Linux is really popular on servers – the Open Source operating system has a reputation for being stable and reliable. Still, if you're a sysadmin and looking after one or more Linux servers, you probably want to monitor your machines' health and performance (and receive alerts when necessary).
Checkmk supports various Linux distributions. The server component is available as installation package (
.deb and .
rpm), as virtual appliance, and as a Docker container. The Linux version of the Checkmk agent is also easy to install: It's a simple shell script (
/usr/bin/check_mk_agent) that invokes various other commands (like
ps, etc.) to collect data about the filesystem, the CPU, network devices, etc.
It's also possible to extend the agent's functionality with plug-ins. In this blog post we're going to introduce five Checkmk plug-ins that come in handy when monitoring Linux servers.
Plug-ins at your Service
Checkmk plug-ins are small scripts or programs invoked by the agent to collect additional data about the monitored machine(s). There are two types of plug-ins:
- Check plug-ins
- Agent plug-ins
About 1,700 check plug-ins are shipped with Checkmk, i.e. they're on the server. In addition to the check plug-ins, approximately 100 agent plug-ins exist. They need to be installed on the monitored system. All plug-ins mentioned in this blog post are agent plug-ins. Some of them require a configuration file (in
/etc/check_mk) to function correctly, others work out of the box. Please have a look at the documentation of the plug-ins or check the source code to find out more about their configuration options.
If you're using the Checkmk Raw Edition (CRE), you can install the plug-ins by copying them to the plug-ins directory of the Linux agent (
/usr/lib/check_mk_agent/plugins); please remember to make the files executable (
chmod +x). Since some of the plug-ins have a very long runtime and don't need to be refreshed every minute, you can store them in subdirectories named after a number of seconds to execute them asynchronously. Customers of the Checkmk Enterprise Edition (CEE) can use the agent bakery to install the plug-ins and generate the configuration file(s) automatically.
And here are our top 5 plug-ins for monitoring Linux servers with Checkmk.
1. Package Management
Your Linux distributor regularly publishes software updates and patches to fix bugs and security vulnerabilities. It's important to install the updated packages to keep your operating system(s) secure. Instead of manually checking every server for upgrades, you can use Checkmk to monitor the package management system of your distribution.
If you're running Debian-based servers, you can use the
mk_apt plug-in to monitor the APT package manager. The plug-in
mk_zypper checks for available updates via zypper on SUSE Linux Enterprise Server and openSUSE systems, and if you're a
yum user on Red-Hat-based sytems, check out this plug-in.
All three plug-ins reach the warning state for regular package updates and critical for security updates. Tip: It's a good idea to install the plug-ins with asynchronous execution; it's not really necessary to check for updates more than once every day.
The Checkmk HW/SW inventory system collects information about hardware and installed software of your hosts. The plug-in
mk_inventory can not only report about existing hardware/software in your Linux server ("How much RAM/swap space does the machine have?", "How many CPUs and cores?", "Which of my servers have a certain package installed", etc.), but also check for changes.
mk_inventory.linux on your Linux server(s) and enable the inventory check with a new rule set in WATO. For each selected host you will see a new check called Checkmk HW/SW Inventory. You can view the results via Show Hardware/Software inventory of this host, browse the tree structure, add the inventory data as custom view or export it to other formats. On top of that, you can set the parameters for this check, so you get warned about changes.
3. File Systems Operations
Sometimes it's good to monitor certain file operations on your Linux server and get alerted when somebody or something creates, modifies, access, opens, or deletes a file. The
mk_inotify plug-in watches certain files and folders for you. It requires the Python module
pyinotify which is packaged for most distributions.
The locations and operations are being configured in
/etc/check_mk/mk_inotify.cfg; we ship an example configuration file (
~/share/check_mk/agents/cfg_examples/mk_inotify.cfg) that you can easily adjust to your own needs.
4. Number of logged in users
If you'd like to monitor the number of users who are currently logged in, you can install the plug-in
mk_logins. It combines the two commands "who" and "wc -l" to receive information about logged in users.
The default configuration gives out a warning if the number exceeds 20, and it reaches the critical level if the number is 30 or more. You can adjust the rule and redefine numbers as you see fit. For example, set the threshold to 1 for servers where normally nobody logs in. Also, it's possible to configure time periods and specify different warn/crit levels.
Tip: On one of my servers I've modified the plug-in so that it excludes my own IP address of the dial-up connection by adding a simple
if type who >/dev/null; then
who | grep -v 203.0.113.0 | wc -l
5. SSH Daemon
Maybe you have disabled root login, changed the default SSH port from 22 to something else, or switched on the public/private keys authentication for your SSH server. If that's the case, and you'd like to monitor your
/etc/ssh/sshd_config, then you can install the
mk_sshd_config plug-in. It watches security relevant parameters of the SSH daemon configuration and alerts you in case one or more options have been changed. You can change most parameters by configuring a rule in WATO.
If your SSH server doesn't use
/etc/ssh/sshd_config but a different config file, simply modify the plug-in in your favourite text editor and change the