Checkmk
to checkmk.com

The new agent in Checkmk 2.1

In the early days of Checkmk, unencrypted communication between host and monitoring site was not considered a problem. Since in many cases both systems were on the same network, the risk of data leaks was low. Where it was thought necessary, encryption could be easily retrofitted using methods such as SSH tunnels.

Since widely distributed environments are now the norm, we decided to go the other way and make encryption the default behavior. This is because monitoring data can also contain information that could be interesting for potential attackers. For example, the process list can be used to find worthwhile targets for attacks. Checkmk 2.1 introduces a new agent that now communicates in TLS encrypted form.

The TLS encrypted agent is initially available for Linux on x86/64 and Windows, which make up the vast majority of systems in monitoring. Since the registration of the agent establishes a mutual trust relationship between the host and the server, it is important to perform the setup in the correct order.

Articles in the User Guide

Checkmk Livestream: The new Checkmk Agent

Mathias Kettner and Andi Umbreit discuss the architecture of the new agent and show how to use it in practice. In addition, they provide a sneak peek on upcoming innovations in Checkmk 2.2.

More videos on this topic

Dear reader
We are pleased that you have found your way to Checkmk.

As a monitoring software, Checkmk offers comprehensive and specialized solutions for dealing with the very diverse environments of IT infrastructures. This inevitably requires a very comprehensive documentation which goes beyond the mere description of the obvious. Our User Guide will help you as much as possible to better understand Checkmk, use Checkmk to implement your requirements, as well as helping you to discover new ways of solving problems.

To make the handling of Checkmk as easy as possible, the articles in this User Guide follow rather unusual approaches in many places. It is almost never a matter of simply copying a prefabricated sequence of individual steps. Rather, it is intended to give you, the reader, a deeper understanding of a feature in Checkmk.

To briefly summarize, our most important premise is that the User Guide should be helpful. And it is most helpful when you can implement our description as a solution for your own problem. Read more…

New to Checkmk?

There's a first time for everything, even with Checkmk. Since you are presented with a large number of options and functions in Checkmk, sometimes it can be difficult to find your way through the first steps.

Nevertheless, to make sure you can start your first Checkmk monitoring quickly and more easily, we have written a Beginner's Guide. This will give you a compact step-by-step introduction to Checkmk, and it is structured in such a way that you can read it quickly from beginning to end and participate right away. Therefore, it is short and concise and does not dwell on unnecessary details. By the end of the Beginner's Guide you will have a functional Checkmk system.

Featured topic: The new agent

Checkmk 2.1 introduces a new agent that now optionally communicates using TLS encryption. The reason for this move is that monitoring data can also contain information of interest to potential attackers. For example, the process list can be used to find worthwhile targets for attacks.

Find out more…

On YouTube:
Checkmk live – Improvements to the Checkmk agent and the agent bakery in Checkmk 2.1

The new agent in Checkmk 2.1

In the early days of Checkmk, unencrypted communication between host and monitoring site was not considered a problem. Since in many cases both systems were on the same network, the risk of data leaks was low. Where it was thought necessary, encryption could be easily retrofitted using methods such as SSH tunnels.

Since widely distributed environments are now the norm, we decided to go the other way and make encryption the default behavior. This is because monitoring data can also contain information that could be interesting for potential attackers. For example, the process list can be used to find worthwhile targets for attacks. Checkmk 2.1 introduces a new agent that now communicates in TLS encrypted form.

The TLS encrypted agent is initially available for Linux on x86/64 and Windows, which make up the vast majority of systems in monitoring. Since the registration of the agent establishes a mutual trust relationship between the host and the server, it is important to perform the setup in the correct order.

Articles in the User Guide

Checkmk Livestream: The new Checkmk Agent

Mathias Kettner and Andi Umbreit discuss the architecture of the new agent and show how to use it in practice. In addition, they provide a sneak peek on upcoming innovations in Checkmk 2.2.

More videos on this topic