Support for Nagios products and services
https://support.nagios.com/forum/
Code: Select all
[/settings/NRPE/server]Code: Select all
use ssl = truei've done it but same problem , i will put my nsclient configuration file :tgriep wrote:SSL needs to be enabled in NSClient
Edit the nsclient.ini file and under this section.Add thisCode: Select all
[/settings/NRPE/server]Save the file and restart the nsclient service.Code: Select all
use ssl = true
Code: Select all
# If you want to fill this file with all avalible options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help
; Undocumented section
[/settings/default]
; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30
; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true
; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 127.0.0.1,192.168.0.11/24
; PASSWORD - Password used to authenticate against server
password = nagiosadmin
; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to =
; Undocumented section
[/settings/NRPE/server]
; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = true
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; PORT NUMBER - Port to use for NRPE.
port = 5666
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. none The server will not send a client certificate request to the client, so the client will not send a certificate. peer The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert Alias for peer and fail-if-no-cert. workarounds Various bug workarounds. single Always create a new key when using tmp_dh parameters. client-once Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer
verify mode = peer-cert
; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = false
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. default-workarounds Various workarounds for what I understand to be broken ssl implementations no-sslv2 Do not use the SSLv2 protocol. no-sslv3 Do not use the SSLv3 protocol. no-tlsv1 Do not use the TLSv1 protocol. single-dh-use Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).
ssl options = no-sslv2,no-sslv3
; Undocumented section
[/modules]
; Undocumented key
NSCAClient = 0
; Undocumented key
Scheduler = 0
; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1
; CheckExternalScripts - Execute external scripts
CheckExternalScripts = enabled
; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1
; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1
; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1
; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1
; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1
; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1
; A list of templates for wrapped scripts.
[/settings/external scripts/wrappings]
; WRAPPING - An external script wrapping
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -
; WRAPPING - An external script wrapping
bat = scripts\\%SCRIPT% %ARGS%
; WRAPPING - An external script wrapping
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%
; WRAPPING - An external script wrapping
An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop = check_a, check_a=check_loop)
[/settings/external scripts/alias]
; ALIAS - Query alias
alias_volumes = check_drivesize
; ALIAS - Query alias
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"
; ALIAS - Query alias
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10
; ALIAS - Query alias
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc
; ALIAS - Query alias
alias_event_log = check_eventlog
; ALIAS - Query alias
default =
; ALIAS - Query alias
alias_cpu = check_cpu
; ALIAS - Query alias
alias_mem = check_memory
; ALIAS - Query alias
alias_volumes_loose = check_drivesize
; ALIAS - Query alias
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"
; ALIAS - Query alias
alias_up = check_uptime
; ALIAS - Query alias
alias_service = check_service
; ALIAS - Query alias
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"
; ALIAS - Query alias
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"
; ALIAS - Query alias
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"
; ALIAS - Query alias
alias_disk_loose = check_drivesize
; ALIAS - Query alias
alias_disk = check_drivesize
; ALIAS - Query alias
alias_process_hung = check_process "filter=is_hung" "crit=count>0"
; ALIAS - Query alias
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"
; ALIAS - Query alias
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s
; ALIAS - Query alias
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10
; Configure which services has to be in which state
[/settings/system/windows/service mapping]
; A set of options to configure the real time checks
[/settings/system/windows/real-time]
; Add counters to check
[/settings/system/windows/counters]
; Section for system checks and system settings
[/settings/system/windows]
; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h
; Configure log file properties.
[/settings/log/file]
; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0
; Configure log properties.
[/settings/log]
; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info
; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S
; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log
; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]
; A set of options to configure the real time checks
[/settings/eventlog/real-time]
; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false
; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = false
; LOGS TO CHECK - Comma separated list of logs to check
log = application,system
; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
; Undocumented key
indirect_check_ping = scripts\\check_ping.bat 192.168.0.24
; Section for configuring the shared session.
[/settings/shared session]
; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false
; Section for configuring the crash handler.
[/settings/crash]
; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post
; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP
; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true
; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true
; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false
; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps
; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]
; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true
; PORT NUMBER - Port to use for check_nt.
port = 12489
; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60
; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path =
; Files to be included in the configuration
[/includes]
; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]
; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax =
; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false
; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072
; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true
; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]
[/paths]
; Path for certificate-path -
certificate-path = ${shared-path}/security
; Path for base-path -
base-path = C:\Program Files\NSClient++
; Path for crash-folder -
crash-folder = C:\Program Files\NSClient++
; Path for module-path -
module-path = ${shared-path}/modules
; Path for shared-path -
shared-path = C:\Program Files\NSClient++
; Path for exe-path -
exe-path = C:\Program Files\NSClient++Well, the "indirect_check_disk" command is not defined in the nsclient.ini file... You will need to define it, restart the NSClient++ service and try your check again./usr/local/nagios/libexec$ ./check_nrpe -H 192.168.0.100 -t 60 -c indirect_check_disk
No handler for command: indirect_check_disk
lmiltchev , that's not my problem , i solved it long time ago ; but when i upgraded to the stable version of NSclient i got this problem :lmiltchev wrote:Well, the "indirect_check_disk" command is not defined in the nsclient.ini file... You will need to define it, restart the NSClient++ service and try your check again./usr/local/nagios/libexec$ ./check_nrpe -H 192.168.0.100 -t 60 -c indirect_check_disk
No handler for command: indirect_check_disk
Code: Select all
# If you want to fill this file with all avalible options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help
; Undocumented section
[/settings/default]
; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30
; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true
; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 127.0.0.1,192.168.0.11/24
; PASSWORD - Password used to authenticate against server
password = nagiosadmin
; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
bind to =
; Undocumented section
[/settings/NRPE/server]
; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = true
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; PORT NUMBER - Port to use for NRPE.
port = 5666
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. none The server will not send a client certificate request to the client, so the client will not send a certificate. peer The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert Alias for peer and fail-if-no-cert. workarounds Various bug workarounds. single Always create a new key when using tmp_dh parameters. client-once Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer
verify mode = peer-cert
; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. default-workarounds Various workarounds for what I understand to be broken ssl implementations no-sslv2 Do not use the SSLv2 protocol. no-sslv3 Do not use the SSLv3 protocol. no-tlsv1 Do not use the TLSv1 protocol. single-dh-use Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).
ssl options = no-sslv2,no-sslv3
; Undocumented section
[/modules]
; Undocumented key
NSCAClient = 0
; Undocumented key
Scheduler = 0
; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1
; CheckExternalScripts - Execute external scripts
CheckExternalScripts = enabled
; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1
; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1
; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1
; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1
; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1
; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1
; A list of templates for wrapped scripts.
[/settings/external scripts/wrappings]
; WRAPPING - An external script wrapping
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -
; WRAPPING - An external script wrapping
bat = scripts\\%SCRIPT% %ARGS%
; WRAPPING - An external script wrapping
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%
; WRAPPING - An external script wrapping
An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop = check_a, check_a=check_loop)
[/settings/external scripts/alias]
; ALIAS - Query alias
alias_volumes = check_drivesize
; ALIAS - Query alias
alias_sched_all = check_tasksched show-all "syntax=${title}: ${exit_code}" "crit=exit_code ne 0"
; ALIAS - Query alias
alias_file_size = check_files "path=$ARG1$" "crit=size > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${size}" max-dir-depth=10
; ALIAS - Query alias
alias_service_ex = check_service "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc
; ALIAS - Query alias
alias_event_log = check_eventlog
; ALIAS - Query alias
default =
; ALIAS - Query alias
alias_cpu = check_cpu
; ALIAS - Query alias
alias_mem = check_memory
; ALIAS - Query alias
alias_volumes_loose = check_drivesize
; ALIAS - Query alias
alias_process_count = check_process "process=$ARG1$" "warn=count > $ARG2$" "crit=count > $ARG3$"
; ALIAS - Query alias
alias_up = check_uptime
; ALIAS - Query alias
alias_service = check_service
; ALIAS - Query alias
alias_process_stopped = check_process "process=$ARG1$" "crit=state != 'stopped'"
; ALIAS - Query alias
alias_sched_long = check_tasksched "filter=status = 'running'" "detail-syntax=${title} (${most_recent_run_time})" "crit=most_recent_run_time < -$ARG1$"
; ALIAS - Query alias
alias_sched_task = check_tasksched show-all "filter=title eq '$ARG1$'" "detail-syntax=${title} (${exit_code})" "crit=exit_code ne 0"
; ALIAS - Query alias
alias_disk_loose = check_drivesize
; ALIAS - Query alias
alias_disk = check_drivesize
; ALIAS - Query alias
alias_process_hung = check_process "filter=is_hung" "crit=count>0"
; ALIAS - Query alias
alias_process = check_process "process=$ARG1$" "crit=state != 'started'"
; ALIAS - Query alias
alias_cpu_ex = check_cpu "warn=load > $ARG1$" "crit=load > $ARG2$" time=5m time=1m time=30s
; ALIAS - Query alias
alias_file_age = check_files "path=$ARG1$" "crit=written > $ARG2$" "top-syntax=${list}" "detail-syntax=${filename] ${written}" max-dir-depth=10
; Configure which services has to be in which state
[/settings/system/windows/service mapping]
; A set of options to configure the real time checks
[/settings/system/windows/real-time]
; Add counters to check
[/settings/system/windows/counters]
; Section for system checks and system settings
[/settings/system/windows]
; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h
; Configure log file properties.
[/settings/log/file]
; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = 0
; Configure log properties.
[/settings/log]
; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info
; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S
; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log
; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]
; A set of options to configure the real time checks
[/settings/eventlog/real-time]
; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false
; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = false
; LOGS TO CHECK - Comma separated list of logs to check
log = application,system
; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
; Undocumented key
;indirect_check_ping = scripts\\check_ping.bat 192.168.0.24
; Section for configuring the shared session.
[/settings/shared session]
; ENABLE THE SAHRED SESSION - This is currently not added in 0.4.x
enabled = false
; Section for configuring the crash handler.
[/settings/crash]
; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post
; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP
; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true
; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true
; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server)
submit = false
; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps
; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]
; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true
; PORT NUMBER - Port to use for check_nt.
port = 12489
; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60
; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :)
script path =
; Files to be included in the configuration
[/includes]
; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]
; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax =
; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false
; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072
; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true
; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]
[/paths]
; Path for certificate-path -
certificate-path = ${shared-path}/security
; Path for base-path -
base-path = C:\Program Files\NSClient++
; Path for crash-folder -
crash-folder = C:\Program Files\NSClient++
; Path for module-path -
module-path = ${shared-path}/modules
; Path for shared-path -
shared-path = C:\Program Files\NSClient++
; Path for exe-path -
exe-path = C:\Program Files\NSClient++
Code: Select all
verify mode = peer-certCode: Select all
allowed hosts = 127.0.0.1,192.168.0.11/24