CheckSystem

Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.

List of commands:

A list of all available queries (check commands)

Command Description
check_cpu Check that the load of the CPU(s) are within bounds.
check_memory Check free/used memory on the system.
check_network Check network interface status.
check_os_version Check the version of the underlaying OS.
check_pagefile Check the size of the system pagefile(s).
check_pdh Check the value of a performance (PDH) counter on the local or remote system.
check_process Check state/metrics of one or more of the processes running on the computer.
check_service Check the state of one or more of the computer services.
check_uptime Check time since last server re-boot.
checkcounter Legacy version of check_pdh
checkcpu Legacy version of check_cpu
checkmem Legacy version of check_mem
checkprocstate Legacy version of check_process
checkservicestate Legacy version of check_service
checkuptime Legacy version of check_uptime

List of command aliases:

A list of all short hand aliases for queries (check commands)

Command Description
check_counter Alias for: :query:check_pdh

Configuration Keys:

Path / Section Key Description
/settings/system/windows default buffer length Default buffer time
/settings/system/windows disable Disable automatic checks
/settings/system/windows subsystem PDH subsystem
Path / Section Description
/settings/system/windows/counters PDH Counters
/settings/system/windows/real-time/checks Legacy generic filters
/settings/system/windows/real-time/cpu Realtime cpu filters
/settings/system/windows/real-time/memory Realtime memory filters
/settings/system/windows/real-time/process Realtime process filters

Queries

A quick reference for all available queries (check commands) in the CheckSystem module.

check_cpu

Check that the load of the CPU(s) are within bounds.

The check_cpu command is a query based command which means it has a filter where you can use a filter expression with filter keywords to define which rows are relevant to the check. The filter is written using the filter query language and in it you can use various filter keywords to define the filtering logic. The filter keywords can also be used to create the bound expressions for the warning and critical which defines when a check returns warning or critical.

Sample Commands

To edit these sample please edit this page

Default check:

check_cpu
CPU Load ok
'total 5m load'=0%;80;90 'total 1m load'=0%;80;90 'total 5s load'=7%;80;90

Checking all cores by adding filter=none (disabling the filter):

check_cpu filter=none "warn=load > 80" "crit=load > 90"
CPU Load ok
'core 0 5m kernel'=1%;10;0 'core 0 5m load'=3%;80;90 'core 1 5m kernel'=0%;10;0 'core 1 5m load'=0%;80;90 ...  'core 7 5s load'=15%;80;90 'total 5s kernel'=3%;10;0 'total 5s load'=7%;80;90

Adding kernel times to the check::

check_cpu filter=none "warn=kernel > 10 or load > 80" "crit=load > 90" "top-syntax=${list}"
core 0 > 3, core 1 > 0, core 2 > 0, core  ... , core 7 > 15, total > 7
'core 0 5m kernel'=1%;10;0 'core 0 5m load'=3%;80;90 'core 1 5m kernel'=0%;10;0 'core 1 5m load'=0%;80;90 ...  'core 7 5s load'=15%;80;90 'total 5s kernel'=3%;10;0 'total 5s load'=7%;80;90

Default check via NRPE::

check_nscp --host 192.168.56.103 --command check_cpu
CPU Load ok|'total 5m'=16%;80;90 'total 1m'=13%;80;90 'total 5s'=13%;80;90

Command-line Arguments

Option Default Value Description
filter core = ‘total’ Filter which marks interesting items.
warning load > 80 Filter which marks items which generates a warning state.
warn Short alias for warning
critical load > 90 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${problem_list} Top level syntax.
ok-syntax %(status): CPU load is ok. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${time}: ${load}% Detail level syntax.
perf-syntax ${core} ${time} Performance alias syntax.
time The time to check

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

Deafult Value: | core = 'total'

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Deafult Value: | load > 80

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Deafult Value: | load > 90

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${problem_list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Deafult Value: | %(status): CPU load is ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${time}: ${load}%

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | ${core} ${time}

Filter keywords

Option Description
core The core to check (total or core ##)
core_id The core to check (total or core_##)
count Number of items matching the filter. Common option for all checks.
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
idle The current idle load for a given core
kernel The current kernel load for a given core
list A list of all items which matched the filter. Common option for all checks.
load The current load for a given core
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
time The time frame to check
total Total number of items. Common option for all checks.
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.

check_memory

Check free/used memory on the system.

Sample Commands

To edit these sample please edit this page

Default check:

check_memory
OK memory within bounds.
'page used'=8G;19;21 'page used %'=33%;79;89 'physical used'=7G;9;10 'physical used %'=65%;79;89

Using –show-all to show the result:

check_memory "warn=free < 20%" "crit=free < 10G" --show-all
page = 8.05G, physical = 7.85G
'page free'=15G;4;2 'page free %'=66%;19;9 'physical free'=4G;2;1 'physical free %'=34%;19;9

Changing the return syntax to include more information::

check_memory "top-syntax=${list}" "detail-syntax=${type} free: ${free} used: ${used} size: ${size}"
page free: 16G used: 7.98G size: 24G, physical free: 4.18G used: 7.8G size: 12G

Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_memory
OK memory within bounds.|'page'=531G;3;3;0;3 'page %'=12%;79;89;0;100 'physical'=530G;1;1;0;1 'physical %'=25%;79;89;0;100

Overriding the unit:

Most “byte” checks such as memory have an auto scaling feature which means values wqill go from 800M to 1.2G between checks. Some graphing systems does not honor the units in performance data in which case you can get unexpected large values (such as 800G). To remedy this you can lock the unit by adding perf-config=*(unit:G)

check_memory perf-config=*(unit:G)
page = 8.05G, physical = 7.85G
'page free'=15G;4;2 'page free %'=66%;19;9 'physical free'=4G;2;1 'physical free %'=34%;19;9

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning used > 80% Filter which marks items which generates a warning state.
warn Short alias for warning
critical used > 90% Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax ${type} = ${used} Detail level syntax.
perf-syntax ${type} Performance alias syntax.
type The type of memory to check (physical = Physical memory (RAM), committed = total memory (RAM+PAGE)

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Deafult Value: | used > 80%

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Deafult Value: | used > 90%

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${type} = ${used}

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | ${type}

Filter keywords

Option Description
count Number of items matching the filter. Common option for all checks.
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
free Free memory in bytes (g,m,k,b) or percentages %
free_pct % free memory
list A list of all items which matched the filter. Common option for all checks.
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
size Total size of memory
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
total Total number of items. Common option for all checks.
type The type of memory to check
used Used memory in bytes (g,m,k,b) or percentages %
used_pct % used memory
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.

check_network

Check network interface status.

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning total > 10000 Filter which marks items which generates a warning state.
warn Short alias for warning
critical total > 100000 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state critical Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax %(status): Network interfaces seem ok. ok syntax.
empty-syntax Empty syntax.
detail-syntax ${name} >${sent} <${received} bps Detail level syntax.
perf-syntax ${name} Performance alias syntax.

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Deafult Value: | total > 10000

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Deafult Value: | total > 100000

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | critical

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Deafult Value: | %(status): Network interfaces seem ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${name} >${sent} <${received} bps

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | ${name}

Filter keywords

Option Description
MAC The MAC address
count Number of items matching the filter. Common option for all checks.
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
enabled True if the network interface is enabled
list A list of all items which matched the filter. Common option for all checks.
name Network interface name
net_connection_id Network connection id
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
received Bytes received per second
sent Bytes sent per second
speed The network interface speed
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
total Total number of items. Common option for all checks.
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.

check_os_version

Check the version of the underlaying OS.

Sample Commands

To edit these sample please edit this page

Default check:

check_os_Version
L     client CRITICAL: Windows 7 (6.1.7601)
L     client  Performance data: 'version'=61;50;50

Making sure the OS version is Windows 8:

check_os_Version "warn=version < 62"
L     client WARNING: Windows 7 (6.1.7601)
L     client  Performance data: 'version'=61;62;0

Default check via NRPE:

check_nrpe --host 192.168.56.103 --command check_os_version
Windows 2012 (6.2.9200)|'version'=62;50;50

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning version <= 50 Filter which marks items which generates a warning state.
warn Short alias for warning
critical version <= 50 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax ${version} (${major}.${minor}.${build}) Detail level syntax.
perf-syntax version Performance alias syntax.

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Deafult Value: | version <= 50

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Deafult Value: | version <= 50

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${version} (${major}.${minor}.${build})

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | version

Filter keywords

Option Description
build Build version number
count Number of items matching the filter. Common option for all checks.
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
list A list of all items which matched the filter. Common option for all checks.
major Major version number
minor Minor version number
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
suite Which suites are installed on the machine (Microsoft BackOffice, Web Edition, Compute Cluster Edition, Datacenter Edition, Enterprise Edition, Embedded, Home Edition, Remote Desktop Support, Small Business Server, Storage Server, Terminal Services, Home Server)
total Total number of items. Common option for all checks.
version The system version
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.

check_pagefile

Check the size of the system pagefile(s).

Sample Commands

To edit these sample please edit this page

Default options:

check_pagefile
L     client WARNING: \Device\HarddiskVolume2\pagefile.sys 24.3M (32M)
L     client  Performance data: '\??\D:\pagefile.sys'=1G;14;19;0;23 '\??\D:\pagefile.sys %'=6%;59;79;0;100 '\Device\HarddiskVolume2\pagefile.sys'=24M;19;25;0;32 '\Device\HarddiskVolume2\pagefile.sys %'=75%;59;79;0;100 'total'=1G;14;19;0;23 'total %'=6%;59;79;0;100

Only showing the total amount of pagefile usage::

check_pagefile "filter=name = 'total'" "top-syntax=${list}"
OK: total 1.66G (24G)
Performance data: 'total'=1G;14;19;0;23 'total %'=6%;59;79;0;100

Getting help on avalible options::

check_pagefile help
...
  filter=ARG           Filter which marks interesting items.
                       Interesting items are items which will be included in
                       the check.
                       They do not denote warning or critical state but they
                       are checked use this to filter out unwanted items.
                           Avalible options:
                       free          Free memory in bytes (g,m,k,b) or percentages %
                       name          The name of the page file (location)
                       size          Total size of pagefile
                       used          Used memory in bytes (g,m,k,b) or percentages %
                       count         Number of items matching the filter
                       total         Total number of items
                       ok_count      Number of items matched the ok criteria
                       warn_count    Number of items matched the warning criteria
                       crit_count    Number of items matched the critical criteria
                       problem_count Number of items matched either warning or critical criteria
...

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning used > 60% Filter which marks items which generates a warning state.
warn Short alias for warning
critical used > 80% Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax ${name} ${used} (${size}) Detail level syntax.
perf-syntax ${name} Performance alias syntax.

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Deafult Value: | used > 60%

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Deafult Value: | used > 80%

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${name} ${used} (${size})

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | ${name}

Filter keywords

Option Description
count Number of items matching the filter. Common option for all checks.
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
free Free memory in bytes (g,m,k,b) or percentages %
free_pct % free memory
list A list of all items which matched the filter. Common option for all checks.
name The name of the page file (location)
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
size Total size of pagefile
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
total Total number of items. Common option for all checks.
used Used memory in bytes (g,m,k,b) or percentages %
used_pct % used memory
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.

check_pdh

Check the value of a performance (PDH) counter on the local or remote system. The counters can also be added and polled periodcally to get average values. Performance Log Users group membership is required to check performance counters.

Sample Commands

To edit these sample please edit this page

Checking specific Counter (\System\System Up Time):

check_pdh "counter=\\System\\System Up Time" "warn=value > 5" "crit=value > 9999"
\System\System Up Time = 204213
'\System\System Up Time value'=204213;5;9999

Using the expand index to check for translated counters::

check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999" expand-index
Everything looks good
'\Minne\Dedikationsgräns value'=-2147483648;5;9999

Checking translated counters without expanding indexes::

check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999"
Everything looks good
'\4\30 value'=-2147483648;5;9999

Checking large values using the type=large keyword::

check_pdh "counter=\\4\\30" "warn=value > 5" "crit=value > 9999" flags=nocap100 expand-index type=large
\Minne\Dedikationsgräns = 25729224704
'\Minne\Dedikationsgräns value'=25729224704;5;9999

Using real-time checks to check avergae values over time.

Here we configure a counter to be checked at regular intervals and the value is added to a rrd buffer. The configuration from nsclient.ini::

[/settings/system/windows/counters/foo]
collection strategy=rrd
type=large
counter=\Processor(_total)\% Processor Time

Then we can check the value (current snapshot)::

check_pdh "counter=foo" "warn=value > 80" "crit=value > 90"
Everything looks good
'foo value'=18;80;90

To check averages from the same counter we need to specify the time option::

check_pdh "counter=foo" "warn=value > 80" "crit=value > 90" time=30s
Everything looks good
'foo value'=3;80;90

Checking all instances of a given counter::

    check_pdh "counter=\Processor(*)\% processortid" instances
L     client OK: \\MIME-LAPTOP\Processor(0)\% processortid = 100, \\MIME-LAPTOP\Processor(1)\% processortid = 100, \\MIME-LAPTOP\Processor(2)\% processortid = 100, \\MIME-LAPTOP\Processor(3)\% processortid = 100, \\MIME-LAPTOP\Processor(4)\% processortid = 100, \\MIME-LAPTOP\Processor(5)\% processortid = 100, \\MIME-LAPTOP\Processor(6)\% processortid = 100, \\MIME-LAPTOP\Processor(7)\% processortid = 100, \\MIME-LAPTOP\Processor(_Total)\% processortid = 100
    L     client  Performance data: '\Processor(*)\% processortid_0'=100;0;0 '\Processor(*)\% processortid_1'=100;0;0 '\Processor(*)\% processortid_2'=100;0;0 '\Processor(*)\% processortid_3'=100;0;0 '\Processor(*)\% processortid_4'=100;0;0 '\Processor(*)\% processortid_5'=100;0;0 '\Processor(*)\% processortid_6'=100;0;0 '\Processor(*)\% processortid_7'=100;0;0 '\Processor(*)\% processortid__Total'=100;0;0

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning Filter which marks items which generates a warning state.
warn Short alias for warning
critical Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state unknown Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax ${alias} = ${value} Detail level syntax.
perf-syntax ${alias} Performance alias syntax.
counter Performance counter to check
expand-index N/A Expand indexes in counter strings
instances N/A Expand wildcards and fetch all instances
reload N/A Reload counters on errors (useful to check counters which are not added at boot)
averages N/A Check average values (ie. wait for 1 second to collecting two samples)
time Timeframe to use for named rrd counters
flags Extra flags to configure the counter (nocap100, 1000, noscale)
type large Format of value (double, long, large)
ignore-errors N/A If we should ignore errors when checking counters, for instance missing counters or invalid counters will return 0 instead of errors

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | unknown

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${alias} = ${value}

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | ${alias}

type:

Format of value (double, long, large)

Deafult Value: | large

Filter keywords

Option Description
alias The counter alias
count Number of items matching the filter. Common option for all checks.
counter The counter name
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
list A list of all items which matched the filter. Common option for all checks.
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
time The time for rrd checks
total Total number of items. Common option for all checks.
value The counter value (either float or int)
value_f The counter value (force float value)
value_i The counter value (force int value)
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.

check_process

Check state/metrics of one or more of the processes running on the computer.

Sample Commands

To edit these sample please edit this page

Default check:

check_process
SetPoint.exe=hung
Performance data: 'taskhost.exe'=1;1;0 'dwm.exe'=1;1;0 'explorer.exe'=1;1;0 ... 'chrome.exe'=1;1;0 'vcpkgsrv.exe'=1;1;0 'vcpkgsrv.exe'=1;1;0 

Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_process
SetPoint.exe=hung|'smss.exe state'=1;0;0 'csrss.exe state'=1;0;0...

Check that specific process are running::

check_process process=explorer.exe process=foo.exe
foo.exe=stopped
Performance data: 'explorer.exe'=1;1;0 'foo.exe'=0;1;0

Check memory footprint from specific processes::

check_process process=explorer.exe "warn=working_set > 70m"
explorer.exe=started
Performance data: 'explorer.exe ws_size'=73M;70;0

Extend the syntax to display the attributes we are interested in::

check_process process=explorer.exe "warn=working_set > 70m" "detail-syntax=${exe} ws:${working_set}, handles: ${handles}, user time:${user}s"
explorer.exe ws:77271040, handles: 800, user time:107s
Performance data: 'explorer.exe ws_size'=73M;70;0

List all processes which use more then 200m virtual memory Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_process --arguments "filter=virtual > 200m"
OK all processes are ok.|'csrss.exe state'=1;0;0 'svchost.exe state'=1;0;0 'AvastSvc.exe state'=1;0;0 ...

Command-line Arguments

Option Default Value Description
filter state != ‘unreadable’ Filter which marks interesting items.
warning state not in (‘started’) Filter which marks items which generates a warning state.
warn Short alias for warning
critical state = ‘stopped’, count = 0 Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state unknown Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${problem_list} Top level syntax.
ok-syntax %(status): all processes are ok. ok syntax.
empty-syntax UNKNOWN: No processes found Empty syntax.
detail-syntax ${exe}=${state} Detail level syntax.
perf-syntax ${exe} Performance alias syntax.
process The service to check, set this to * to check all services
scan-info If all process metrics should be fetched (otherwise only status is fetched)
scan-16bit If 16bit processes should be included
delta Calculate delta over one elapsed second.
scan-unreadable If unreadable processes should be included (will not have information)
total N/A Include the total of all matching files

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

Deafult Value: | state != 'unreadable'

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Deafult Value: | state not in ('started')

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Deafult Value: | state = 'stopped', count = 0

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | unknown

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${problem_list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Deafult Value: | %(status): all processes are ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

Deafult Value: | UNKNOWN: No processes found

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${exe}=${state}

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | ${exe}

delta:

Calculate delta over one elapsed second. This call will measure values and then sleep for 2 second and then measure again calculating deltas.

Filter keywords

Option Description
command_line Command line of process (not always available)
count Number of items matching the filter. Common option for all checks.
creation Creation time
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
error Any error messages associated with fetching info
exe The name of the executable
filename Name of process (with path)
gdi_handles Number of handles
handles Number of handles
hung Process is hung
kernel Kernel time in seconds
legacy_state Get process status (for legacy use via check_nt only)
list A list of all items which matched the filter. Common option for all checks.
new Process is new (can inly be used for real-time filters)
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
page_fault Page fault count
pagefile Peak page file use in bytes
peak_pagefile Page file usage in bytes
peak_virtual Peak virtual size in bytes
peak_working_set Peak working set in bytes
pid Process id
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
started Process is started
state The current state (started, stopped hung)
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
stopped Process is stopped
time User-kernel time in seconds
total Total number of items. Common option for all checks.
user User time in seconds
user_handles Number of handles
virtual Virtual size in bytes
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.
working_set Working set in bytes

check_service

Check the state of one or more of the computer services.

Sample Commands

To edit these sample please edit this page

Default check:

check_service
OK all services are ok.

Excluding services using exclude::

check_service "exclude=clr_optimization_v4.0.30319_32"  "exclude=clr_optimization_v4.0.30319_64"
WARNING: gupdate=stopped (auto), Net Driver HPZ12=stopped (auto), NSClientpp=stopped (auto), nscp=stopped (auto), Pml Driver HPZ12=stopped (auto), SkypeUpdate=stopped (auto), sppsvc=stopped (auto)

Show all service by changing the syntax::

check_service "top-syntax=${list}" "detail-syntax=${name}:${state}"
AdobeActiveFileMonitor10.0:running, AdobeARMservice:running, AdobeFlashPlayerUpdateSvc:stopped, ..., WwanSvc:stopped

Excluding services using the filter::

check_service "filter=start_type = 'auto' and name not in ('Bonjour Service', 'Net Driver HPZ12')"
AdobeActiveFileMonitor10.0: running, AdobeARMservice: running, AMD External Events Utility: running,  ... wuauserv: running

Exclude versus filter::

You can use both exclude and filter to exclude services the befnefit of exclude is that it is faster with the obvious drawback that it only works on the service name. The upside to filters are that they are richer in terms of functionality i.e. substring matching (as below).

Regular check

check_service
L        cli CRITICAL: CRITICAL: nfoo=stopped (auto), nscp=stopped (auto), nscp2=stopped (auto), ...

Excluding nfoo service with exclude:

check_service exclude=nfoo
L        cli CRITICAL: CRITICAL: nscp=stopped (auto), nscp2=stopped (auto), ...

Excluding nscp2 with substring like mathcing filter:

check_service exclude=nfoo "filter=name not like 'nscp'"
L        cli CRITICAL: CRITICAL: ...

Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_service
WARNING: DPS=stopped (auto), MSDTC=stopped (auto), sppsvc=stopped (auto), UALSVC=stopped (auto)

Check that a service is not started::

check_service service=nscp "crit=state = 'started'" warn=none

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning not state_is_perfect() Filter which marks items which generates a warning state.
warn Short alias for warning
critical not state_is_ok() Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state unknown Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${crit_list}, delayed (${warn_list}) Top level syntax.
ok-syntax %(status): All %(count) service(s) are ok. ok syntax.
empty-syntax %(status): No services found Empty syntax.
detail-syntax ${name}=${state} (${start_type}) Detail level syntax.
perf-syntax ${name} Performance alias syntax.
computer The name of the remote computer to check
service The service to check, set this to * to check all services
exclude A list of services to ignore (mainly usefull in combination with service=*)
type service The types of services to enumerate available types are driver, file-system-driver, kernel-driver, service, service-own-process, service-share-process
state all The types of services to enumerate available states are active, inactive or all
only-essential N/A Set filter to classification = ‘essential’
only-ignored N/A Set filter to classification = ‘ignored’
only-role N/A Set filter to classification = ‘role’
only-supporting N/A Set filter to classification = ‘supporting’
only-system N/A Set filter to classification = ‘system’
only-user N/A Set filter to classification = ‘user’

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Deafult Value: | not state_is_perfect()

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Deafult Value: | not state_is_ok()

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | unknown

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${crit_list}, delayed (${warn_list})

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

Deafult Value: | %(status): All %(count) service(s) are ok.

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

Deafult Value: | %(status): No services found

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${name}=${state} (${start_type})

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | ${name}

type:

The types of services to enumerate available types are driver, file-system-driver, kernel-driver, service, service-own-process, service-share-process

Deafult Value: | service

state:

The types of services to enumerate available states are active, inactive or all

Deafult Value: | all

Filter keywords

Option Description
classification Get classification
count Number of items matching the filter. Common option for all checks.
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
delayed If the service is delayed
desc Service description
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
is_trigger If the service is has associated triggers
legacy_state Get legacy state (deprecated and only used by check_nt)
list A list of all items which matched the filter. Common option for all checks.
name Service name
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
pid Process id
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
start_type The configured start type ()
state The current state ()
state_is_ok() Check if the state is ok, i.e. all running services are runningelayed services are allowed to be stopped)
state_is_perfect() Check if the state is ok, i.e. all running services are running
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
total Total number of items. Common option for all checks.
triggers The number of associated triggers for this service
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.

check_uptime

Check time since last server re-boot.

Sample Commands

To edit these sample please edit this page

Default check:

check_uptime
uptime: -9:02, boot: 2013-aug-18 08:29:13
'uptime uptime'=1376814553s;1376760683;1376803883

Adding warning and critical thresholds::

check_uptime "warn=uptime < -2d" "crit=uptime < -1d"
...

Default check via NRPE::

check_nrpe --host 192.168.56.103 --command check_uptime
uptime: -0:3, boot: 2013-sep-08 18:41:06 (UCT)|'uptime'=1378665666;1378579481;1378622681

Command-line Arguments

Option Default Value Description
filter Filter which marks interesting items.
warning uptime < 2d Filter which marks items which generates a warning state.
warn Short alias for warning
critical uptime < 1d Filter which marks items which generates a critical state.
crit Short alias for critical.
ok Filter which marks items which generates an ok state.
debug N/A Show debugging information in the log
show-all N/A Show details for all matches regardless of status (normally details are only showed for warnings and criticals).
empty-state ignored Return status to use when nothing matched filter.
perf-config Performance data generation configuration
escape-html N/A Escape any < and > characters to prevent HTML encoding
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
top-syntax ${status}: ${list} Top level syntax.
ok-syntax ok syntax.
empty-syntax Empty syntax.
detail-syntax uptime: ${uptime}h, boot: ${boot} (UTC) Detail level syntax.
perf-syntax uptime Performance alias syntax.

filter:

Filter which marks interesting items. Interesting items are items which will be included in the check. They do not denote warning or critical state instead it defines which items are relevant and you can remove unwanted items.

warning:

Filter which marks items which generates a warning state. If anything matches this filter the return status will be escalated to warning.

Deafult Value: | uptime < 2d

critical:

Filter which marks items which generates a critical state. If anything matches this filter the return status will be escalated to critical.

Deafult Value: | uptime < 1d

ok:

Filter which marks items which generates an ok state. If anything matches this any previous state for this item will be reset to ok.

empty-state:

Return status to use when nothing matched filter. If no filter is specified this will never happen unless the file is empty.

Deafult Value: | ignored

perf-config:

Performance data generation configuration TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

top-syntax:

Top level syntax. Used to format the message to return can include text as well as special keywords which will include information from the checks. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | ${status}: ${list}

ok-syntax:

ok syntax. DEPRECATED! This is the syntax for when an ok result is returned. This value will not be used if your syntax contains %(list) or %(count).

empty-syntax:

Empty syntax. DEPRECATED! This is the syntax for when nothing matches the filter.

detail-syntax:

Detail level syntax. Used to format each resulting item in the message. %(list) will be replaced with all the items formated by this syntax string in the top-syntax. To add a keyword to the message you can use two syntaxes either ${keyword} or %(keyword) (there is no difference between them apart from ${} can be difficult to excpae on linux).

Deafult Value: | uptime: ${uptime}h, boot: ${boot} (UTC)

perf-syntax:

Performance alias syntax. This is the syntax for the base names of the performance data.

Deafult Value: | uptime

Filter keywords

Option Description
boot System boot time
count Number of items matching the filter. Common option for all checks.
crit_count Number of items matched the critical criteria. Common option for all checks.
crit_list A list of all items which matched the critical criteria. Common option for all checks.
detail_list A special list with critical, then warning and finally ok. Common option for all checks.
list A list of all items which matched the filter. Common option for all checks.
ok_count Number of items matched the ok criteria. Common option for all checks.
ok_list A list of all items which matched the ok criteria. Common option for all checks.
problem_count Number of items matched either warning or critical criteria. Common option for all checks.
problem_list A list of all items which matched either the critical or the warning criteria. Common option for all checks.
status The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks.
total Total number of items. Common option for all checks.
uptime Time since last boot
warn_count Number of items matched the warning criteria. Common option for all checks.
warn_list A list of all items which matched the warning criteria. Common option for all checks.

checkcounter

Legacy version of check_pdh

Command-line Arguments

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
Counter The time to check
ShowAll short Configures display format (if set shows all items not only failures, if set to long shows all cores).
MaxWarn Maximum value before a warning is returned.
MaxCrit Maximum value before a critical is returned.
MinWarn Minimum value before a warning is returned.
MinCrit Minimum value before a critical is returned.

ShowAll:

Configures display format (if set shows all items not only failures, if set to long shows all cores).

Deafult Value: | short

checkcpu

Legacy version of check_cpu

Command-line Arguments

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
time The time to check
ShowAll short Configures display format (if set shows all items not only failures, if set to long shows all cores).
MaxWarn Maximum value before a warning is returned.
MaxCrit Maximum value before a critical is returned.
MinWarn Minimum value before a warning is returned.
MinCrit Minimum value before a critical is returned.
warn Maximum value before a warning is returned.
crit Maximum value before a critical is returned.

ShowAll:

Configures display format (if set shows all items not only failures, if set to long shows all cores).

Deafult Value: | short

checkmem

Legacy version of check_mem

Command-line Arguments

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
type The types to check
ShowAll short Configures display format (if set shows all items not only failures, if set to long shows all cores).
MaxWarn Maximum value before a warning is returned.
MaxCrit Maximum value before a critical is returned.
MinWarn Minimum value before a warning is returned.
MinCrit Minimum value before a critical is returned.
warn Maximum value before a warning is returned.
crit Maximum value before a critical is returned.

ShowAll:

Configures display format (if set shows all items not only failures, if set to long shows all cores).

Deafult Value: | short

checkprocstate

Legacy version of check_process

Command-line Arguments

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
ShowAll short Configures display format (if set shows all items not only failures, if set to long shows all cores).
MaxWarnCount Maximum value before a warning is returned.
MaxCritCount Maximum value before a critical is returned.
MinWarnCount Minimum value before a warning is returned.
MinCritCount Minimum value before a critical is returned.

ShowAll:

Configures display format (if set shows all items not only failures, if set to long shows all cores).

Deafult Value: | short

checkservicestate

Legacy version of check_service

Command-line Arguments

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
CheckAll true Check all services.
exclude Exclude services
ShowAll short Configures display format (if set shows all items not only failures, if set to long shows all cores).

CheckAll:

Check all services.

Deafult Value: | true

ShowAll:

Configures display format (if set shows all items not only failures, if set to long shows all cores).

Deafult Value: | short

checkuptime

Legacy version of check_uptime

Command-line Arguments

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
ShowAll short Configures display format (if set shows all items not only failures, if set to long shows all cores).
MaxWarn Maximum value before a warning is returned.
MaxCrit Maximum value before a critical is returned.
MinWarn Minimum value before a warning is returned.
MinCrit Minimum value before a critical is returned.
warn Maximum value before a warning is returned.
crit Maximum value before a critical is returned.

ShowAll:

Configures display format (if set shows all items not only failures, if set to long shows all cores).

Deafult Value: | short

Configuration

Windows system

Section for system checks and system settings

Key Default Value Description
default buffer length 1h Default buffer time
disable Disable automatic checks
subsystem default PDH subsystem
# Section for system checks and system settings
[/settings/system/windows]
default buffer length=1h
subsystem=default

Default buffer time

Used to define the default size of range buffer checks (ie. CPU).

Key Description
Path: /settings/system/windows
Key: default buffer length
Default value: 1h
Used by: CheckSystem

Sample:

[/settings/system/windows]
# Default buffer time
default buffer length=1h

Disable automatic checks

A comma separated list of checks to disable in the collector: cpu,handles,network,metrics,pdh. Please note disabling these will mean part of NSClient++ will no longer function as expected.

Key Description
Path: /settings/system/windows
Key: disable
Advanced: Yes (means it is not commonly used)
Default value: N/A
Used by: CheckSystem

Sample:

[/settings/system/windows]
# Disable automatic checks
disable=

PDH subsystem

Set which pdh subsystem to use. Currently default and thread-safe are supported where thread-safe is slower but required if you have some problematic counters.

Key Description
Path: /settings/system/windows
Key: subsystem
Advanced: Yes (means it is not commonly used)
Default value: default
Used by: CheckSystem

Sample:

[/settings/system/windows]
# PDH subsystem
subsystem=default

PDH Counters

Add counters to check

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
alias ALIAS
buffer size BUFFER SIZE
collection strategy COLLECTION STRATEGY
counter COUNTER
flags FLAGS
instances Interpret instances
is template false IS TEMPLATE
parent default PARENT
type COUNTER TYPE

Sample:

# An example of a PDH Counters section
[/settings/system/windows/counters/sample]
#alias=...
#buffer size=...
#collection strategy=...
#counter=...
#flags=...
#instances=...
is template=false
parent=default
#type=...

Known instances:

  • disk_queue_length

Legacy generic filters

A set of filters to use in real-time mode

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
check cpu TYPE OF CHECK
command COMMAND NAME
critical CRITICAL FILTER
debug DEBUG
destination DESTINATION
detail syntax SYNTAX
empty message eventlog found no records EMPTY MESSAGE
escape html ESCAPE HTML
filter FILTER
maximum age 5m MAGIMUM AGE
ok OK FILTER
ok syntax SYNTAX
perf config PERF CONFIG
severity SEVERITY
source id SOURCE ID
target DESTINATION
target id TARGET ID
time TIME
times FILES
top syntax SYNTAX
warning WARNING FILTER

Sample:

# An example of a Legacy generic filters section
[/settings/system/windows/real-time/checks/sample]
check=cpu
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
#source id=...
#target=...
#target id=...
#time=...
#times=...
#top syntax=...
#warning=...

Realtime cpu filters

A set of filters to use in real-time mode

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
command COMMAND NAME
critical CRITICAL FILTER
debug DEBUG
destination DESTINATION
detail syntax SYNTAX
empty message eventlog found no records EMPTY MESSAGE
escape html ESCAPE HTML
filter FILTER
maximum age 5m MAGIMUM AGE
ok OK FILTER
ok syntax SYNTAX
perf config PERF CONFIG
severity SEVERITY
source id SOURCE ID
target DESTINATION
target id TARGET ID
time TIME
top syntax SYNTAX
warning WARNING FILTER

Sample:

# An example of a Realtime cpu filters section
[/settings/system/windows/real-time/cpu/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
#source id=...
#target=...
#target id=...
#time=...
#top syntax=...
#warning=...

Realtime memory filters

A set of filters to use in real-time mode

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
command COMMAND NAME
critical CRITICAL FILTER
debug DEBUG
destination DESTINATION
detail syntax SYNTAX
empty message eventlog found no records EMPTY MESSAGE
escape html ESCAPE HTML
filter FILTER
maximum age 5m MAGIMUM AGE
ok OK FILTER
ok syntax SYNTAX
perf config PERF CONFIG
severity SEVERITY
source id SOURCE ID
target DESTINATION
target id TARGET ID
top syntax SYNTAX
type MEMORY TYPE
warning WARNING FILTER

Sample:

# An example of a Realtime memory filters section
[/settings/system/windows/real-time/memory/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#severity=...
#source id=...
#target=...
#target id=...
#top syntax=...
#type=...
#warning=...

Realtime process filters

A set of filters to use in real-time mode

This is a section of objects. This means that you will create objects below this point by adding sections which all look the same.

Keys:

Key Default Value Description
command COMMAND NAME
critical CRITICAL FILTER
debug DEBUG
destination DESTINATION
detail syntax SYNTAX
empty message eventlog found no records EMPTY MESSAGE
escape html ESCAPE HTML
filter FILTER
maximum age 5m MAGIMUM AGE
ok OK FILTER
ok syntax SYNTAX
perf config PERF CONFIG
process PROCESS
severity SEVERITY
source id SOURCE ID
target DESTINATION
target id TARGET ID
top syntax SYNTAX
warning WARNING FILTER

Sample:

# An example of a Realtime process filters section
[/settings/system/windows/real-time/process/sample]
#command=...
#critical=...
#debug=...
#destination=...
#detail syntax=...
empty message=eventlog found no records
#escape html=...
#filter=...
maximum age=5m
#ok=...
#ok syntax=...
#perf config=...
#process=...
#severity=...
#source id=...
#target=...
#target id=...
#top syntax=...
#warning=...