Check MK Collection of Personal Information

Gustavo · June 8, 2022, 6:36pm

Hello folks,

I have some questions regarding the Personal Information that CMK extract using the normal monitoring.

For example. The part of the logwatch on windows servers, these logs extract personal information of the users when a error occurs, this information coming from the Windows event log:

Logs definition: This check processes the output of agents with the logwatch plugin. The windows agent has built in this extension. The logwatch extension of the Linux/UNIX agents needs a configuration file that lists all relevant logfiles and lists possible log lines that should result in warning or critical state. The windows agents does not need any configuration but sends all log files in the Windows event log. It uses the warning/error classification of Windows.

Relevant log messages found by the agent are stored locally into a text file. The check is critical, if at least one new or old log message exists that is classified as critical. If at least one warning message exists but no critical, the check results in a warning state.

The only way to bring the state back to OK is to delete the text file with the stored log messages. This is stored below ~/var/check_mk/logwatch. Usually the logwatch webpage is used to browse and delete the messages. Please refer to the online documentation of check_mk for more details about logwatch.

This logs show information like username, id, phone, email, etc, as i mention only when a error occurs, and i know there is a way to avoid this information on check_mk.user.yml : disabled_sections: [logwatch].

But i would like to know if CMK use another kind of check with this particular function, another check that can extract personal information from the users on the consoles or databases, and i also would like to know if the information of the service logs on the host, disable or enabled, send the information to the nagios logs.

Thank you very much!

andreas-doehler · June 8, 2022, 7:02pm

Potentially every local check or plugin script can transfer personal information’s.
If we speak only about the agent itself then you have also the running process information from the machine as you see what a logged in user is executing and how long the software is running and so on.

In the end, the person managing the monitoring system is responsible what is done whit the collected data.

If you have disabled a section you don’t want then also nothing is transferred to the monitoring server. On the monitoring server if you only disable the respective service then also no information about this disabled service is stored inside the core logs. Only some information is available in the last cached output. But no history of these information.

Gustavo · June 8, 2022, 9:29pm

Hi @andreas-doehler

Thank you for your response, i would like to ask you if there is a Technical memory of the process that execute CMK, also for the installation.

Thank you.

rprengel · June 9, 2022, 5:23am

Hallo,
we ve similar “problems” with the logs of applications etc. which may contain informations about users or customers.
Our solution is a strict access management for checkmk because every new check may contain unwanted content.
Ralf

system · June 9, 2023, 5:24am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.