How to setup checkmk to monitor hosts over the internet

cptech · August 4, 2022, 9:24am

Hi everyone,

Im new to checkmk. I’ve setup checkmk on my local network and was able to get it working and monitoring my hosts.

I would now like to roll this out but I have some hosts that is not on my local network. These are just windows machines for staff thats working remotely.

I couldnt find any documentation on how to set it up to monitor outside (over the internet) hosts. Im also not sure if this is something for this forum.

If anyone can point me in the right direction it would be very much appreciated.

louis · August 4, 2022, 9:39am

Hi,

For CheckMK it’s not important on which network your client resides. I have several hosts on the Internet that I monitor. When creating the host just fill in the IP address of the server you’re trying to reach:

Of course you need to have the client installed on the server and port 6556 open. Having said that, for security reasons make sure that it’s only open for your CheckMK server.

Assuming that your CheckMK server can reach the host, that should be it.

imijunaid · August 4, 2022, 10:08am

I install the checkmk free edition on ubuntu 20 when i start the omd start site_name the output is
Temporary filesystem already mounted
Starting agent-receiver…OK
Starting mkeventd…OK
Starting liveproxyd…OK
Starting mknotifyd…OK
Starting rrdcached…OK
Starting cmc…OK
Starting apache…OK
Starting dcd…OK
Starting redis…/omd/sites/monitoring/etc/rc.d/85-redis: line 10: 17987 Killed init-redis
when i check the status it is showing all services running. but when i access it on browser it showing the result

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request

Reason: Error reading from remote server
please guide what can i do to resolve this issue. I tried to install new os and then again install the checkmk but error is same.

louis · August 4, 2022, 10:35am

Uhmmmm, isn’t this a bit off topic @imijunaid?

imijunaid · August 4, 2022, 11:09am

yes it is but i need help

louis · August 4, 2022, 11:12am

Since you already created a topic for that: Error when install check_mk free edition perhaps wait and see if someone knows that. I won’t reply to off-topic questions anymore.

cptech · August 5, 2022, 6:47am

Thanks for the quick response on this Louis.

Ill test and see if I can get it working.

Anders · August 5, 2022, 8:21am

Don’t do that unless you know what you are doing. Are you willing to open firewall ports INTO your windows home users local network in their routers - That is a terrible idea.

You should perhaps investigate the Agent Push method, but you would need an Enterprise plus license for that.

My recommendation is to enforce the PC to be on VPN all the time, so you don’t do this over the public internet. I also strongly encourage you to encrypt the traffic.

louis · August 5, 2022, 8:30am

Yes, that’s why I said that you should only allow the connection on port 6556 only from the IP address of the CheckMK server. I know that with IP spoofing you can theoretically bypass that, but the risk ik so minimal that, in my opinion, that’s very acceptable.

Anders · August 5, 2022, 9:00am

Well, if my IT department told me I have to setup port forwarding, i.e. create a firewall policy and a NAT policy to allow my IT department to get data from my Windows PC while working home I wold ask them to go to hell.

Just think about how bad this idea is. You wold have to configure every single users home router to allow this traffic. What are the chances that someone does this incorrectly and perhaps forwards ALL ports instead?

Not very acceptable my my standards at least

cptech · August 5, 2022, 9:21am

Yeah this is what I was concerned about. Home users IP’s change all the time and I would have to setup port forwarding on their home routers, which isnt really an option.

Im going to go the VPN route and see if I can get it working.

Thanks for all the input, I really appreciate this.

mkono87 · September 20, 2022, 5:33pm

Instead of creating a new topic I thought I would just ask here.

I want to monitor 3 total sites that only have a average of 5 hosts each. Figured I can host CMK on my linode instance. From reading this thread, each site needs a cmk server? I can easily setup a vpn for each site instead of port forwarding. Am I on the right track with this?

cptech · September 20, 2022, 6:59pm

You are on the right track. If all your sites are on the same network (with VPN) they will see each other and work fine.

mkono87 · September 20, 2022, 9:10pm

Okay so each site has one then the linode instance is a main?

Anders · September 25, 2022, 5:17pm

No, you don’t need a check mk server at each site as long as you have network connectivity. You create extra sites for redundancy, availability or networking reach purposes.

n3m0 · September 26, 2022, 6:29pm

Hey Anders, Does the Agent Push method already exist? I thought it was currently under development and will be available with the next update.
Can you enlighten me?
Greetings
n3m0

Anders · September 27, 2022, 4:44pm

No it does not exists, nor does the enterprise plus edition exits.

But what I meant by exploring was that you should consider if that could be an option, it was announced on the conference this summer so it will be available at some point I guess?

system · September 27, 2023, 4:44pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.