Guidelines for coding check plug-ins

The check plug-in itself

A Manpage

Plug-ins with check parameters require a WATO-Definition for the applicable Rule Set

Metrics definitions for graphs and the Perf-O-Meter if the check produces metrics data

A definition for the Agent Bakery if an agent plug-in is present

A number of complete, and diverse examples of the agents outputs, or respectively SNMP-Walks

A plug-in’s name must be short, sufficiently explicit, and understandable. Example: firewall_status is only a good name if the plug-in functions for all, or at least many firewalls.

A name is composed of lower case letters and numerals. An underscore is permitted as a separator.

The words status or state are unnecessary in a name, since of course every plug-in monitors a status. The same applies for the superfluous word current. So, rather than foobar_current_temp_status simply use just foobar_temp.

Checks that apply to a physical thing (e.g. fan, power supply), should have a name in the singular – for example, casa_fan, oracle_tablespace. Checks in which each item refers to a number or multiples should be named using a plural – for example, user_logins, printer_pages.

Product-specific checks should be prefixed with the product name — e.g., oracle_tablespace.

Manufacturer-specific check plug-ins that do NOT apply to a SPECIFIC product should be prefixed with the manufacturer’s abreviation — e.g., fsc_ for Fujitsu Siemens Computers.

SNMP-based check plug-ins that use a common component of the MIB which may well be supported by more than one manufacturer should be named after the MIB, rather than after a manufacturer — e.g., the hr_*-check plug-ins.

Use common and well-defined abbreviations (e.g. CPU, DB, VPN, IO,…).

Write abbreviations in upper case.

Use sentence case (e.g. CPU utilization, not Cpu Utilization) — proper names are an exception.

Write product names as defined by the vendor (e.g. vSphere).

Use American English (e.g. utilization, not utilisation).

Stick to existing naming schemes, if they exist. For example, all interface services use the template "Interface %s".

Try to be brief as those names show up in dashboards, views and reports and might be cut, if too long.

Metrics for which a meaningful definition already exists should always be used.

Otherwise similar rules as used for the naming of check plug-ins apply (product-specific, manufacturer-specific, etc.)

The same convention applies as with metrics.

Store the plug-in in share/check_mk/agents/plugins for Unix-type systems, and set the execution rights to 755.

In Windows the directory is called share/check_mk/agents/windows/plugins.

Shell and Python scripts should have no file name extension (omit .sh and .py).

Use !/bin/sh in the first lines of shell scripts. Only use !/bin/bash if BASH features are required.

Use the standard Checkmk-file heading with the GPL-notice.

Your plug-in must not damage the target system, especially if the plug-in is not actually supported by the system.

Do not forget the reference to the plug-in on the check’s manpage.

If the component that the plug-in is to monitor doesn’t actually exist on a system, the plug-in must not output a section head.

If the plug-in requires a configurations file this should (in Linux) be searched for in the $MK_CONFDIR directory, and the file must have the same name as the plug-in — apart from the .cfg extension, and without a possible mk_ prefix. The procedure is similar for Windows — the directory in Windows is %MK_CONFDIR%.

Do not code plug-ins for Windows in Powershell. This is not portable, and is in any case very resource-greedy. Use VBS.

Do not code Plug-ins in Java.

Do not use import in your check files. All permitted Python modules have already been imported.

Do not use datetime for parsing and calculating time specifications – use time. This can perform all needed tasks. Really!

Arguments that receive your functions must in no way modify the functions. This especially applies for params and info.

Should you really want to work with regular expressions (they are slow!), invoke these with the regex() function — do not use re directly.

Naturally it is not permitted to use print, or otherwise route outputs to stdout, or communicate with the outside world in any way!

The SNMP-scan function is not allowed to retrieve OIDs other than .1.3.6.1.2.1.1.1.0 and .1.3.6.1.2.1.1.2.0. Exception: the SNMP-scan function has ensured via a Check of one of these OIDs that further OIDs will retrieve only a strictly-limited number of devices.

The thresholds for WARN and CRIT should always be verified with >= and <=. Example: a plug-in monitors the length of a mail queue. The critical upper limit is 100. This means that if the actual value is ‘100’ it is already critical!

If there are ONLY upper, or ONLY lower thresholds (the commonest cases), then the entry fields in WATO should be coded with Warning at and Critical at .

If there are upper AND lower thresholds, the coding should be as follows: Warning at or above _, Critical at or above , _Warning at or below and _Critical at or below _.

For showing measured values, exactly one blank character should separate the value and the unit (e.g. 17.4 V). The only exception to this rule is with %, where there is no blank: 89.5%.

When listing measured values, the value’s name with an initial capital is followed by a colon. Example: Voltage: 24.5 V, Phase: negative, Flux-Compensator: operational

Do not show internal keys, codewords, SNMP-internals or other rubbish in plug-in outputs which is of no use to the user. Use meaningful human-readable terms. Use terms that the user normally expects! Example: Use route monitor has failed rather than routeMonitorFail.

If the check item has an additional specification, code this in square brackets at the beginning of the output (e.g. Interface 2 - [eth0] …​)

In listings, items are separated by commas, and following items have initial capitals: Swap used: …​, Total virtual memory used: …​

The default thresholds used in the check should also be defined 1:1 as default parameters in the applicable WATO-rule.

The default thresholds should be defined in factory_settings (if the check has a dictionary as a parameter).

The default thresholds should be selected on a technically-sound basis. Is there a manufacturer’s specification? Are there best Practices?

It is essential that the source of the thresholds be documented in the check.

The check plug-in always returns metric data as int or float. Strings are not allowed.

If you wish to output the sixtuple from a metric value field, use None in its position. Example: [("taple_util", utilization, None, None, 0, size)]

If you don’t require the entry at the end, simply shorten the tuple. Do not use a None at the end.

Metric names consist of lower case letters and underscores. Numerals are permitted, but not leading.

Metric names should be, as with check plug-ins, short and specific. Metrics that will be used by multiple plug-ins should have generic names.

Avoid using the pointless filler word current. The measured value is always the current one.

The metric should be named after the ‘thing’, not after the unit of measurement. Thus, for example, current rather than ampere, or size rather than bytes.

Important always use the canonical size. Really! Checkmk scales the data itself as appropriate. Example:

Only set ‘has_perfdata’ in check_info to True if the check actually outputs metric data (or can output it).

The exact device name or device group for which the check is written

What the check monitors, e.g., System Health

Agents: In this case the operating systems for which the check was built and is available for are specified. For example linux, or linux, windows, solaris

SNMP: In this case there is only the entry snmp

Active checks: If an active check has been integrated into the Checkmk interface, use the category active

Exactly what hardware or software does the check monitor? Are there special features of certain firmware or product versions of the devices? Do not refer to a MIB, but to product designations. Example: It is not helpful if you write “This check works for all devices that support the Wrdpfrmpft-17.11-MIB”. Write precisely which product lines or similar are supported.

Which aspect of this is monitored? What does the check do?

Under what conditions is the check OK, WARN or CRIT?

Is an agent plug-in required for the check? If yes — how is it installed? This must work without the Agent Bakery.

Are there any other requirements for the check to work (preparation of the target system, installation of drivers, etc.). These should only be listed if they are not normally fulfilled anyway (e.g. mounting of /proc under Linux).