|[0:00:00]||Welcome to the Checkmk channel. Today, we are taking a look at the new agent architecture.|
|[0:00:15]||So, the Checkmk agent has been around for quite some time and there haven't been major architecture changes. Of course, the agent has been extended but the general idea of how the agent is working never really changed.|
|[0:00:28]||Let me quickly explain you how it worked. So, first there was a super server called xinet, which was used to listen on port 6556. And if a connection came in, this super server would then start the Checkmk agent script which in turn would collect all the monitoring data and send it back on that socket before it gets closed.|
|[0:00:53]||Some years ago, systemd came around, which is nowadays the de facto init system for all major Linux distributions. So, we added support for that but the idea behind it is still the same.|
|[0:01:06]||So, there is a systemd unit listening on port 6556 and if a connection comes in, it runs the agent script, fetches the information, gives it back to the Checkmk server.|
|[0:01:17]||So, this is how it's been until version 2.1. With Checkmk 2.1, we changed this architecture. We have 2 new components, one on the Checkmk server, and the other one on the Checkmk agent. On the server side, we have the so called Agent Receiver, which listens on a new port.|
|[0:01:40]||It has to be separated from the web interface, so it's not port 80 and 443. It's a port starting at 8000.|
|[0:01:48]||And on the agent side, we have the Agent Controller component, which takes care of all the communication between the Checkmk agent and the Checkmk server.|
|[0:02:02]||On the agent side then, the Agent Controller talks to the actual Agent Script, which is running as a daemon on the Linux system that is being monitored through a unix socket, so the communication or the communication and the checking logic is separated by this unix socket, so to speak.|
|[0:02:23]||So, the Agent Controller really only does the communication. It encrypts the communication using asymmetrical TLS encryption between the Checkmk server and the Checkmk agent.|
|[0:02:35]||It also compresses the data that is being sent for a more efficient transport and it is possible to extend the Agent Controller in several ways.|
|[0:02:46]||But right now, the two features that we implemented is the compression, and most importantly, the TLS encryption. So, on the checking site, nothing really has changed.|
|[0:02:57]||It is still the agent that you know for years now. It's still the shell script that is doing the heavy lifting of monitoring. We just created clean systemd services and units that are taking care of all this. I already talked about the socket.|
|[0:03:13]||The Checkmk agent is running as a service. We have a service that is taking care of asymmetrical sections of the agent and all of that comes together communicating through the unix socket.|
|[0:03:22]||So, if you are talking to the agent from the Checkmk server, that goes through the agent controller. But it is more or less the same as you've known it before. There is still the connection on port 6556 and that's all there really is at the moment.|
|[0:03:38]||For the future, there will be a special Checkmk edition that will include a so-called push agent which will be able to push data to the Checkmk server, reversing the way of communication that you know.|
|[0:03:51]||That is targeted at Checkmk installations in the cloud where you do not want the Checkmk server to be able to query the agent directly, so there we can reverse the direction of communication and have the Checkmk agent push this information to the server.|
|[0:04:07]||Okay, this was quite some technical talk and you didn't really see much. So, let's have a look at what is actually going on with the new agent.|
|[0:04:17]||So, now we are looking at a freshly upgraded Checkmk site and a freshly upgraded Checkmk agent. And we can see here that there is a one unmonitored service which is new.|
|[0:04:30]||It's the Checkmk agent service. And if we take a look at that service or rather we first inventorize it, just real quickly, then we can see that there is a warning state regarding the agent. So, let's take a look what the agent is telling us.|
|[0:04:51]||And here we can see the agent is running on version 2.1. This is still a better version at the time of recording. And it says TLS is not activated on monitored host.|
|[0:05:03]||So, what the agent actually does is it checks whether it would be possible to enable TLS encryption, and if it is, it will print this warning.|
|[0:05:13]||So, what are the requirements for that? The requirement really just is that the agent is running or that the agent is at version 2.1 and it's running on a system with systemd because the agent controller has a requirement for systemd.|
|[0:05:27]||Without systemd, there is no agent controller. That means on systems without systemd the Checkmk agent would be running in the legacy mode, which i'd explained earlier.|
|[0:05:39]||And if systemd is available, then the Checkmk agent controller will be enrolled and activated and then we will get this warning. So, what do we do about it?|
|[0:05:52]||First, of course, you can configure the service to just ignore this warning and to run in legacy mode. Because, of course, the agent will continue to work after the upgrade.|
|[0:06:03]||It will not stop working if you upgrade your existing system, so you will still be able to monitor, but we definitely encourage you to enable the TLS encryption to be protected against a man in the middle attacks that would be listening in on your monitoring data.|
|[0:06:20]||So, how do we do that? How do we activate TLS? For that, we need to go to the command line of the monitored system. And there we have the cmk agent controller. So, this is the binary managing, everything agent controller related.|
|[0:06:39]||Now let's take a look what it can do. There is a lot of commands and sub-commands that you see here. The daemon mode is the one that the agent controller runs in the background and it's already running in the background right now.|
|[0:06:54]||And we have the register command here, which is the one that we want to use. There is also a proxy-register which can be used to create registration information for air gap systems.|
|[0:07:06]||So, if there is a system that cannot directly register at your monitoring server you can do that from any other system that can talk to the monitoring server and then import this configuration on the airgap system.|
|[0:07:20]||But let's keep it simple in this example. We are just using the register command directly because we can talk to the Checkmk server. So, we have the register command and let's have a look what this command can do.|
|[0:07:35]||And there we can see several options again. The important ones are the OPTIONS on the bottom. So, we need a hostname. Let's start with that. I called this system localhost, so the hostname really just is localhost.|
|[0:08:00]||I need to give the site name with -i. I call my site agent, pretty basic. And with -u, we need to give the user that is allowed to register the agent. Now let's do this. Now we have presented with the server site certificate of the Checkmk server.|
|[0:08:22]||We get information about it. We could actually verify the whole certificate against the server. But in this case I know who I'm talking to, so I'm going to confirm this here. Yes.|
|[0:08:33]||Now we're being asked for the password for the user that we just gave. Let me provide that. And if there's no output in Linux, everything worked.|
|[0:08:43]||So, we successfully registered the agent controller for TLS encryption with the Checkmk server. And now let's take a look at the status of the agent.|
|[0:08:56]||Because we also have the status command for the agent controller. And there we can see the connection here is to localhost port 8000 to the agent site.|
|[0:09:09]||The connection has a UUID and there is some more information about the certificate and the registration overall. And we can see the registration state is operational, which means everything is working as expected.|
|[0:09:24]||You can actually register your host to several Checkmk servers. So, if you have, for example, a test site running, you can, of course, register the agent with that site too so that site would be able to query this agent too.|
|[0:09:38]||On the other hand, if you have a site that is not registered with this agent, then it cannot query the agent.|
|[0:09:45]||So, if there's no registration, the agent will not communicate with their site unless you're running in legacy mode as said earlier, then the old rules still apply if you have an IP white list that will be in effect and the classical encryption will also be in effect, of course.|
|[0:10:04]||But once you start registering with the first registration, the agent controller then only accepts registered connections.|
|[0:10:13]||So, after we did this, let's switch back to the web interface. And now we can see the Checkmk agent service already went green.|
|[0:10:21]||So, there's nothing to complain about, which means we are communicating encrypted to the agent. The communication is secured and no one else can intercept this communication. Alright, that concludes this quick demonstration.|
|[0:10:38]||I hope you could get some insight into the new agent. If you want to know more about it, take a look at our official guide. The link will be in the description.|
|[0:10:47]||And with that, let me thank you for watching this video. Be sure to subscribe to never miss a video in the future. And I will see you next time.|
Ep. 1: Installing Checkmk 2.0 and monitoring your first host
In this video, Baris explains how to take get started with Checkmk and start monitoring your first host within a few minutes.
Ep. 2: The Checkmk 2.0 user interface
In this video, Baris take you through the new user interface in Checkmk 2.0. He explains the various components of the User interface such as the new navigation menus, the Sidebar, main dashboard, tactical overview, how to switch between the Checkmk interface themes and much more
Ep. 3: Using SNMP to monitor network devices in Checkmk 2.0
In this episode, Baris explains how to monitor network devices with Checkmk. SNMP is a protocol that many switches, routers, printers, UPSs, hardware sensors and other devices have implemented with the purpose of being able to monitor them easily.
Ep. 4: Monitoring Windows in Checkmk
In this video of our Getting started with Checkmk series, Baris explains how to install a Checkmk agent on a Windows host system and add that into your monitoring environment.
Ep. 5: Using metrics and graphs in Checkmk 2.0
In the 5th episode of the Getting started with Checkmk series, Baris explains using various metrics that you can monitor in Checkmk such as CPU utilization, CPU load etc. You can also see graph visualizations for these metrics or create and customize your own as per your requirements.
Ep. 6: Updating Checkmk 2.0 and using multiple instances
In this video, Baris explains how to update your Checkmk instance. It is very easy and can be done within minutes. You can run multiple Checkmk instances with different versions on the same system. This gives you the flexibility to test the new version before using it in production.
Ep. 7 (part 1): Working with rules and setting thresholds in Checkmk
In the following three-part videos series, Baris explains rule-based monitoring with Checkmk. In the first part, he shows you how you can work with rules and set threshold values. Rule-based configuration is one of the key features for Checkmk which helps you to scale your monitoring easily within minutes.
Ep. 7 (part 2): Smart rules with Host Tags in Checkmk
In the second part of this video, Baris explains using Smart rules with host tags in Checkmk. In the first part, he shows you how you can work with rules and set threshold values. These are features that you can use to build your rules even more intelligently and to better organize your monitoring.
Ep. 7 (part 3): Managing Hosts in Folder in Checkmk
In this final part of our episode on Rule-based monitoring in Checkmk, Baris demonstrates how to manage hosts in folders in Checkmk. This helps you to apply your monitoring configurations at scale and organize your hosts according to your needs.
Ep. 8: Working with Host and Service Groups in Checkmk
In this Baris demonstrates how to create host and service groups in Checkmk, so you can perform actions on an entire group instead of configuring each of them individually.
Ep. 9: Using the Quicksearch function in Checkmk
In this episode of the Checkmk tutorials, Baris shows how you can use the Quicksearch function in Checkmk. You can use it to easily find and manage certain hosts or services. He also explains some examples of filters to you. In Checkmk 2.0 you can use the same syntax in the Seach function found in the monitor menu to get identical results.
Ep. 10: Detecting configuration errors with the Analyze Configuration feature
With the Analyze Configuration feature, you can check if there are any configuration errors in your installation. Checkmk controls a number of possible security risks or potential performance restrictions and indicates if there are any problems.
Ep. 11: View creation and customization in Checkmk
In this video, Baris demonstrates how to customize headers, columns, and more in Views in Checkmk for yourself or other users. He also explains how to create custom views and add desired information to these views.
Ep. 12: Acknowledging problems in Checkmk
In this video, Baris explains how you can acknowledge problems in Checkmk. This function helps you to qualify the states of hosts and services. This allows you to keep track of messages in the main dashboard and, for example, you can add comments to problems.
Ep. 13: Scheduling downtimes in Checkmk
In the episode of our Getting started with Checkmk series, Baris explains how you can manage the maintenance times of your systems in Checkmk. Such scheduled downtimes prevent your monitoring from sending false alarms when a host or service goes to WARN or CRIT during maintenance work. You can also inform the users concerned about the maintenance via Checkmk.
Ep. 14: Distributed monitoring with Checkmk
In this video, Baris explains how you can connect several Checkmk instances to a monitoring system and then manage it.
Ep. 15: MKPs and Plugins in Checkmk
In the 15th episode of our Getting started with Checkmk tutorial series, Baris explains what are Checkmk Extension Packages (MKPs) and how easy it is to integrate them into your Checkmk monitoring environment. MKPs are the preferred format when you make your own extensions as it makes it easy to share with other users or deploy in distributed environments.
Ep. 16: Working with 'Bulk Actions' in Checkmk
In this episode of our Checkmk tutorials series, Baris explains how you can save a lot of time with bulk actions. With this feature you can perform various tasks such as deleting, renaming, service discovery etc. on a large number of hosts simultaneously.
Ep. 17: Working with network topologies in Checkmk
In this video of our gettign startted with Checkmk series, Baris explains how to map network topologies in Checkmk. This feature is quite helpful to manage your network and prevent any unnecessary notifications from the devices in your network.
Ep. 18: Creating and customizing dashboards in Checkmk
In this video of our Getting started with Checkmk series, Mathias explains how you can create and customize dashboards in Checkmk 2.0, so you can get insights into your monitoring according to your requirements. Find out more in this video.
Ep. 19: Monitoring websites and their certificates with Checkmk
In this episode, Bastian demonstrates how to monitor a website and its certificate with Checkmk. You can also monitor specific web pages with Checkmk by using the several options that will suit your use case. Learn more in this video.
Ep. 20: Configuring dashboard elements in Checkmk
Learn how to add data visualization elements of the various metrics into your Checkmk Dashboard. In this video, Mathias explains how you can configure these elements and create a dashboard as per your requirements.
Ep. 21: Setting up notifications in Checkmk
Learn how to set up notifications in Checkmk and assign relevant contacts and contact groups to be notified for various events. Later in this video, our presenter Bastian also demonstrates how you can set up rule-based notifications according to different conditions for hosts and services.
Ep. 22: Monitoring logfiles with Checkmk
Monitor your logfiles with Checkmk using its Logwatch plugin. It is very useful when you want to monitor your logfiles regardless of whether you are using a UNIX/Linux or a windows based system. Learn more in this video.
Ep. 24: 3 Rules for efficient network monitoring
In this video, Bastian demonstrates 3 rules that will help you to efficiently monitor your network interfaces. With Checkmk 2.0, with just three rules, you can set up an efficient network monitoring that will not only monitor all of your network interfaces but also simultaneously provide a detailed overview of all of your ports.
Ep. 25: New UX and security improvements in Checkmk 2.1
Checkmk 2.1 come with many UX improvements such as pre-built dashboards for Linux and Windows, faster core performance and much more. Security features such as two-factor authentication etc. were also added in this new version. Watch this video to learn how to use these new features and enhancements in Checkmk.
Ep. 28: Working with InfluxDB integration in Checkmk
Learn how to send data to InfluxDB from Checkmk. As InfluxDB introduced a new protocol to send data to it, a new connector was developed with Checkmk to talk natively with it. Learn more about it in this video.
Ep. 30: Clustering the Checkmk appliance
In this video, Robin demonstrates how you can cluster your Checkmk appliance to make it resilient against hardware failures. If you are using the Checkmk hardware appliance, it may be helpful to cluster your appliance to maintain high availability.
Ep. 32: Working with the Agent bakery in Checkmk
In this video, Robin demonstrates how to roll out agent packages with the required configuration for different monitored systems using the agent bakery in Checkmk. The "Automatic agent update" is quite a helpful feature as it pulls the latest configurations for an agent automatically and you don't need to manually update all of your agents deployed on different systems.
Ep 33: Monitoring Docker containers with Checkmk
Learn how to monitor Docker containers with Checkmk.In this video, Robin demonstrates the process of setting up a rule to configure the docker plugin and bake an agent with the desired settings for the Docker host.
Ep 34: Introduction to Checkmk Ansible collection
Last year the Checkmk Ansible collection was created to interact with the Checkmk REST API. In this video, Robin demonstrates how you can use this Ansible collection to automate your monitoring with Checkmk.
Ep 35: Monitoring SQL databases with Checkmk
In this video, Robin demonstrates how you can configure your Checkmk site to monitor your SQL databases. As there are many flavours of SQL databases, the process is mostly the same.
Ep. 36: Introduction to different types of checks for monitoring with Checkmk
Learn about the different types of "checks" and services in Checkmk. In this video, Robin demonstrates how you can expand the information collected by your Checkmk agent using these different "Checks".
Ep. 43: Working with Hardware/Software inventory in Checkmk
In this video, Robin demonstrates the hardware/software inventory feature in Checkmk. With this feature one can get an overview of various pieces of hardware present in their servers, switches etc. and also the software packages installed on their operating system. Watch this video to learn more.