What's Changed

NSClient++ 0.11.33 Release Notes

Changes since 0.11.32 (commit 06be00cc).

This release is focused on two user-facing areas:

1. HTTP proxy support for every HTTP-based client (NRDPClient, ElasticClient, Op5Client, the configuration
   loader, ...).
2. CheckDisk improvements — a new check_single_file command plus five long-standing check_files bug fixes.

HTTP proxy support

NSClient++ can now route HTTP and HTTPS traffic through a corporate proxy. The same configuration surface is used by
every component that builds on the internal http::simple_client (NRDPClient, ElasticClient, Op5Client, the remote
boot.ini loader, ...).

For HTTPS targets the client opens a CONNECT tunnel to the proxy, validates the proxy's response, and only then performs
the TLS handshake — so a single setting covers both http:// and https:// URLs.

Per-target proxy on submit (NRDP, Elastic, Op5)

Two new options are accepted on every HTTP client command and target:

Example — submit an NRDP check through a corporate proxy, but never proxy intranet hosts:

nscp client --module NRDPClient --query submit_nrdp \
    --host nagios.example.com --token mytoken \
    --proxy http://alice:s%40cret@proxy.corp.example:3128/ \
    --no-proxy localhost,127.0.0.1,.internal \
    --command check_disk --result OK --message "All disks healthy"

The same keys are accepted in nsclient.ini target definitions:

[/settings/NRDP/client/targets/nagios]
address = https://nagios.example.com/nrdp/
token = mytoken
proxy = http://proxy.corp.example:3128/
no proxy = localhost,127.0.0.1,.internal

Notes:

• If the proxy needs authentication, embed credentials in the URL — they are sent as Proxy-Authorization: Basic. Both
  @ and : inside the username/password must be percent-encoded (alice:s%40cret decodes to alice:s@cret).
• Bypass matching is case-insensitive. .internal matches both foo.internal and internal.
• On a 407 Proxy Authentication Required the proxy's response body is now captured in the error message, so
  misconfigured credentials produce an actionable error instead of an opaque "connect failed".

Proxy for the configuration loader

If boot.ini itself lives behind a proxy, configure it in boot.ini:

[proxy]
url = http://proxy.corp.example:3128/
no_proxy = localhost,127.0.0.1,.internal

The proxy is applied to the initial configuration download, every refresh, and any attachments declared in the remote
configuration. HTTPS targets are tunnelled via CONNECT, so the same setting covers http:// and https:// settings
URLs.

Failed downloads still fall back to the cached copy of the configuration if one is present, so a transient proxy
outage will not stop NSClient++ from starting — but the very first run on a fresh machine needs the proxy to be
reachable.

What is not included

• Only the http:// proxy scheme is supported. socks5:// / https:// proxies are not.
• No automatic detection of system proxy settings (HTTP_PROXY env vars, WinINET / WPAD). The proxy must be configured
  explicitly.

CheckDisk: new command check_single_file

check_single_file is a focused variant of check_files for inspecting a single, known path. Compared to using
check_files for the same job it has:

• Only one required argument (file=<path>) — no path + pattern, no max-depth, no total.
• A clear error when the input is empty (No file specified (use file=<path>)).
• UNKNOWN: File not found: <path> when the file is missing — instead of the empty-set / "No files found" workflow that
  surprised users in #613.
• A useful default detail-syntax (%(filename) (size=%(size), age=%(age))) so a no-threshold run is informative on
  its own.

All existing filter keywords (size, age, written, version, line_count, type, ...) work, because the
implementation reuses the existing check_files filter machinery.

Examples

Confirm a file exists:

check_single_file file=C:/Windows/System32/notepad.exe
OK: notepad.exe (size=201728, age=12345)

Warn when a file becomes stale:

check_single_file file=C:/windows/WindowsUpdate.log "warn=age > 5m" "crit=age > 1h"
CRITICAL: WindowsUpdate.log (size=276, age=917)

Pin a specific binary version:

check_single_file file="C:/Windows/System32/notepad.exe" \
    "crit=version != '1.2.3.4'" \
    "detail-syntax=%(filename): %(version)"
CRITICAL: notepad.exe: 6.2.26100.8115

CheckDisk: check_files bug fixes

#730 — max-depth=0 is now "top directory only"

Previously max-depth=0 caused check_files to bail out before scanning anything, returning no files found for users
who simply asked for a non-recursive scan. It is now equivalent to max-depth=1 (scan the top directory, do not
recurse). max-depth=N for N >= 1 is unchanged, so this is not a breaking change for existing configurations.

check_files path=C:/logs pattern=*.log max-depth=0

#598 — Non-ASCII paths now work

Beware that this is still tricky to get right if you are checking from linux via for instance NRPE.

Recursive scanning previously called GetFileAttributes through boost::filesystem's system codepage conversion while
every other Win32 call in the same scan went through UTF-8 conversion. Paths containing accented letters, CJK
characters, etc. were silently mangled and reported as File was NOT found even when they existed. They now work
consistently.

#613 — Missing paths surface as UNKNOWN

If the path passed to check_files could not be opened (typo, deleted directory, permission denied) the failure was
previously hidden behind the configured empty-state — typically OK or a generic No files found. Operators monitoring
file/folder counts therefore got a green status for misconfigured paths.

Top-level paths that cannot be opened now produce an explicit UNKNOWN: Path was not found: <path>, so the failure is
visible in the monitoring system.

#605 — Reparse points are skipped during recursion

NTFS junctions, symlinks and mount points all look like directories, so a tree containing a junction back into itself
was walked twice and files were counted twice. check_files now skips entries whose attributes contain
FILE_ATTRIBUTE_REPARSE_POINT when recursing — the same default as Windows tools like robocopy /XJ. Files matched in
the top-level pass are unaffected.

#717 — Legacy CheckFiles defaults empty-state=ok

The legacy CheckFiles shim translates old-style arguments (path, pattern, MaxWarn, MaxCrit, …) into modern
check_files arguments. Modern check_files defaults empty-state to unknown, which meant a legacy command that
found zero files came back as UNKNOWN even though the original 0.4-era behaviour was to return OK. The shim now sets
empty-state=ok when translating, restoring the legacy semantics.

Other changes

• Numerous small clean-ups across CheckSystem, CheckSystemUnix, CheckNet, NRDPClient, Op5Client, ElasticClient and the
  WEB server — internal only, no behaviour change.
• New unit test infrastructure for the settings layer (settings_dummy_test, settings_http_test, settings_ini_test,
  settings_interface_impl_test) and 100+ new tests around the HTTP client / proxy code paths.
• Linux build is back to green after the proxy work.

Upgrade notes

• No configuration migration is required. All new keys (proxy, no-proxy, the [proxy] boot.ini section) are opt-in.
• The check_files fixes change observable behaviour in a few corner cases:
  • max-depth=0 now scans the top directory instead of returning empty (#730).
  • Missing paths now return UNKNOWN instead of OK/empty (#613).
  • Junction loops are no longer double-counted (#605).
  • Legacy CheckFiles calls that previously returned UNKNOWN on empty results will now return OK (#717).
    If any existing alerting was relying on the old behaviour of these specific corner cases, review it before
    upgrading.

Full Changelog: 0.11.32...0.11.33

What's Changed

This release is focused on three things:

1. More built-in checks – a real check_net family, a real
   Windows registry checker, and real-time metrics on Linux.
2. A much nicer Web UI – modern theme, filtering, settings diff
   dialog and a proper dashboard.
3. A large documentation overhaul – restructured manual, every
   command has a samples page, and the HTTP client used by the
   Op5/Elastic clients has been modernized.

✨ New features

CheckSystem (Windows) – registry checks

Two new commands let you monitor the Windows registry directly from
NSClient++ instead of relying on external scripts. They support
recursion, exclude lists, 32/64-bit (WoW64) views, custom filters and
the usual warn=/crit= expression syntax.

• check_registry_key – verify that a key exists, count
  sub-keys/values, watch its last-write time.
• check_registry_value – read a single value (or enumerate all
  values under a key), assert its type, size or content.

Examples:

# Just verify a key exists (default crit = "not exists")
check_registry_key "key=HKLM\Software\Microsoft\Windows NT\CurrentVersion"
OK: All 1 registry key(s) are ok.

# Watchdog: alert when the key has not been written for over 30 days
check_registry_key "key=HKLM\Software\NSClient" \
    "warn=age > 7d" "crit=age > 30d or not exists"

# Recursive enumeration of every immediate sub-key, with exclusions
check_registry_key "key=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" \
    recursive max-depth=1 exclude=KB5005463 exclude=KB5005539

# Type assertion on a single value
check_registry_value "key=HKLM\Software\NSClient" value=InstallVersion \
    "crit=type != 'REG_SZ' or not exists"

# Numeric DWORD comparison
check_registry_value "key=HKLM\System\CurrentControlSet\Services\W32Time\Config" \
    value=MaxPollInterval "warn=int_value > 14" "crit=int_value > 17"

# Force the 32-bit (WoW64) view
check_registry_key "key=HKLM\Software\NSClient" view=32

CheckNet – five new (cross-platform) checks

CheckNet has graduated from a placeholder into a full network-check
module. Five new commands have been added, all using the new internal
http::simple_client and all unit-tested:

• check_tcp – open a TCP socket to one or more host/port pairs,
  optionally send a payload and require an expected substring.
• check_dns – resolve a hostname and optionally assert which
  addresses come back.
• check_http – fetch one or more URLs, check status code,
  response time and body content; supports custom headers and
  user-agent.
• check_ntp_offset – query one or more NTP servers and alert on
  offset / stratum.
• check_connections – Windows-side TCP/UDP connection table
  inspection (counts per protocol/family/state).

Examples:

# Single host TCP probe
check_tcp host=127.0.0.1 port=8443

# Multiple hosts in one call
check_tcp host=www.google.com host=www.ibm.com port=443 timeout=2000

# SMTP banner check (send + expect)
check_tcp host=smtp.gmail.com port=25 send="EHLO nsclient.org" expect="250"

# DNS resolution with expected address
check_dns host=google.com expected-address=172.217.20.174

# HTTP with body match and tighter latency thresholds
check_http url=https://nsclient.org/ expected-body="NSClient" \
    "warn=time > 500 or code >= 400" \
    "crit=time > 2000 or code >= 500 or result != 'ok'"

# NTP offset against multiple servers
check_ntp_offset "servers=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org" timeout=2000

# Alert on too many sockets stuck in TIME_WAIT
check_connections "filter=protocol = 'tcp' and state = 'TIME_WAIT'" \
    "warn=count > 200" "crit=count > 1000"

All five also work over NRPE, e.g.:

check_nscp_client --host 192.168.56.103 --command check_http \
    --argument "url=https://nsclient.org/"

CheckSystem (Linux) – real-time metrics

The Linux build of CheckSystem now ships with the same real-time
metric collection that has been available on Windows for a long time:
CPU, memory, disk, network and load are sampled in the background and
exposed both to dashboards/metrics and to real-time filters
(filter=... rules that fire when a threshold is crossed).

No new commands are exposed by name – existing real-time filter
configuration just works on Linux now.

Web UI – refresh

The bundled web interface has been heavily reworked:

• Modern theme with active-navigation highlighting and a redesigned
  login page.
• Filterable lists for Modules, Queries and Settings.
• Settings diff dialog – the "settings changed" widget can now show exactly which keys changed.

🐛 Fixes / smaller improvements

• Op5Client: fixed a 401 path and several reponse → response
  typos.
• Unified the various http clients meaning Op5Client and ElasticClient should now work better.

📚 Documentation

The documentation has had its biggest pass in years:

• Restructured manual – concepts/, checks-in-depth/,
  scenarios/, tutorial/ and reference/ are now clearly
  separated; mkdocs navigation rebuilt accordingly.
• New scenario guides: disk space, event log, external scripts,
  network checks, passive monitoring, service monitoring, Windows
  server health.
• New "checks in depth" pages: filters, performance data, syntax,
  thresholds.
• Rewritten REST API reference (info, login, modules,
  queries).
• **Many commands now has samples with copy-pasteable
  examples and expected output, including all new commands listed
  above.

⚠️ Upgrade notes

• The documentation tree was reorganized; bookmarks/links might not be valid.

Full Changelog: 0.11.31...0.11.32

What's Changed

New Check: check_os_updates

Added check_os_updates command to CheckSystem (Windows) utilizing WUA and CheckSystemUnix to monitor pending operating system updates.

check_os_updates

If there are any pending updates, this will return a warning state by default (because the default warning filter is count > 0).

Checking for critical updates

Often, you only want to be alerted if there are security or critical updates missing. You can configure this using the warning and critical filters:

check_os_updates "warning=important > 0" "critical=security > 0 or critical > 0"

Improvements

• CheckDisk Resilience: Improved check_drivesize resilience. An error on a single unavailable volume will no longer abort the entire check, allowing other volumes to still be checked successfully.
• CPU Monitoring Documentation: Updated documentation and added detailed documentation for check_cpu time.
• TLS Support: Fixed issues related to TLS support.
• Security Enhancements: Addressed multiple security issues including better randomness for encryption, fixing race conditions, adding boundary checks for various network payloads and reading certificates.
• NRDP Integration: Added NRDP integration tests and a shorthand nrdp client alias for easier configuration.
• Gracefully handled non-numeric NSClient command codes.

Full Changelog: 0.11.30...0.11.31

What's Changed

CheckEventLog

• New opcode filter keyword. You can now filter Windows event log
  entries on the event opcode, in addition to the existing fields
  (e.g. filter=opcode = 'Info').
• Filter expressions: regex and in operators now work with numbers.
  Numeric fields such as id, level, task, etc. can now be matched
  using regular expressions and the in (...) operator, not just string
  fields.
• Fixed scan-range. The scan-range option in
  check_eventlog now correctly limits the scanned time window again.
• Fixed event ID matching issue. Event IDs are now interpreted and
  compared correctly in filter expressions; previous releases could
  mismatch certain IDs.
• Eventlog integration tests are run again as part of the acceptance test suite.

Linux / ARM packages

• New ARM64 (aarch64) builds and release artifacts are now produced
  for Linux:
  • Ubuntu 24.04: NSCP-<ver>-ubuntu-24.04-arm64.deb and
    check_nsclient-<ver>-ubuntu-24.04-arm64
  • Rocky Linux 9 and 10: NSCP-<ver>-rocky-9-aarch64.rpm,
    NSCP-<ver>-rocky-10-aarch64.rpm and matching check_nsclient
    binaries.

Full Changelog: 0.11.29...0.11.30

What's Changed

New checks:

This release adds three new checks.

check_battery

Monitor battery status on Windows laptops and mobile devices. This command provides comprehensive battery health and status information using both the Windows Power API and WMI.

• Charge Level Monitoring: Track battery charge percentage with warning/critical thresholds
• Power Source Detection: Determine if system is running on AC or battery power
• Battery Health: Calculate battery health as a percentage of design capacity
• Status Tracking: Monitor charging, discharging, critical, low, and high states
• Time Remaining: Estimate remaining battery life when on battery power
• Detailed Metrics: Access charge/discharge rates and capacity information via WMI

Basic battery check with default thresholds (warn < 20%, crit < 10%):

check_battery
OK: system: 85% (ac, charging)

Check if battery charge is above 50%:

check_battery "warn=charge < 50" "crit=charge < 25"
OK: system: 85% (ac, charging)

Alert if running on battery power:

check_battery "warn=power_source = 'battery'"
WARNING: system: 72% (battery, discharging)

Show detailed battery information:

check_battery "detail-syntax=${name}: ${charge}% (${power_source}, ${status}, health: ${health}%, time: ${time_remaining}s)"
OK: system: 85% (ac, charging, health: 95%, time: -1s)

check_process_history

Track all processes that have been seen running since NSClient++ started. This command maintains a history of process executions, allowing you to verify that certain processes have (or haven't) run.

• Process Tracking: Records every unique process seen since service start
• Execution Counting: Tracks how many times each process has started
• Timestamp Recording: Records first and last seen timestamps
• Current State: Shows whether each process is currently running
• Selective Filtering: Check specific processes by name

Use Cases

• Compliance Monitoring: Verify that backup software, antivirus scanners, or other required applications have run
• Security Auditing: Detect if unauthorized applications have been executed
• SLA Verification: Confirm that scheduled maintenance tasks have executed

As checking processes is expensive it is disabled by default.
You need to enable it by setting:

[/settings/system/windows] 
process history=true

List all processes in history:
Check if a specific backup application has run:

check_process_history --process backup.exe "warn=times_seen = 0" "crit=times_seen = 0"
CRITICAL: backup.exe (false) - never seen running

Check if a process is currently running:

check_process_history --process important-service.exe "crit=running = 'false'"
CRITICAL: important-service.exe (false) - not currently running

Alert if a forbidden application has ever run:

check_process_history --process forbidden-game.exe "warn=times_seen > 0"
WARNING: forbidden-game.exe (seen 3 times, not running)

Show detailed history for a process:

check_process_history --process notepad.exe "detail-syntax=${exe}: first=${first_seen}, last=${last_seen}, count=${times_seen}, running=${running}"
OK: notepad.exe: first=2026-04-06 08:15:32, last=2026-04-06 14:22:45, count=5, running=false

check_process_history_new

Detect processes that have been started recently within a configurable time window. This is useful for security monitoring to detect unexpected process launches.

• Time-Based Detection: Find processes first seen within a configurable window
• Flexible Time Windows: Support for seconds (s), minutes (m), hours (h)
• Security Focused: Ideal for detecting new/unexpected process launches

Use Cases

• Security Monitoring: Detect newly launched processes that might indicate compromise
• Change Detection: Monitor for new software installations or unauthorized programs
• Incident Response: Identify what processes started around the time of an incident

As checking processes is expensive it is disabled by default.
You need to enable it by setting:

[/settings/system/windows] 
process history=true

Check for any new processes in the last 5 minutes (default):

check_process_history_new
OK: No new processes found.

Check for new processes in the last hour:

check_process_history_new --time 1h
WARNING: suspicious.exe (first seen: 2026-04-06 14:15:32)

Check for new processes with detailed output:

check_process_history_new --time 30m "detail-syntax=${exe} started at ${first_seen} (running: ${running})"
OK: updater.exe started at 2026-04-06 14:10:00 (running: false)

Beware that depending on if you are looking for wanted or unwanted processes you likely want to change empty-state to ok, or critical.

check_service overhaul

Fixed a reported bug as well as overhauled the check with some new features and modernized the checks.

This is technically a breaking change, in that it will classify some services as "ok" which was not before.
But I doubt that anyone relied on the default checking of all services

• state_is_perfect() now treats auto-start services with triggers as OK when stopped (trigger-start services legitimately remain stopped until their trigger fires)
• state_is_ok() now treats auto-start services with triggers as OK when stopped (same as delayed services were already treated)
• state_is_ok() now treats auto-start services that stopped with exit code 0 as OK (services like WslInstaller that start, complete their task, and stop cleanly no longer trigger CRITICAL)
• Added new filter keyword 'exit_code' exposing the Win32 exit code of a service. Allows users to write custom filters like 'exit_code != 0' to detect failed services
• Improved error logging in trigger detection. fetch_triggers() previously swallowed all errors silently; now logs unexpected failures
• check_service: Updated service classification list for Windows 11 24H2 / Server 2025
  • Added modern services: WslInstaller, WaaSMedicSvc, UsoSvc, DoSvc, CoreMessagingRegistrar,
    SecurityHealthService, SystemEventsBroker, vmcompute, HNS, sshd, LxssManager, and others
  • Removed obsolete services no longer present in modern Windows: Browser, NtFrs, IISADMIN,
    TlntSvr, napagent, IEEtwCollectorService, UI0Detect, SMTPSVC, aspnet_state, and others
  • Reclassified: COMSysApp (essential → ignored), SystemEventsBroker (supporting → system),
    WerSvc/wercplsupport (role → ignored)
  • Fixed casing: Eventsystem → EventSystem, systemEventsBroker → SystemEventsBroker
• Changed default detail-syntax to include exit_code. From ${name}=${state} (${start_type})into ${name}=${state}, exit=%(exit_code), type=%(start_type)
• Removed warning messages for excluded services. If a service is excluded we will not try to enumerate it.

Also improves debugging filters a bit:

• Improved how expressions are rendered when using debug
• Fixed issue with type resolution for "unary functions" i.e. not( something ). Before it would fail to parse the expression with an error.

Full Changelog: 0.11.28...0.11.29

What's Changed

check_service overhaul

Fixed a reported bug as well as overhauled the check with some new features and modernized the checks.

This is technically a breaking change, in that it will classify some services as "ok" which was not before.
But I doubt that anyone relied on the default checking of all services

• state_is_perfect() now treats auto-start services with triggers as OK when stopped (trigger-start services legitimately remain stopped until their trigger fires)
• state_is_ok() now treats auto-start services with triggers as OK when stopped (same as delayed services were already treated)
• state_is_ok() now treats auto-start services that stopped with exit code 0 as OK (services like WslInstaller that start, complete their task, and stop cleanly no longer trigger CRITICAL)
• Added new filter keyword 'exit_code' exposing the Win32 exit code of a service. Allows users to write custom filters like 'exit_code != 0' to detect failed services
• Improved error logging in trigger detection. fetch_triggers() previously swallowed all errors silently; now logs unexpected failures
• check_service: Updated service classification list for Windows 11 24H2 / Server 2025
  • Added modern services: WslInstaller, WaaSMedicSvc, UsoSvc, DoSvc, CoreMessagingRegistrar,
    SecurityHealthService, SystemEventsBroker, vmcompute, HNS, sshd, LxssManager, and others
  • Removed obsolete services no longer present in modern Windows: Browser, NtFrs, IISADMIN,
    TlntSvr, napagent, IEEtwCollectorService, UI0Detect, SMTPSVC, aspnet_state, and others
  • Reclassified: COMSysApp (essential → ignored), SystemEventsBroker (supporting → system),
    WerSvc/wercplsupport (role → ignored)
  • Fixed casing: Eventsystem → EventSystem, systemEventsBroker → SystemEventsBroker
• Changed default detail-syntax to include exit_code. From ${name}=${state} (${start_type})into ${name}=${state}, exit=%(exit_code), type=%(start_type)
• Removed warning messages for excluded services. If a service is excluded we will not try to enumerate it.

Also improves debugging filters a bit:

• Improved how expressions are rendered when using debug
• Fixed issue with type resolution for "unary functions" i.e. not( something ). Before it would fail to parse the expression with an error.

Full Changelog: 0.11.27...0.11.28

What's Changed

Added new checks:

check_temperature

Checks various temperatures in the system, this is somewhat limited as it only supported official thermal zones (let me know if you would like something improved).

check_temperature
L        cli OK: OK: Thermal Zone (THM): 25 C
L        cli  Performance data: 'Thermal Zone (THM)'=25C;70;90

check_disk_io

Check Disk IO utilization on the hard drives in the system.

check_disk_io
L        cli OK: OK: C:: 0% busy, read=0B/s write=0B/s q=0, HarddiskVolume1: 0% busy, read=0B/s write=0B/s q=0, HarddiskVolume5: 0% busy, read=0B/s write=0B/s q=0
L        cli  Performance data: 'C:'=0%;80;95 'HarddiskVolume1'=0%;80;95 'HarddiskVolume5'=0%;80;95

check_disk_health

Checks disk health (IO and disk free) in a single check.

check_disk_health
L        cli CRITICAL: CRITICAL: C:: 14% free, 0% busy, q=0 iops=0, HarddiskVolume1: 0% free, 0% busy, q=0 iops=0, HarddiskVolume5: 0% free, 0% busy, q=0 iops=0
L        cli  Performance data: 'C:'=14%;20;10 'C:'=0%;80;95 'HarddiskVolume1'=0%;20;10 'HarddiskVolume1'=0%;80;95 'HarddiskVolume5'=0%;20;10 'HarddiskVolume5'=0%;80;95

check_cpu_frequency

Check CPU frequency drift (i.e. thermal throttling).

check_cpu_frequency
L        cli OK: OK: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz: 2592/2592 MHz (100%)
L        cli  Performance data: 'Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz'=100%;50;30

Fixed system collection to use a fixed cadenc instead of sleeping 1 second.

This means that system metrics (like CPU, memory, network, etc) will be more exact.

If the system cannot keep up (i.e. it takes more then 1 second to run checks) you might see a warning every 5 minutes.

Added two new WEB UI widgets related to disk:

Full Changelog: 0.11.26...0.11.27

What's Changed

This version adds two new dashboard widgets that showcases some statistics as well as a network graph.
I also fixes and issue relating to calculating network measurements.

It also changes the tools bar slightly to make them a bit less intense:

Other changes:

• three new metrics which contains the refresh times of metrics, system metrics and network metrics so you can see this in the web UI.
• Removes unnecessary scientific notations for number in the metrics api so now you will get 1 instead of 1E1. Both are valid json so this should not impact anyone as long as your not using grep or some such to parse the json.
• Added network metrics to web UI by @mickem in #1199

Full Changelog: 0.11.25...0.11.26

What's Changed

Fixes an important bug in NRPE which was added in 0.11.24

Full Changelog: 0.11.24...0.11.25

This release includes significant, but experimental, Linux support.
While it has always been possible to use and build NSClient on Linux we now build official packages which are ready to be installed.
In addition to this there are a lot of fixes and enhancements to make running on Linux much more viable.

There is a NRPE bug in this release which is fixed in 0.11.25 so please use that version instead of this!

🐧 Experimental Linux Support

The Linux version is now complete and mirrors the Windows experience more closely than ever before.

• Unified Commands: CheckSystemUnix has been renamed to CheckSystem. Linux users can now use the same configuration as Windows users.
• Distribution-Specific Binaries: We now provide optimized builds for Debian, and Rocky Linux (redhat).
• Scripting Parity: Full support for Python and Lua scripts is now available on Linux, including proper script-folder routing.
• Permission Improvements: Default logging on Linux is now directed to the console, allowing the agent to run without sudo when testing. Also now certificates are generated when you run nscp web install to prevent sudo requirements when running as a service.

🛠️ Installer & Core Stability

After a series of regression tests in the 0.11.x branch, the installer has been hardened.

• Fixed Upgrade Logic: Resolved a critical issue where a DLL name change caused the WiX installer to fail or leave files missing during upgrades in some instances.
• Configuration Protection: Added safeguards to prevent the installer from overwriting or wiping existing .ini configurations during an upgrade.
• Silent Install Flags: Reintroduced and documented ALLOW_CONFIGURATION=0 for msiexec, allowing admins to deploy the MSI without touching existing config files.

🏗️ Architectural Refactoring

• Modular Codebase: Significant internal refactoring of nscapi and protobuf functions to improve long-term maintainability.
• Windows Core Cleanup: Reorganized Windows-specific code into a dedicated internal directory structure to separate it from cross-platform logic.
• Enhanced Testing: Many unit tests as well as a new Azure-based automated integration test.

⚠️ Upgrade Note for Pre-Release Users

If you are currently running any pre-release version between 0.11.9 and 0.11.20, a direct upgrade may fail due to either invalid DLLs or missing configuration.

Recommended Path: Manually uninstall the pre-release version and then perform a fresh installation of this release. Your configuration files will be preserved if you do not manually delete them.

⚠️ Upgrade Note for ALLOW_CONFIGURATION=0

If you use ALLOW_CONFIGURATION when upgrading from an old version the configuration might be deleted. This is an issue which is in the old installer and thus not possible to fix. This has however been fixed in future upgrades.

Full Changelog: 0.11.23...0.11.8