CheckMK v2 – Coding own SNMP-Check Plugin

No word about CheckMK's supplied documentation :expressionless: In this example we add some features for the included SNMP-check kemp_loadmaster_services. For whatever reason, the included check only has hardcoded thresholds, and only takes "Active Connections" into account. Besides it is not yet migrated to CMK v2.0 which we will do in this course. Plugin Structure SNMP-plugins... » weiterlesen

CheckMK v2 – Coding own Active-Check Plugin

Again documentation seems to be none-existent. So a lot of selfstudy by looking at existing checks and their files is needed. Also it seems active-checks cannot be fully migrated yet, as you will notice in the "Check-File" (there is no register.??? yet and we still have to use active_check_info) In this example we use some... » weiterlesen

Renaming pfSense Interfaces

Only recommended for a fresh setup. I do not take any responsibility if you brick your config. Always make sure you have a recent backup of your config before tinkering with the config-file! If you are using for example pfELK for analysing your logs from your pfSense firewall, you may want to rename your interfaces... » weiterlesen

Elasticsearch As Log-Buffer

Why? What is that good for? Save license-costs and putting ingest-pipeline load somewhere else! :smiley: At my workplace we currently parse the events mostly with Logstash, but configuring those grok-filters so that the messages are ECS-comform is a lot of work. Yes, I know that there is a possibility to export those ingest-pipelines from Beats... » weiterlesen

Setup 3 Node Kubernetes 1.20 HA-Cluster (Without Docker) on Fedora 33

Master nodes will be worker nodes too (resources you know :wink:) We will use Keepalived and HAproxy as load-balancer for Kubernetes control-traffic. The whole Kubernetes-Cluster won't use Docker anymore. Prerequisites Three machines setup with minimal installation of Fedora 33 Server. I will call them vkube-001 ( vkube-002 ( vkube-003 ( One VIP ( which we... » weiterlesen

Check_MK – pfSense State Table Check (SNMP)

I needed a quick and dirty check for the pfSense's "State Table" via SNMP as I sometimes have the strange problem that it gets full and then I lose internet-connection. If the thresholds are hit and I am alerted, I hope I have time to investigate what is going wrong. The Check The default values... » weiterlesen

PART 3 – Monitoring

PART-3 - Monitoring As we want to know how our ECK is performing, we also want to monitor it with the built in and supplied "Stack Monitoring" Prepare Filebeat For Monitoring The Cluster For this setup you can orient at the - As we have our "ELK" in its own namespace and also a... » weiterlesen

PART-4 – Prepare RabbitMQ For Buffering Events

PART-4 - Prepare RabbitMQ For Buffering Events You may have a look at Elasticsearch As Log-Buffer The first thought maybe like: What? Why the hell RabbitMQ and not use the persistent queue featuere of Logstash? Because: Input plugins that do not use a request-response protocol cannot be protected from data loss. For example: tcp, udp,... » weiterlesen

PART-5 – Elasticsearch Templates And Policies

PART-5 - Elasticsearch Templates And Policies I have to update this page - as the templating stuff is not working as intended for none-legacy indices! Because we use Logstash for analysing Logs, we have to prepare templates and ILM policies. Setting Up ILM-Policies And Index-Templates For this setup I created an index-template listening for index-pattern... » weiterlesen