Info
License: Free — part of the universal collection tier.
Warning
The configured program runs as the agent user (root on Linux, LocalSystem on Windows). Read the security notes below before enabling this probe.
Exec Probe¶
The exec probe runs an operator-supplied program on interval and
turns its output into metrics — the custom-check long tail. Two
output contracts are supported:
- Nagios plugin convention (default): exit code carries the
status, perfdata after the
|carries the measurements. Existingcheck_*plugins work unchanged. - JSON contract: a structured document for new scripts.
Quick start¶
probes:
- name: raid-status
type: exec
params:
command: /usr/lib/nagios/plugins/check_raid
args: ["-p", "1"]
interval: 120
timeout: 30
Parameters¶
| Parameter | Default | Description |
|---|---|---|
command |
required | Absolute path to the program. Relative paths and PATH lookup are refused |
args |
[] |
Arguments, passed verbatim — no shell is involved |
format |
nagios |
nagios or json |
interval |
60 |
Seconds between runs |
timeout |
10 |
Hard deadline in seconds; on expiry the whole process group is killed |
env |
none | Extra environment variables (the agent's environment is inherited) |
workdir |
agent's | Working directory for the run |
Nagios contract¶
- Exit code 0/1/2 maps to ok/warning/critical; anything else (and a
timeout kill) is unknown (3). Reported as
senhub.exec.status. - Each perfdata token becomes a metric named
senhub.exec.<label>(label lowercased and sanitized). Time units are normalized to seconds (230msbecomes 0.23), byte units to bytes, and thecUOM marks the value as a counter. Warn/crit/min/ max thresholds are accepted and ignored — thresholds belong in your alerting layer. - Malformed perfdata tokens are skipped; one bad token never voids the check.
JSON contract¶
{
"status": 0,
"metrics": [
{"name": "queue.depth", "value": 12, "tags": {"queue": "orders"}},
{"name": "processed", "value": 4012, "type": "counter"}
]
}
status(0..3) is optional; without it the exit code is mapped exactly like the Nagios contract.typeisgauge(default) orcounter.tagsbecome metric tags. Names are namespaced undersenhub.exec.*and sanitized.
Self-metrics¶
| Metric | Description |
|---|---|
senhub.exec.status |
0 ok, 1 warning, 2 critical, 3 unknown |
senhub.exec.duration |
Wall-clock run time |
senhub.exec.timeout |
1 when the run was killed on the deadline |
senhub.exec.skipped |
1 when a cycle was skipped because the previous run was still going |
Security notes¶
This probe executes whatever the configuration points at, with the agent's privileges. The probe enforces what it can:
- Absolute paths only. PATH lookup is refused, so a writable directory earlier in PATH cannot shadow your check.
- World-writable executables are refused on Linux/macOS at probe start: a script any local user can rewrite is a privilege escalation, not a check.
- No shell.
command+argsgo straight to the OS. Pipelines and redirections belong inside a script file that you own.
What remains your responsibility:
- Keep check scripts owned by root (or an admin account on Windows) and not group-writable; treat their directory the same way.
- Review what the script itself calls — the probe cannot audit transitive trust.
- Prefer read-only checks. A "check" that mutates state will run every cycle, forever.
- On Windows, lock down ACLs on the script; the world-writable test is Unix-only.
Operational notes¶
- Overlap protection. If a run outlives the interval, the next
cycle is skipped and reported via
senhub.exec.skipped— processes never pile up. - Output caps. stdout/stderr are captured up to 1 MiB each.
- One probe instance per check. Each check gets its own probe block with its own interval and timeout, and shows up under its own probe name.