Articles in this section

See more
Self help
FAQ
["FAQ"]

OP5 Monitor - Configure NSClient++ from the Windows command prompt

Avatar
ITRS Support
  • Updated
Follow

Intro

 

Note. You should not be using a version of NSClient++ less than 5. The latest version of NSClient is available here. This is 3rd party software and is not maintained by ITRS.

There are different methods of configuring NSClient++, this document describes the use of the nscp command in a Windows cmd window. A PowerShell window could also be used.  The examples below assume that the user has navigated to the default NSClient++ installation folder.

  

cd C:\Program Files\NSClient++

 

Help

NSClient++ has a comprehensive help menu.

C:\Program Files\NSClient++>nscp  --help

Or help for a particular sub-mode. In this case settings.

C:\Program Files\NSClient++>nscp settings --help

 

Listing configuration settings

Use nscp in settings mode to view configuration values. You can list all values or just a subsection of the values.

List all settings configured "outside" the defaults:

C:\Program Files\NSClient++>nscp settings --list

List a sub section (/settings/NRPE):

PS C:\Program Files\NSClient++> nscp settings --list --path /settings/NRPE

/settings/NRPE/server.allow arguments=true
/settings/NRPE/server.allow nasty characters=true
/settings/NRPE/server.dh=C:\Program Files\NSClient++\security\nrpe_dh_2048.pem
/settings/NRPE/server.insecure=true
/settings/NRPE/server.ssl options=
/settings/NRPE/server.verify mode=none

 

Change settings

E.g. If you need to change the settings of the "allow nasty characters" which determines whether certain special characters are allowed as command arguments for the NRPE server module., but can have security implications.

Change setting

C:\Program Files\NSClient++> nscp settings --path /settings/default --key "allow nasty characters" --set false

 

After making configuration changes, the NSCP service needs to be restarted (see below)

 

Restart nscp service

C:\Program Files\NSClient++> nscp service --stop
Stopping service.
C:\Program Files\NSClient++> nscp service --start
Starting NSCP

If using PowerShell, this can be done with one command.

C:\Program Files\NSClient++> Restart-Service nscp

 

Allowed hosts

There are two levels where you can set which server is allowed to talk to NSClient++ on the monitored Windows server.

  • Global
  • NSClient/server
  • NRPE/server

To check the settings:

C:\Program Files\NSClient++>nscp settings --list --path /settings/default
C:\Program Files\NSClient++>nscp settings --list --path /settings/NRPE/server
C:\Program Files\NSClient++>nscp settings --list --path /settings/NSClient/server

The most common way to solve this is to set "allowed hosts" for both NRPE and NSClient like this:

C:\Program Files\NSClient++>nscp settings --path /settings/default --key "allowed hosts" --set "127.0.0.1,::1,172.27.86.0/24,10.10.10.0/24,192.168.1.0/24"

You might not want to allow connections via NRPE (check_nrpe on the Monitor server) then set:

C:\Program Files\NSClient++>nscp settings --path /settings/NRPE/server --key "allowed hosts" --set "127.0.0.1,::1,172.27.86.0/24,10.10.10.0/24,192.168.1.0/24"

Do not forget to restart the NSClient++ service when done.

 

Turning on debug logging

Please keep in mind that when you are using debug logging with NSClient++ the log file will grow pretty fast. By default there are no rotation of the log files but in this section we will add a sort of rotating of the log file.

If done in the client .ini file, it would look something like this:

[/settings/log]
file name = nsclient-debug.log
level = debug
[/settings/log/file]
; Set log file size to 1Gb specified in bytes:
max size = 1073741824

But it can be set using the nscp command instead.

  1. First check the current log level: 
    C:\Program Files\NSClient++>nscp settings --list --path /settings/log
  2. Set log file name:
    C:\Program Files\NSClient++>nscp settings --path /settings/log --key "file name" --set "nsclient-debug.log"
  3. Set the log level:
    C:\Program Files\NSClient++>nscp settings --path /settings/log --key "level" --set "debug"
  4. Set rotation after 1Gb:
    C:\Program Files\NSClient++>nscp settings --path /settings/log/file --key "max size" --set "1073741824"
  5. Let's check the new settings:
    C:\Program Files\NSClient++>nscp settings --list --path /settings/log

    /settings/log/file.max size=1073741824
    /settings/log.file name=nsclient-debug.log
    /settings/log.level=debug

Restart the NSClient++ service when done.

Modules

If you need to use a module that is not activated by default, then you can make it available with "nscp settings". E.g. to use the WMI interface in NSClient++ then you need to activate the module CheckWMI.

List all active modules

C:\Program Files\NSClient++>nscp settings --list --path /modules

Activate module

C:\Program Files\NSClient++>nscp settings --activate-module CheckWMI

If you were to list active modules once more, you would see that CheckWMI is now enabled.

Note! Remember to restart the NSClient++ service when done.

Serve NSClient++ configuration via HTTP

In NSClient++ allows the configuration to be stored on a remote HTTP server. You can set up a central configuration site for all your NSClient++ installations. NSClient++ will periodically check for updates of the ini file on the HTTP server.

Note! This only works with HTTP, not over HTTPS so this configuration has security implications

You need to set up an HTTP server that your NSClient machine can connect to and place an nsclient.ini/op5.ini file in an accessible directory.

In this example on host 10.10.10.4 there is a nsclient subdirectory for the ini file.

http://10.10.10.4/nsclient/nsclient.ini

The NSClient Windows machine need to be instructed to use the configuration found on the HTTP server.

C:\Program Files\NSClient++>nscp settings --switch http://10.10.10.4/nsclient/nsclient.ini

NSClient++ will now need to be restarted

 

If the HTTP server becomes unreachable, NSClient++ will be use the last version of the settings it had downloaded.

To revert to using the local registry


C:\Program Files\NSClient++>nscp settings --switch registry

NSClient++ will again need to be restarted

 

Examples

Below you will find examples of how what can be done. Remember to restart the NSClient++ service after you have changed the configuration.

Allow arguments for the NRPE server

C:\Program Files\NSClient++>nscp settings --path /settings/NRPE/server --key "allow arguments" --set true

Allow nasty characters as arguments for the NRPE server

C:\Program Files\NSClient++>nscp settings --path /settings/NRPE/server --key "allow nasty characters" --set true

Allow arguments for external scripts

C:\Program Files\NSClient++>nscp settings --path "/settings/external scripts" --key "allow arguments" --set true

Add an external script

Without arguments:

C:\Program Files\NSClient++>nscp settings --path "/settings/external scripts/scripts" --key "test_ps1" --set "cmd /c echo scripts\check_test.ps1; exit($lastexitcode) | powershell.exe -command -"

With arguments:

C:\Program Files\NSClient++>nscp settings --path "/settings/external scripts/scripts" --key "test_ps1" --set "cmd /c echo scripts\check_test.ps1 "--argument" "$ARG1$" --foo --bar; exit($lastexitcode) | powershell.exe -command -"

 

More information

Please take a look at the official NSClient++ documentation for more information.


    Tags:
  • nsclient
  • OP5 Monitor
  • nscp
  • exported_docs_10_05_24

Related articles

Comments

0 comments

Please sign in to leave a comment.