section
[/settings/NRPE/server]

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = true

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; PORT NUMBER - Port to use for NRPE.
port = 5666

; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket.  none	The server will not send a client certificate request to the client, so the client will not send a certificate. peer	The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert	if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert	Alias for peer and fail-if-no-cert. workarounds	Various bug workarounds. single	Always create a new key when using tmp_dh parameters. client-once	Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer   
verify mode = peer-cert

; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = false

; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket.  default-workarounds	Various workarounds for what I understand to be broken ssl implementations no-sslv2	Do not use the SSLv2 protocol. no-sslv3	Do not use the SSLv3 protocol. no-tlsv1	Do not use the TLSv1 protocol. single-dh-use	Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).   
ssl options = no-sslv2,no-sslv3

; Undocumented section
[/modules]

; Undocumented key
NSCAClient = 0

; Undocumented key
Scheduler = 0

; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1

; CheckExternalScripts - Execute external scripts
CheckExternalScripts = enabled

; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1

; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1

; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1

; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1

; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1

; A list of templates for wrapped scripts.
[/settings/external scripts/wrappings]

; WRAPPING - An external script wrapping
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -

; WRAPPING - An external script wrapping
bat = scripts\\%SCRIPT% %ARGS%

; WRAPPING - An external script wrapping
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%

; WRAPPING - An external script wrapping
An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop = check_a, check_a=check_loop)

[/settings/external scripts/alias]

; ALIAS - Query alias
alias_volumes = check_drivesize

; ALIAS - Query alias
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"

; ALIAS - Query alias
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10

; ALIAS - Query alias
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc

; ALIAS - Query alias
alias_event_log = check_eventlog

; ALIAS - Query alias
default = 

; ALIAS - Query alias
alias_cpu = check_cpu

; ALIAS - Query alias
alias_mem = check_memory

; ALIAS - Query alias
alias_volumes_loose = check_drivesize

; ALIAS - Query alias
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"

; ALIAS - Query alias
alias_up = check_uptime

; ALIAS - Query alias
alias_service = check_service

; ALIAS - Query alias
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"

; ALIAS - Query alias
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"

; ALIAS - Query alias
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"

; ALIAS - Query alias
alias_disk_loose = check_drivesize

; ALIAS - Query alias
alias_disk = check_drivesize

; ALIAS - Query alias
alias_process_hung = check_process "filter=is_hung" "crit=count>0"

; ALIAS - Query alias
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"

; ALIAS - Query alias
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s

; ALIAS - Query alias
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10

; Configure which services has to be in which state
[/settings/system/windows/service mapping]

; A set of options to configure the real time checks
[/settings/system/windows/real-time]

; Add counters to check
[/settings/system/windows/counters]

; Section for system checks and system settings
[/settings/system/windows]

; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h

; Configure log file properties.
[/settings/log/file]

; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0

; Configure log properties.
[/settings/log]

; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log

; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]

; A set of options to configure the real time checks
[/settings/eventlog/real-time]

; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false

; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = false

; LOGS TO CHECK - Comma separated list of logs to check
log = application,system

; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m

; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]

; Undocumented key
indirect_check_ping = scripts\\check_ping.bat 192.168.0.24

; Section for configuring the shared session.
[/settings/shared session]

; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false

; Section for configuring the crash handler.
[/settings/crash]

; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post

; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP

; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true

; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true

; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false

; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps

; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]

; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true

; PORT NUMBER - Port to use for check_nt.
port = 12489

; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60

; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path = 

; Files to be included in the configuration
[/includes]

; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]

; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax = 

; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false

; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072

; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true

; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]

[/paths]

; Path for certificate-path - 
certificate-path = ${shared-path}/security

; Path for base-path - 
base-path = C:\Program Files\NSClient++

; Path for crash-folder - 
crash-folder = C:\Program Files\NSClient++

; Path for module-path - 
module-path = ${shared-path}/modules

; Path for shared-path - 
shared-path = C:\Program Files\NSClient++

; Path for exe-path - 
exe-path = C:\Program Files\NSClient++

can it be because of the upgrade that i made to get the stable version ?

[lmiltchev]

/usr/local/nagios/libexec$ ./check_nrpe -H 192.168.0.100 -t 60 -c indirect_check_disk
No handler for command: indirect_check_disk

Well, the "indirect_check_disk" command is not defined in the nsclient.ini file... You will need to define it, restart the NSClient++ service and try your check again.

[ziedmahjoub]

/usr/local/nagios/libexec$ ./check_nrpe -H 192.168.0.100 -t 60 -c indirect_check_disk
No handler for command: indirect_check_disk

Well, the "indirect_check_disk" command is not defined in the nsclient.ini file... You will need to define it, restart the NSClient++ service and try your check again.

lmiltchev , that's not my problem , i solved it long time ago ; but when i upgraded to the stable version of NSclient i got this problem :

Host Status: DOWN
Status Information: CHECK_NRPE: Error - Could not complete SSL handshake

and before upgrade the ping was working fine

[ziedmahjoub]

also after the upgrade the services for this host were working fine but now many unknown status .

[jdalrymple]

ziedmahjoub,

Try changing "insecure = false" to true and restart nsclient++

[Box293]

Please post your nsclient.ini file if you are still having problems after jdalrymple's suggestion. Also, what is the version you installed?

[ziedmahjoub]

the problems remains , i was using NSClient++ 0.4.1.105 for the indirect checks , after jdalrymple told me to upgrade to the stable version so i upgraded to NSCP-0.4.3.131

this is my current nsclient configuration file :

Code: Select all

# If you want to fill this file with all avalible options run the following command:
#   nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
#   nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


; Undocumented section
[/settings/default]

; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30

; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true

; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 127.0.0.1,192.168.0.11/24

; PASSWORD - Password used to authenticate against server
password = nagiosadmin

; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to = 


; Undocumented section
[/settings/NRPE/server]

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = true

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; PORT NUMBER - Port to use for NRPE.
port = 5666

; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket.  none	The server will not send a client certificate request to the client, so the client will not send a certificate. peer	The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert	if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert	Alias for peer and fail-if-no-cert. workarounds	Various bug workarounds. single	Always create a new key when using tmp_dh parameters. client-once	Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer   
verify mode = peer-cert

; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true

; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket.  default-workarounds	Various workarounds for what I understand to be broken ssl implementations no-sslv2	Do not use the SSLv2 protocol. no-sslv3	Do not use the SSLv3 protocol. no-tlsv1	Do not use the TLSv1 protocol. single-dh-use	Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).   
ssl options = no-sslv2,no-sslv3


; Undocumented section
[/modules]

; Undocumented key
NSCAClient = 0

; Undocumented key
Scheduler = 0

; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1

; CheckExternalScripts - Execute external scripts
CheckExternalScripts = enabled

; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1

; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1

; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1

; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1

; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1


; A list of templates for wrapped scripts.
[/settings/external scripts/wrappings]

; WRAPPING - An external script wrapping
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -

; WRAPPING - An external script wrapping
bat = scripts\\%SCRIPT% %ARGS%

; WRAPPING - An external script wrapping
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%

; WRAPPING - An external script wrapping
An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop = check_a, check_a=check_loop)


[/settings/external scripts/alias]

; ALIAS - Query alias
alias_volumes = check_drivesize

; ALIAS - Query alias
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"

; ALIAS - Query alias
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10

; ALIAS - Query alias
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc

; ALIAS - Query alias
alias_event_log = check_eventlog

; ALIAS - Query alias
default = 

; ALIAS - Query alias
alias_cpu = check_cpu

; ALIAS - Query alias
alias_mem = check_memory

; ALIAS - Query alias
alias_volumes_loose = check_drivesize

; ALIAS - Query alias
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"

; ALIAS - Query alias
alias_up = check_uptime

; ALIAS - Query alias
alias_service = check_service

; ALIAS - Query alias
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"

; ALIAS - Query alias
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"

; ALIAS - Query alias
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"

; ALIAS - Query alias
alias_disk_loose = check_drivesize

; ALIAS - Query alias
alias_disk = check_drivesize

; ALIAS - Query alias
alias_process_hung = check_process "filter=is_hung" "crit=count>0"

; ALIAS - Query alias
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"

; ALIAS - Query alias
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s

; ALIAS - Query alias
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10


; Configure which services has to be in which state
[/settings/system/windows/service mapping]


; A set of options to configure the real time checks
[/settings/system/windows/real-time]


; Add counters to check
[/settings/system/windows/counters]


; Section for system checks and system settings
[/settings/system/windows]

; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h


; Configure log file properties.
[/settings/log/file]

; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0


; Configure log properties.
[/settings/log]

; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log


; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]


; A set of options to configure the real time checks
[/settings/eventlog/real-time]

; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false

; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = false

; LOGS TO CHECK - Comma separated list of logs to check
log = application,system

; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m


; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]

; Undocumented key
;indirect_check_ping = scripts\\check_ping.bat 192.168.0.24


; Section for configuring the shared session.
[/settings/shared session]

; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false


; Section for configuring the crash handler.
[/settings/crash]

; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post

; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP

; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true

; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true

; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false

; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps


; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]


; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true

; PORT NUMBER - Port to use for check_nt.
port = 12489


; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60

; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path = 


; Files to be included in the configuration
[/includes]


; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]

; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax = 

; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false

; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072

; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true


; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]


[/paths]

; Path for certificate-path - 
certificate-path = ${shared-path}/security

; Path for base-path - 
base-path = C:\Program Files\NSClient++

; Path for crash-folder - 
crash-folder = C:\Program Files\NSClient++

; Path for module-path - 
module-path = ${shared-path}/modules

; Path for shared-path - 
shared-path = C:\Program Files\NSClient++

; Path for exe-path - 
exe-path = C:\Program Files\NSClient++

[tgriep]

Edit the nsclient.ini file and comment out the following or just delete it.

Code: Select all

verify mode = peer-cert

Also, the allowed host line needs to be changed. replace the 127.0.0.1 address for the actual IP address of the system

Code: Select all

allowed hosts = 127.0.0.1,192.168.0.11/24

Restart NSClient and is should work for you.