Nxtcfg - Collector configuration tool

Contents

Nxtcfg - Collector configuration tool

Overview

Nxtcfg is a small console application to read and modify the configuration parameters of the Collector. Ensure that you run Nxtcfg with administrator privileges.

Installation

By default, the Nxtcfg tool is installed along with the Collector when installing the Collector MSI. Once the Collector is installed, the Nxtcfg tool is located under C:\Windows\System32\nxtcfg.exe.

The Collector MSI version used determines the nxtcfg version installed (Windows 32-bit or 64-bit system).

If not required, add the option CFG_INSTALL=0 to the MSI command line, when installing the Collector.

Options

Option Description Example
/start Start the Collector. nxtcfg.exe /start
/stop Stop the Collector. nxtcfg.exe /stop
/restart Restart the Collector. nxtcfg.exe /restart
/g Get the value of a particular configuration parameter from the Collector. nxtcfg.exe /g ip
/s Set the value of one or more configuration parameters of the Collector. nxtcfg.exe /s ip=192.168.0.1 udp_port=999
/l List all the configuration parameters of the Collector with their current values. nxtcfg.exe /l
/d Dump all the configuration parameters of the Collector and their corresponding values to a file. nxtcfg.exe /d C:\temp\collector.cfg

Configuration parameters

The modification of some of the parameters requires to restart the Collector for the change to take effect. Rebooting the device forcefully restarts all Collector components as well. For each parameter, this is specified by the values in the column Restart required of the parameters table:

  • No: No reboot or component restart required.
  • Yes: Collector restart or device reboot required.
Parameter Description Default value Range Restart required
ip IP address or DNS name of either the target Engine or the Assignment Server. - - No
udp_port Port number for UDP communication with either the target Engine or the Assignment Server. - [1 - 65535] No
tcp_port Port number for TCP communication with either the target Engine or the Assignment Server. - [1024 - 65535] Yes
tag Optional number to identify the installation. 0 [0 - 2147483647] No
cgpi CrashGuard Protection Interval Value. It is the time interval since boot (in minutes) after which a dirty reboot does not increase the CrashGuard. 0 min - Yes
logmode Logging mode
  • 0 - Silent
  • 1 - Verbose
  • 2 - Debug (not recommended for production)
0 [0 - 2] No
logsize Maximum size of log file when logging is enabled. Logs are rotated after the maximum is reached. 32 MB [1 - 512] MB Yes
printing Disable or enable print monitoring function. disable [disable - enable] Yes
dsps Disable (1) or enable (0) SMB print monitoring subfunction (requires printing enabled). 1 [0 - 1] Yes
iops Enable (1) or disable (0) IOPS monitoring functionality. 0 [0 - 1] Yes
dwef When set, the Collector does not report application freezes nor hungs. 0 [0 - 1] Yes
mss Maximum size, in bytes, of the UDP packets sent from the Collector to the Engine. 1224 B [1000 - 16384] B Yes
pkg_interval

Period, in hours, in which the Collector checks for new installed packages and updates and reports them:

  • 0 - Never report packages.
  • 1 - Report packages after Collector initializes and then every 1 hour.
  • 2-24 - Report packages 45 minutes after Collector initializes and then every 2 to 24 hours.
1 [0 - 24] Yes
wme When set, the Collector reports Web and Cloud data. 1 [0 - 1] Yes
wm_domains List of domains for which to report the URL of web requests. - Comma separated domain names. No
prefer_ipv6 When set, the Collector prefers IPv6 to communicate with the Engine when the name of the Engine resolves to both IPv6 and IPv4 addresses. 0 [0 - 1] No
custom_shells When set, enable the Collector to report user logon events and user interactions in virtualized and embedded (kiosk mode) environments. 0 [0 - 1] No
execution_policy The security policy to apply when executing scripts of remote actions. signed_trusted_or_nexthink
  • disabled
  • signed_trusted
  • signed_trusted_or_nexthink
  • unrestricted
No
customer_key The Customer Key of the master Appliance. - Path to text file with cryptographic key. Yes
root_ca The Root Certificate of the master Appliance. - Path to text file with root certificate. Yes
assignment_status The status of the assignment of the Collector to a particular Engine. disabled
  • disabled
    The Collector does not use the Assignment Service.
  • standby
    The Collector is waiting the assignment to an Engine.
  • assigned
    The Collector is assigned to an Engine.
No (read‑only)

Nxtcfg in Remote Actions

Because the Collector communicates with the Engine when running remote actions, it is not recommended to change some of the configuration parameters of the Collector from a remote action. Thus, refrain from modifying any of the following configuration parameters when running nxtcfg.exe within a remote action:

  • ip
  • tcp_port
  • customer_key
  • root_ca

For the same reason, do not stop or restart the Collector with nxtcfg.exe in a remote action. Directly stopping or restarting the Collector abruptly ends the communication between the Collector and the Engine, resulting in the Collector losing its state in respect of the remote action. Once the Collector is up again, it starts the execution of the remote action from the beginning, potentially creating an infinite loop.

Instead, if you need to modify some Collector settings from a remote action that require a restart, use the following code in the script of the remote action:

  • To stop the Collector:
Stop-Service -Name "Nexthink Service" -Force
Stop-Service -Name "nxtrdrv5" -Force
Stop-Service -Name "nxtrdrv" -Force


  • To start the Collector:
Start-Service -Name "nxtrdrv"
Start-Service -Name "nxtrdrv5"
Start-Service -Name "Nexthink Service"

Setting the Customer Key and Root Certificate

The Collector uses the Customer Key and Root Certificate to validate the identity of the slave Appliance (Engine) and securily communicate with it via TLS. If any of these security parameters change in the Appliance (e.g. moving from pre-production to production environment), you must change the configuration in your Collectors accordingly.

The parameters customer_key and root_ca are special in the sense that they do not admit a direct value as argument, but a path to a text file holding the actual value of the Customer Key or the default Root Certificate, respectively. To download the Customer Key and the default Root Certificate from the master Appliance, follow the same method described for installing the Collector:

  1. Log in to the Web Console of the master Appliance as admin.
  2. Select the Appliance tab at the top of the Web Console.
  3. Click Collector security in the left-hand side menu.
  4. Click the buttons DOWNLOAD CUSTOMER KEY and DOWNLOAD DEFAULT ROOT CERTIFICATE to download, respectively, the text files holding the Customer Key and the default Root Certificate of the Appliance.
    • Only use the default Root Certificate of the master Appliance if you did not replace the certificates for the TCP connection of the Engine with the Collector in the slave Appliances.

To set the Customer Key and Root Certificate downloaded from the master Appliance, type in the following (assuming that you placed the downloaded files in the root directory of your C: drive): nxtcfg.exe /s customer_key="C:\Nexthink-customer-key.txt" root_ca="C:\Nexthink-root-ca.txt"

When listing the customer_key and root_ca parameters with the /l option of Nxtcfg, neither the full Customer Key nor the full Root Certificate are displayed. Instead, only the first few characters of both the configured key and certificate are shown. These characters are usually enough to identify the key or the certificate, while keeping the list of Nxtcfg parameters readable.

The operations described in this article should only be performed by a Nexthink Engineer or a Nexthink Certified Partner.

If you need help or assistance, please contact your Nexthink Certified Partner.