nagios conference 2011 - michael medin - workshop: scripting on the windows side

Scripting...…on the Windows side

These slides represent the work and opinions of the author and do not constitute official positions of any organization sponsoring the author’s work

This material has not been peer reviewed and is presented here as-is with the permission of the author.

The author assumes no liability for any content or opinion expressed in this presentation and or use of content herein.

Disclaimer!

It is not their fault!

It is not my fault!

It is your fault!

External Scripts Internal Scripts Arguments Scripting: Batch files Wrapped scripts Scripting: VBA Internal Scripts

Agenda

Windows monitoringNSClient++ (from a scripters perspecitve)

External Scripts◦ The normal kind of scripts◦ Can be written in:

Batch VBA/VBScript (pretty popular on Windows) Powershell (a rather strange language)

◦ But also: Perl, python, bash, etc etc…

Internal Scripts◦ Can interact with (other) internal commands◦ Can access settings◦ Can hold state◦ Can be written in:

Lua Python (requires python on the machine)

Two kinds of scripts

1. Enable the check module[/modules]CheckExternalScripts= # Runs the scriptNRPEServer= # NRPE server

2. Each script requires a definition[/settings/External Scripts]check_es_test=scripts\test.bat

3. Options disabled by default (for a reason)allow arguments = falseallow nasty characters = false

Configuring External Scripts

1. Enable the check module[/modules]LUAScript=PythonScript=

2. Each script requires a definition[/settings/LUA/Scripts]<alias>=test.lua[/settings/python/Scripts]<alias>=test.py

3. Scripts requires NRPE/NSCA (or NSCP)[/modules]NRPEServer=

Configuring Internal Scripts

Can be configured in many places◦ Is probably more confusing then it is worth

The server module◦ Means NO commands can have arguments

The script module◦ Means NO external script can have arguments

Allow arguments

NRPE NSClient++

ExternalScripts

script.bat

script.vbs

CheckSystem

CheckCPU

CheckMem

CheckEventLog CheckEventLog

CheckTaskSched CheckTaskSched

Allow arguments

Writing our first Scripts

The first batch script

Output:◦ Use: echo <text>◦ Don’t forget @echo off (or all commands will be echoed)

Exit statuses:◦ Use: exit <code>

0 = OK 1 = Warning 2 = Critical 3 = Unknown

NSC.ini syntax:[/settings/External Scripts/scripts]my_script=scripts\script.bat

Reference:◦ http://www.ss64.com/nt/

Don’t let preconceptions fool you: batch can actually do a lot!

Writing a Script (Batch)

@echo offecho CRITICAL: Everything is not going to be fineexit 2

A basic script (batch)

…\NSClient++\scripts>cmd /c test.batCRITICAL: Everything is not going to be fine

…\NSClient++\scripts>echo %ERRORLEVEL%2

Running from Command Line

D:\demo>nscp --test

NSClient++ 0,4,0,98 2011-09-06 x64 booting...

Boot.ini found in: D:/demo//boot.ini

Boot order: ini://${shared-path}/nsclient.ini, old://${exe-path}/nsc.ini

Activating: ini://${shared-path}/nsclient.ini

Creating instance for: ini://${shared-path}:80/nsclient.ini

Reading INI settings from: D:/demo//nsclient.ini

Loading: D:/demo//nsclient.ini from ini://${shared-path}/nsclient.ini

Booted settings subsystem...

On crash: restart: NSClientpp

Archiving crash dumps in: D:/demo//crash-dumps

booting::loading plugins

Found: CheckExternalScripts as

Processing plugin: CheckExternalScripts.dll as

addPlugin(D:/demo//modules/CheckExternalScripts.dll as )

Loading plugin: Check External Scripts as

NSClient++ - 0,4,0,98 2011-09-06 Started!

Enter command to inject or exit to terminate...

Running from NSClient

Enter command to inject or exit to terminate...

my_scripts

Injecting: my_script...

Arguments:

Result my_script: WARNING

WARNING:Hello World

Running from NSClient

Return Status

Retu

rn

Mes

sage

Command

DemoWriting our first Scripts

Writing our first Scripts

Killing notepad once and or all!

TASKKILL [/S dator [/U användarnamn [/P lösenord]]]] { [/FI filter] [/PID process-ID | /IM avbildning] } [/T][/F]

Beskrivning: Det här verktyget används för att avsluta en eller flera aktiviteter utifrån process-ID (PID) eller avbildningsnamn.

Parameterlista:…

/FI filter Använder ett filter för att välja aktiviteter. Jokertecknet * kan användas, t.ex: imagename eq note*

/PID process-ID Anger process-ID för den process som ska avbrytas. Använd kommandot Tasklist för att hämta process-ID

/IM avbildning Anger avbildning för den process som för den process som ska avslutas. Jokertecknet * användas för att ange alla aktiviteter eller avbildningar.

Killing notepad once and for all!

@echo offtaskkill /im notepad.exe 1>NUL 2>NULIF ERRORLEVEL 128 GOTO errIF ERRORLEVEL 0 GOTO okGOTO unknown :unknownecho UNKNOWN: unknown problem killing notepad...exit /B 3

:errecho CRITICAL: Notepad was not killed...exit /B 1 :okecho OK: Notepad was killed!exit /B 0

KILL!!!

DemoKilling notepad…

Wrapped scriptsInterlude

NSC.ini syntax:◦ [External Scripts]◦ check_bat=scripts\check_test.bat

Or◦ [Wrapped Scripts]◦ check_test=check_test.bat

Adding a Script (.bat)

NSC.ini syntax:◦ [External Scripts]◦ check_test=cscript.exe /T:30 /NoLogo scripts\check_test.vbs

Or◦ [Wrapped Scripts]◦ check_test=check_test.vbs

Adding a Script (.VBS)

NSC.ini syntax:◦ [External Scripts]◦ check_test=cscript.exe /T:30 /NoLogo scripts\lib\wrapper.vbs scripts\

check_test.vbs

Or◦ [Wrapped Scripts]◦ check_test=check_test.vbs

Adding a Script (.VBS) w/ libs

NSC.ini syntax:◦ [External Scripts]◦ check_test=cmd /c echo scripts\check_test.ps1; exit($lastexitcode) | powershell.exe -command -

Or◦ [Wrapped Scripts]◦ check_test=check_test.ps1

Adding a Script (.PS1)

[…/wrappings]bat=scripts\%SCRIPT% %ARGS%vbs=cscript.exe //T:30 //NoLogo scripts\lib\wrapper.vbs %SCRIPT% %ARGS%

ps1=cmd /c echo scripts\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -

[…/wrapped scripts]check_test_vbs=check_test.vbs /arg1:1 /variable:1check_test_ps1=check_test.ps1 arg1 arg2check_test_bat=check_test.bat $ARG1$ arg2check_battery=check_battery.vbscheck_printer=check_printer.vbs

; So essentially it is a macro! (but a nice one)

What is wrapped scripts?

Writing your first Scripts

Writing a simple VB script

Output:◦ Use: Wscript.StdOut.WriteLine <text>

Exit statuses:◦ Use: Wscript.Quit(<code>)

0 = OK 1 = Warning 2 = Critical 3 = Unknown

NSC.ini syntax:[External Scripts]check_vbs=cscript.exe //T:30 //NoLogo scripts\check_vbs.vbs//T:30 Is the timeout and might need to be changed.

Reference:◦ http://msdn.microsoft.com/en-us/library/t0aew7h6(VS.85).aspx

Writing a Script (VBS)

wscript.echo ”Hello World"wscript.quit(0)

Hello_World.vbs

Set <variable name>=CreateObject(“<COM Object>") There is A LOT of objects you can create A nice way to interact with other applications

For instance:◦ Set objWord = CreateObject("Word.Application")

◦ objWord.Visible = True◦ Set objDoc = objWord.Documents.Add()◦ Set objSelection = objWord.Selection

◦ objSelection.Font.Name = “Comic Sans MS"◦ objSelection.Font.Size = “28"◦ objSelection.TypeText “Hello World"◦ objSelection.TypeParagraph()

◦ objSelection.Font.Size = "14"◦ objSelection.TypeText "" & Date()◦ objSelection.TypeParagraph()

Object oriented programming (ish)

Demo:Words…

strFile=”c:\windows”Dim oFSOSet oFSO=CreateObject("Scripting.FileSystemObject")If oFSO.FileExists(strFile) Thenwscript.echo ”Yaay!"wscript.quit(0)

elsewscript.echo “Whhh… what the f***!"wscript.quit(2)

end if

Are we running windows?

Demo:Are we running Windows?

Using the libraryDissecting a VBScript

Can be used to extend NSClient++ Are very powerful A good way to:

◦ Alter things you do not like◦ Create advanced things

Are written in Lua or Python Possibly unsafe

◦ Runs inside NSClient++

Internal Scripts

Internal scripts are fundamentally different One script is NOT equals to one function

◦ A script (at startup) can: Register query (commands) handlers Register submission (passive checks) handlers Register exec handlers Register configuration Access configuration

◦ Handlers can: Execute queries (commands) Submit submissions (passive checks) Etc etc…

Anatomy of an internal script

def init(plugin_id, plugin_alias, script_alias):conf = Settings.get()reg = Registry.get(plugin_id)

reg.simple_cmdline('help', get_help)reg.simple_function(‘command', cmd, ‘A command…')

conf.set_int('hello', 'python', 42)log(Answer: %d'%conf.get_int('hello','python',-1))

def shutdown():log(“Shutting down…”)

A basic script

def get_help(arguments):return (status.OK, ‘Im not helpful ')

def test(arguments):core = Core.get()count = len(arguments)

(retcode, retmessage, retperf) =core.simple_query(‘CHECK_NSCP’, [])

return (status.OK, ‘Life is good… %d'%count)

A basic script

Questions?

Q&A

Michael Medinmichael@medin.name

http://www.linkedin.com/in/mickem

Information about NSClient++http://nsclient.org

Facebook: facebook.com/nsclient

Slides, and exampleshttp://nsclient.org/nscp/conferances/2011/nwcna/

Thank You!