How to setup checkmk to monitor hosts over the internet

Hi everyone,

Im new to checkmk. I’ve setup checkmk on my local network and was able to get it working and monitoring my hosts.

I would now like to roll this out but I have some hosts that is not on my local network. These are just windows machines for staff thats working remotely.

I couldnt find any documentation on how to set it up to monitor outside (over the internet) hosts. Im also not sure if this is something for this forum.

If anyone can point me in the right direction it would be very much appreciated.

Hi,

For CheckMK it’s not important on which network your client resides. I have several hosts on the Internet that I monitor. When creating the host just fill in the IP address of the server you’re trying to reach:
image

Of course you need to have the client installed on the server and port 6556 open. Having said that, for security reasons make sure that it’s only open for your CheckMK server.

Assuming that your CheckMK server can reach the host, that should be it.

I install the checkmk free edition on ubuntu 20 when i start the omd start site_name the output is
Temporary filesystem already mounted
Starting agent-receiver…OK
Starting mkeventd…OK
Starting liveproxyd…OK
Starting mknotifyd…OK
Starting rrdcached…OK
Starting cmc…OK
Starting apache…OK
Starting dcd…OK
Starting redis…/omd/sites/monitoring/etc/rc.d/85-redis: line 10: 17987 Killed init-redis
when i check the status it is showing all services running. but when i access it on browser it showing the result

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request

Reason: Error reading from remote server
please guide what can i do to resolve this issue. I tried to install new os and then again install the checkmk but error is same.

Uhmmmm, isn’t this a bit off topic @imijunaid?

1 Like

yes it is but i need help

Since you already created a topic for that: Error when install check_mk free edition perhaps wait and see if someone knows that. I won’t reply to off-topic questions anymore.

Thanks for the quick response on this Louis.

Ill test and see if I can get it working.

Don’t do that unless you know what you are doing. Are you willing to open firewall ports INTO your windows home users local network in their routers - That is a terrible idea.

You should perhaps investigate the Agent Push method, but you would need an Enterprise plus license for that.

My recommendation is to enforce the PC to be on VPN all the time, so you don’t do this over the public internet. I also strongly encourage you to encrypt the traffic.

Yes, that’s why I said that you should only allow the connection on port 6556 only from the IP address of the CheckMK server. I know that with IP spoofing you can theoretically bypass that, but the risk ik so minimal that, in my opinion, that’s very acceptable.

Well, if my IT department told me I have to setup port forwarding, i.e. create a firewall policy and a NAT policy to allow my IT department to get data from my Windows PC while working home I wold ask them to go to hell.

Just think about how bad this idea is. You wold have to configure every single users home router to allow this traffic. What are the chances that someone does this incorrectly and perhaps forwards ALL ports instead?

Not very acceptable my my standards at least

Yeah this is what I was concerned about. Home users IP’s change all the time and I would have to setup port forwarding on their home routers, which isnt really an option.

Im going to go the VPN route and see if I can get it working.

Thanks for all the input, I really appreciate this.