Because You want to know whats going on..

I am currently looking into an infrastructure monitoring tool called Checkmk that runs on Linux

This is a very capable suite buildt on the older Nagios core engine. My background is some experience in using other monitoring software suites like N-Able and Solarwinds RMM

Checkmk is an open-source monitoring software that provides a comprehensive monitoring solution for IT infrastructure, including servers, networks, applications, and cloud-based resources. It allows admins to monitor the health and performance of their systems in real-time, and it can alert them when issues arise.

It’s more modern than Nagios, it supports muliple platforms and supposedly very stable.

Raw and Enterprise

There are two main editions, one is free and is called “RAW”, and the other is called “Enterprise”

You can compare these editions here

The RAW edition is 100% Open Source

The software can run as a dockerized installation, however this is mostly meant for testing purposes because of I/O issues when running big scale.

Documentation is very good and installation and configuration is a breeze (compared to Nagios). The structure and config of Contact groups, Host groups and rules however is pretty intricate, but very powerful.

It has got a very nice web interface, good graphs and even a REST-API, and it has got over 2000 integration add-ins. It supports multiple sites and it has got its own command module called omd, which is used for underlying practical tasks like backup, restore, rename, stop, start, show agent config, receiver etc. The suite is very customizable.

The software is using Python, Apache, SQLite3 and is developed on Python and C++

Administering Checkmk

Checkmk runs in its own virtual environment on Linux under /omd. When administering Checkmk you go to the path of your site and run “su – root” and then “su – sitename” to get access to path tools like cmk and others.

When it comes to monitoring through NAT there is a limitation int the RAW edition of Checkmk. This version offers a “livestream” solution which means setting ut another site behind the NAT in order to Livestream data over to your site.

This limitation is not in the paid Enterprise version, where agents can be “push” and not only “pull”. The agent in Raw is Read-Only.

Ofcourse the NAT obstacle can be resolved by defining Site2Site VPN tunnels, and these might as well already be established to the hosts in question.

On smaller remote sites where a second site and Livestream is overkill and S2S VPN not desirable you can “bake” yourself a new client listening on a different port than 5556, this way you can NAT this specifically for a second remote host

The way that you enable TLS on the client connection is a little ripe/ rough Kebab, but we can live with this as long as the rest is good.

The agent it is read only. This means it needs etiher a S2S VPN or a port opened in the remote firewall.

Furhtermore you need to register each agent with your site and setup the TLS. As an example the windows agent needs to be configured, we can do this using the API with the following command:

"C:\Program Files (x86)\checkmk\service\cmk-agent-ctl.exe" ^
    register ^
    --hostname ^
    --server --site mysite ^
    --user automation

On Linux it will be something like

sudo cmk-agent-ctl register --hostname --server --site mysite --user automation

More articles

AD retention period

Check AD retention tombstone value: Import-Module ActiveDirectory $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext $DirectoryServicesConfigPartition = Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext” -Partition $ADForestconfigurationNamingContext -Properties *

Read More »