From deb1b3ee0a9a8f90d5bc2990bebffd79d4b8e7a3 Mon Sep 17 00:00:00 2001 From: Eric Loyd Date: Tue, 17 Sep 2019 13:47:16 -0400 Subject: [PATCH] nsclient and check_puppet from Windows --- check_Puppet.ps1 | 83 ++++++ nsclient.ini | 725 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 808 insertions(+) create mode 100644 check_Puppet.ps1 create mode 100644 nsclient.ini diff --git a/check_Puppet.ps1 b/check_Puppet.ps1 new file mode 100644 index 0000000..1633a95 --- /dev/null +++ b/check_Puppet.ps1 @@ -0,0 +1,83 @@ +$exitCodes = @{ + "UNKNOWN" = 3; + "CRITICAL" = 2; + "WARNING" = 1; + "OK" = 0 +} + +# check if puppet agent is installed on node +$service_name = 'puppet' + +try +{ + if ((get-service -Name $service_name -ea Stop).Status -ne "Running") + { + Write-Host "Service state:" (get-service -Name $service_name).Status + Exit $exitCodes.Critical + } + +} +catch +{ + Write-Host "Puppet agent is not installed." + exit $exitCodes.Critical +} + +$puppet_file = get-item 'C:\ProgramData\PuppetLabs\puppet\cache\state\last_run_summary.yaml' + +# first we are going to check the age of the status file +# if it's older than 1 hour (warning) or 24 hours (critical) +$puppet_file_write_time = $puppet_file.LastWriteTime +$date_string = $puppet_file_write_time -f {MM:dd:yy} + +if (((get-date) - $puppet_file_write_time).TotalHours -gt 24 ) +{ + Write-Host "Last catalog run -- $date_string" + exit $exitCodes.Critical +} +elseif (((get-date) - $puppet_file_write_time).TotalHours -gt 1 ) +{ + Write-Host "Last catalog run -- $date_string" + exit $exitCodes.Warning +} + +# get all items in status yaml file pertaining to events (if they exist) +[System.Collections.ArrayList]$content = get-content $puppet_file +$index = $content.Indexof("events:") +$events = @{} + +if ($index -ne -1) +{ + $range_events = $content.getRange(($index + 1),($content.count - ($index + 1))) + + foreach ($event in $range_events) + { + $event = $event.split(":") + $events.Add($event[0].trim(),$event[1].trim()) + } + + $output_string = "Last catalog run -- " + $date_string + "; Events -- " + + foreach ($key in $events.keys) + { + $output_string += $key +": " + $events[$key] + ", " + } + + $output_string = $output_string.trimEnd(", ") + + if ($events.failure -ne 0) + { + Write-Host $output_string + exit $exitCodes.Critical + } + else + { + Write-Host $output_string + exit $exitCodes.Ok + } +} +else +{ + Write-Host "Last catalog run -- $date_string; Catalog run failure" + exit $exitCodes.Critical +} \ No newline at end of file diff --git a/nsclient.ini b/nsclient.ini new file mode 100644 index 0000000..21db744 --- /dev/null +++ b/nsclient.ini @@ -0,0 +1,725 @@ +; A list of modules. + + +[/modules] + +; Helper function - Various helper function to extend other checks. This is also only supported through NRPE. +CauseCrashes = 1 + +; CheckDisk - CheckDisk can check various file and disk related things. The current version has commands to check Size of hard drives and directories. +CheckDisk = 1 + +; Event log Checker. - Check for errors and warnings in the event log. This is only supported through NRPE so if you plan to use only NSClient this wont help you at all. +CheckEventLog = 1 + +; Check External Scripts - A simple wrapper to run external scripts and batch files. +CheckExternalScripts = 1 + +; Helper function - Various helper function to extend other checks. This is also only supported through NRPE. +CheckHelpers = 1 + +; Event log Checker. - Check for errors and warnings in the event log. This is only supported through NRPE so if you plan to use only NSClient this wont help you at all. +CheckLogFile = 1 + +; check_mk client - A simple check_mk client for checking remote check_mk servers. +CheckMKClient = 0 + +; NSCP server - A simple server that listens for incoming NSCP connection and handles them. +CheckMKServer = 0 + +; Check NSCP - Checkes the state of the agent +CheckNSCP = 1 + +; CheckTaskSched - CheckTaskSched can check various file and disk related things. The current version has commands to check Size of hard drives and directories. +CheckTaskSched = 0 + +; CheckTaskSched2 - CheckTaskSched2 can check various file and disk related things. The current version has commands to check Size of hard drives and directories. +CheckTaskSched2 = 0 + +; CheckWMI - CheckWMI can check various file and disk related things. The current version has commands to check Size of hard drives and directories. +CheckWMI = 1 + +; GraphiteClient - Graphite client +GraphiteClient = 0 + +; LUAScript - LUAScript... +LUAScript = 1 + +; NRDPClient - Passive check support over NRDP +NRDPClient = 0 + +; NRPE client - NRPE client +NRPEClient = 1 + +; NRPE server - A simple server that listens for incoming NRPE connection and handles them. +NRPEServer = 1 + +; NSCAClient - Passive check support over NSCA. +NSCAClient = 0 + +; NSCA server (no encryption) - A simple server that listens for incoming NSCA connection and handles them. +NSCAServer = 0 + +; NSCP client - A simple client for checking remote NSCP servers. +NSCPClient = 1 + +; NSCP server - A simple server that listens for incoming NSCP connection and handles them. +NSCPServer = 1 + +; NSClient server - A simple server that listens for incoming NSClient (check_nt) connection and handles them. Although NRPE is the preferred method NSClient is fully supported and can be used for simplicity or for compatibility. +NSClientServer = 0 + +; SMTPClient - Passive check support via SMTP +SMTPClient = 0 + +; Sample plugin - A sample plugin to display how to make plugins... +SamplePluginSimple = 0 + +; Scheduler - A scheduler which schedules checks at regular intervals +Scheduler = 0 + +; SimpleCache module - Caches results for later checking. +SimpleCache = 0 + +; SimpleFileWriter module - FileWriters results for later checking. +SimpleFileWriter = 0 + +; SyslogClient - Passive check support via Syslog +SyslogClient = 0 + +; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters. +CheckSystem = enabled + + +; Section for SMTP passive check module. +[/settings/NRDP/client] + +; CHANNEL - The channel to listen to. +channel = NRDP + +; HOSTNAME - The host name of this host if set to blank (default) the windows name of the computer will be used. +hostname = auto + + +; Target definition for: default +[/settings/NRDP/client/targets/default] + +; TARGET ADDRESS - Target host address +address = + +; RECIPIENT - Recipient of email message +recipient = nscp@localhost + +; SENDER - Sender of email message +sender = nscp@localhost + +; TEMPLATE - Template for message data +template = Hello, this is %source% reporting %message%! + +; TIMEOUT - Timeout when reading/writing packets to/from sockets. +timeout = 12000 + + +; Section for NRPE active/passive check module. +[/settings/NRPE/client] + +; CHANNEL - The channel to listen to. +channel = NRPE + + +; Target definition for: default +[/settings/NRPE/client/targets/default] + +; TARGET ADDRESS - Target host address +address = + +; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH +allowed ciphers = ADH + +; SSL CERTIFICATE - +certificate = + +; PAYLOAD LENGTH - Length of payload to/from the NRPE agent. This is a hard specific value so you have to "configure" (read recompile) your NRPE agent to use the same value for it to work. +payload length = 1024 + +; TIMEOUT - Timeout when reading/writing packets to/from sockets. +timeout = 12000 + +; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. +use ssl = true + +; VERIFY MODE - +verify mode = none + + +; Section for NRPE (NRPEServer.dll) (check_nrpe) protocol options. +[/settings/NRPE/server] + +; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed. +allow arguments = true + +; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments. +allow nasty characters = true + +; PORT NUMBER - Port to use for NRPE. +port = 9666 + + +; Section for NSCA passive check module. +[/settings/NSCA/client] + +; CHANNEL - The channel to listen to. +channel = NSCA + +; HOSTNAME - The host name of this host if set to blank (default) the windows name of the computer will be used. +hostname = auto + + +; Target definition for: default +[/settings/NSCA/client/targets/default] + +; TARGET ADDRESS - Target host address +address = + +; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH +allowed ciphers = ADH + +; SSL CERTIFICATE - +certificate = + +; ENCRYPTION METHOD - Number corresponding to the various encryption algorithms (see the wiki). Has to be the same as the server or it wont work at all. +encryption = aes + +; PASSWORD - The password to use. Again has to be the same as the server or it wont work at all. +password = + +; TIMEOUT - Timeout when reading/writing packets to/from sockets. +timeout = 12000 + +; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. +use ssl = false + +; VERIFY MODE - +verify mode = none + + +; Section for NSCA (NSCAServer) (check_nsca) protocol options. +[/settings/NSCA/server] + +; ENCRYPTION - Encryption to use +encryption = aes + +; PASSWORD - Password to use +password = + +; PAYLOAD LENGTH - Length of payload to/from the NSCA agent. This is a hard specific value so you have to "configure" (read recompile) your NSCA agent to use the same value for it to work. +payload length = 512 + +; PERFORMANCE DATA - Send performance data back to nagios (set this to 0 to remove all performance data). +performance data = true + +; PORT NUMBER - Port to use for NSCA. +port = 5667 + +; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. +use ssl = false + + +; Section for NSClient (NSClientServer.dll) (check_nt) protocol options. +[/settings/NSClient/server] + +; PERFORMANCE DATA - Send performance data back to nagios (set this to 0 to remove all performance data). +performance data = true + +; PORT NUMBER - Port to use for check_nt. +port = 12489 + + +; Section for SMTP passive check module. +[/settings/SMTP/client] + +; CHANNEL - The channel to listen to. +channel = SMTP + + +; Target definition for: default +[/settings/SMTP/client/targets/default] + +; TARGET ADDRESS - Target host address +address = + +; RECIPIENT - Recipient of email message +recipient = nscp@localhost + +; SENDER - Sender of email message +sender = nscp@localhost + +; TEMPLATE - Template for message data +template = Hello, this is %source% reporting %message%! + +; TIMEOUT - Timeout when reading/writing packets to/from sockets. +timeout = 12000 + + +; Section for simple cache module (SimpleCache.dll). +[/settings/cache] + +; CHANNEL - The channel to listen to. +channel = CACHE + +; PRIMARY CACHE INDEX - Set this to the value you want to use as unique key for the cache (host, command, result,...). +primary index = ${alias-or-command} + + +; Section for system checks and system settings +[/settings/check/task schedule] + +; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one) +default buffer length = %title% last run: %most-recent-run-time% (%exit-code%) + + +; Section for NSCP active/passive check module. +[/settings/check_mk/client] + +; CHANNEL - The channel to listen to. +channel = NSCP + + +; Target definition for: default +[/settings/check_mk/client/targets/default] + +; TARGET ADDRESS - Target host address +address = + +; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH +allowed ciphers = ADH + +; SSL CERTIFICATE - +certificate = + +; TIMEOUT - Timeout when reading/writing packets to/from sockets. +timeout = 12000 + +; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. +use ssl = true + +; VERIFY MODE - +verify mode = none + + +; Section for check_mk (CheckMKServer.dll) protocol options. +[/settings/check_mk/server] + +; PORT NUMBER - Port to use for check_mk. +port = 6556 + + +; Configure crash handling properties. +[/settings/crash] + +; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder +archive = true + +; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in +archive folder = ${shared-path}/crash-dumps + +; RESTART - Submit crash reports to nsclient.org (or your configured submission server) +restart = true + +; RESTART SERVICE NAME - The url to submit crash reports to +restart target = NSClientpp + +; SUBMIT CRASHREPORTS - Submit crash reports to nsclient.org (or your configured submission server) +submit = false + +; SUBMISSION URL - The url to submit crash reports to +submit url = http://crash.nsclient.org/submit + + +; Section for the EventLog Checker (CheckEventLog.dll). +[/settings/eventlog] + +; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve. +buffer size = 131072 + +; DEBUG - Log more information when filtering (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog. +debug = false + +; LOOKUP NAMES - Lookup the names of eventlog files +lookup names = true + +; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one). +syntax = + + +; A set of options to configure the real time checks +[/settings/eventlog/real-time] + +; DEBUG - Log missed records (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog. +debug = false + +; REAL TIME CHECKING - Spawns a backgrounnd thread which detects issues and reports them back instantly. +enabled = false + +; LOGS TO CHECK - Comma separated list of logs to check +log = application,system + +; STARTUP AGE - The initial age to scan when starting NSClient++ +startup age = 30m + + +; A set of filters to use in real-time mode +[/settings/eventlog/real-time/filters] + + +; Section for external scripts configuration options (CheckExternalScripts). +[/settings/external scripts] + + +; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed. +allow arguments = true + +; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments. +allow nasty characters = true + +; SCRIPT DIRECTORY - Load all scripts in a directory and use them as commands. Probably dangerous but useful if you have loads of scripts :) +script path = + +; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones. +timeout = 12000 + + +; A list of aliases available. An alias is an internal command that has been "wrapped" (to add arguments). Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop) +[/settings/external scripts/alias] + +; alias_cpu - Alias for alias_cpu. To configure this item add a section called: /settings/external scripts/alias/alias_cpu +alias_cpu = checkCPU warn=80 crit=90 time=5m time=1m time=30s + +; alias_cpu_ex - Alias for alias_cpu_ex. To configure this item add a section called: /settings/external scripts/alias/alias_cpu_ex +alias_cpu_ex = checkCPU warn=$ARG1$ crit=$ARG2$ time=5m time=1m time=30s + +; alias_disk - Alias for alias_disk. To configure this item add a section called: /settings/external scripts/alias/alias_disk +alias_disk = CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED + +; alias_disk_loose - Alias for alias_disk_loose. To configure this item add a section called: /settings/external scripts/alias/alias_disk_loose +alias_disk_loose = CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED ignore-unreadable + +; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log +alias_event_log = CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)" + +; alias_file_age - Alias for alias_file_age. To configure this item add a section called: /settings/external scripts/alias/alias_file_age +alias_file_age = checkFile2 filter=out "file=$ARG1$" filter-written=>1d MaxWarn=1 MaxCrit=1 "syntax=%filename% %write%" + +; alias_file_size - Alias for alias_file_size. To configure this item add a section called: /settings/external scripts/alias/alias_file_size +alias_file_size = CheckFiles "filter=size > $ARG2$" "path=$ARG1$" MaxWarn=1 MaxCrit=1 "syntax=%filename% %size%" max-dir-depth=10 + +; alias_mem - Alias for alias_mem. To configure this item add a section called: /settings/external scripts/alias/alias_mem +alias_mem = checkMem MaxWarn=80% MaxCrit=90% ShowAll=long type=physical type=virtual type=paged type=page + +; alias_process - Alias for alias_process. To configure this item add a section called: /settings/external scripts/alias/alias_process +alias_process = checkProcState "$ARG1$=started" + +; alias_process_count - Alias for alias_process_count. To configure this item add a section called: /settings/external scripts/alias/alias_process_count +alias_process_count = checkProcState MaxWarnCount=$ARG2$ MaxCritCount=$ARG3$ "$ARG1$=started" + +; alias_process_hung - Alias for alias_process_hung. To configure this item add a section called: /settings/external scripts/alias/alias_process_hung +alias_process_hung = checkProcState MaxWarnCount=1 MaxCritCount=1 "$ARG1$=hung" + +; alias_process_stopped - Alias for alias_process_stopped. To configure this item add a section called: /settings/external scripts/alias/alias_process_stopped +alias_process_stopped = checkProcState "$ARG1$=stopped" + +; alias_sched_all - Alias for alias_sched_all. To configure this item add a section called: /settings/external scripts/alias/alias_sched_all +alias_sched_all = CheckTaskSched "filter=exit_code ne 0" "syntax=%title%: %exit_code%" warn=>0 + +; alias_sched_long - Alias for alias_sched_long. To configure this item add a section called: /settings/external scripts/alias/alias_sched_long +alias_sched_long = CheckTaskSched "filter=status = 'running' AND most_recent_run_time < -$ARG1$" "syntax=%title% (%most_recent_run_time%)" warn=>0 + +; alias_sched_task - Alias for alias_sched_task. To configure this item add a section called: /settings/external scripts/alias/alias_sched_task +alias_sched_task = CheckTaskSched "filter=title eq '$ARG1$' AND exit_code ne 0" "syntax=%title% (%most_recent_run_time%)" warn=>0 + +; alias_service - Alias for alias_service. To configure this item add a section called: /settings/external scripts/alias/alias_service +alias_service = checkServiceState CheckAll + +; alias_service_ex - Alias for alias_service_ex. To configure this item add a section called: /settings/external scripts/alias/alias_service_ex +alias_service_ex = checkServiceState CheckAll "exclude=Net Driver HPZ12" "exclude=Pml Driver HPZ12" exclude=stisvc + +; alias_up - Alias for alias_up. To configure this item add a section called: /settings/external scripts/alias/alias_up +alias_up = checkUpTime MinWarn=1d MinWarn=1h + +; alias_updates - Alias for alias_updates. To configure this item add a section called: /settings/external scripts/alias/alias_updates +alias_updates = check_updates -warning 0 -critical 0 + +; alias_volumes - Alias for alias_volumes. To configure this item add a section called: /settings/external scripts/alias/alias_volumes +alias_volumes = CheckDriveSize MinWarn=10% MinCrit=5% CheckAll=volumes FilterType=FIXED + +; alias_volumes_loose - Alias for alias_volumes_loose. To configure this item add a section called: /settings/external scripts/alias/alias_volumes_loose +alias_volumes_loose = CheckDriveSize MinWarn=10% MinCrit=5% CheckAll=volumes FilterType=FIXED ignore-unreadable + +; default - Alias for default. To configure this item add a section called: /settings/external scripts/alias/default +default = + + +; A list of scripts available to run from the CheckExternalScripts module. Syntax is: =