Netsaint Plug-in Developer Guidelines

Copyright Netsaint Plug-in Development Guidelines Copyright (C) 2000 2001 Karl DeBisschop, Ethan Galstad, Hugo Gayosso Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Print something, but keep it short You should always print something to STDIO that tells if the service is working or why its failing. Try to keep the output short - probably less that 80 characters. Remember that you ideally would like the entire output to appear in a pager message, which will get chopped off after a certain length. Print only one line of text NetSaint will only grab the first line of text from STDIO when it notifies contacts about potential problems. If you print multiple lines, you're out of luck. Remember, keep it short and to the point. Return the proper status code See the table below for the numeric values of status codes and their description. Remember to return an UNKNOWN state if bogus or invalid command line arguments are supplied or it you are unable to check the service. Don't execute system commands without specifying their full path Don't use exec(), popen(), etc. to execute external commands without explicity using the full path of the external program. Doing otherwise makes the plugin vulnerable to hijacking by a trojan horse earlier in the search path. See the main plugin distribution for examples on how this is done. Use spopen() if external commands must be executed If you have to execute external commands from within your plugin and you're writing it in C, use the spopen() function that Karl DeBisschop has written. The code for spopen() and spclose() is included with the core plugin distribution. Don't make temp files unless absolutely required If temp files are needed, make sure that the plugin will fail cleanly if the file can't be written (e.g., too few file handles, out of disk space, incorrect permissions, etc.) and delete the temp file when processing is complete. Don't be tricked into following symlinks If your plugin opens any files, take steps to ensure that you are not following a symlink to another location on the system. Validate all input use routines in utils.c and write more as needed Write changes to configure.in to add to the EXTRAS list unless you are fairly sure that the plugin will work for all platforms with no non-standard software added Screen Output The plug-in should print the diagnostic and just the synopsis part of the help message. A well written plugin would then have --help as a way to get the verbose help. Code and output should try to respect the 80x25 size of a crt (remember when fixing stuff in the server room!) Perl Plugins Perl scripts should be called with "-wT" Timeouts Use DEFAULT_SOCKET_TIMEOUT Almost all plugins should use DEFAULT_SOCKET_TIMEOUT to timeout Add alarms to network plugins If you write a plugin which communicates with another networked host, you should make sure to set an alarm() in your code that prevents the plugin from hanging due to abnormal socket closures, etc. NetSaint takes steps to protect itself against unruly plugins that timeout, but any plugins you create should be well behaved on their own. All plugins should timeout gracefully, not just networking plugins. For instance, df may lock if you have automounted drives and your network fails - but on first glance, who'd think df could lock up like that. Plus, it should just be more error resistant to be able to time out rather than consume resources. Option Processing For plugins written in C, we recommend the C standard getopt library for short options. If using getopt_long, check to be sure that HAVE_GETOPT_H is defined (configure checks this abd sets the #define in common/config.h). There are a few reserved options that should not be used for other purposes: -V version (--version) -h help (--help) -t timeout (--timeout) -w warning threshold (--warning) -c critical threshold (--critical) Look at check_pgsql and check_procs to see how I currently think this can work. Standard options are: -C SNMP community (--community) -a authentication password (--authentication) -l login name (--logname) -p port or password (--port or --passwd/--password) -u url or username (--url or --username) The option -V or --version should be present in all plugins and should should result in a call to print_revision, a function in utils.c which takes two character arguments, the command name and the plugin revision. The -? option, or any other unparsable set of options, should print out a short usage statement. Character width should be 80 and less and no more that 23 lines should be printed (it should display cleanly on a dumb terminal in a server room). The option -h or --help should be present in all plugins and should should result in a call to print_help (or equivalent). The function print_help should call print_revision, then print_usage, then should provide detailed help. Help text should fit on an 80-character width display, but may run as many lines as needed. Plugins with more than one type of threshold, or with threshold ranges Old style was to do things like -ct for critical time and -cv for critical value. That goes out the window with POSIX getopt. The allowable alternatves are: long options like -critical-time (or -ct and -cv, I suppose). repeated options like `check_load -w 10 -w 6 -w 4 -c 16 -c 10 -c 10` for brevity, the above can be expressed as `check_load -w 10,6,4 -c 16,10,10` ranges are expressed with colons as in `check_procs -C httpd -w 1:20 -c 1:30` which will warn above 20 instances, and critical at 0 and above 30 lists are expressed with commas, so Jacob's check_nmap uses constructs like '-p 1000,1010,1050:1060,2000' If possible when writing lists, use tokens to make the list easy to remember and non-order dependent - so check_disk uses '-c 10000,10%' so that it is clear which is the precentage and which is the KB values (note that due to my own lack of foresight, that used to be '-c 10000:10%' but such constructs should all be changed for consistency, though providing reverse compatibility is fairly easy). As always, comments are welcome - making this consistent without a host of long options was quite a hassle, and I would suspect that there are flaws in this strategy. Perhaps clear long-options is the most important of the above choices, but not all POSIX systems have C libraries for long options, so the short forms must exist as well. Plugin Return Codes Plugin Return Codes Numeric Value Service Status Status Description 0 OK The plugin was able to check the service and it appeared to be functioning properly 1 Warning The plugin was able to check the service, but it appeared to be above some "warning" threshold or did not appear to be working properly -1 Unknown Invalid command line arguments were supplied to the plugin or the plugin was unable to check the status of the given hosts/service 2 Critical The plugin detected that either the service was not running or it was above some "critical" threshold