[//]: # (werk v2)
# Microsoft SQL Server (Windows) ruleset is deprecated
key | value
---------- | ---
date | 2024-04-17T13:40:06+00:00
version | 2.3.0b6
class | feature
edition | cre
component | checks
level | 2
compatible | no
We've introduced a new `Microsoft SQL Server (Linux, Windows)` plug-in for MS SQL
database monitoring, see
[werk 15842: Enhanced MS SQL Server monitoring](https://checkmk.com/werk/15842).
The new plugin extends the functionality of `Microsoft SQL Server (Windows)`
by adding more options and features.
We recommend that you upgrade to the `Microsoft SQL Server (Linux, Windows)` plug-in to monitor MS SQL databases. This new agent plugin can be deployed
alongside the Checkmk agent on your database systems, just like the previous
plugin. You can also use this plugin on any Windows or Linux
server to monitor remote MSSQL servers over the network.
The previous `Microsoft SQL Server (Windows)` rule set is deprecated and renamed to `Microsoft SQL Server (deprecated)`. Please note that you may need to adjust settings on your databases or continue running the old plug-in for the time being, as the agent plug-in cannot connect to local database instances that are not available over a TCP/IP connection.
[//]: # (werk v2)
# Enhanced MS SQL Server monitoring
key | value
---------- | ---
date | 2024-04-03T07:47:56+00:00
version | 2.3.0b4
class | feature
edition | cre
component | checks
level | 2
compatible | yes
With this release MS SQL Server is monitored using new plugin and new GUI.
The old plugin is still supported but are considered deprecated.
Key Enhancements out-of-the-box:
- Configuration flexibility: The plugin can be configured through a YAML config file for any edition and/or a graphical user interface (GUI) for enterprise edition or better.
- Cross platform: The plugin can be deployed on Linux and Windows.
- Enhanced monitoring capabilities: Supports monitoring of remote databases on both Linux and Windows hosts, in addition to local monitoring on Windows hosts.
- Customizable monitoring sections: Sections are now selectable and configurable
- Customizable SQL statements: you may change SQL statement either manually(place file in `mssql` sub directory in config dir) or using `Custom files` rule in GUI.
- Multi-instance support: Enables the selection of different instances for monitoring. Every instance can be configured separately
- Multi-host support: possible to monitor databases on various hosts using one deployed plugin.
- Security enhancements: Limited support for certificates is now available.
- Asynchronous operation: Any section with exception `instances` can be set up for asynchronous operation.
- Piggyback: It's possible to direct the output of a plugin to a different host, rather than to the host that retrieves the data.
- Other improvements:
- Automatic detection of instances is possible for any Windows host, local and remote, depending on SQL Server Setup.
- Full logging support including rotation and file limits
- Limit for maximal connection counts
- Cache time and timeout can be configured too
With regard to the old plug-in, there are also a few restrictions at the moment:
- The database instances must be accessible via TCP/IP.
- If several databases are running on a system, each using their own IP addresses, these must be explicitly specified in the configuration of the agent plug-in, as the addresses and ports are currently not yet found automatically.
Werk 15841 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: The configuration is correctly loaded by RRD helper processes
Class: fix
Compatible: compat
Component: core
Date: 1711447383
Edition: cee
Level: 2
Version: 2.1.0p43
This change ensures the reloading of the configuration by already
running RRD processes, thereby guaranteeing that those processes are
using the correct configuration.
SUP-17787
CMK-16318
------------------------------------<diff>-------------------------------------------
Title: The configuration is correctly loaded by RRD helper processes
Class: fix
Compatible: compat
Component: core
Date: 1711447383
Edition: cee
Level: 2
- Version: 2.1.0p42
? ^
+ Version: 2.1.0p43
? ^
This change ensures the reloading of the configuration by already
running RRD processes, thereby guaranteeing that those processes are
using the correct configuration.
SUP-17787
CMK-16318
Werk 15843 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: mk_oracle(ps1): Follow-up to privilege escalation fix
Class: fix
Compatible: incomp
Component: checks
Date: 1712314947
Edition: cre
Level: 2
Version: 2.1.0p42
You might be affected by this Werk if you use <tt>mk_oracle</tt> on Windows.
Werk <a href="https://checkmk.com/werk/16232">Werk #16232</a> introduced a
regression, thereby disrupting Oracle monitoring on Windows.
This Werk addresses above mentioned issue that affects versions 2.1.0p41,
2.2.0p24, and 2.3.0b4.
Since this release, Oracle monitoring on Windows is fully supported under
either of the following conditions:
1. The monitoring is performed using an account without administrator rights.
2. Specific Oracle executable binaries — namely, <tt>sqlplus.exe</tt>,
<tt>tnsping.exe</tt> and, if presented, <tt>crsctl.exe</tt> - are not modifiable
by non-admin users.
If you are still unable to monitor Oracle, for example, you can't use an
unprivileged account for monitoring and changing of permission is not possible,
consider one of the following actions:
1. Enable <tt>Run as local group</tt> for group <tt>Administrators</tt> in
<tt>Run plugins and local checks using non-system account</tt> ruleset.
2. Adjust <tt>Oracle Binaries Permissions Check</tt> settings in <tt>ORACLE databases (Linux,
Solaris, AIX, Windows)</tt> ruleset.
More information about can be found at <a href="https://checkmk.atlassian.net/wiki/x/AQA1B">here</a>.
------------------------------------<diff>-------------------------------------------
Title: mk_oracle(ps1): Follow-up to privilege escalation fix
Class: fix
Compatible: incomp
Component: checks
Date: 1712314947
Edition: cre
Level: 2
Version: 2.1.0p42
You might be affected by this Werk if you use <tt>mk_oracle</tt> on Windows.
Werk <a href="https://checkmk.com/werk/16232">Werk #16232</a> introduced a
regression, thereby disrupting Oracle monitoring on Windows.
This Werk addresses above mentioned issue that affects versions 2.1.0p41,
2.2.0p24, and 2.3.0b4.
- Since this release, Oracle monitoring on Windows is fully supported under
? -
+ Since this release, Oracle monitoring on Windows is fully supported under
- condition you use an account without administrator rights or the certain
- executable binaries, <tt>sqlplus.exe</tt>, <tt>tnsping.exe</tt> and, if
- presented, <tt>crsctl.exe</tt> are write-protected, with the possible
- exception being the Administrator.
+ either of the following conditions:
+ 1. The monitoring is performed using an account without administrator rights.
+ 2. Specific Oracle executable binaries — namely, <tt>sqlplus.exe</tt>,
+ <tt>tnsping.exe</tt> and, if presented, <tt>crsctl.exe</tt> - are not modifiable
+ by non-admin users.
- If you are unable or prefer not to use an unprivileged account then you may
- need to adjust permissions for above mentioned binaries: remove <tt>Write</tt>,
- <tt>Full Control</tt> and <tt>Modify</tt> permissions for any non-Administrator
- user and group.
+ If you are still unable to monitor Oracle, for example, you can't use an
+ unprivileged account for monitoring and changing of permission is not possible,
+ consider one of the following actions:
+ 1. Enable <tt>Run as local group</tt> for group <tt>Administrators</tt> in
+ <tt>Run plugins and local checks using non-system account</tt> ruleset.
+ 2. Adjust <tt>Oracle Binaries Permissions Check</tt> settings in <tt>ORACLE databases (Linux,
+ Solaris, AIX, Windows)</tt> ruleset.
More information about can be found at <a href="https://checkmk.atlassian.net/wiki/x/AQA1B">here</a>.
[//]: # (werk v2)
# mk_oracle: Follow-up to privilege escalation fix
key | value
---------- | ---
compatible | no
version | 2.4.0b1
date | 2024-04-04T07:59:38+00:00
level | 2
class | fix
component | checks
edition | cre
You might be affected by this Werk if you use <tt>mk_oracle</tt> on a unix
system.
You might be affected by this Werk if you use oracle wallet to connect to your
database.
You are definitively affected by this Werk if you use oracle wallet to connect to your
database and used the instructions of our official documentation to setup your
configuration.
This Werk fixes connection problems introduced with 2.1.0p41, 2.2.0p24 and 2.3.0b4.
Since <a href="https://checkmk.com/werk/16232">Werk #16232</a> we switch to a
unprivileged user when executing oracle binaries. This causes problems when
using an oracle wallet as the unprivileged user might not be able to access
files defining the connection details and credentials.
We introduced an additional permission check to the <code>-t</code> "Just check
the connection" option of <code>mk_oracle</code>. It should help you modifying
the permissions to continue using <code>mk_oracle</code> with oracle wallet.
You can execute it with the following command:
<pre>
MK_CONFDIR=/etc/check_mk/ MK_VARDIR=/var/lib/check_mk_agent /usr/lib/check_mk_agent/plugins/mk_oracle --no-spool -t
</pre>
The path to mk_oracle might be different if you execute it asynchronously. For a
60 second interval the path would be <code>/usr/lib/check_mk_agent/plugins/60/mk_oracle</code>
The script will test permissions of the files needed to connect to the database. It boils down to the following:
<code>mk_oracle</code> will switch to the owner of
<code>$ORACLE_HOME/bin/sqlplus</code> before executing <code>sqlplus</code>. So
this user has to have the following permissions:
<ul>
<li>read <code>$TNS_ADMIN/sqlnet.ora</code></li>
<li>read <code>$TNS_ADMIN/tnsnames.ora</code></li>
<li>execute the wallet folder (<code>/etc/check_mk/oracle_wallet</code> if followed the official documentation)</li>
<li>read files inside the wallet folder (<code>/etc/check_mk/oracle_wallet/*</code> if followed the official documentation)</li>
</ul>
Beside that we also fixed some bash syntax errors we introduced with
<a href="https://checkmk.com/werk/16232">Werk #16232</a>.
See <a href="https://checkmk.atlassian.net/wiki/spaces/KB/pages/70582273/Troubleshooting…">Troubleshooting mk_oracle for Windows and Linux</a>
for more information about troubleshooting this problem.
Werk 15841 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: The configuration is correctly loaded by RRD helper processes
Class: fix
Compatible: compat
Component: core
Date: 1711447383
Edition: cee
Level: 2
Version: 2.2.0p26
This change ensures the reloading of the configuration by already
running RRD processes, thereby guaranteeing that those processes are
using the correct configuration.
SUP-17787
CMK-16318
------------------------------------<diff>-------------------------------------------
Title: The configuration is correctly loaded by RRD helper processes
Class: fix
Compatible: compat
Component: core
Date: 1711447383
Edition: cee
Level: 2
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
This change ensures the reloading of the configuration by already
running RRD processes, thereby guaranteeing that those processes are
using the correct configuration.
SUP-17787
CMK-16318
Title: mk_oracle: Follow-up to privilege escalation fix
Class: fix
Compatible: incomp
Component: checks
Date: 1712217578
Edition: cre
Level: 2
Version: 2.1.0p42
You might be affected by this Werk if you use <tt>mk_oracle</tt> on a unix
system.
You might be affected by this Werk if you use oracle wallet to connect to your
database.
You are definitively affected by this Werk if you use oracle wallet to connect to your
database and used the instructions of our official documentation to setup your
configuration.
This Werk fixes connection problems introduced with 2.1.0p41, 2.2.0p24 and 2.3.0b4.
Since <a href="https://checkmk.com/werk/16232">Werk #16232</a> we switch to a
unprivileged user when executing oracle binaries. This causes problems when
using an oracle wallet as the unprivileged user might not be able to access
files defining the connection details and credentials.
We introduced an additional permission check to the <code>-t</code> "Just check
the connection" option of <code>mk_oracle</code>. It should help you modifying
the permissions to continue using <code>mk_oracle</code> with oracle wallet.
You can execute it with the following command:
<pre>
MK_CONFDIR=/etc/check_mk/ MK_VARDIR=/var/lib/check_mk_agent /usr/lib/check_mk_agent/plugins/mk_oracle --no-spool -t
</pre>
The path to mk_oracle might be different if you execute it asynchronously. For a
60 second interval the path would be <code>/usr/lib/check_mk_agent/plugins/60/mk_oracle</code>
The script will test permissions of the files needed to connect to the database. It boils down to the following:
<code>mk_oracle</code> will switch to the owner of
<code>$ORACLE_HOME/bin/sqlplus</code> before executing <code>sqlplus</code>. So
this user has to have the following permissions:
<ul>
<li>read <code>$TNS_ADMIN/sqlnet.ora</code></li>
<li>read <code>$TNS_ADMIN/tnsnames.ora</code></li>
<li>execute the wallet folder (<code>/etc/check_mk/oracle_wallet</code> if followed the official documentation)</li>
<li>read files inside the wallet folder (<code>/etc/check_mk/oracle_wallet/*</code> if followed the official documentation)</li>
</ul>
Beside that we also fixed some bash syntax errors we introduced with
<a href="https://checkmk.com/werk/16232">Werk #16232</a>.
See <a href="https://checkmk.atlassian.net/wiki/spaces/KB/pages/70582273/Troubleshooting…">Troubleshooting mk_oracle for Windows and Linux</a>
for more information about troubleshooting this problem.
Title: mk_oracle: Follow-up to privilege escalation fix
Class: fix
Compatible: incomp
Component: checks
Date: 1712217578
Edition: cre
Level: 2
Version: 2.2.0p25
You might be affected by this Werk if you use <tt>mk_oracle</tt> on a unix
system.
You might be affected by this Werk if you use oracle wallet to connect to your
database.
You are definitively affected by this Werk if you use oracle wallet to connect to your
database and used the instructions of our official documentation to setup your
configuration.
This Werk fixes connection problems introduced with 2.1.0p41, 2.2.0p24 and 2.3.0b4.
Since <a href="https://checkmk.com/werk/16232">Werk #16232</a> we switch to a
unprivileged user when executing oracle binaries. This causes problems when
using an oracle wallet as the unprivileged user might not be able to access
files defining the connection details and credentials.
We introduced an additional permission check to the <code>-t</code> "Just check
the connection" option of <code>mk_oracle</code>. It should help you modifying
the permissions to continue using <code>mk_oracle</code> with oracle wallet.
You can execute it with the following command:
<pre>
MK_CONFDIR=/etc/check_mk/ MK_VARDIR=/var/lib/check_mk_agent /usr/lib/check_mk_agent/plugins/mk_oracle --no-spool -t
</pre>
The path to mk_oracle might be different if you execute it asynchronously. For a
60 second interval the path would be <code>/usr/lib/check_mk_agent/plugins/60/mk_oracle</code>
The script will test permissions of the files needed to connect to the database. It boils down to the following:
<code>mk_oracle</code> will switch to the owner of
<code>$ORACLE_HOME/bin/sqlplus</code> before executing <code>sqlplus</code>. So
this user has to have the following permissions:
<ul>
<li>read <code>$TNS_ADMIN/sqlnet.ora</code></li>
<li>read <code>$TNS_ADMIN/tnsnames.ora</code></li>
<li>execute the wallet folder (<code>/etc/check_mk/oracle_wallet</code> if followed the official documentation)</li>
<li>read files inside the wallet folder (<code>/etc/check_mk/oracle_wallet/*</code> if followed the official documentation)</li>
</ul>
Beside that we also fixed some bash syntax errors we introduced with
<a href="https://checkmk.com/werk/16232">Werk #16232</a>.
See <a href="https://checkmk.atlassian.net/wiki/spaces/KB/pages/70582273/Troubleshooting…">Troubleshooting mk_oracle for Windows and Linux</a>
for more information about troubleshooting this problem.
Werk 15843 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: mk_oracle(ps1): Follow-up to privilege escalation fix
Class: fix
Compatible: incomp
Component: checks
Date: 1712314947
Edition: cre
Level: 2
Version: 2.2.0p25
You might be affected by this Werk if you use <tt>mk_oracle</tt> on Windows.
Werk <a href="https://checkmk.com/werk/16232">Werk #16232</a> introduced a
regression, thereby disrupting Oracle monitoring on Windows.
This Werk addresses above mentioned issue that affects versions 2.1.0p41,
2.2.0p24, and 2.3.0b4.
Since this release, Oracle monitoring on Windows is fully supported under
either of the following conditions:
1. The monitoring is performed using an account without administrator rights.
2. Specific Oracle executable binaries — namely, <tt>sqlplus.exe</tt>,
<tt>tnsping.exe</tt> and, if presented, <tt>crsctl.exe</tt> - are not modifiable
by non-admin users.
If you are still unable to monitor Oracle, for example, you can't use an
unprivileged account for monitoring and changing of permission is not possible,
consider one of the following actions:
1. Enable <tt>Run as local group</tt> for group <tt>Administrators</tt> in
<tt>Run plugins and local checks using non-system account</tt> ruleset.
2. Adjust <tt>Oracle Binaries Permissions Check</tt> settings in <tt>ORACLE databases (Linux,
Solaris, AIX, Windows)</tt> ruleset.
More information about can be found at <a href="https://checkmk.atlassian.net/wiki/x/AQA1B">here</a>.
------------------------------------<diff>-------------------------------------------
Title: mk_oracle(ps1): Follow-up to privilege escalation fix
Class: fix
Compatible: incomp
Component: checks
Date: 1712314947
Edition: cre
Level: 2
Version: 2.2.0p25
You might be affected by this Werk if you use <tt>mk_oracle</tt> on Windows.
Werk <a href="https://checkmk.com/werk/16232">Werk #16232</a> introduced a
regression, thereby disrupting Oracle monitoring on Windows.
This Werk addresses above mentioned issue that affects versions 2.1.0p41,
2.2.0p24, and 2.3.0b4.
- Since this release, Oracle monitoring on Windows is fully supported under
? -
+ Since this release, Oracle monitoring on Windows is fully supported under
- condition you use an account without administrator rights or the certain
- executable binaries, <tt>sqlplus.exe</tt>, <tt>tnsping.exe</tt> and, if
- presented, <tt>crsctl.exe</tt> are write-protected, with the possible
- exception being the Administrator.
+ either of the following conditions:
+ 1. The monitoring is performed using an account without administrator rights.
+ 2. Specific Oracle executable binaries — namely, <tt>sqlplus.exe</tt>,
+ <tt>tnsping.exe</tt> and, if presented, <tt>crsctl.exe</tt> - are not modifiable
+ by non-admin users.
- If you are unable or prefer not to use an unprivileged account then you may
- need to adjust permissions for above mentioned binaries: remove <tt>Write</tt>,
- <tt>Full Control</tt> and <tt>Modify</tt> permissions for any non-Administrator
- user and group.
+ If you are still unable to monitor Oracle, for example, you can't use an
+ unprivileged account for monitoring and changing of permission is not possible,
+ consider one of the following actions:
+ 1. Enable <tt>Run as local group</tt> for group <tt>Administrators</tt> in
+ <tt>Run plugins and local checks using non-system account</tt> ruleset.
+ 2. Adjust <tt>Oracle Binaries Permissions Check</tt> settings in <tt>ORACLE databases (Linux,
+ Solaris, AIX, Windows)</tt> ruleset.
More information about can be found at <a href="https://checkmk.atlassian.net/wiki/x/AQA1B">here</a>.
+
Werk 15515 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# check_http: Soft deprecatation of old HTTP monitoring plug-in
key | value
---------- | ---
date | 2024-04-03T13:15:48+00:00
version | 2.4.0b1
class | feature
edition | cre
component | checks
level | 2
compatible | no
The old plug-in is being deprecated in a soft way with this werk. Unlike
hard deprecation, the deprecated rule set "Check HTTP service" will remain
fully functional. However, new rules should only be created if absolutely
necessary, such as when experiencing issues with the new "Check HTTP web
service" implementation and needing to roll back to the old one.
Please note that the rule set will be hard deprecated in version 2.4.0,
meaning that you will no longer be able to create new rules. However, the
plug-in itself will remain available as this is a component of the
monitoring-plugins collection that comes with Checkmk.
Please let us know if you find any features that were present in the old
plug-in but are missing in the new one.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# check_http: Soft deprecatation of old HTTP monitoring plug-in
key | value
---------- | ---
date | 2024-04-03T13:15:48+00:00
version | 2.4.0b1
class | feature
edition | cre
component | checks
level | 2
compatible | no
The old plug-in is being deprecated in a soft way with this werk. Unlike
hard deprecation, the deprecated rule set "Check HTTP service" will remain
fully functional. However, new rules should only be created if absolutely
necessary, such as when experiencing issues with the new "Check HTTP web
service" implementation and needing to roll back to the old one.
Please note that the rule set will be hard deprecated in version 2.4.0,
meaning that you will no longer be able to create new rules. However, the
plug-in itself will remain available as this is a component of the
monitoring-plugins collection that comes with Checkmk.
- Please know us know if you find any features that were present in the old
? --------
+ Please let us know if you find any features that were present in the old
? +++++++
plug-in but are missing in the new one.