Ep. 19: Monitoring websites and their certificates with Checkmk
Read Video Transcript
|[0:00:00]||Hello. My name is Bastian Kuhn and I'm a freelance software developer and Checkmk consultant. I'm gonna show you today how to monitor websites not only their availability but also their certificates.|
|[0:00:16]||You may have experienced in past that a website wasn't available anymore or a certificate has expired. And I show you how Checkmk can help you in the future to act in advance. These two checks I'm going to talk about are active checks.|
|[0:00:45]||That means they are not related to the normal Checkmk agent. So, in case you have firewall, you need to open different ports.|
|[0:00:53]||Normally, the website ports are the port 80 and port 443, or in some cases you're gonna hit ports like 8080 or 8443. Also, if you have a proxy server on your environment, you need to configure that proxy server later with your check.|
|[0:01:12]||And finally, as you may already know, Checkmk has the principle of hosts and services. That means a service needs always be assigned to a host and you're going to need a host in order to assign these new checks.|
|[0:01:28]||The first thing we are going to do is to monitor a normal website. The dashboard is currently empty since i just installed the page.|
|[0:01:38]||And I added one single host which I can use as an example. All the magic happens in the part setup. Here you can search for the HTTP, TCP, Email which you'll find beneath the Services part.|
|[0:01:54]||But I always gonna use the search which is a bit faster. The same happens now in the overview of the active rules.|
|[0:02:08]||One of the rules is to check HTTP, but also here you can use the filter to get faster to your result. Currently empty is now the list of the Check HTTP service rule. But we're going to create a new one here in main directory.|
|[0:02:30]||Later on, of course, you can move it to every directory you want. This overview now is the default page |
for rules. It always starts with the Rule Properties.
|[0:02:45]||Since we don't need the Rule Properties here, I just gonna hide it and start right here with the check configuration. The first part now is the check configuration where we pick a service name.|
|[0:03:03]||Since I want to monitor a web page I'm going to choose the webpage name also as Service name.|
|[0:03:15]||Checkmk will automatically add the prefix to the Service name. It would be either HTTP if it's not |
encrypted, or it's going to be HTTPS if you're going to have encrypted page.
|[0:03:30]||The next thing we need to do is to overwrite the host name.|
|[0:03:36]||Because we're going to monitor a web page in the Internet so it's not the address of the host where we assign to service. Choose Hosts name.|
|[0:03:46]||And now we can add the IP address but I'm going to just add tribe29.com which DNS can resolve to the correct IP address. Since it is a web server, a web server can host multiple domains.|
|[0:04:05]||And to find the correct domain, we also need to add the Virtual host. If we would not do that, we would monitor the web server but not the web page.|
|[0:04:18]||So, we would just monitor the response we get from the default address or the default page behind the server.|
In this case, we need again to add tribe29.com. The last part in the configuration we need to do
|[0:04:44]||And as mentioned before, we need to assign this service to a host. This happens down here in the Conditions part.|
|[0:04:55]||In my case, I just choose Explicit hosts and pick my prepared localhost. Now I can save the rule and activate my changes. Now we're going to take a look to the service. Therefore, we go to Monitor.|
|[0:05:19]||Since I know the Hostname and I'm a big fan of the search function, I'm going to search for localhost. Enter.|
|[0:05:31]||And I already see my localhost with just one service. It's my new check HTTPS tribe29. And resumes a correct response.|
|[0:05:43]||But the next thing we need to do is to make sure that we actually monitor the correct page. For that, we can check for a string on the web page.|
|[0:05:57]||In this example, I go to the tribe29 page and look into the source code. It's like here. And in this source code, I see, in this case, a string we can use. It's like "tribe29.com - the creators of checkmk".|
|[0:06:25]||I go back to the HTTP, TCP, Email rules. I search again for my Check HTTP which has one rule now. Then I edit my rule.|
|[0:06:49]||And let's scroll a bit down now where we can find String to expect in response headers, Strings to expect in server response, Fixed string to expect the content, and Regular expression to expect in content.|
|[0:07:03]||Strings to expect in server response, that's basically the first line of the server's responses. So, also not helpful.|
|[0:07:14]||But the next, both are really helpful since one is the Fixed string to expect in the content and the second one there you can even use a regular expression.|
|[0:07:24]||In our case, we can go simple. Go looking for a fixed string and what we copied before. And when I saved that nothing would change since we can find the string.|
|[0:07:37]||So, I'm gonna alter this a bit in order to produce an error. I just enter a '1' in between. I save it again. I need to activate. Then I go back to my localhost.|
|[0:08:04]||Since I don't want to wait for the next check interval, which is in 40 seconds, I triggered the rescue tool here. And now we get an error since my string isn't found anymore. So, in that way, we can make sure always monitor all the correct page.|
|[0:08:26]||The next thing we're gonna do monitor the certificate age. For that, we go back to the Setup again. |
Again, to HTTP, TCP, Email. Again, to Check HTTP. And I gonna clone my rule. It's happening with this button here.
|[0:08:49]||And as you may have seen before, this rule has a mode switch, like you can check the URL or you can check the SSL Certificate Age. And I just switch the mode. And just a few options are left now. |
That are the thresholds for warning and critical.
|[0:09:19]||For example, I want to have a 30-day warning and 15-day critical. And one little thing I want to change is |
the Service name in order to add certificate in front of it.
|[0:09:37]||That looks a bit better in the front end. I save it again. I activate it. Then I go to my localhost.|
|[0:09:57]||And I see my new Check HTTPS Certificate tribe29. And I can see that it will expire at March and I got notification 30 days ahead before this happens.|
|[0:10:13]||One little problem now in this case is the interval of the Checkmk checks. If I click into the details, you can see that the check in the wall for this service is 60 seconds. And normally, I don't need to check every 60 seconds if a certificate still is valid.|
|[0:10:36]||So, therefore I show you the rule how to change that interval. For that we're gonna need the Service Description which I copy here. Then we go back to Setup and to Service monitoring rules.|
|[0:10:58]||But since we have a lot of these rules, I would recommend again, use the search and search for interval. So, we have a short list where we find normal check interval for service checks |
and that's what we need.
|[0:11:19]||We already have a default tool here from Checkmk. We create a second one. This is actually a really simple rule where we just enter, like, every hour we want to check that.|
|[0:11:32]||And then the important part, we need to add in Conditions otherwise we would change the interval for, like, every service we have. So, I check the Services part here.|
|[0:11:48]||I paste it like that. And normally, I would be finished but we can do another trick here. If we don't want to create one rule for every certificate we check, we can go like this and remove the tribe29 part.|
|[0:12:04]||So, if we name every HTTP certificate check like that starting with certificate and then the domain, this rule will match. This is because here we also have a regular expression. And I'll show you what's happening when I save it.|
|[0:12:23]||It says, "Service name begins with HTTPS Certificate", just as a little background. If you don't |
want that, we can also end the matching with the '$'.
|[0:12:38]||It's not helpful in my case but just that you can see then the match is like exactly service name is HTTPS Certificate. But again, it would not work for us here.|
|[0:12:49]||So, I remove the '$'. I save it. I activate my changes. I go back to my server, click into the details. And I'm now going to see that the interval is 61 minutes instead of the 60 seconds from before.|
|[0:13:21]||And the next thing I'm gonna show is how to monitor a web application or website running on the server we have in our monitoring, so, not an external one.|
|[0:13:31]||For this example, I have the mon server address here which is the localhost.|
|[0:13:40]||And there I have a simple response, Hello or Hallo in my World. I'm gonna copy that for later. And now I'll show you how to configure. It happens again in Setup and like before in HTTP, TCP, Email.|
|[0:13:59]||Then again, it's going to be a rule for the Check HTTP but much simpler than before I created in the main directory.|
|[0:14:11]||I name it, like, My Application. I don't need the host name, I don't need a virtual host since it's going to be the assigned host. Just what I'm going to do to prove that it works is to add the expect string in the content.|
|[0:14:34]||I assign it again to my localhost. I save it. I activate it. And we double check. And here we have HTTP My Application with an OK response since the check finds this string here.|
|[0:15:04]||These are the basic options of the Checkmk website monitoring but there are a lot more.|
|[0:15:09]||For example, you can even use placeholders, like, $hostname$ to combine that with the rule-based |
configuration of Checkmk where you don't need to have one rule for every website you want to monitor.
|[0:15:24]||But this is content for more advanced video which we'll show in future. So, I hope this video was helpful for you and see you next time.|
More Checkmk Videos
Ep. 1: Installing Checkmk 2.0 and monitoring your first host
In this video, Baris explains how to take get started with Checkmk and start monitoring your first host within a few minutes.
Ep. 2: The Checkmk 2.0 user interface
In this video, Baris take you through the new user interface in Checkmk 2.0. He explains the various components of the User interface such as the new navigation menus, the Sidebar, main dashboard, tactical overview, how to switch between the Checkmk interface themes and much more
Ep. 3: Using SNMP to monitor network devices in Checkmk 2.0
In this episode, Baris explains how to monitor network devices with Checkmk. SNMP is a protocol that many switches, routers, printers, UPSs, hardware sensors and other devices have implemented with the purpose of being able to monitor them easily.
Ep. 4: Monitoring Windows in Checkmk
In this video of our Getting started with Checkmk series, Baris explains how to install a Checkmk agent on a Windows host system and add that into your monitoring environment.
Ep. 5: Using metrics and graphs in Checkmk 2.0
In the 5th episode of the Getting started with Checkmk series, Baris explains using various metrics that you can monitor in Checkmk such as CPU utilization, CPU load etc. You can also see graph visualizations for these metrics or create and customize your own as per your requirements.
Ep. 6: Updating Checkmk 2.0 and using multiple instances
In this video, Baris explains how to update your Checkmk instance. It is very easy and can be done within minutes. You can run multiple Checkmk instances with different versions on the same system. This gives you the flexibility to test the new version before using it in production.
Ep. 7 (part 1): Working with rules and setting thresholds in Checkmk
In the following three-part videos series, Baris explains rule-based monitoring with Checkmk. In the first part, he shows you how you can work with rules and set threshold values. Rule-based configuration is one of the key features for Checkmk which helps you to scale your monitoring easily within minutes.
Ep. 7 (part 2): Smart rules with Host Tags in Checkmk
In the second part of this video, Baris explains using Smart rules with host tags in Checkmk. In the first part, he shows you how you can work with rules and set threshold values. These are features that you can use to build your rules even more intelligently and to better organize your monitoring.
Ep. 7 (part 3): Managing Hosts in Folder in Checkmk
In this final part of our episode on Rule-based monitoring in Checkmk, Baris demonstrates how to manage hosts in folders in Checkmk. This helps you to apply your monitoring configurations at scale and organize your hosts according to your needs.
Ep. 8: Working with Host and Service Groups in Checkmk
In this Baris demonstrates how to create host and service groups in Checkmk, so you can perform actions on an entire group instead of configuring each of them individually.
Ep. 9: Using the Quicksearch function in Checkmk
In this episode of the Checkmk tutorials, Baris shows how you can use the Quicksearch function in Checkmk. You can use it to easily find and manage certain hosts or services. He also explains some examples of filters to you. In Checkmk 2.0 you can use the same syntax in the Seach function found in the monitor menu to get identical results.
Ep. 10: Detecting configuration errors with the Analyze Configuration feature
With the Analyze Configuration feature, you can check if there are any configuration errors in your installation. Checkmk controls a number of possible security risks or potential performance restrictions and indicates if there are any problems.
Ep. 11: View creation and customization in Checkmk
In this video, Baris demonstrates how to customize headers, columns, and more in Views in Checkmk for yourself or other users. He also explains how to create custom views and add desired information to these views.
Ep. 12: Acknowledging problems in Checkmk
In this video, Baris explains how you can acknowledge problems in Checkmk. This function helps you to qualify the states of hosts and services. This allows you to keep track of messages in the main dashboard and, for example, you can add comments to problems.
Ep. 13: Scheduling downtimes in Checkmk
In the episode of our Getting started with Checkmk series, Baris explains how you can manage the maintenance times of your systems in Checkmk. Such scheduled downtimes prevent your monitoring from sending false alarms when a host or service goes to WARN or CRIT during maintenance work. You can also inform the users concerned about the maintenance via Checkmk.
Ep. 14: Distributed monitoring with Checkmk
In this video, Baris explains how you can connect several Checkmk instances to a monitoring system and then manage it.
Ep. 15: MKPs and Plugins in Checkmk
In the 15th episode of our Getting started with Checkmk tutorial series, Baris explains what are Checkmk Extension Packages (MKPs) and how easy it is to integrate them into your Checkmk monitoring environment. MKPs are the preferred format when you make your own extensions as it makes it easy to share with other users or deploy in distributed environments.
Ep. 16: Working with 'Bulk Actions' in Checkmk
In this episode of our Checkmk tutorials series, Baris explains how you can save a lot of time with bulk actions. With this feature you can perform various tasks such as deleting, renaming, service discovery etc. on a large number of hosts simultaneously.
Ep. 17: Working with network topologies in Checkmk
In this video of our gettign startted with Checkmk series, Baris explains how to map network topologies in Checkmk. This feature is quite helpful to manage your network and prevent any unnecessary notifications from the devices in your network.
Ep. 18: Creating and customizing dashboards in Checkmk
In this video of our Getting started with Checkmk series, Mathias explains how you can create and customize dashboards in Checkmk 2.0, so you can get insights into your monitoring according to your requirements. Find out more in this video.
Ep. 20: Configuring dashboard elements in Checkmk
Learn how to add data visualization elements of the various metrics into your Checkmk Dashboard. In this video, Mathias explains how you can configure these elements and create a dashboard as per your requirements.
Ep. 21: Setting up notifications in Checkmk
Learn how to set up notifications in Checkmk and assign relevant contacts and contact groups to be notified for various events. Later in this video, our presenter Bastian also demonstrates how you can set up rule-based notifications according to different conditions for hosts and services.
Ep. 22: Monitoring logfiles with Checkmk
Monitor your logfiles with Checkmk using its Logwatch plugin. It is very useful when you want to monitor your logfiles regardless of whether you are using a UNIX/Linux or a windows based system. Learn more in this video.
Ep. 24: 3 Rules for efficient network monitoring
In this video, Bastian demonstrates 3 rules that will help you to efficiently monitor your network interfaces. With Checkmk 2.0, with just three rules, you can set up an efficient network monitoring that will not only monitor all of your network interfaces but also simultaneously provide a detailed overview of all of your ports.
Ep. 25: New UX and security improvements in Checkmk 2.1
Checkmk 2.1 come with many UX improvements such as pre-built dashboards for Linux and Windows, faster core performance and much more. Security features such as two-factor authentication etc. were also added in this new version. Watch this video to learn how to use these new features and enhancements in Checkmk.
Ep. 28: Working with InfluxDB integration in Checkmk
Learn how to send data to InfluxDB from Checkmk. As InfluxDB introduced a new protocol to send data to it, a new connector was developed with Checkmk to talk natively with it. Learn more about it in this video.
Ep. 29: New agent architecture in Checkmk 2.1
With Checkmk 2.1, the agent architecture was modified to enable performance improvements and add new features such as TLS encryption, data compression, and the reversal of direction of communication from the agent. This will enable push mode and pull mode.
Ep. 30: Clustering the Checkmk appliance
In this video, Robin demonstrates how you can cluster your Checkmk appliance to make it resilient against hardware failures. If you are using the Checkmk hardware appliance, it may be helpful to cluster your appliance to maintain high availability.
Ep. 32: Working with the Agent bakery in Checkmk
In this video, Robin demonstrates how to roll out agent packages with the required configuration for different monitored systems using the agent bakery in Checkmk. The "Automatic agent update" is quite a helpful feature as it pulls the latest configurations for an agent automatically and you don't need to manually update all of your agents deployed on different systems.
Ep 33: Monitoring Docker containers with Checkmk
Learn how to monitor Docker containers with Checkmk.In this video, Robin demonstrates the process of setting up a rule to configure the docker plugin and bake an agent with the desired settings for the Docker host.
Ep 34: Introduction to Checkmk Ansible collection
Last year the Checkmk Ansible collection was created to interact with the Checkmk REST API. In this video, Robin demonstrates how you can use this Ansible collection to automate your monitoring with Checkmk.
Ep 35: Monitoring SQL databases with Checkmk
In this video, Robin demonstrates how you can configure your Checkmk site to monitor your SQL databases. As there are many flavours of SQL databases, the process is mostly the same.