Hello,
I am using the free version of check_mk 2.0.
I applied the mikrotik extension package to my server and fixed all the errors it threw at me, but unfortunately I am not able to detect any new services with the plugin available.
What am I doing wrong?
Kindly appreciate any suggestions.
Thanks
I’m getting some progress and getting only a timeout on my API call. I attached the error below.
I’m using this a rule :
| Username: | admin |
|---|---|
| Password: | ****** |
| Type of query: | Do not use SSL to connect to API |
| TCP Port number: | 8728 |
| Retrieve information about…: | BGP sessions, OSPF Neighbors, VRRP info, RouterOS Health, RouterOS Board Info, IPsec, Firewall rule |
Hi lucian,
do you have Configured Api Integrations selected for the Host?
For a better error message it would be good to test this on the command line.
As site user “cmk --debug -vvI hostname”. There you can also see if the correct settings are used for this special agent.
Hi Flolo,
I do have configured api integration and agent.
From cmk --debug -vvl cnet-rtr-rb2011-turn-1 I get no output.
This is what I’m getting from the command cmk cnet-rtr-rb2011-turn-1.
[mgmt_snmp] Success, [snmp] Success, [special_mikrotik] Agent exited with code 1: Traceback (most recent call last):
File "/omd/sites/checkmk/local/share/check_mk/agents/special/agent_mikrotik", line 352, in <module>
s = open_socket(host, port, True)
File "/omd/sites/checkmk/local/share/check_mk/agents/special/agent_mikrotik", line 221, in open_socket
s.connect(sockaddr)
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1342, in connect
self._real_connect(addr, False)
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1333, in _real_connect
self.do_handshake()
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:1125)(!!), execution time 1.3 sec | execution_time=1.340 user_time=0.310 system_time=0.030 children_user_time=0.140 children_system_time=0.020 cmk_time_snmp=0.840 cmk_time_ds=0.000 cmk_time_agent=0.000type or paste code here
That look’s interesting. An nice SSL problem. Is it possible that your MikroTik is very old or only the firmware on the device?
Hi @lucian
Could you please run cmk -vv -d cnet-rtr-rb2011-turn-1 and send the line
[special_mikrotik] Calling external program ...
Please remove password before posting.
ttr
Thank you for helping guys, means a lot to me to find here such a lovely community.
@andreas-doehler I’m running the latest version of firmware and API
@ttr here is the output
OMD[checkmk]:~$ cmk cnet-rtr-rb2011-turn-1
[mgmt_snmp] Success, [snmp] Success, [special_mikrotik] Agent exited with code 1: Traceback (most recent call last):
File "/omd/sites/checkmk/local/share/check_mk/agents/special/agent_mikrotik", line 352, in <module>
s = open_socket(host, port, True)
File "/omd/sites/checkmk/local/share/check_mk/agents/special/agent_mikrotik", line 221, in open_socket
s.connect(sockaddr)
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1342, in connect
self._real_connect(addr, False)
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1333, in _real_connect
self.do_handshake()
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:1125)(!!), execution time 1.4 sec | execution_time=1.380 user_time=0.320 system_time=0.040 children_user_time=0.140 children_system_time=0.020 cmk_time_snmp=0.860 cmk_time_ds=0.000 cmk_time_agent=0.000
OMD[checkmk]:~$ cmk -vv -d cnet-rtr-rb2011-turn-1
Calling: /omd/sites/checkmk/local/share/check_mk/agents/special/agent_mikrotik -u '' -p '' -c 8728 -i bgp,ospf,vrrp,health,board,ipsec,firewall '10.10.10.11'
[ProgramFetcher] Fetch with cache settings: DefaultAgentFileCache(base_path=PosixPath('/omd/sites/checkmk/tmp/check_mk/data_source_cache/special_mikrotik/cnet-rtr-rb2011-turn-1'), max_age=MaxAge(checking=0, discovery=120, inventory=120), disabled=False, use_outdated=False, simulation=False)
Not using cache (Does not exist)
[ProgramFetcher] Execute data source
ERROR [special_mikrotik]: Agent exited with code 1: Traceback (most recent call last):
File "/omd/sites/checkmk/local/share/check_mk/agents/special/agent_mikrotik", line 352, in <module>
s = open_socket(host, port, True)
File "/omd/sites/checkmk/local/share/check_mk/agents/special/agent_mikrotik", line 221, in open_socket
s.connect(sockaddr)
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1342, in connect
self._real_connect(addr, False)
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1333, in _real_connect
self.do_handshake()
File "/omd/sites/checkmk/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:1125)(!!)
No piggyback files for 'cnet-rtr-rb2011-turn-1'. Skip processing.
No piggyback files for '10.10.10.11'. Skip processing.
[PiggybackFetcher] Fetch with cache settings: NoCache(base_path=PosixPath('/omd/sites/checkmk/tmp/check_mk/data_source_cache/piggyback/cnet-rtr-rb2011-turn-1'), max_age=MaxAge(checking=0, discovery=120, inventory=120), disabled=False, use_outdated=False, simulation=False)
[PiggybackFetcher] Execute data source
Loading autochecks from /omd/sites/checkmk/var/check_mk/autochecks/cnet-rtr-rb2011-turn-1.mk
No persisted sections loaded
No piggyback files for 'cnet-rtr-rb2011-turn-1'. Skip processing.
No piggyback files for '10.10.10.11'. Skip processing.
Your server and your client (mikrotik) can’t find a cipher they have in common to establish the TLS layer.
Can you check a direct connection to your host?
echo | openssl s_client -connect <your-remote-host>:<port>
My direct connection looks like this:
Am I supposed to generate a certificate for this?
OMD[checkmk]:~$ echo | openssl s_client -connect 10.10.10.11:8728
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Looks like yes 
I don’t know the check, you may can configure a not secure connection? Otherwise you need to generate a certificate.
Then the extension package is may broken to this feature.
You can fix this your own or get in touch with extension developer.
I was afraid of this answer.
To be honest the plugin is made for version 1.6, I tried to run it and fixed everything that checmk was reporting as an error, but we might have an incompatibility issue that is greater than I thought. Is there anyway we can convert from 1.6 to 2.0 without the developer? I tried to reach out ( and I’m not the only one) but without any success.
I think if we manage to fix this plugin it will help the community as MikroTik is a world renown manufacturer and highly used in networks around us.
The dev @ttr already wrote here 
In the command line i don’t see the “no SSL” switch so the special agent tries to use SSL.
What a small world it is …
Is this something that can be corrected inside the agent_mikrotik python script I guess!?
If you start the special agent manually then you get all the possible command line options. You can try the option for “no SSL” if it works. If this works manually then only the script part whats generates the agent call needs to be fixed.
as @andreas-doehler stated, tho nossl-switch is missing. Funny enough, it probably never ever worked. Fortunately I cannot check any mikrotik with plain http api, so please @lucian do me a favor and run:
/omd/sites/checkmk/local/share/check_mk/agents/special/agent_mikrotik -u XXX -p XXX -n -c 8728 -i '10.10.10.11'
Mind the -n switch. If this produces some output that are not errors I can provide you a fix for that issue.
ttr
