Nxtcfg - Collector configuration tool
Contents |
Nxtcfg - Collector configuration tool
Overview
Nxtcfg is a small console application to read and modify the configuration parameters of the Collector. Ensure that you run Nxtcfg with administrator privileges.
Installation
By default, the Nxtcfg tool is installed along with the Collector when installing the Collector MSI. Once the Collector is installed, the Nxtcfg tool is located under C:\Windows\System32\nxtcfg.exe.
The Collector MSI version used determines the nxtcfg version installed (Windows 32-bit or 64-bit system).
If not required, add the option CFG_INSTALL=0 to the MSI command line, when installing the Collector.
Options
| Option | Description | Example |
| /start | Start the Collector. | nxtcfg.exe /start |
| /stop | Stop the Collector. | nxtcfg.exe /stop |
| /restart | Restart the Collector. | nxtcfg.exe /restart |
| /g | Get the value of a particular configuration parameter from the Collector. | nxtcfg.exe /g ip |
| /s | Set the value of one or more configuration parameters of the Collector. | nxtcfg.exe /s ip=192.168.0.1 udp_port=999 |
| /l | List all the configuration parameters of the Collector with their current values. | nxtcfg.exe /l |
| /d | Dump all the configuration parameters of the Collector and their corresponding values to a file. | nxtcfg.exe /d C:\temp\collector.cfg |
Configuration parameters
The modification of some of the parameters requires to restart the Collector for the change to take effect. Rebooting the device forcefully restarts all Collector components as well. For each parameter, this is specified by the values in the column Restart required of the parameters table:
- No: No reboot or component restart required.
- Yes: Collector restart or device reboot required.
| Parameter | Description | Default value | Range | Restart required |
| ip | IP address or DNS name of either the target Engine or the Assignment Server. | - | - | No |
| udp_port | Port number for UDP communication with either the target Engine or the Assignment Server. | - | [1 - 65535] | No |
| tcp_port | Port number for TCP communication with either the target Engine or the Assignment Server. | - | [1024 - 65535] | Yes |
| tag | Optional number to identify the installation. | 0 | [0 - 2147483647] | No |
| cgpi | CrashGuard Protection Interval Value. It is the time interval since boot (in minutes) after which a dirty reboot does not increase the CrashGuard. | 0 min | - | Yes |
| logmode | Logging mode
| 0 | [0 - 2] | No |
| logsize | Maximum size of log file when logging is enabled. Logs are rotated after the maximum is reached. | 32 MB | [1 - 512] MB | Yes |
| printing | Disable or enable print monitoring function. | disable | [disable - enable] | Yes |
| dsps | Disable (1) or enable (0) SMB print monitoring subfunction (requires printing enabled). | 1 | [0 - 1] | Yes |
| iops | Enable (1) or disable (0) IOPS monitoring functionality. | 0 | [0 - 1] | Yes |
| dwef | When set, the Collector does not report application freezes nor hungs. | 0 | [0 - 1] | Yes |
| mss | Maximum size, in bytes, of the UDP packets sent from the Collector to the Engine. | 1224 B | [1000 - 16384] B | Yes |
| pkg_interval |
Period, in hours, in which the Collector checks for new installed packages and updates and reports them:
| 1 | [0 - 24] | Yes |
| wme | When set, the Collector reports Web and Cloud data. | 1 | [0 - 1] | Yes |
| wm_domains | List of domains for which to report the URL of web requests. | - | Comma separated domain names. | No |
| prefer_ipv6 | When set, the Collector prefers IPv6 to communicate with the Engine when the name of the Engine resolves to both IPv6 and IPv4 addresses. | 0 | [0 - 1] | No |
| custom_shells | When set, enable the Collector to report user logon events and user interactions in virtualized and embedded (kiosk mode) environments. | 0 | [0 - 1] | No |
| execution_policy | The security policy to apply when executing scripts of remote actions. | signed_trusted_or_nexthink |
| No |
| customer_key | The Customer Key of the master Appliance. | - | Path to text file with cryptographic key. | Yes |
| root_ca | The Root Certificate of the master Appliance. | - | Path to text file with root certificate. | Yes |
| assignment_status | The status of the assignment of the Collector to a particular Engine. | disabled |
| No (read‑only) |
Nxtcfg in Remote Actions
Because the Collector communicates with the Engine when running remote actions, it is not recommended to change some of the configuration parameters of the Collector from a remote action. Thus, refrain from modifying any of the following configuration parameters when running nxtcfg.exe within a remote action:
- ip
- tcp_port
- customer_key
- root_ca
For the same reason, do not stop or restart the Collector with nxtcfg.exe in a remote action. Directly stopping or restarting the Collector abruptly ends the communication between the Collector and the Engine, resulting in the Collector losing its state in respect of the remote action. Once the Collector is up again, it starts the execution of the remote action from the beginning, potentially creating an infinite loop.
Instead, if you need to modify some Collector settings from a remote action that require a restart, use the following code in the script of the remote action:
- To stop the Collector:
Stop-Service -Name "Nexthink Service" -Force
Stop-Service -Name "nxtrdrv5" -Force
Stop-Service -Name "nxtrdrv" -Force
- To start the Collector:
Start-Service -Name "nxtrdrv"
Start-Service -Name "nxtrdrv5"
Start-Service -Name "Nexthink Service"
Setting the Customer Key and Root Certificate
The Collector uses the Customer Key and Root Certificate to validate the identity of the slave Appliance (Engine) and securily communicate with it via TLS. If any of these security parameters change in the Appliance (e.g. moving from pre-production to production environment), you must change the configuration in your Collectors accordingly.
The parameters customer_key and root_ca are special in the sense that they do not admit a direct value as argument, but a path to a text file holding the actual value of the Customer Key or the default Root Certificate, respectively. To download the Customer Key and the default Root Certificate from the master Appliance, follow the same method described for installing the Collector:
- Log in to the Web Console of the master Appliance as admin.
- Select the Appliance tab at the top of the Web Console.
- Click Collector security in the left-hand side menu.
- Click the buttons DOWNLOAD CUSTOMER KEY and DOWNLOAD DEFAULT ROOT CERTIFICATE to download, respectively, the text files holding the Customer Key and the default Root Certificate of the Appliance.
- Only use the default Root Certificate of the master Appliance if you did not replace the certificates for the TCP connection of the Engine with the Collector in the slave Appliances.
To set the Customer Key and Root Certificate downloaded from the master Appliance, type in the following (assuming that you placed the downloaded files in the root directory of your C: drive):
nxtcfg.exe /s customer_key="C:\Nexthink-customer-key.txt" root_ca="C:\Nexthink-root-ca.txt"
When listing the customer_key and root_ca parameters with the /l option of Nxtcfg, neither the full Customer Key nor the full Root Certificate are displayed. Instead, only the first few characters of both the configured key and certificate are shown. These characters are usually enough to identify the key or the certificate, while keeping the list of Nxtcfg parameters readable.
If you need help or assistance, please contact your Nexthink Certified Partner.