A few days ago I received an inquiry about a scripting problem from one of our longtime partners, to be exact our DCP Marc Handel from IT unlimited AG. In the exchange with Marc I realized that his idea to use the Enterprise Alert Scripting Host, the Windows Task Scheduler and CheckMK to realize a roundtrip monitoring could be interesting for the whole community. Especially for all our CheckMK customers.
The idea for the roundtrip check was that all CheckMK servers send an API call to EA and an alerting policy triggers a script on these events. The task of the script should be to write locally on the EA server to a logfile – this log should then be monitored and an alarm generated should the logfile no longer be updated.
Marc has implemented this for his customer as described below:
- In Check MK, a regular triggering event was set up that regularly sends API calls to Enterprise Alert.
- In Enterprise Alert a policy was created that triggers the eventcheck.js script.
/* This script handles all incoming messages for all message types from the message master kernel. This script then replies with a confirmation message, notifying the user that message master has received the message. */ function OnNewEvent(objMsg) { EAScriptHost.LogInfo("OnNewEvent - write log entry for checkMK API calls"); var strServer = objMsg.GetEventParameter("Hostname"); EAScriptHost.LogDebug("get Hostname: strServer :" + strServer); var object = new ActiveXObject("Scripting.FileSystemObject"); var file = object.OpenTextFile("E:\\EventCheck\\Eventcheck_hostname_"+strServer+".txt", 8, true); //var file = object.OpenTextFile("E:\\EventCheck\\Eventcheck_checkMK.txt", 8, true); EAScriptHost.LogDebug("+ + + write to log: " + displayTime() + " - E:\\EventCheck\\Eventcheck_hostname_" + strServer + ".txt") file.WriteLine(displayTime() + ' checkMK API call received from ' + strServer); file.Close(); //EAScriptHost.Display(objMsg.GetXml()); //HandleMessageReply(objMsg); //HandleTimeStampUpdate(); } // Sends a confirmation message back to the originator of the message function HandleMessageReply(objMsg) { var objAnswer = objMsg.CreateAnswer(); if (objAnswer != null) { objAnswer.SetProperty("mm_body", "Confirmed message receipt: " + objMsg.GetProperty("mm_body")) objAnswer.Send(); } } // Updates Timestamp of external Tracking file - now done in OnNewEvent function HandleTimeStampUpdate() { EAScriptHost.LogInfo("HandleTimeStamp"); var object = new ActiveXObject("Scripting.FileSystemObject"); //var strServer = eventObject.GetEventParameter("Hostname"); //var file = object.OpenTextFile("E:\\EventCheck\\Eventcheck_"+strServer+".txt", 8, true); var file = object.OpenTextFile("E:\\EventCheck\\Eventcheck_checkMK.txt", 8, true); EAScriptHost.LogDebug("write to log:" + file) file.WriteLine(displayTime() + ' checkMK API call received'); file.Close(); } function displayTime() { EAScriptHost.LogInfo("displayTime"); var str = ""; var now= new Date(), h= now.getHours(), m= now.getMinutes(), s= now.getSeconds(); date = now.getDate(); month = now.getMonth() + 1; //Months are zero based year= now.getFullYear(); if(h<10) h= '0'+h; if(m<10) m= '0'+m; if(s<10) s= '0'+s; if(date<10) date= '0'+date; if(month<10) month= '0'+month; str = date+'-'+month+'-'+year+' '+h+':'+m+':'+s; EAScriptHost.LogInfo("Time:" + str); return str; }
batch file
echo + + + %DATE% %TIME% checking fileage of all files in E:\Eventcheck_hostname*.txt >> E:\Eventcheck_checkMK.log for %%f in (E:\Eventcheck_hostname*.txt) do ( echo DEBUG: checking fileage for file: %%f for /f "tokens=3 delims=_" %%b in ("%%f") do ( for /f "tokens=1 delims=." %%c in ("%%b") do ( cscript //nologo E:\Eventcheck.vbs %%f %%c >> E:\Eventcheck_checkMK.log )))
- A task has now been created in the Windows Task Scheduler which regularly executes the VBS script below and thus checks whether the log has been updated by the JS.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' FileAge.vbs ' This script calculates the age of a file in days. ' If you want the results in hours, change d in the line strdateDiff to h. ' ' USAGE: fileage.vbs file_to_check.txt ' execute this .bat file using the task-scheduler: ' cscript //nologo E:\Eventcheck\EventCheck_checkMK.vbs E:\Eventcheck\Eventcheck_checkMK.txt checkMK >> E:\Eventcheck\Eventcheck_checkMK.log ' export LANG=en_US.UTF-8 Option Explicit Dim FSO, File, strDateDiff, strOld, strFile, objArguments, strServer ' Time until an alarm is triggered if log was not updated (eg. 30 Min) dim intAgeInMinutes intAgeInMinutes = 120 Set objArguments = WScript.Arguments If(objArguments.Count < 2) Then Call Usage() End If strFile = objArguments(0) strServer = objArguments(1) Set FSO = CreateObject("Scripting.FileSystemObject") Set File = FSO.GetFile(strFile) strOld = File.DateLastModified strDateDiff = DateDiff("n", strOld, Now) Wscript.Echo strDateDiff & " minutes - file: " & strFile & " (max. " & intAgeInMinutes & " min.)" if (strDateDiff > intAgeInMinutes) then SendEAAlert("DerDack is missing Events from " & strServer & " since " & strDateDiff & " Minutes") end if Wscript.Quit(1) sub SendEAAlert(strText) dim strCommand strCommand = """C:\Program Files\Enterprise Alert\CommandLine\CommandLineClient.exe"" -event_text """ & strText & """" Dim objShell Set objShell = WScript.CreateObject( "WScript.Shell" ) objShell.Run(strCommand) Set objShell = Nothing end sub Sub Usage() WScript.Echo "Usage:" & vbNewLine & vbNewLine &_ "Fileage Name_of_File" & _ vbNewLine & vbNewline & "E.g. Fileage c:\temp\log.txt" WScript.Quit(0) End Sub
- If this does NOT happen, an event with the message “no new Event from Server xyz received” is triggered in Enterprise Alert, which in turn triggers an alert to administrators.
Of course, this monitoring can be easily applied to other source systems. In this case it was CheckMK because a corresponding project was being implemented there. Crucial for the setup is the possibility to send API calls or at least messages to Enterprise Alert on a regular basis and the presence of the Enterprise Alert scripting host.
Summary
Nothing is worse than not knowing if your IT monitoring is still working or not. With the setup described above, you can avoid these worries and be more relaxed about being on standby. You know that Enterprise Alert would reliably report to you if there is a problem in your infrastructure. At the same time, the complex setup allows you to monitor several other components at the same time. If you want to have such a monitoring for your systems or if you have any questions about the described scenario please contact us at support@derdack.com.