New to CheckMK, a few questions

cyr0nk0r · April 16, 2023, 10:20pm

Looking into this product it seems great. I’m evaluating the enterprise version for our monitoring solution at work. Currently we’re running the free PRTG but only as a stop gap because when I started they had zero monitoring, so I needed to get something in quickly just to get some insight into key interfaces and nodes. Deploying this the right way means well beyond the 100 free sensors from PRTG, so I’m looking at CheckMK to replace PRTG.

What I’ve gathered so far is that the raw edition is self hosted and free, but still uses the legacy Nagios methods while the enterprise edition is using a more modern check with sub-60 second visibility. I would install CheckMK agents on all of my linux and windows servers, and network equipment will use SNMP.

Even the enterprise version is self hosted correct?
Does CheckMK integrate with Aruba InstantOn devices? Check Plug-Ins Catalog the integration doesn’t mention anything about the cloud hosted wireless controllers that the InstantOn products use.
I’ve noticed that all of the bandwidth graphs report IN bandwidth as a positive number, and the OUT bandwidth as a negative number. Is there a way to stack both of these IN and OUT as positive numbers and lay them over each other? I don’t like having IN bandwidth above the 0 line, and OUT bandwidth below it.
Does CheckMK log windows eventlog data? Or other log data from devices? Like firewall logs, etc. Or are the events inside CheckMK just going to be alert events based on CPU, disk, network utilization, etc.?
Does CheckMK support native integration with SonicWall firewalls? I found this Checkmk Exchange but not sure if anyone is using it successfully.
I’m a big dashboard person. I want each host to have an easy to navigate dashboard when you look at all the services for that host. When I’m looking at the CheckMK live demo : <cant include more than 2 links for some reason> I’m seeing some strange behavior on how you view hosts.

From the live demo, if I select a host by going to “Monitor → All Hosts → exchange-2” I am taken to a view.py link which displays all the monitored services in a table.
But if I go to “Monitor → Windows hosts → and select exhcnage-2 from the bottom” I am taken to a dashboard.py link which displays the exchange-2 server in a nice dashboard.
Other than accessing the host via the windows hosts page I am not clear how else to view this server as a dashboard. How do I make the dashboards the default when navigating to a host?

paulr282 · April 17, 2023, 6:46am

I can answer the first question for you: Yes. You can self-host the enterprise version.

r.sander · April 17, 2023, 8:29am

You can use the Event Console for that: The Event Console - Processing logs and SNMP traps

r.sander · April 17, 2023, 8:30am

You need to replace the link in the “All hosts” view to achieve this. Host and service views

r.sander · April 17, 2023, 8:31am

This could be achieved by overriding the graph definition. There is currently no GUI way to do this but it can be done by creating a file in the site.

rprengel · April 17, 2023, 12:15pm

Hallo,
you should have a look on the youtube-videos checkmk is publishig.
You will get importand hints for the next steps.
For example how to use tags an lables.
Ralf

elias.voelker · April 17, 2023, 1:06pm

Hi @cyr0nk0r

Welcome to the forum!
Some of your questions have already been answered, let me see if I can plug the remaining holes.

Yes. Currently all Checkmk editions are self-hosted.

You mentioned that you looked in the Plugins catalog (great!). Doesn’t look like there’s anything out of the box there. Here is what we have for Aruba: https://checkmk.com/integrations?distributions%5B%5D=check_mk&distributions%5B%5D=check_mk_cloud&tags=aruba
If that doesn’t suffice, building your own Check plugin is very doable, though.

What @r.sander said

You can monitor the Windows eventlog (or any other log, for that matter) using the Event Console. Read more here: The Event Console - Processing logs and SNMP traps
If you’re more visual, here’s a video: https://youtu.be/d9JCigjIQU0 and another one: https://youtu.be/rEyb1QE5Y2c

There’s no out of the box plugin provided by us. The one from the Exchange looks like a good starting point. The good thing is, it is based on Checkmk 2.0, so it will already be written in Python3 and (maybe) using the new Check API. Definitely worth a try.

This “strange behavior” is due to the fact that views and dashboards are somewhat different animals. The easiest way is to this is probably to simply bookmark the “single host” dashboard (using the bookmark snapin) and then use the filters to filter to host you want to see.

cyr0nk0r · April 17, 2023, 3:40pm

Is there a help article to explain this specific setting? Or is this something I would need to reach out to support for after getting checkmk installed and running?

elias.voelker · April 19, 2023, 12:32pm

Hi @cyr0nk0r

I don’t think we provide a help article on how to ‘break’ our product.

I am guessing you would need to apply the instructions in this article (linked to hopefully the right section):Writing your own check plug-ins to the graph definition of this built-in graph.

Best
Elias

cyr0nk0r · April 19, 2023, 4:02pm

I’m not looking to try and break the product, just seeing if there is a way to do it.
Here are in/out graphs I don’t want

Instead, I want in/out graphs to look like this

Where “system” might be “in” bandwidth
and “user” might be “out” bandwidth

If this is possible is really all I’m trying to get answered right now. And by possible, I mean with the product as-is, without hacking, waiting for a feature release, etc. If it involves customizing some stuff inside the product from the out-of-the-box configuration I’m fine with that, as long as it can be done.

elias.voelker · April 19, 2023, 4:28pm

Hi @cyr0nk0r

I got what you mean - thus the quotation marks and -Smilie.

This is definitely possible, as @r.sander already wrote. It’s also possible without a feature release. As @r.sander said, you will need to modify / override the graph definition of the built-in graph with your own. Whether this falls into your definition of ‘hacking’ - idk.

There is no official guide on how to do this that I know of. Some people here in the forum will know (I don’t).

That’s the best I can do right now, sorry.

cyr0nk0r · April 19, 2023, 4:56pm

Got it. So the only way to accomplish the bandwidth graphs to be above the 0 line is to follow the changes @r.sander proposes? There isn’t a native configuration change or custom graph that can be built to take the place for bandwidth graphs?

elias.voelker · April 19, 2023, 5:41pm

Custom graphs are a feature of the Enterprise Edition only, unfortunately. That’s why I didn’t mention them.

But even in that case, you would have a custom graph (which you could use in dashboards etc.). It would not replace the built-in graph for that particular service. Not sure if that is possible (telling Checkmk to use a custom graph for a certain service instead of a built-in one)

r.sander · April 20, 2023, 7:17am

This will do: Put this code in $OMD_ROOT/local/share/check_mk/web/plugins/metrics/network_stacked.py

graph_info["bandwidth_translated"] = {
    "title": _("Bandwidth"),
    "metrics": [
        ("if_in_octets,8,*@bits/s", "stack", _("Input bandwidth")),
        ("if_out_octets,8,*@bits/s", "stack", _("Output bandwidth")),
    ],
    "scalars": [
        ("if_in_octets:warn", _("Warning (In)")),
        ("if_in_octets:crit", _("Critical (In)")),
        ("if_out_octets:warn", _("Warning (Out)")),
        ("if_out_octets:crit", _("Critical (Out)")),
    ],
}

# Same but for checks that have been translated in to bits/s
graph_info["bandwidth"] = {
    "title": _("Bandwidth"),
    "metrics": [
        (
            "if_in_bps",
            "stack",
        ),
        (
            "if_out_bps",
            "stack",
        ),
    ],
    "scalars": [
        ("if_in_bps:warn", _("Warning (In)")),
        ("if_in_bps:crit", _("Critical (In)")),
        ("if_out_bps:warn", _("Warning (Out)")),
        ("if_out_bps:crit", _("Critical (Out)")),
    ],
}

graph_info["packets_1"] = {
    "title": _("Packets"),
    "metrics": [
        ("if_in_unicast", "line"),
        ("if_in_non_unicast", "line"),
        ("if_out_unicast", "line"),
        ("if_out_non_unicast", "line"),
    ],
}

graph_info["packets_2"] = {
    "title": _("Packets"),
    "metrics": [
        ("if_in_pkts", "area"),
        ("if_out_non_unicast", "stack"),
        ("if_out_unicast", "stack"),
    ],
}

graph_info["packets_3"] = {
    "title": _("Packets"),
    "metrics": [
        ("if_in_pkts", "stack"),
        ("if_out_pkts", "stack"),
    ],
}

The original graph definitions are in $OMD_ROOT/lib/check_mk/gui/plugins/metrics/network.py. The local mechanism of checkmk will replace these with the definitions of the new file after running omd restart apache.

cyr0nk0r · April 20, 2023, 3:01pm

Will these changes survive upgrades/patches? Or will I need to re-modify this after every upgrade?

r.sander · April 20, 2023, 3:22pm

Changes in the $OMD_ROOT/local hierarchy survive updates.

mschlenker · April 20, 2023, 3:46pm

Yes, but we always recommend to bundle such changes to MKPs. (I intentionally link to an article that is WiP)

cyr0nk0r · May 26, 2023, 5:56am

Can these changes be performed on the cloud edition? Or would they only work for the enterprise on-prem version?

mschlenker · May 26, 2023, 7:15am

Currently all Checkmk editions are “on prem”, the Cloud Edition just contains more cloud specific integrations and checks. For this reason it is the only version we are currently preparing for AWS and Azure distribution – basically just Ubuntu bundled with Checkmk.

So, making changes to site local files and bundling them as MKP works on both the Enterprise Edition (often called Enterprise Standard Edition) and Cloud Edition.

cyr0nk0r · June 9, 2023, 3:25am

This is great and worked wonderfully. Is there an equivalent for disk IO?