Thank you. That is phenomenally helpful information! I searched and searched through the CheckMk documentation, and this forum, and found none of that. And that is some super important and super basic stuff, too.
Overnight the host in question seemed to do better with check_ping instead of check_icmp. However, now armed with your information, I was able to appreciate that the default check_icmp ping size is 68, which is not the normal Linux size of 56 (in both cases without the additional 8 bytes of the ICMP header). I suspect that this might have something to do with the problem. That revelation, combined with the knowledge that an explicit IPV4 flag is available, and the lack of any documentation on or control of the ping size for check_ping, I’ve switched back to check_icmp with the following custom parameters:
$USER1$/check_icmp -H $HOSTADDRESS$ -w 20,50% -c 500,100% -b 56 -4
If this starts to show good, reliable performance then I can tighten up the warning and critical limits although that may be unnecessary. Typical response times are running in the 6ms range, 20 is quite generous, 500 is merely catastrophic, which is all I need.
I also like that the check_icmp command collects stat’s while the check_ping command does not.
We’ll know if this worked well in about four hours or so. I’m trying very hard to not have to invoke a “maximum number of check attempts” rule on top of this.