CMK version: 2.0.0p20 OS version: Windows Server 2019
Hello all,
I would like to create a local script under Windows, which evaluates the MS Exchange Queue. This is done with a Powershell script and works under my admin account.
When I place the script in C:\ProgramData\checkmk\agent\local, it is executed under the user “nt-autority\system” who has no permissions to read the Exchange Queue.
How can I have the checkmk agent execute the script with other user rights in the raw edition?
Problem: Local checkmk has no permission for exchange transport queue. So the check has no result. How can I monitor the MS Exchange transport queue with checkmk?
This is the skript which give the needed result, when I start it with my user, but no result when checkmk run it.
#Aufbauen einer Verbindung zum Exchange
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$env:computername.berlin.rosaluxemburgstiftung.de/PowerShell/ -Authentication Kerberos
$Null=Import-PSSession $Session -DisableNameChecking -AllowClobber
Clear-Host
#Auslesen der Warteschlangen
$Queue = Get-Queue | Select Identity, DeliveryType, MessageCount
#Ergebnis fuer CheckMK lesbar machen
foreach ($Line in $Queue) {
$Type = $Line.DeliveryType
$Count = $Line.MessageCount
$Identity = $Line.Identity
write-host P "Message_Queue_$Type" "Mails=$Count;100;200" $Count Mails in der Warteschlange.
}
#Verbindung zum Exchange schließen
Remove-PSSession $Session
Thanks for the answer. Unfortunately, I am not getting anywhere.
The PowerShell script is located under “C:\ProgramData\checkmk\agent\local\whoami.ps1”.
I have customized the check_mk.user.yml under: “C:\ProgramData\checkmk\agent\check_mk.user.yml”
I made the following adjustments under the “local” section in the check_mk.user.yml:
local:
enabled: yes
# max_wait: 60 # max timeout for each sync plugin. Agen will not collect data from plugins longer than max_wait time.
# this is useful to stop badly written or hanging plugins
# async_start: true # start plugins asynchronously, this is normal mode.
# patterns are scanned from top to bottom,
# configuration is assigned to the first file found that matches the pattern
Execution:
#- pattern : 'C:\ProgramData\checkmk\agent\local\\nav_jobqueue.ps1' # plugin name or absolute path . * and ? are allowed
# user : 'admnavision 1Admin4nav' # username (domain is allowed) and password separated by a space
# run : yes # run this plugin if plugin found
- pattern : 'whoami.ps1' # plugin name or absolute path . * and ? are allowed
user : 'Testuser Testpassword' # username (domain is allowed) and password separated by a space
run : yes # run this plugin if plugin found
- pattern : 'test_me.bat' # plugin name. * and ? are allowed
#async: no # default is no
timeout : 35 # after 35 seconds the process will be terminated, default is 60 in check_mk.yml
run : yes # run this plugin.
- pattern : '*.*' # in the user folder. DO NOT REMOVE THIS ENTRY
run : yes # do not execute files matching this pattern
But the output is still made by “NT-AUTORITÄT\SYSTEM” instead of “Testuser”.
# ProgramData/checkmk/agent/local folder
local:
enabled: yes
execution:
- pattern : 'C:\ProgramData\checkmk\agent\plugins\whoami.ps1' # Plugin name or absolute path . * and ? are allowed
user : 'Testuser Testpassword' # user name(domain is allowed) and password separated with one space
run : yes # execute this plugin if plugin found
- pattern : 'C:\\ProgramData\\checkmk\\agent\\plugins\\whoami2.ps1' # Plugin name or absolute path . * and ? are allowed
user : 'Testuser Testpassword' # user name(domain is allowed) and password separated with one space
run : yes # execute this plugin if plugin found
- pattern : 'whoami3.ps1' # Plugin name or absolute path . * and ? are allowed
user : 'Testuser Testpassword' # user name(domain is allowed) and password separated with one
But all of them return NT-AUTORITÄT\SYSTEM. It’s like it doesn’t matter if I make any changes to the check_mk.user.yml.
But I really need this option, otherwise I can’t monitor important services.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.