Systems protected by KernelCare can be monitored by means of CloudLinux Network (CLN) portal available at https://cln.cloudlinux.com.
Click KernelCare activation key to see the list of servers activated with it. Servers marked with exclamation mark do not have the latest KernelCare patches installed.
It is possible to integrate KernelCare status monitoring with any third-party monitoring system that supports REST API.
https://cln.cloudlinux.com/api/kcare/nagios/{key_id}
https://cln.cloudlinux.com/api/kcare/nagios-res/{login}/{token}
The latest CloudLinux REST API description is available at https://cln.cloudlinux.com/clweb/downloads/cloudlinux-rest-api.pdf
check_kcare
is a Nagios plugin that provides a way to monitor the out of date and inactive servers. It can provide information on servers assigned to the KernelCare key, or for all the servers in partner account.
Start from installing Nagios monitoring system.
You can download the plugin from https://patches.kernelcare.com/downloads/nagios/check_kcare
Place the plugin into /usr/lib64/nagios/plugins/
directory and make this script executable by running:
chmod +x /usr/lib64/nagios/plugins/check_kcare
Create kcare.cfg
configuration file from the template below and place it into /etc/nagios/conf.d/
directory.
You will also need to specify your KernelCare key instead of KERNELCARE_KEY
. If the licenses are IP-based, you can find your login & API security token in Profile section of your CLN account.
Restart Nagios service and go to Nagios Web UI (https://NAGIOS_IP/nagios/). Click on Services link (top left under Hosts). You should be able to see a string showing an output from monitoring script (please see screenshots below).
Script options:
-k KERNELCARE_KEY | retrieve status for servers associated with KEY |
-l PARTNER_LOGIN --api-token TOKEN | retrieve status for all servers in partner account based on login/token |
-c o,u,i -- return CRITICAL | list of coma separated o, u & i.o - out of dateu - unknown kerneli - inactive server |
-w o,u,i -- return WARNING | list of coma separated o, u & i.o - out of dateu - unknown kerneli - inactive server |
Here is an example configuration for key-based KernelCare licenses (IP-based section is commented out here):
Example host to associate the KernelCare status check service with
define host {
host_name kcare-service
notifications_enabled 0
max_check_attempts 1
notification_interval 0
check_period 24x7
}
define command {
command_name check_kcare
command_line /usr/lib64/nagios/plugins/check_kcare -k $ARG1$
}
define command {
command_name check_kcare_opts
command_line /usr/lib64/nagios/plugins/check_kcare -k $ARG1$ -c $ARG2$ -w $ARG3$
}
define command {
command_name check_kcare_partner
command_line /usr/lib64/nagios/plugins/check_kcare -l $ARG1$ --api-token $ARG2$
}
define command {
command_name check_kcare_partner_opts
command_line /usr/lib64/nagios/plugins/check_kcare -k $ARG1$ -l $ARG1$ --api-token $ARG2$ -c $ARG2$ -w $ARG3$
}
define service {
host_name kcare-service
service_description KernelCare Server Status Checker By Key
check_command check_kcare!KERNELCARE_KEY
notifications_enabled 1
check_interval 240
retry_interval 60
max_check_attempts 4
notification_options w,c,r
check_period 24x7
notification_period 24x7
}
#define service {
# host_name kcare-service
# service_description KernelCare Server Status Checker By login/token with outdated/inactive considered as critical
# check_command check_kcare_partner_opts!partner_login!partner_token!o,i!u
# notifications_enabled 1
# check_interval 240
# retry_interval 60
# max_check_attempts 4
# notification_options w,c,r
# check_period 24x7
# notification_period 24x7
#}
Zabbix Template for KernelCare
check_kcare
is a Nagios/Zabbix plugin that provides a way to monitor the out of date and inactive servers. It can provide information on servers assigned to the KernelCare key, or for all the servers in partner account.
You can download the plugin from https://patches.kernelcare.com/downloads/nagios/check_kcare
/usr/lib/zabbix/externalscripts
(or any other directory configured for Zabbix external check scripts)
Script options:
-z | Zabbix compatible format (Nagios otherwise) |
-k KERNELCARE_KEY | retrieve status for servers associated with KEY |
-l PARTNER_LOGIN --api-token TOKEN | retrieve status for all servers in partner account based on login/token |
-c o,u,i -- return CRITICAL | list of coma separate o, u & i.o -out of dateu - unknown kerneli - inactive server |
-w o,u,i -- return WARNING | list of coma separate o, u & i.o - out of dateu - unknown kerneli - inactive server |
You can download Zabbix template at:
https://patches.kernelcare.com/downloads/nagios/kcare_zabbix_template.xml
You can monitor out-of-date and inactive KernelCare agents with the help of DataDog integration. It can provide information on servers assigned to a KernelCare key or for all servers in a partner CLN account.
The intergration is installed with Datadog Agent (Agent-based integration) https://docs.datadoghq.com/getting_started/integrations/
The integration is available from the official datadog github repository https://github.com/DataDog/integrations-extras/tree/master/kernelcare
CentOS 8 (or other EL8-based):
Install required yum packages and prepare build environment.
yum -y install python3 python3-devel gcc git
python3 -m venv /tmp/python3-env
. /tmp/python3-env/bin/activate
pip3 install "datadog-checks-dev[cli]"
mkdir $HOME/dd/
cd $HOME/dd/
git clone https://github.com/DataDog/integrations-extras.git
ddev config set repo extras
Build python wheel package.
ddev -e release build kernelcare
Install python wheel package to datadog-agent
.
cp /root/dd/integrations-extras/kernelcare/dist/datadog_kernelcare*.whl /tmp/.
sudo -u dd-agent datadog-agent integration install -w /tmp/datadog_kernelcare*.whl
Move configuration file.
mv /etc/datadog-agent/conf.d/kernelcare.d/conf.yaml.example /etc/datadog-agent/conf.d/kernelcare.d/conf.yaml
In the configureation file you need to specify the key
parameter - the KernelCare activation key. If the licenses are IP-based, you can find your login & API security token in Profile section of your CLN account. You need to specify login
and api_token
parameters.
Restart the datadog Agent.
systemctl restart datadog-agent
You can check your newly installed integration (please do NOT run under python-virtualenv)
datadog-agent check kernelcare
After the integration is installed and launched you can login to DataDog dashboard to check metrics.