Im pretty new to Icinga2, so don’t mind, if im asking a pretty basic question, but i didn’t find a solution via Google. Im trying to track, if my servers need secuirty updates. Therefore i use the check_apt from the nagios-plugins package.
And in my services.conf i applied the service (currently only testing on icingaserver itself:
apply Service "check for security updates" {
import "generic-service"
check_command = "check_apt_security_updates"
zone = "master"
assign where host.name == NodeName
vars.check_apt_timeout = 60
vars.check_apt_warning = "100" // Warnung, wenn mehr als 100 Updates verfügbar sind
vars.check_apt_critical = "200" // Kritisch, wenn mehr als 200 Updates verfügbar sind
check_interval = 1d
}
It wokrs fine and this is how it looks like in Icinga2 itself. But now i want to adjust the threshold, so e.g. its only critical, when value is above 200 or something.
I didn’t find any kind of docs, from Icinga to the nagios_plugins itself on how to define them. I also asked chatgpt and the result was, that i had to add the vars into the services.conf, but as u imagine, this didnt work aswell.
Their check_apt documentation states how and when the plugin goes CRITICAL. It does so by matching a regular expression on each output, checking against -security updates. By this design, the availability of one security updates results in a CRITICAL state, which, IMHO, seems useful.
However, it is possible to configure the threshold for normal upgrades until the check is WARNING.
Thus, on a first glance, it does not seem to be possible to become notCRITICIAL for a “small amount” of security upgrades.
BTW, if you want to play with the check plugin to check for another regex, consider using the -v flag. The following example checks for (non existing) -very-important-security updates:
Please also note that your CheckCommand needs to specify the necessary arguments, expected by the check plugin. In your posted setup, you only pass the -t flag but also specify two unused variables vars.check_apt_{warning,critical}.
Hi!
Thanks for your fast reply. Ur Answer helped me alot already with understanding how Icinga works. acutally i decided to switch from the plugin to a self written shell script in order to have more “playground” for my checks in Icinga.
IMHO, this is often a good idea as lots of check plugins out there are kinda opinionated. If you’re looking for other plugins or want to share your (opinionated) plugin with the world, please take a look at https://exchange.icinga.com/.
If your topic is resolved, please also make sure to mark the response that helped you solve it as the “solution” by clicking the three dots on that message.
If the solution can’t be found in a single answer, it would be super helpful, if you could write a summary of what helped and marked this as the solution. This way users with a similar problem can solve their issues a lot easier. Thank you!
