Hi there,
we are working on a cis plugin for windows, but have issues, that we are not receiving any output of the agent plugin. even if we write print outputs into it, those wont be displayed. If we have typos then the cmk discovery fails with an error.
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# Example output from agent
# <<<cis_audit:sep(58)>>>
#cis-audit-file-age: 42053
#failed-count: 8215
#skipped-count: 0
#test-count: 14759
import time
from typing import Any, Mapping
from cmk.agent_based.v2 import (
AgentSection,
CheckPlugin,
CheckResult,
DiscoveryResult,
Metric,
Result,
Service,
State,
StringTable,
get_value_store,
render,
)
Section = Mapping[str, Any]
def parse_cis_audit(string_table: StringTable) -> Section:
"""Parse agent output into dictionary"""
data = {}
last_volume = False
for line in string_table:
name = line[0].strip()
value = ":".join(line[1:]).strip()
return data
agent_section_windows_patch_day = AgentSection(
name="cis_audit",
parse_function=parse_cis_audit,
parsed_section_name="cis_audit",
)
def discover_cis_audit(section: Section) -> DiscoveryResult:
''' Create one Service '''
yield Service(item=n)
def check_cis_audit(
item: str, params: Mapping[str, Any], section: Section
) -> CheckResult:
"""Check the count status of all checks against the levels"""
data = section.get(item)
if not data:
return
cisauditfileage = int(data["cis-audit-fileage"])
cisfailedcount = int(data["failed-count"])
cisskippedcount = int(data["skipped-count"])
cistestcount = int(data["test-count"])
agewarn, agecrit = params.get("file_age", (86400, 172800))
failwarn, failcrit = params.get("failed_count", (300, 600))
# Check audit file age
if cisauditfileage > agecrit:
msg = f"CIS Audit file age: {cisauditfileage} seconds (Crit: {agecrit})"
yield Result(state=State.CRIT, summary=msg)
elif cisauditfileage > agewarn:
msg = f"CIS Audit file age: {cisauditfileage} seconds (Warn: {agewarn})"
yield Result(state=State.WARN, summary=msg)
else:
msg = f"CIS Audit file age: {cisauditfileage} seconds"
yield Result(state=State.OK, summary=msg)
# Check failed test count
if cisfailedcount > failcrit:
msg = f"Failed tests: {cisfailedcount} (Crit: {failcrit})"
yield Result(state=State.CRIT, summary=msg)
elif cisfailedcount > failwarn:
msg = f"Failed tests: {cisfailedcount} (Warn: {failwarn})"
yield Result(state=State.WARN, summary=msg)
else:
msg = f"Failed tests: {cisfailedcount}"
yield Result(state=State.OK, summary=msg)
# Info results
yield Result(state=State.OK, summary=f"Skipped tests: {cisskippedcount}")
yield Result(state=State.OK, summary=f"Total tests: {cistestcount}")
# Additional metrics
yield Metric("cis_audit_file_age", cisauditfileage)
yield Metric("cis_audit_failed_count", cisfailedcount)
yield Metric("cis_audit_skipped_count", cisskippedcount)
yield Metric("cis_audit_test_count", cistestcount)
check_plugin_windows_patch_day = CheckPlugin(
name="cis_audit",
service_name="CIS Audit %s",
check_ruleset_name="cis_audit",
sections=["cis_audit"],
check_default_parameters={"file_age": ("fixed", (86400, 172800)), "failed_count":("fixed", (300, 600))},
discovery_function=discover_cis_audit,
check_function=check_cis_audit,
)
the output of the discovery is just without any detailed response for cis_audit:
cmk -vvvI --detect-plugins=cis_audit server123
<<<checkmk_agent_plugins_win:sep(0)>>> / Transition HostSectionParser -> HostSectionParser
<<<df:sep(9)>>> / Transition HostSectionParser -> HostSectionParser
<<<services>>> / Transition HostSectionParser -> HostSectionParser
<<<dotnet_clrmemory:sep(124)>>> / Transition HostSectionParser -> HostSectionParser
<<<ps:sep(9)>>> / Transition HostSectionParser -> HostSectionParser
<<<wmi_webservices:sep(124)>>> / Transition HostSectionParser -> HostSectionParser
Transition HostSectionParser -> NOOPParser
<<<cis_audit:sep(58)>>> / Transition NOOPParser -> HostSectionParser
<<<win_firewall_status:sep(124)>>> / Transition HostSectionParser -> HostSectionParser
<<<win_tls_status:sep(124)>>> / Transition HostSectionParser -> HostSectionParser
<<<win_netstat>>> / Transition HostSectionParser -> HostSectionParser
<<<cmk_update_agent_status:cached(1746625199,900):sep(0)>>> / Transition HostSectionParser -> HostSectionParser
<<<windows_tasks:encoding(cp437):sep(58)>>> / Transition HostSectionParser -> HostSectionParser
<<<windows_updates:cached(1746624641,3600)>>> / Transition HostSectionParser -> HostSectionParser
Transition HostSectionParser -> NOOPParser
<<<local:sep(0)>>> / Transition NOOPParser -> HostSectionParser
<<<systemtime>>> / Transition HostSectionParser -> HostSectionParser
<<<hyperv_vmstatus:cached(1746625293,600)>>> / Transition NOOPParser -> HostSectionParser
<<<hyperv_checkpoints:cached(1746625293,600)>>> / Transition HostSectionParser -> HostSectionParser
<<<labels:sep(0)>>> / Transition HostSectionParser -> HostSectionParser
HostKey(hostname='svit02', source_type=<SourceType.HOST: 1>) -> Add sections: []
HostKey(hostname='svit02', source_type=<SourceType.HOST: 1>) -> Add sections: []
Received no piggyback data
+ ANALYSE DISCOVERED HOST LABELS
Trying host label discovery with:
Trying host label discovery with:
SUCCESS - Found no new host labels
+ ANALYSE DISCOVERED SERVICES
+ EXECUTING DISCOVERY PLUGINS (0)
Trying discovery with:
SUCCESS - Found no new services
Does anybody has an hint for us how we can troubleshoot this further?
Thanks in advance,
Constantin