Utilizing SNMPv3 placeholder variables in check_snmp "Integrate Nagios plugins" feature

Hi CheckMK community!

Recently my department (MSSP) was tasked with moving our monitoring systems to CheckMK. So far it’s been a blast, but I’m facing an issue with setting up scalable one-off services for a plethora of hosts. As an MSSP, we manage quite a few products lines. CheckMK does quite a good job auto-discovering a bunch of services for many of our hosts with almost zero effort from our side.

To fill the gap with our ‘old’ monitoring system though, we’re looking to manually add services based on Host Labels. These Host Labels fit us perfectly as we can make labels such as:

  • “Vendor:VendorA”,

  • “Vendor:VendorB”

  • “Product:ProductA”

  • “Product:ProductB”

and so forth. So far I’ve managed to successfully get custom services working this way by running:

check_snmp -H $HOSTADDRESS$ -o . -P 3 -L authPriv -a SHA -x AES -U myUser -A myPass -X myPass

However, as we try to retain a scalable architecture, we refrain from using hardcoded settings where it’s not necessary. Moreover, as we focus on security products, we also employ unique credentials across every product we manage. SNMPv3 placeholders such as $HOSTADDRESS$ would be perfect in this scenario, but don’t seem to exist for CheckMK.

I was able to find some variables for Icinga ( Icinga Template Library - Icinga 2) but these do not seem to be Nagios-generic. Are there any equivalent placeholders for SNMPv3 in CheckMK?

Thank you in advance!

I have created an extension that introduces a ruleset to configure check_snmp: https://github.com/HeinleinSupport/check_mk_extensions/tree/cmk2.0/check_snmp

With this it is possible to use the SNMP credentials configured in the host properties for check_snmp.

1 Like

This looks promising! @r.sander me being a CheckMK novice, could you give me any pointers on where to look after having loaded the extension? There do not appear to be any new flags under Setup > Services > Other services > Integrate Nagios plugins.

There is a new ruleset after installing the extension.

Gotcha, judging by the code it looks like Setup > Services > Other services > Check SNMP OID is where I need to be. Definitely giving this a run, thank you!

1 Like

@r.sander I’ve managed to get a couple of things in - which is frigging awesome. The last thing that I wanted to check was if it would properly go into-WARN/CRIT state. The code is showing this should be possible between lines 75-85 in the check_snmp file and lines 79-99 in the active_checks_snmp.py file.

I’ve made a ruleset that is assigned via a Host Label condition and only had to fill in the one OID without any other configuration, which works like a charm. So far so good. However once I enable “upper levels” and set warning to 4 and critical to 5, the service on the host (which got 21 as the output of the OID that I’m monitoring) stayed in the OK state. I’d expect the service to go to CRIT state.

Any pointers on what could be going wrong? The OID has unit # defined in the MIB in contrast to the °C-symbol in the GUI. As far as I can tell by reading the code this is purely cosmetical though, and not some kind of type-checking error. Upon looking at the Service info, it looks like it didn’t get the limits from the WATO configuration as “Service check command” is outputting:

check_mk_active-snmp!-H $HOSTADDRESS$ -P 3 -L authPriv -a “sha” -U ‘CMK_TEST’ -A ‘CMK_TEST’ -x “AES” -X ‘CMK_TEST’ -m ALL -o ‘.’

You found the bug!

I must have changed the name of the parameter and not changed the code. It has been fixed now in the guthub repo.

1 Like

We’re close, but now missing a space when formatting the parameters. Right after the -o parameter with the OID, there is no space for either the WARN (-w) or CRIT (-c) treshold.

check_mk_active-snmp!-H $HOSTADDRESS$ -P 3 -L authPriv -a “sha” -U ‘CMK_TEST’ -A ‘CMK_TEST’ -x “AES” -X ‘CMK_TEST’ -m ALL -o ‘.’-w 5-c 4

And the missing space has been added.

aaaaand it’s working! Have also added ~150 services by now based on host labels and it’s working like a charm (after tweaking the max concurrent active checks setting).

I’m no star by any means in programming, but I might try a pull request somewhere in the next two months to add support for the “units” (-u) parameter too as a further refinement (merely cosmetical).

1 Like