# If you want to fill this file with all avalible options run the following command:
#   nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
#   nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


; Undocumented section
[/settings/default]

; PASSWORD - Password used to authenticate against server
password = XXXXXXXX

; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30

; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true

; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to = 

; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 10.2.8.79


; Undocumented section
[/settings/NRPE/server]

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = true

; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket.  default-workarounds	Various workarounds for what I understand to be broken ssl implementations no-sslv2	Do not use the SSLv2 protocol. no-sslv3	Do not use the SSLv3 protocol. no-tlsv1	Do not use the TLSv1 protocol. single-dh-use	Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).   
ssl options = no-sslv2,no-sslv3

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true

; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket.  none	The server will not send a client certificate request to the client, so the client will not send a certificate. peer	The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert	if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert	Alias for peer and fail-if-no-cert. workarounds	Various bug workarounds. single	Always create a new key when using tmp_dh parameters. client-once	Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer   
verify mode = peer-cert

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true

; PORT NUMBER - Port to use for NRPE.
port = 5666


; Undocumented section
[/modules]

; CheckExternalScripts - Execute external scripts
CheckExternalScripts = 1

; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1

; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1

; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = enabled

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1

; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1

; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1

; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1

; NSCAClient - NSCA client can be used both from command line and from queries to submit passive checks via NSCA
NSCAClient = 1


; A list of templates for wrapped scripts.
[/settings/external scripts/wrappings]

; WRAPPING - An external script wrapping
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%

; WRAPPING - An external script wrapping
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -

; WRAPPING - An external script wrapping
An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop = check_a, check_a=check_loop)

; WRAPPING - An external script wrapping
bat = scripts\\%SCRIPT% %ARGS%


[/settings/external scripts/alias]

; ALIAS - Query alias
alias_volumes_loose = check_drivesize

; ALIAS - Query alias
alias_up = check_uptime

; ALIAS - Query alias
default = 

; ALIAS - Query alias
alias_cpu = check_cpu

; ALIAS - Query alias
alias_service = check_service

; ALIAS - Query alias
alias_process_hung = check_process "filter=is_hung" "crit=count>0"

; ALIAS - Query alias
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"

; ALIAS - Query alias
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"

; ALIAS - Query alias
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"

; ALIAS - Query alias
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"

; ALIAS - Query alias
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"

; ALIAS - Query alias
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10

; ALIAS - Query alias
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10

; ALIAS - Query alias
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"

; ALIAS - Query alias
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s

; ALIAS - Query alias
alias_event_log = check_eventlog

; ALIAS - Query alias
alias_disk_loose = check_drivesize

; ALIAS - Query alias
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc

; ALIAS - Query alias
alias_disk = check_drivesize

; ALIAS - Query alias
alias_mem = check_memory

; ALIAS - Query alias
alias_volumes = check_drivesize


; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]


; A set of options to configure the real time checks
[/settings/system/windows/real-time]


; Add counters to check
[/settings/system/windows/counters]


; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]


; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]

; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true

; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072

; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax = 

; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false


; Section for configuring the shared session.
[/settings/shared session]

; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false


; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]

; SCRIPT - For more configuration options add a dedicated section (if you add a new section you can customize the user and various other advanced features)
default = 


; Section for configuring the log handling.
[/settings/log]

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log

; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info


; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = false

; PORT NUMBER - Port to use for check_nt.
port = 12489

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true


; Target definition for: default
[/settings/NSCA/client/targets/default]

; PASSWORD - The password to use. Again has to be the same as the server or it wont work at all.
password = 

; VERIFY MODE - Target definition for: default
verify mode = none

; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed ciphers = ADH

; SSL CERTIFICATE - Target definition for: default
certificate = 

; TARGET ADDRESS - Target host address
address = 

; ENCRYPTION - Name of encryption algorithm to use. Has to be the same as your server i using or it wont work at all.This is also independent of SSL and generally used instead of SSL. Available encryption algorithms are: none = No Encryption (not safe) xor = XOR des = DES 3des = DES-EDE3 cast128 = CAST-128 xtea = XTEA blowfish = Blowfish twofish = Twofish rc2 = RC2 aes128 = AES aes192 = AES aes = AES serpent = Serpent gost = GOST
encryption = aes

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 30

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = false


; Section for NSCA passive check module.
[/settings/NSCA/client]

; HOSTNAME - The host name of the monitored computer. Set this to auto (default) to use the windows name of the computer.  auto	Hostname ${host}	Hostname ${host_lc} Hostname in lowercase ${host_uc}	Hostname in uppercase ${domain}	Domainname ${domain_lc}	Domainname in lowercase ${domain_uc}	Domainname in uppercase 
hostname = auto

; CHANNEL - The channel to listen to.
channel = NSCA


; Section for system checks and system settings
[/settings/system/windows]

; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h


; Files to be included in the configuration
[/includes]


; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = false

; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = false

; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path = 


; Configure which services has to be in which state
[/settings/system/windows/service mapping]


; Configure log file properties.
[/settings/log/file]

; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0


; A set of options to configure the real time checks
[/settings/eventlog/real-time]

; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false

; LOGS TO CHECK - Comma separated list of logs to check
log = application,system

; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m

; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = false


; Section for configuring the crash handler.
[/settings/crash]

; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP

; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps

; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post

; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true

; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false

; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true


; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]

; FILTER DEFENITION - For more configuration options add a dedicated section
default = 


[/paths]

; Path for certificate-path - 
certificate-path = ${shared-path}/security

; Path for base-path - 
base-path = C:\Program Files\NSClient++

; Path for shared-path - 
shared-path = C:\Program Files\NSClient++

; Path for exe-path - 
exe-path = C:\Program Files\NSClient++

; Path for crash-folder - 
crash-folder = C:\Program Files\NSClient++

; Path for module-path - 
module-path = ${shared-path}/modules