kleinrotti / checkmk_telematik Goto Github PK

CheckMK Special Agent to monitor a TI Konnektor

Dockerfile 1.26% Shell 1.79% Python 96.95%

checkmk telematikinfrastruktur rise kocobox secunet

checkmk_telematik's Introduction

CheckMK Special Agent - Monitor a TI Konnektor

Preamble

This plugin was developed without a "real" SOAP client. Therefore, it is a little bit hacky and if a new WSDL version is available, it has to be adapted in the source code. The advantage is that the plugin works immediately and no further Python packages like zeep need to be installed. As this plugin is only meant for simple monitoring purposes, I went this way. Maybe I will rewrite it in the future, when it is no longer necessary to manually download the WSDL files from the Gematik github and the connector provides them itself instead.

Check these requirements:

If client side authentication is enabled in the Konnektor, you have to provide the certificate or credentials in the WATO rule
The special agent is developed with the WSDL version 7.2 from the EventService and 8.1 from the CardService, if your Konnektor has an older version this will likely not work

How to use

I recommend to set the IPv4 address of the host in checkmk instead of using name resolution
Create a new "Telematikinfrastruktur Konnektor Agent" rule for your host (Konnektor)
There, you need one mandant id, clientsystem id and workplace id which is associated to that Konnektor

What is monitored

Connected Remote card terminals (Detailed information are available like Firmware, Hardware, Workplaces ...)
All assosciated cards and terminals for that mandant if mandant-wide request is enabled in the WATO rule
SMC cards in connected remote card terminals, for SMC-B cards the verification state is also monitored
Operation states of the Konnektor e.g. Update errors, encryption errors, certificate errors ...
VPN states (VPNSIS, VPNTI)

WATO rules

SMC card states can be modified with the rule "Telematikinfrastrukur SMC Card"
SMC card certificate checks can be configured with the rule "Telematikinfrastrukur SMC Card"
Operation states can be modified with the rule "Telematikinfrastrukur Operation"
Connected states from terminals can be modified with the rule "Telematikinfrastrukur Terminal"

Debugging

The special agent provides a debug mode which you can use to debug errors. Run the special agent from the command line with the additional parameter --debug.

The specifications used to develop this plugin are from Gematik and described here

checkmk_telematik's People

Contributors

Stargazers

Watchers

checkmk_telematik's Issues

Secunet - Problem with Plugin

Hi,

thank you for your work! I am just try to use your Plugin but i am not able to get it up and running. I used different ports (443|8500) but it won't work. Maybe you could give me a hint? Remotemanagement is enabled.

LOGS:

#Port 443

OMD[mysite]:~$ cmk -d 172.20.xxx.xxx
ERROR [special_telematik_konnektor]: Agent exited with code 1: Traceback (most recent call last):
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1010, in validate_conn
conn.connect()
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connection.py", line 416, in connect
self.sock = ssl_wrap_socket(
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/util/ssl.py", line 453, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(sock, context, tls_in_tls)
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/util/ssl.py", line 495, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock)
File "/omd/sites/mysite/lib/python3.9/ssl.py", line 501, in wrap_socket
return self.sslsocket_class._create(
File "/omd/sites/mysite/lib/python3.9/ssl.py", line 1041, in _create
self.do_handshake()
File "/omd/sites/mysite/lib/python3.9/ssl.py", line 1310, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/omd/sites/mysite/lib/python3.9/site-packages/requests/adapters.py", line 489, in send
resp = conn.urlopen(
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='172.20.xxx.xxx', port=8500): Max retries exceeded with url: /ws/CardService (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/omd/sites/mysite/local/share/check_mk/agents/special/agent_telematik_konnektor", line 482, in
main(args)
File "/omd/sites/mysite/local/share/check_mk/agents/special/agent_telematik_konnektor", line 437, in main
cardResponse = requestCards()
File "/omd/sites/mysite/local/share/check_mk/agents/special/agent_telematik_konnektor", line 148, in requestCards
return request(f"https://{host}:{port}/ws/CardService", body)
File "/omd/sites/mysite/local/share/check_mk/agents/special/agent_telematik_konnektor", line 219, in request
response = requests.post(url, headers={"Content-Type": "text/xml"},
File "/omd/sites/mysite/lib/python3.9/site-packages/requests/api.py", line 115, in post
return request("post", url, data=data, json=json, **kwargs)
File "/omd/sites/mysite/lib/python3.9/site-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
File "/omd/sites/mysite/lib/python3.9/site-packages/requests/sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "/omd/sites/mysite/lib/python3.9/site-packages/requests/sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "/omd/sites/mysite/lib/python3.9/site-packages/requests/adapters.py", line 563, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='172.20.xxx.xxx', port=8500): Max retries exceeded with url: /ws/CardService (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)')))

#port 8500

OMD[mysite]:~$ cmk -d 172.20.xxx.xxx -v
[ProgramFetcher] Execute data source
ERROR [special_telematik_konnektor]: Agent exited with code 1: Traceback (most recent call last):
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1010, in validate_conn
conn.connect()
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/connection.py", line 416, in connect
self.sock = ssl_wrap_socket(
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/util/ssl.py", line 453, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(sock, context, tls_in_tls)
File "/omd/sites/mysite/lib/python3.9/site-packages/urllib3/util/ssl.py", line 495, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock)
File "/omd/sites/mysite/lib/python3.9/ssl.py", line 501, in wrap_socket
return self.sslsocket_class._create(
File "/omd/sites/mysite/lib/python3.9/ssl.py", line 1041, in _create
self.do_handshake()
File "/omd/sites/mysite/lib/python3.9/ssl.py", line 1310, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)

During handling of the above exception, another exception occurred:

Support for client side certificate authentication

Hi,
just tried your Check.

where should i insert the URL which is needed? Don`t see anything, where i could insert an URL.

[special_telematik_konnektor] Agent exited with code 2: usage: agent_telematik_konnektor [-h] [-u URL] [-p PORT] [-s SSL] [-m MANDANT]
[-c CLIENTSYSTEM] [-w WORKPLACE]
agent_telematik_konnektor: error: argument -u/--url: expected one argument(!!)

Thanks for the plugin!

Got no valid response from konnektor

Hello,

thanks for this plugin. Is this agent supposed to work with connectors of all manufacturers and types?

I receive the following error message:

OMD[xyz]:~$ /omd/sites/xyz/local/share/check_mk/agents/special/agent_telematik_konnektor '-u' '123.456.789.012' '-p' 123 '-m' 'xyz' '-c' 'xyz' '-w' 'xyz'
Got no valid response from konnektor.Code: 404 Message:
Got no valid response from konnektor.Code: 404 Message:
Got no valid response from konnektor.Code: 404 Message:
Parsing cards failed. ('no element found: line 1, column 0',)
Traceback (most recent call last):
  File "/omd/sites/xyz/local/share/check_mk/agents/special/agent_telematik_konnektor", line 470, in <module>
    main(args)
  File "/omd/sites/xyz/local/share/check_mk/agents/special/agent_telematik_konnektor", line 436, in main
    for card in cards:
UnboundLocalError: local variable 'cards' referenced before assignment

I’d appreciate any advice for further trouble shooting.

Expiry Date

Hi,

is it possible to implement a check for expiry date of the different cards/connectors?

SecuNet no connection

hey,
i am trying to monitor an secunet konnektor
Produkt-TypKonnektor PTV5
Produkt-Typ-Version5.1.0
Produktsecunet konnektor 2.0.0

u wrote that i should enable remote monitoring, i can only find an option for remote administration - is it the same?
or did i miss an option?
thx!

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.