Hello,
I want to monitor state of Defender on my Win 2016 server. I’m using RAW edition, I’ve installed the plugin manually and it’s available in [Host & Service Parameters].
But when I created rule and make it to be applied on specific server, it wasn’t listed at all.
When I created a manual check it appeared, but there are errors I’m not sure how to deal with:
This seemed like there’s something wrong with the check code but I couldn’t find anything there. According to info on plugin page it was created on version 1.2.8p14 and I’m using 1.6.0p8. I’m assuming there’s some config/code that has to be updated to make it work, but I’m not sure where.
You created a manual check. That will not help. First the service should be automatically discovered after you installed the agent plugin.
Then you can use the small icon before the service name to create some parameters.
Remove first your defined manual check.
You have probably only installed the .mkp (package) on the monitoring server?
You also need to install the agent plugin (plugins/win_defender.ps1) on the monitored Windows host.
(in the enterprise edition, you could also use the agent bakery to deploy the plugin, but not on raw)
See “Monitoring Windows” in the manual, specifically section “7. Adding agent plug-ins”:
Thanks, I didn’t do that step. Now the *.ps1 file is on the server and additional service to monitor was discovered but there’s still problem with parameters:
Why should be there a problem with the parameters?
In your screenshot with the parameters there is 2 days selected as limits. The screenshot with the discovered service also shows 2 days (written in seconds).
Attention - don’t mix the naming between the Windows Powershell plugin and the Python source code.
These variables have nothing in common, the naming is only in this way that you know what every variable is.
@andreas-doehler Thank you very much for assitance. The plugin now works correctly. I have manually disabled Defender on monitored server and check_mk immediately detected critical condition.
And if the Defender definitions are just a plain file on the machine, then a simple fileinfo check (“Size and age of single files”) might also be a quick&easy solution.