Re: Using NRPE for windows server
Posted: Fri Jan 05, 2018 9:37 am
That worked now all i need to do is have it show up on nagios side now to receive system checks from the windows servers. I know i need to create a template and add the service to it can you point me in the right direction on this thanks.
npolovenko wrote:@skypete, Looks like your nsclient.ini file is missing a few config options. Try replacing the whole ini file with mine below.After you replaced it please restart NSclient(you can do that from the command line or from the GUI windows services menu). After that, you may navigate to the /usr/local/nagios/libexec/ folder on your Nagios server and run the following command:Code: Select all
# If you want to fill this file with all available options run the following command: # nscp settings --generate --add-defaults --load-all # If you want to activate a module and bring in all its options use: # nscp settings --activate-module <MODULE NAME> --add-defaults # For details run: nscp settings --help ; TODO [/settings/default] ; Undocumented key password = 12345 ; Undocumented key allowed hosts = 127.0.0.1,::1,192.168.128.130 ; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server. cache allowed hosts = 1 ; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. timeout = 30 ; TODO [/modules] ; Undocumented key CheckHelpers = 1 ; Undocumented key CheckEventLog = 1 ; Undocumented key CheckNSCP = 1 ; Undocumented key CheckSystem = 1 ; Undocumented key NSClientServer = 1 ; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests. NRPEServer = 1 ; CheckExternalScripts - Execute external scripts CheckExternalScripts = 1 ; CheckDisk - CheckDisk can check various file and disk related things. CheckDisk = 1 ; A set of options to configure the real time checks [/settings/system/windows/real-time] ; Configure which services has to be in which state [/settings/system/windows/service mapping] ; TODO [/settings/system/windows/counters/default] ; TODO [/settings/system/windows/counters] ; TODO [/settings/log/file] ; TODO [/settings/log] ; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace level = debug ; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve. date format = %Y-%m-%d %H:%M:%S ; FILENAME - The file to write log data to. Set this to none to disable log to file. file name = ${exe-path}/nsclient.log ; TODO [/settings/system/windows] ; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU). default buffer length = 1h ; TODO [/settings/external scripts/scripts/default] ; IGNORE PERF DATA - Do not parse performance data from the output ignore perfdata = 1 ; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script. [/settings/external scripts/wrapped scripts] check_windows_time = check_windows_time.bat.pool.ntp.org $ARG1$ $ARG2$ ; TODO [/settings/external scripts/alias] ; TODO [/settings/eventlog/real-time/filters/default] ; EMPTY MESSAGE - The message to display if nothing matches the filter (generally considered the ok state). empty message = eventlog found no records ; MAGIMUM AGE - How long before reporting "ok". If this is set to "false" no periodic ok messages will be reported only errors. maximum age = 5m ; A set of filters to use in real-time mode [/settings/eventlog/real-time/filters] ; TODO [/settings/eventlog/real-time] ; STARTUP AGE - The initial age to scan when starting NSClient++ startup age = 30m ; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly. enabled = 0 ; LOGS TO CHECK - Comma separated list of logs to check log = application,system ; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog. debug = 0 ; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments> [/settings/external scripts/scripts] restart_service = scripts\restart_service.bat "$ARG1$" check_windows_time=scripts\check_windows_time.bat $ARG1$ ; TODO [/settings/external scripts/alias/default] ; TODO [/settings/shared session] ; TODO [/settings/crash] ; RESTART SERVICE NAME - The url to submit crash reports to restart target = NSCP ; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in archive folder = ${crash-folder} ; RESTART - Submit crash reports to nsclient.org (or your configured submission server) restart = true ; SUBMISSION URL - The url to submit crash reports to submit url = https://crash.nsclient.org/post ; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder archive = true ; A set of filters to use in real-time mode [/settings/system/windows/real-time/checks] ; TODO [/settings/NSClient/server] ; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. use ssl = 0 ; PORT NUMBER - Port to use for check_nt. port = 12489 ; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data). performance data = 1 ; TODO [/settings/external scripts] ; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones. timeout = 80 ; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed. allow arguments = true ; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments. allow nasty characters = true ; TODO [/paths] ; Path for shared-path - shared-path = C:\Program Files\NSClient++ ; Path for module-path - module-path = ${shared-path}/modules ; Path for crash-folder - crash-folder = ${shared-path}/crash-dumps ; Path for exe-path - exe-path = C:\Program Files\NSClient++ ; Path for certificate-path - certificate-path = ${shared-path}/security ; Path for base-path - base-path = C:\Program Files\NSClient++ ; Files to be included in the configuration [/includes] ; TODO [/settings/eventlog] ; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog. debug = 0 ; LOOKUP NAMES - Lookup the names of eventlog files lookup names = 1 ; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve. buffer size = 131072 ; TODO [/settings/external scripts/wrappings] ; BATCH FILE WRAPPING - bat = scripts\\%SCRIPT% %ARGS% ; VISUAL BASIC WRAPPING - vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS% ; POWERSHELL WRAPPING - ps1 = cmd /c echo If (-Not (Test-Path "scripts\%SCRIPT%") ) { Write-Host "UNKNOWN: Script `"%SCRIPT%`" not found."; exit(3) }; scripts\%SCRIPT% $ARGS$; exit($lastexitcode) | powershell.exe /noprofile -command - ; TODO [/settings/NRPE/server] ; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. default-workarounds Various workarounds for what I understand to be broken ssl implementations no-sslv2 Do not use the SSLv2 protocol. no-sslv3 Do not use the SSLv3 protocol. no-tlsv1 Do not use the TLSv1 protocol. single-dh-use Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters). ssl options = ; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. none The server will not send a client certificate request to the client, so the client will not send a certificate. peer The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert Alias for peer and fail-if-no-cert. workarounds Various bug workarounds. single Always create a new key when using tmp_dh parameters. client-once Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer verify mode = none ; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client. insecure = true allow arguments = true allow nasty characters = true ; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. use ssl = 1 ; PORT NUMBER - Port to use for NRPE. port = 5666
*Replace the IP address with your windows Server's IP.Code: Select all
./check_nt -H 192.168.3.244 -s "12345" -p 12489 -v CPULOAD -l 5,80,90
You could also run this command:Let us know if these commands fail or succeed.Code: Select all
./check_nrpe -H 192.168.3.244