Check MK

1. Prerequisites:

This section explains on how to integrate and ingest alerts from Check MK monitoring tool into CloudFabrix AIOPs platform.

Check MK (derived from Nagios Core) is a monitoring tool which supports alert notifications via email, slack, pagerduty, victorops or a script executing a command. CloudFabrix AIOPs platform uses webhook notification method using a script from Check MK monitoring tool to receive and ingest the alerts or events.

Click here for Alert Sources to create a Webhook URL for Check MK alert notifications in CloudFabrix OIA application.

Note: Under Alert Mapping section, use Nagios alert mapping configuration for Check MK alerts.

2.Configure Check MK for Alert notifications over a Webhook:

Step 1: Download the below scripts for both Host and Service type of alerts

For Host type alerts:

https://macaw-amer.s3.amazonaws.com/releases/OIA/scripts/webhook/cfx-host-webhook-notification.sh

For Service type alerts:

https://macaw-amer.s3.amazonaws.com/releases/OIA/scripts/webhook/cfx-service-webhook-notification.sh

Step 2: Copy the cfx-host-webhook-notification.sh and cfx-service-webhook-notification.sh script to Check MK system into the folder /omd/sites//local/share/check_mk/notifications

Step 3: Login into Check MK monitoring tool's machine using SSH CLI as root user and execute the below commands.

ssh root@<checkmk-ip-address>

cd /omd/sites/<Site_Name>/local/share/check_mk/notifications

chmod 755 cfx-host-webhook-notification.sh
chmod 755 cfx-service-webhook-notification.sh

Step 4: Edit the scripts cfx-host-webhook-notification.sh & cfx-service-webhook-notification.sh and configure the below variables. Configure the CFX_WEBHOOK_URL variable with Webhook URL that was created under Alert Sources section in CloudFabrix OIA application.

Configure CFX_WEBHOOK_USERNAME and CFX_WEBHOOK_PASSWORD variables if the Webhook is configured with HTTP authentication, otherwise, leave them empty.

CFX_WEBHOOK_URL="<cfx-webhook-url>"
CFX_WEBHOOK_USERNAME="<cfx-webhook-username-Optional>"
CFX_WEBHOOK_PASSWORD="<cfx-webhook-username-Optional>"

Step 5: Login into Check MK monitoring tool UI as a user which has admin privileges to configure the alert notifications.

Check_MK_login

Step 6: Under Setup menu, click on Users menu to create a new user for Check MK alert notifications.

Check_MK_maindashboard

Step 7: Click on Add button

Check_MK_users

Step 8: Enter username as cfx_notifications. Select appropriate sites under Authorized sites. Under Security section, select Automatic secret for machine accounts and generate a secret.

Select Disable password option to disable the login to this account. Select the roles as Normal monitoring user

Check_MK_adduser

Step 9: Commit the changes.

Step 10: Under Setup menu, click on Notifications menu to create configure alert notifications for both Host and Service type problems.

Check_MK_activate pending changes

Step 11: Configure alert notifications for Host type problems.

Click on Add rule button.

Check_MK_notification configuration

Step 12: Enter the Description as cfx_host_notification.

Select Notification Method as cfx-host-webhook-notification.sh from the drop down menu.

Under Contact selection section, select cfx_notifications user that was created to enable the alert notification.

Select appropriate Sites to enable the alert notification.

Check MK_add notification rule

Step 13: For Match host event type option, select appropriate options as shown below. Click on Save button to save the alert notification rule.

Check MK_match host

Step 14: Configure alert notifications for Service type problems.

Click on Add rule button.

Enter the Description as cfx_service_notification.

Select Notification Method as cfx-service-webhook-notification.sh from the drop down menu.

Under Contact selection section, select cfx_notifications user that was created to enable the alert notification.

Select appropriate Sites to enable the alert notification.

Check_MK_add notification

Step 15: For Match service event type option, select appropriate options as shown below. Click on Save button to save the alert notification rule.

Check_MK_match service event

Below is the Alert Filed mapping table (for information only) between Check MK alert notification fields and CloudFabrix OIA's common data model fields for Alerts.

Check MK Alert Field	CloudFabrix OIA Alert Field
Alert_NotificationType	alertType
Alert_Nagios_SourceType	Determines whether source alert is from Host or Service type
Alert_ServiceNotificationId / Alert_HostNotificationId	key (Service/Host)
Alert_ServiceDescription /Alert_ServiceOutput	message (Service)
Alert_HostName	assetName
Alert_HostAddress	assetIpAddress
Alert_Nagios_SourceType	assetType
Alert_HostState /Alert_HostAddress (or) Alert_HostOutput	message (Host)
Alert_DateTime	raisedAt / clearedAt
Alert_ServiceState/Alert_HostState	severity (Service/Host)