Best-Practice for monitoring internal network

frank-wettstein · June 17, 2024, 2:11pm

CMK version:
2.3.0p6

OS version:
Rocky Linux 9

Best-Practice
What is the best-practice for the following use-case:

I would like to monitor hosts which are in a private network and therefore not accessible via a pubic IP. However the hosts are accessible with a bastion-host (ssh ProxyJump).

What I’ve done so far is the following:

Added the checkmk-agent on all hosts
On the bastion-host i wrote a script which is collecting the data of every internal host (piggy-back).
The bastion -host is added to Checkmk-Server normally (with the public-ip)
The other hosts are added to Checkmk with the No-IP-flag and “No API Integration and No-Check-MK-Agent” and Always use and expect piggyback data Remark: If a add an Check-MK-Agent then I got an error that “no datasource” is found.

This is working quite well. However I cannot make use of the Agent Backery. Probably because of the “No Check-MK-Agent”-configuration.

Since my Use-Case is probably quite common, I would like to know what is the 'Best-pracice" for it, unfortunatelly I did not found anything in the official documentation.

And: I would like a solution without installation of an checkmk-server on the internal network. (CheckMK MSP)

Anders · June 17, 2024, 5:51pm

not sure what you mean but placing your hosts directly on the public internet is really bad. dont do that

thats not very common use-case, the most common solution for your problem is to use the cloud edition where you can push data even if they are on private networks as long as they have internet access via NAT

We have really isolated networks that we are not allowed to talk to, all internal for that you can use check via SSH and just use a jumphost

system · June 17, 2025, 5:51pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.