ID: 13857
Title: Windows agent uses perflib to obtain wmi_cpuload data
Component: Checks & agents
Level: 2
Class: New feature
Version: 2.2.0i1
Windows agent uses now the Perflib API for service wmi_cpuload
as a more reliable and stable source of information compared
to the previously used WMI API.
If, for some reasons, the new functionality causes problems,
it is possible to return to the WMI API, using the appropriate
key in the user config. To do it, set in section global the key
cpuload_method to 'use_wmi'.
ID: 14083
Title: Fix linux agent using 100% CPU (again)
Component: Checks & agents
Level: 2
Class: Bug fix
Version: 2.2.0i1
Werk <i>#14027: Fix linux agent using 100% CPU</i> actually increased the problem of async agent services using 100% CPU on some systems.
ID: 14101
Title: Add InfluxDB exporter
Component: Setup
Level: 2
Class: New feature
Version: 2.2.0i1
With Checkmk 2.1 we introduce the new option to configure InfluxDB connections.
With this option you are able to send metrics directly from Checkmk to the
REST-API of InfluxDB.
More information on how to configure the connection can be found here:
https://docs.checkmk.com/master/en/metrics_exporter.html
Please note:
The integration is only compatible with InfluxDB 2.0 or later.
If you're using InfluxDB <= 1.8 you need to use the option "Send metrics to
Graphite" as described in the Checkmk docs.
ID: 13297
Title: Setup (WATO) now uses Redis for certain lookups to improve GUI performance
Component: Setup
Level: 2
Class: New feature
Version: 2.2.0i1
Large installations with several thousand hosts/folders suffered from a decreased performance
when navigating through the folder hierarchy or when displaying rulesets.
Furthermore, the global settings option <tt>Hide folders without read permissions</tt> made the
entire setup system virtually unusable for non-admin users.
Some of the data is now cached via Redis, which reduces needless calculations and file parsing.
ID: 13897
Title: Fix command injection vulnerability
Component: Notifications
Level: 2
Class: Security fix
Version: 2.2.0i1
Previously to this Werk an attacker who could control certain notification
variables such as <tt>NOTIFICATIONTYPE</tt> or <tt>HOSTNAME</tt> was able to
inject commands to the fall-back mail command. The commands were then executed
as site user.
With this werk the variable <tt>MAIL_COMMAND</tt> is no longer available in
notification scripts.
You can reduce the risk of exploitation with disabling the listening of the
notification spooler (the default is disabled) (CEE/CME only feature).
All maintained versions (>=1.6) are subject to this vulnerability. It is likely
that also previous versions were vulnerable.
To detect possible exploitation <tt>var/log/mknotifyd.log</tt> and
<tt>var/log/notify.log</tt> can be checked for special shell characters like
<tt>&&</tt> and odd quoting.
ID: 13853
Title: WATO supports windows agent controller parameters
Component: Checks & agents
Level: 2
Class: New feature
Version: 2.2.0i1
Available parameters:
"Monitoring data security" - limits access to the monitoring data
only to the windows agent controller.
"Legacy communication" - allows usage of the legacy communication
as a fallback in all cases.
"Agent internal TCP port used to communicate with controller" - allows
to change default TCP port used for communication between agent and
controller
For the Raw edition above mentioned parameters could be configured using
check_mk.user.yml. Corresponding keys are located in the system.controller
section
To set "Monitoring data security" use key "check".
To set "Legacy communication" use key "force_legacy".
To set "Agent internal TCP port used to communicate with controller" use
key "agent_channel"
ID: 13644
Title: Deprecating NSCA as part of Checkmk
Component: Other Components
Level: 2
Class: New feature
Version: 2.2.0i1
With Checkmk 2.1 we officially deprecate the component NSCA which has
traditionally been a part of Checkmk but was rarely used. In 2.1 it will work
as before and be removed with Checkmk 2.2.
If you are a user of NSCA with Checkmk an alternative solution depends on your
specific use case. You could try to use local plugins with the Checkmk agent
(https://docs.checkmk.com/latest/en/agent_linux.html#mrpe) or utilize the spool
directory mechanism of the agent #16 (https://checkmk.com/werk/16).
If you can't find a good replacement for your use case, please contact us via
your support contact.
ID: 13872
Title: Add RobotMK GUI integration
Component: Multisite
Level: 2
Class: New feature
Version: 2.2.0i1
If you use the RobotMK extension package (mkp), each RobotMK service will now
have an icon for the last log file and the last error log file in the action
menu of the service, depending on the service labels
"robotmk/html_last_log:yes" and "robotmk/html_last_error_log:yes".
These icons lead to a new page on which the respective file is displayed and
downloadable.
Please note:
You have to use at least version 1.2.9 of the extension package.
ID: 13095
Title: Improved Livestatus query performance for hostsbygroup and servicesbygroup tables
Component: Livestatus
Level: 2
Class: New feature
Version: 2.2.0i1
Under various (complicated) circumstances, Livestatus queries for the
hostsbygroup and servicesbygroup tables with non-trivial filters could take
a very long time. This has been improved, sometimes bringing down the
response time from minutes to milliseconds.
ID: 13852
Title: Win-agent installer creates allow-pull-mode file correctly
Component: Checks & agents
Level: 2
Class: Bug fix
Version: 2.2.0i1
Previously, custom action in MSI failed if the available Powershell was
too old. Such failure made impossible the obtaining of the previously
installed version of win-agent. For the use case <tt>update from 2.0 on
2.1</tt>, this means lack of connection between agent and site, i.e. stop
of the monitoring.
Since this release, the uninstaller custom action supports also
Powershell 4.0 thus solving the problem.