Windows Monitoring - netways
Windows Monitoring - netways Windows Monitoring - netways
Distributed via NRPE? Does not support:◦ Passive◦ Encryption (for real)◦ Authentication◦ Big payloads◦ Multiple commands◦ Firewall friendly protocol (ie. HTTP)◦ … But we can still use it◦ Inside the network◦ Where big payloads are not required◦ When we only need active monitoring
- Page 2: Distributed via NSCA? Does not supp
- Page 6 and 7: Other options Distributed NSCP◦ N
- Page 10 and 11: Old configuration: NRPE[modules]NRP
- Page 12 and 13: NSCA Main changes◦ Scheduling is
- Page 14 and 15: New configuration: NSCA[/modules]NS
- Page 16 and 17: Targets A target defines a “targe
- Page 18 and 19: Command Handlers (Command) Handlers
- Page 20 and 21: NRPE to NSCA proxy Purpose◦ Setup
- Page 22 and 23: Config: Schedule commands[/modules]
- Page 24 and 25: Config: Forward results[/modules]NS
Distributed via NRPE? Does not support:◦ Passive◦ Encryption (for real)◦ Authentication◦ Big payloads◦ Multiple commands◦ Firewall friendly protocol (ie. HTTP)◦ … But we can still use it◦ Inside the network◦ Where big payloads are not required◦ When we only need active monitoring
Distributed via NSCA? Does not support◦ Active◦ Big payloads◦ Firewall friendly protocol (ie. HTTP)◦ … But we can still use it◦ Inside the network.◦ Where big payloads are not required◦ When we only need passive monitoring
Distributed via NSCP? Does not support:◦ Firewall friendly protocol (ie. HTTP)• Will come in next major release◦ Experimental But we can still use it◦ When we want play around◦ Inside the network (currently)
Other options Distributed NSCP◦ No encryption support◦ Not firewall friendly protocol (ie. HTTP) Syslog◦ Not really good for metrics/status◦ No support for active checks◦ Not firewall friendly protocol (ie. HTTP) SMTP◦ Not practical◦ No support for active checks• Will come in next major release◦ Not real time◦ Firewall friendly?
Summary of protocolsProtocol Paradigm Encryption Auth PayloadMultiple- Multiple-Arguments commandsHTTPNSClient Active No Yes No Yes No NoNRPE Active No No 1024 Yes No NoNSCA Passive Yes Yes 512 Yes Yes NoNSCP All Yes Yes ∞ Yes Yes YesD-NSCP MQ No Yes ∞ Yes Yes NoSyslog ? No No 1024 N/A N/A NoSMTP ? Yes ? ∞ Yes Yes Nocheck_mk Active ? No ∞ No Yes NoNRDP Passive Yes Yes ∞ Yes Yes Yes
Old configuration: NRPE[modules]NRPEListener.dllCheckExternalScripts.dll[NRPE]port=5666allow_arguments=0allow_nasty_meta_chars=0allowed_hosts=192.168.0.1[External Script]allow_arguments=0allow_nasty_meta_chars=0[External Scripts]check_es_ok=scripts\ok.bat[External Alias]alias_cpu=checkCPU warn=80 time=1m
New configuration: NRPE[/modules]NRPEListener=CheckExternalScripts=[/settings/NRPE/server]port=5666allow arguments=0allow nasty characters=0use ssl=trueallowed hosts=192.168.0.1[/settings/external scripts]allow arguments=0allow nasty characters=0[/settings/external scripts/scrips]check_es_ok=scripts\ok.bat[/settings/external scripts/alias]alias_cpu=checkCPU warn=80 time=1mcertificate=${certificate-path}/nrpe_dh_512.pem
NSCA Main changes◦ Scheduling is a separate module Main Configuration changes◦ Schedules are much more configurable◦ Supports multiple NSCA servers Compatible◦ Should be Upgradable◦ nscp settings --migrate-to ini
Old configuration: NSCA[modules]NSCAAgent.dllCheckExternalScripts.dll[NSCA Agent]interval=5encryption_method=14password=foobarnsca_host=192.168.0.1nsca_port=5667[NSCA Commands]cpu=checkCPU warn=80 time=1mhost_check=check_ok
New configuration: NSCA[/modules]NSCAClient=[/modules]Scheduler=[/settings/NSCA/client/targets/default]host=192.168.0.1port=5667password=secretencryption=nonetime offset=-1h[/settings/scheduler/schedules/default]channel=NSCAinterval=5s[/settings/scheduler/schedules]cpu=checkCPU warn=80 time=1mhost_check=check_ok
Distribute monitoringwith NSClient++New configuration concepts
Targets A target defines a “target” host There is usually a “default” target There can be any number of targets Targets can be either local or global Targets consist of:◦ Host◦ port◦ address (=host:port)◦ alias◦ parent◦ And any arbitrary strings required
Targets (sample)[/settings/NRPE/client/targets]test=192.168.0.1:5666[/settings/NRPE/client/targets/foobar]address=192.168.0.1:5666ssl=false[/targets]foobar=192.168.0.1:5666
Command Handlers (Command) Handlers defines command A list of command handlers◦ = Syntax is the “same” (as for nscp.exe)◦ In the future you will be able to configure these more[/settings/NRPE/client/handlers]test=query --host 192.168.0.1--command $ARG1$
Distribute monitoringwith NSClient++Scenarios
NRPE to NSCA proxy Purpose◦ Setup checking by proxy Required components◦ Scheduler• Running our checks◦ NRPEClient• Execute checks◦ NSCAClient• Forward results Experimentalness◦ Low
The ConceptNSClient++Schedulerforward requestnscanrpeNetworkNRPEClientNSCAClientNetworknsca
Config: Schedule commands[/modules]Scheduler=1[/settings/scheduler/schedules/sample]channel=NSCAalias=system_x_okcommand=check_r_ok xinterval=5s
Config: Execute Commands[/modules]NRPEClient=1[/settings/nrpe/client/targets]x=nrpe://192.168.0.1:5666[/settings/nrpe/client/handlers]check_r_ok=query --command check_ok--target $ARG1$
Config: Forward results[/modules]NSCAClient=1[/settings/nsca/client/targets/default]host=192.168.0.1password=secretencryption=nonetime offset=-1h
Testingnscp test
Change language