NSCAServer
A server that listens for incoming NSCA connection and processes incoming requests.

NSCAServer — NSCAServer

A server that listens for incoming NSCA connection and processes incoming requests.

Commands (Overview):

TODO: Add a list of all external commands (this is not check commands)

Configuration (Overview):

Common Keys:

Path / Section Key Description
/settings/default allowed hosts ALLOWED HOSTS
/settings/default bind to BIND TO ADDRESS
/settings/default cache allowed hosts CACHE ALLOWED HOSTS
/settings/default inbox INBOX
/settings/default password PASSWORD
/settings/default timeout TIMEOUT
/settings/NSCA/server encryption ENCRYPTION
/settings/NSCA/server payload length PAYLOAD LENGTH
/settings/NSCA/server performance data PERFORMANCE DATA
/settings/NSCA/server port PORT NUMBER
/settings/NSCA/server use ssl ENABLE SSL ENCRYPTION

Advanced keys:

Path / Section Key Default Value Description
/settings/default encoding NRPE PAYLOAD ENCODING  
/settings/default socket queue size LISTEN QUEUE  
/settings/default thread pool THREAD POOL  
/settings/NSCA/server allowed ciphers ALLOWED CIPHERS  
/settings/NSCA/server allowed hosts ALLOWED HOSTS  
/settings/NSCA/server bind to BIND TO ADDRESS  
/settings/NSCA/server ca CA  
/settings/NSCA/server cache allowed hosts CACHE ALLOWED HOSTS  
/settings/NSCA/server certificate SSL CERTIFICATE  
/settings/NSCA/server certificate format CERTIFICATE FORMAT  
/settings/NSCA/server certificate key SSL CERTIFICATE  
/settings/NSCA/server dh DH KEY  
/settings/NSCA/server inbox INBOX  
/settings/NSCA/server password PASSWORD  
/settings/NSCA/server socket queue size LISTEN QUEUE  
/settings/NSCA/server ssl options VERIFY MODE  
/settings/NSCA/server thread pool THREAD POOL  
/settings/NSCA/server timeout TIMEOUT  
/settings/NSCA/server verify mode VERIFY MODE  

… default

/settings/default (NSCAServer)
Key Default Value Description
allowed hosts 127.0.0.1 ALLOWED HOSTS
bind to   BIND TO ADDRESS
cache allowed hosts 1 CACHE ALLOWED HOSTS
encoding   NRPE PAYLOAD ENCODING
inbox inbox INBOX
password   PASSWORD
socket queue size 0 LISTEN QUEUE
thread pool 10 THREAD POOL
timeout 30 TIMEOUT

Sample:

#
#
[/settings/default]
allowed hosts=127.0.0.1
bind to=
cache allowed hosts=1
encoding=
inbox=inbox
password=
socket queue size=0
thread pool=10
timeout=30
allowed hosts (NSCAServer, /settings/default)

ALLOWED HOSTS

A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.

Path: /settings/default

Key: allowed hosts

Default value: 127.0.0.1

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# ALLOWED HOSTS
allowed hosts=127.0.0.1
bind to (NSCAServer, /settings/default)

BIND TO ADDRESS

Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.

Path: /settings/default

Key: bind to

Default value:

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# BIND TO ADDRESS
bind to=
cache allowed hosts (NSCAServer, /settings/default)

CACHE ALLOWED HOSTS

If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server.

Path: /settings/default

Key: cache allowed hosts

Default value: 1

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# CACHE ALLOWED HOSTS
cache allowed hosts=1
encoding (NSCAServer, /settings/default)

NRPE PAYLOAD ENCODING

Advanced (means it is not commonly used)

Path: /settings/default

Key: encoding

Default value:

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# NRPE PAYLOAD ENCODING
encoding=
inbox (NSCAServer, /settings/default)

INBOX

The default channel to post incoming messages on

Path: /settings/default

Key: inbox

Default value: inbox

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# INBOX
inbox=inbox
password (NSCAServer, /settings/default)

PASSWORD

Password used to authenticate against server

Path: /settings/default

Key: password

Default value:

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# PASSWORD
password=
socket queue size (NSCAServer, /settings/default)

LISTEN QUEUE

Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts.

Advanced (means it is not commonly used)

Path: /settings/default

Key: socket queue size

Default value: 0

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# LISTEN QUEUE
socket queue size=0
thread pool (NSCAServer, /settings/default)

THREAD POOL

Advanced (means it is not commonly used)

Path: /settings/default

Key: thread pool

Default value: 10

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# THREAD POOL
thread pool=10
timeout (NSCAServer, /settings/default)

TIMEOUT

Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.

Path: /settings/default

Key: timeout

Default value: 30

Used by: CheckMKServer, NRPEServer, NSCAServer, NSClientServer, WEBServer

Sample:

[/settings/default]
# TIMEOUT
timeout=30

… NSCA / server

/settings/NSCA/server (NSCAServer)

NSCA SERVER SECTION

Section for NSCA (NSCAServer) (check_nsca) protocol options.
Key Default Value Description
allowed ciphers ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH ALLOWED CIPHERS
allowed hosts 127.0.0.1 ALLOWED HOSTS
bind to   BIND TO ADDRESS
ca ${certificate-path}/ca.pem CA
cache allowed hosts 1 CACHE ALLOWED HOSTS
certificate ${certificate-path}/certificate.pem SSL CERTIFICATE
certificate format PEM CERTIFICATE FORMAT
certificate key   SSL CERTIFICATE
dh ${certificate-path}/nrpe_dh_512.pem DH KEY
encryption aes ENCRYPTION
inbox inbox INBOX
password   PASSWORD
payload length 512 PAYLOAD LENGTH
performance data 1 PERFORMANCE DATA
port 5667 PORT NUMBER
socket queue size 0 LISTEN QUEUE
ssl options   VERIFY MODE
thread pool 10 THREAD POOL
timeout 30 TIMEOUT
use ssl 0 ENABLE SSL ENCRYPTION
verify mode none VERIFY MODE

Sample:

# NSCA SERVER SECTION
# Section for NSCA (NSCAServer) (check_nsca) protocol options.
[/settings/NSCA/server]
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed hosts=127.0.0.1
bind to=
ca=${certificate-path}/ca.pem
cache allowed hosts=1
certificate=${certificate-path}/certificate.pem
certificate format=PEM
certificate key=
dh=${certificate-path}/nrpe_dh_512.pem
encryption=aes
inbox=inbox
password=
payload length=512
performance data=1
port=5667
socket queue size=0
ssl options=
thread pool=10
timeout=30
use ssl=0
verify mode=none
allowed ciphers (NSCAServer, /settings/NSCA/server)

ALLOWED CIPHERS

The chipers which are allowed to be used.
The default here will differ is used in “insecure” mode or not. check_nrpe uses a very old chipers and should preferably not be used. For details of chipers please see the OPEN ssl documentation: https://www.openssl.org/docs/apps/ciphers.html

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: allowed ciphers

Default value: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# ALLOWED CIPHERS
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed hosts (NSCAServer, /settings/NSCA/server)

ALLOWED HOSTS

A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: allowed hosts

Default value: 127.0.0.1

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# ALLOWED HOSTS
allowed hosts=127.0.0.1
bind to (NSCAServer, /settings/NSCA/server)

BIND TO ADDRESS

Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: bind to

Default value:

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# BIND TO ADDRESS
bind to=
ca (NSCAServer, /settings/NSCA/server)

CA

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: ca

Default value: ${certificate-path}/ca.pem

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# CA
ca=${certificate-path}/ca.pem
cache allowed hosts (NSCAServer, /settings/NSCA/server)

CACHE ALLOWED HOSTS

If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: cache allowed hosts

Default value: 1

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# CACHE ALLOWED HOSTS
cache allowed hosts=1
certificate (NSCAServer, /settings/NSCA/server)

SSL CERTIFICATE

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: certificate

Default value: ${certificate-path}/certificate.pem

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# SSL CERTIFICATE
certificate=${certificate-path}/certificate.pem
certificate format (NSCAServer, /settings/NSCA/server)

CERTIFICATE FORMAT

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: certificate format

Default value: PEM

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# CERTIFICATE FORMAT
certificate format=PEM
certificate key (NSCAServer, /settings/NSCA/server)

SSL CERTIFICATE

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: certificate key

Default value:

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# SSL CERTIFICATE
certificate key=
dh (NSCAServer, /settings/NSCA/server)

DH KEY

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: dh

Default value: ${certificate-path}/nrpe_dh_512.pem

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# DH KEY
dh=${certificate-path}/nrpe_dh_512.pem
encryption (NSCAServer, /settings/NSCA/server)

ENCRYPTION

Name of encryption algorithm to use.
Has to be the same as your agent i using or it wont work at all.This is also independent of SSL and generally used instead of SSL.
Available encryption algorithms are:
none = No Encryption (not safe)
xor = XOR
des = DES
3des = DES-EDE3
cast128 = CAST-128
xtea = XTEA
blowfish = Blowfish
twofish = Twofish
rc2 = RC2
aes128 = AES
aes192 = AES
aes = AES
serpent = Serpent
gost = GOST

Path: /settings/NSCA/server

Key: encryption

Default value: aes

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# ENCRYPTION
encryption=aes
inbox (NSCAServer, /settings/NSCA/server)

INBOX

The default channel to post incoming messages on parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: inbox

Default value: inbox

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# INBOX
inbox=inbox
password (NSCAServer, /settings/NSCA/server)

PASSWORD

Password used to authenticate against server parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: password

Default value:

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# PASSWORD
password=
payload length (NSCAServer, /settings/NSCA/server)

PAYLOAD LENGTH

Length of payload to/from the NSCA agent. This is a hard specific value so you have to “configure” (read recompile) your NSCA agent to use the same value for it to work.

Path: /settings/NSCA/server

Key: payload length

Default value: 512

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# PAYLOAD LENGTH
payload length=512
performance data (NSCAServer, /settings/NSCA/server)

PERFORMANCE DATA

Send performance data back to nagios (set this to false to remove all performance data).

Path: /settings/NSCA/server

Key: performance data

Default value: 1

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# PERFORMANCE DATA
performance data=1
port (NSCAServer, /settings/NSCA/server)

PORT NUMBER

Port to use for NSCA.

Path: /settings/NSCA/server

Key: port

Default value: 5667

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# PORT NUMBER
port=5667
socket queue size (NSCAServer, /settings/NSCA/server)

LISTEN QUEUE

Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: socket queue size

Default value: 0

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# LISTEN QUEUE
socket queue size=0
ssl options (NSCAServer, /settings/NSCA/server)

VERIFY MODE

Comma separated list of verification flags to set on the SSL socket.
default-workarounds Various workarounds for what I understand to be broken ssl implementations
no-sslv2 Do not use the SSLv2 protocol.
no-sslv3 Do not use the SSLv3 protocol.
no-tlsv1 Do not use the TLSv1 protocol.
single-dh-use Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using “strong” primes (e.g. when using DSA-parameters).

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: ssl options

Default value:

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# VERIFY MODE
ssl options=
thread pool (NSCAServer, /settings/NSCA/server)

THREAD POOL

parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: thread pool

Default value: 10

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# THREAD POOL
thread pool=10
timeout (NSCAServer, /settings/NSCA/server)

TIMEOUT

Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. parent for this key is found under: /settings/default this is marked as advanced in favor of the parent.

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: timeout

Default value: 30

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# TIMEOUT
timeout=30
use ssl (NSCAServer, /settings/NSCA/server)

ENABLE SSL ENCRYPTION

This option controls if SSL should be enabled.

Path: /settings/NSCA/server

Key: use ssl

Default value: 0

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# ENABLE SSL ENCRYPTION
use ssl=0
verify mode (NSCAServer, /settings/NSCA/server)

VERIFY MODE

Comma separated list of verification flags to set on the SSL socket.
none The server will not send a client certificate request to the client, so the client will not send a certificate.
peer The server sends a client certificate request to the client and the certificate returned (if any) is checked.
fail-if-no-cert if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer.
peer-cert Alias for peer and fail-if-no-cert.
workarounds Various bug workarounds.
single Always create a new key when using tmp_dh parameters.
client-once Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer

Advanced (means it is not commonly used)

Path: /settings/NSCA/server

Key: verify mode

Default value: none

Used by: NSCAServer

Sample:

[/settings/NSCA/server]
# VERIFY MODE
verify mode=none
comments powered by Disqus