Check MK

Integration for Alerts

Prerequisites:
This section explains on how to integrate and ingest alerts from Check MK monitoring tool into CloudFabrix AIOPs platform.
Check MK (derived from Nagios Core) is a monitoring tool which supports alert notifications via email, slack, pagerduty, victorops or a script executing a command. CloudFabrix AIOPs platform uses webhook notification method using a script from Check MK monitoring tool to receive and ingest the alerts or events.
Click here for Alert Sources to create a Webhook URL for Check MK alert notifications in CloudFabrix OIA application.
Note: Under Alert Mapping section, use Nagios alert mapping configuration for Check MK alerts.
Configure Check MK for Alert notifications over a Webhook:
Step 1: Download the below scripts for both 'Host' and 'Service' type of alerts
For 'Host' type alerts: 
​https://macaw-amer.s3.amazonaws.com/releases/OIA/scripts/webhook/cfx-host-webhook-notification.sh​
For 'Service' type alerts: 
​https://macaw-amer.s3.amazonaws.com/releases/OIA/scripts/webhook/cfx-service-webhook-notification.sh​
Step 2: Copy the 'cfx-host-webhook-notification.sh' and 'cfx-service-webhook-notification.sh' script to Check MK system into the folder '/omd/sites/<Site_Name>/local/share/check_mk/notifications'
Step 3: Login into Check MK monitoring tool's machine using SSH CLI as 'root' user and execute the below commands.
ssh [email protected]<checkmk-ip-address>
cd /omd/sites/<Site_Name>/local/share/check_mk/notifications
chmod 755 cfx-host-webhook-notification.sh
chmod 755 cfx-service-webhook-notification.sh
Step 4: Edit the scripts 'cfx-host-webhook-notification.sh' & 'cfx-service-webhook-notification.sh' and configure the below variables. Configure the 'CFX_WEBHOOK_URL' variable with 'Webhook URL' that was created under 'Alert Sources' section in CloudFabrix OIA application. 
Configure 'CFX_WEBHOOK_USERNAME' and 'CFX_WEBHOOK_PASSWORD' variables if the Webhook is configured with HTTP authentication, otherwise, leave them empty.
CFX_WEBHOOK_URL="<cfx-webhook-url>"
CFX_WEBHOOK_USERNAME="<cfx-webhook-username-Optional>"
CFX_WEBHOOK_PASSWORD="<cfx-webhook-username-Optional>"
Step 5: Login into Check MK monitoring tool UI as a user which has admin privileges to configure the alert notifications.
Step 6: Under 'Setup' menu, click on 'Users' menu to create a new user for Check MK alert notifications.
Step 7: Click on 'Add' button
Step 8: Enter username as 'cfx_notifications'. Select appropriate sites under 'Authorized sites'. Under 'Security' section, select 'Automatic secret for machine accounts' and generate a secret. 
Select 'Disable password' option to disable the login to this account. Select the roles as 'Normal monitoring user'
Step 9: Commit the changes.
Step 10: Under 'Setup' menu, click on 'Notifications' menu to create configure alert notifications for both Host and Service type problems.
Step 11: Configure alert notifications for 'Host' type problems.
Click on 'Add rule' button.
Step 12: Enter the 'Decsription' as 'cfx_host_notification'.
Select 'Notification Method' as 'cfx-host-webhook-notification.sh' from the drop down menu.
Under Contact selection section, select cfx_notifications user that was created to enable the alert notification.
Select appropriate 'Sites' to enable the alert notification.
Step 13: For 'Match host event type' option, select appropriate options as shown below.
Click on Save button to save the alert notification rule.
Step 14: Configure alert notifications for 'Service' type problems.
Click on 'Add rule' button.
Enter the 'Decsription' as 'cfx_service_notification'.
Select 'Notification Method' as 'cfx-service-webhook-notification.sh' from the drop down menu.
Under Contact selection section, select cfx_notifications user that was created to enable the alert notification.
Select appropriate 'Sites' to enable the alert notification.
Step 15: For 'Match service event type' option, select appropriate options as shown below.
Click on Save button to save the alert notification rule.
Below is the Alert Filed mapping table (for information only) between Check MK alert notification fields and CloudFabrix OIA's common data model fields for Alerts.
Check MK Alert Field
CloudFabrix OIA Alert Field
Alert_NotificationType
alertType
Alert_Nagios_SourceType
Determines whether source alert is from 
Host or Service type
Alert_ServiceNotificationId /
Alert_HostNotificationId
key (Service/Host)
Alert_ServiceDescription /
Alert_ServiceOutput
message (Service)
Alert_HostName
assetName
Alert_HostAddress
assetIpAddress
Alert_Nagios_SourceType
assetType
Alert_HostState /
Alert_HostAddress (or)
Alert_HostOutput
message (Host)
Alert_DateTime
raisedAt / clearedAt
Alert_ServiceState/
Alert_HostState
severity (Service/Host)

Nagios XI

VMware vRealize Operations

Last modified 10mo ago

Check MK Alert Field	CloudFabrix OIA Alert Field
Alert_NotificationType	alertType
Alert_Nagios_SourceType	Determines whether source alert is from Host or Service type
Alert_ServiceNotificationId / Alert_HostNotificationId	key (Service/Host)
Alert_ServiceDescription / Alert_ServiceOutput	message (Service)
Alert_HostName	assetName
Alert_HostAddress	assetIpAddress
Alert_Nagios_SourceType	assetType
Alert_HostState / Alert_HostAddress (or) Alert_HostOutput	message (Host)
Alert_DateTime	raisedAt / clearedAt
Alert_ServiceState/ Alert_HostState	severity (Service/Host)