done.
Post must be at least 20 characters
1 Like
Unfortunately not, as i have only one Windows system, i have not put any effort in that.
I also updated the blog. Currently also trying to update the MKP on the Exchange as well.
2 Likes
Eagerly waiting for the updated CMK package on the Exchange, I tried version 0.9 but it didn’t work so well on Windows hosts at least, will try the updated one as soon as it’s up.
@CheckmkRG if i do the async/caching with the agent backery the yml looks like this
local:
enabled: true
execution:
- async: true
cache_age: 86400
pattern: check_CVE-2021-44228_log4j.ps1
run: true
timeout: 600
Hey , i am not an expert but i think you should have bat file e.g. check_log4j.bat what will run ps1 file in the same catalog with content :
"
@echo off
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\ProgramData\checkmk\agent\local\check_CVE-2021-44228_log4j.ps1
"
then you could try to set up pattern like:
"
- pattern : $CUSTOM_LOCAL_PATH$\check_log4j.bat # Plugin name. * and ? are allowed
async : yes # default is no
run : yes # execute this plugin.
cache_age : 86400
"
This is what i would try !
Done. Hope it works. Please try v1.0
https://exchange.checkmk.com/p/cve-2021-44228-log4j-open
EDIT: Found a bug, removed package, will reupload soon
made the windows script a little more reliable for missing executable. Sorry for being late…
so me as a noob copied the
log4j2-scan.exe into
ProgramData\checkmk\agent\bin
and the script with final name check_CVE-2021-44228_log4j.ps1 into
ProgramData\checkmk\agent\local
I also installed the mkp into our checkmkraw v2p17
what do I have to do now to see the check within my windows machine service configuration?
Thanks! But didnt work… 
Tried it over the Agent Bakery and the new check_mk.user.yml doesnt changed and with Copy & Paste without success.
@Raf Thanks for the idea but this didnt worked for me, too.
Maybe someone an idea why the new “check_mk.user.yml” dont get the Information from the Agent Bakery?
It looks like the Checkmk Agent/Checkmk Service isnt interested in the “check_mk.user.yml” 
Open the host in checkmk und look for the service “Check_MK Discovery”.
This service shows you now one vanisched service (XXX).
Under service configuration you can add the service to the monitored services!
1 Like
the changes from the bakery are in "C:\ProgramData\checkmk\agent\bakery\check_mk.bakery.yml" As for the rules, the Type needs to be changed from Plugin to Local (this was the mistake I run in to).
ty! thats it. I also missed to update the client agent, it was on p14, so i think this was relevant to.
That should be sufficient. Just do a service discovery on the respective hosts. You should have a new service ready to be monitored.
You can test it by running the agent and looking at the output. The last section should include some stuff around log4j.
its finally working on some machines, but on other the Check_MK Service get a (Service Check Timed Out)
scripts and .exe are identical, client agent too. Machine OS differ are mixed, some Win 2016, some 2019
This may relate to the query I just came here with.
I’ve tested a bit, this is no fault of the plugin, but on many of our windows systems, the log4j scanner is taking far longer than the 60 seconds which the service check timeout is set to. Is the only way of accounting for this increasing service checks across the the board to allow the scan to complete within the service check period?
1 Like
would it be ok to give me a hint were to find a global setting to change the timeout behaviour? ty! 
Have you tried running it asynchronously?