Monitor external resources with proxy entities

Proxy entities allow Sensu to monitor external resources on systems and devices where a Sensu agent cannot be installed, like a network switch or a website. You can create proxy entities with sensuctl, the Sensu API, and the proxy_entity_name check attribute. When executing checks that include a proxy_entity_name or proxy_requests attribute, Sensu agents report the resulting event under the proxy entity instead of the agent entity.

NOTE: This guide requires a running Sensu backend, a running Sensu agent, and a sensuctl instance configured to connect to the backend as a user with get, list, and create permissions for entities, checks, and events.

Use a proxy entity to monitor a website

In this section, you’ll monitor the status of sensu.io by configuring a check with a proxy entity name so that Sensu creates an entity that represents the site and reports the status of the site under this entity.

Register dynamic runtime asset

To power the check, you’ll use the http-checks dynamic runtime asset. This community-tier asset includes http-check, the http status check command that your check will rely on.

Use sensuctl asset add to register the http-checks dynamic runtime asset, sensu/http-checks:

sensuctl asset add sensu/http-checks:0.4.0 -r http-checks

The response will indicate that the asset was added:

fetching bonsai asset: sensu/http-checks:0.4.0
added asset: sensu/http-checks:0.4.0

You have successfully added the Sensu asset resource, but the asset will not get downloaded until
it's invoked by another Sensu resource (ex. check). To add this runtime asset to the appropriate
resource, populate the "runtime_assets" field with ["http-checks"].

This example uses the -r (rename) flag to specify a shorter name for the dynamic runtime asset: http-checks.

You can also download the dynamic runtime asset definition from Bonsai and register the asset with sensuctl create --file filename.yml or sensuctl create --file filename.json.

Use sensuctl to confirm that the dynamic runtime asset is ready to use:

sensuctl asset list

The response should list the http-checks dynamic runtime asset:

     Name                                       URL                                    Hash    
────────────── ───────────────────────────────────────────────────────────────────── ──────────
  http-checks   //assets.bonsai.sensu.io/.../http-checks_0.4.0_windows_amd64.tar.gz   52ae075  
  http-checks   //assets.bonsai.sensu.io/.../http-checks_0.4.0_darwin_amd64.tar.gz    72d0f15  
  http-checks   //assets.bonsai.sensu.io/.../http-checks_0.4.0_linux_armv7.tar.gz     ef18587  
  http-checks   //assets.bonsai.sensu.io/.../http-checks_0.4.0_linux_arm64.tar.gz     3504ddf  
  http-checks   //assets.bonsai.sensu.io/.../http-checks_0.4.0_linux_386.tar.gz       60b8883  
  http-checks   //assets.bonsai.sensu.io/.../http-checks_0.4.0_linux_amd64.tar.gz     1db73a8 

NOTE: Sensu does not download and install dynamic runtime asset builds onto the system until they are needed for command execution. Read the asset reference for more information about dynamic runtime asset builds.

Create the check

Now that the dynamic runtime asset is registered, you can create a check named check-sensu-site to run the command http-check --url https://sensu.io with the http-checks dynamic runtime asset, at an interval of 60 seconds, for all agents subscribed to the proxy subscription, using the sensu-site proxy entity name. To avoid duplicate events, add the round_robin attribute to distribute the check execution across all agents subscribed to the proxy subscription.

Create a file named check.yml or check.json in your Sensu installation to store the check definition. Copy this this check definition into the check.yml or check.json file and save it:

---
type: CheckConfig
api_version: core/v2
metadata:
  name: check-sensu-site
  namespace: default
spec:
  command: http-check --url https://sensu.io
  interval: 60
  proxy_entity_name: sensu-site
  publish: true
  round_robin: true
  runtime_assets:
  - http-checks
  subscriptions:
  - proxy
{
  "type": "CheckConfig",
  "api_version": "core/v2",
  "metadata": {
    "name": "check-sensu-site",
    "namespace": "default"
  },
  "spec": {
    "command": "http-check --url https://sensu.io",
    "interval": 60,
    "proxy_entity_name": "sensu-site",
    "publish": true,
    "round_robin": true,
    "runtime_assets": [
      "http-checks"
    ],
    "subscriptions": [
      "proxy"
    ]
  }
}

Use sensuctl to add check-sensu-site to Sensu directly from the check.yml or check.json file:

sensuctl create --file check.yml
sensuctl create --file check.json

Use sensuctl to confirm that Sensu added the check:

sensuctl check list

The response should list check-sensu-site:

        Name                      Command                Interval   Cron   Timeout   TTL   Subscriptions   Handlers     Assets      Hooks   Publish?   Stdin?   Metric Format   Metric Handlers  
─────────────────── ─────────────────────────────────── ────────── ────── ───────── ───── ─────────────── ────────── ───────────── ─────── ────────── ──────── ─────────────── ──────────────────
  check-sensu-site   http-check --url https://sensu.io         60                0     0   proxy                      http-checks           true       false                                      

Add the subscription

To run the check, you’ll need a Sensu agent with the subscription proxy. After you install an agent, use sensuctl to add the proxy subscription to the entity the Sensu agent is observing.

In the following command, Replace <entity_name> with the name of the entity on your system. Then, run:

sensuctl entity update <entity_name>
  • For Entity Class, press enter.
  • For Subscriptions, type proxy and press enter.

Validate the check

Use sensuctl to confirm that Sensu created sensu-site. It might take a few moments for Sensu to execute the check and create the proxy entity.

sensuctl entity list

The response should list the sensu-site proxy entity:

       ID        Class    OS           Subscriptions                   Last Seen            
─────────────── ─────── ─────── ─────────────────────────── ────────────────────────────────
  sensu-centos   agent   linux   proxy,entity:sensu-centos   2021-10-21 19:20:04 +0000 UTC  
  sensu-site     proxy           entity:sensu-site           N/A                          

Then, use sensuctl to confirm that Sensu is monitoring sensu-site with the check-sensu-site check:

sensuctl event info sensu-site check-sensu-site

The response should list check-sensu-site status and history data for the sensu-site proxy entity:

=== sensu-site - check-sensu-site
Entity:    sensu-site
Check:     check-sensu-site
Output:    http-check OK: HTTP Status 200 for https://sensu.io
Status:    0
History:   0
Silenced:  false
Timestamp: 2021-10-21 19:20:06 +0000 UTC
UUID:      xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

You can also view the new proxy entity in your Sensu web UI.

Use proxy requests to monitor a group of websites

Suppose that instead of monitoring just sensu.io, you want to monitor multiple sites, like docs.sensu.io, packagecloud.io, and github.com. In this section, you’ll use the proxy_requests check attribute along with entity labels and token substitution to monitor three sites with the same check. Before you start, register the sensu/http-checks dynamic runtime asset if you haven’t already.

Create proxy entities

Instead of creating a proxy entity using the proxy_entity_name check attribute, use sensuctl to create proxy entities to represent the three sites you want to monitor. Your proxy entities need the entity_class attribute set to proxy to mark them as proxy entities as well as a few custom labels to identify them as a group and pass in individual URLs.

Create a file named entities.yml or entities.json in your Sensu installation and add the following entity definitions:

---
type: Entity
api_version: core/v2
metadata:
  name: sensu-docs
  namespace: default
  labels:
    proxy_type: website
    url: https://docs.sensu.io
spec:
  entity_class: proxy
{
  "type": "Entity",
  "api_version": "core/v2",
  "metadata": {
    "name": "sensu-docs",
    "namespace": "default",
    "labels": {
      "proxy_type": "website",
      "url": "https://docs.sensu.io"
    }
  },
  "spec": {
    "entity_class": "proxy"
  }
}
---
type: Entity
api_version: core/v2
metadata:
  name: packagecloud-site
  namespace: default
  labels:
    proxy_type: website
    url: https://packagecloud.io
spec:
  entity_class: proxy
{
  "type": "Entity",
  "api_version": "core/v2",
  "metadata": {
    "name": "packagecloud-site",
    "namespace": "default",
    "labels": {
      "proxy_type": "website",
      "url": "https://packagecloud.io"
    }
  },
  "spec": {
    "entity_class": "proxy"
  }
}
---
type: Entity
api_version: core/v2
metadata:
  name: github-site
  namespace: default
  labels:
    proxy_type: website
    url: https://github.com
spec:
  entity_class: proxy
{
  "type": "Entity",
  "api_version": "core/v2",
  "metadata": {
    "name": "github-site",
    "namespace": "default",
    "labels": {
      "proxy_type": "website",
      "url": "https://github.com"
    }
  },
  "spec": {
    "entity_class": "proxy"
  }
}

PRO TIP: When you create proxy entities, you can add any custom labels that make sense for your environment. For example, when monitoring a group of routers, you may want to add ip_address labels.

Now you can use sensuctl to add these proxy entities to Sensu directly from the entities.yml or entities.json file:

sensuctl create --file entities.yml
sensuctl create --file entities.json

Use sensuctl to confirm that the entities were added:

sensuctl entity list

The response should list the new sensu-docs, packagecloud-site, and github-site proxy entities:

         ID           Class    OS           Subscriptions                   Last Seen            
──────────────────── ─────── ─────── ─────────────────────────── ────────────────────────────────
  github-site         proxy                                       N/A                            
  packagecloud-site   proxy                                       N/A                            
  sensu-centos        agent   linux   proxy,entity:sensu-centos   2021-10-21 19:23:04 +0000 UTC  
  sensu-docs          proxy                                       N/A                            
  sensu-site          proxy           entity:sensu-site           N/A                             

Create a reusable HTTP check

Now that you have three proxy entities set up, each with a proxy_type and url label, you can use proxy requests and token substitution to create a single check that monitors all three sites.

Create a file called check-http.yml or check-http.json in your Sensu installation and add the following check definition:

---
type: CheckConfig
api_version: core/v2
metadata:
  name: check-http
  namespace: default
spec:
  command: 'http-check --url {{ .labels.url }}'
  interval: 60
  proxy_requests:
    entity_attributes:
      - entity.entity_class == 'proxy'
      - entity.labels.proxy_type == 'website'
  publish: true
  runtime_assets:
    - http-checks
  subscriptions:
    - proxy
{
  "type": "CheckConfig",
  "api_version": "core/v2",
  "metadata": {
    "name": "check-http",
    "namespace": "default"
  },
  "spec": {
    "command": "http-check --url {{ .labels.url }}",
    "interval": 60,
    "proxy_requests": {
      "entity_attributes": [
        "entity.entity_class == 'proxy'",
        "entity.labels.proxy_type == 'website'"
      ]
    },
    "publish": true,
    "runtime_assets": [
      "http-checks"
    ],
    "subscriptions": [
      "proxy"
    ]
  }
}

Your check-http check uses the proxy_requests attribute to specify the applicable entities. In this case, you want to run the check-http check on all entities of entity class proxy and proxy type website. Because you’re using this check to monitor multiple sites, you can use token substitution to apply the correct url in the check command.

Use sensuctl to add the check-http check to Sensu directly from the check-http.yml or check-http.json file:

sensuctl create --file check-http.yml
sensuctl create --file check-http.json

Use sensuctl to confirm that Sensu created the check:

sensuctl check list

The response should include the check-http check:

        Name                      Command                 Interval   Cron   Timeout   TTL   Subscriptions   Handlers     Assets      Hooks   Publish?   Stdin?   Metric Format   Metric Handlers  
─────────────────── ──────────────────────────────────── ────────── ────── ───────── ───── ─────────────── ────────── ───────────── ─────── ────────── ──────── ─────────────── ──────────────────
  check-http         http-check --url {{ .labels.url }}         60                0     0   proxy                      http-checks           true       false                                     
  check-sensu-site   http-check --url https://sensu.io          60                0     0   proxy                      http-checks           true       false                                      

PRO TIP: To distribute check executions across multiple agents, set the round-robin check attribute to true. For more information about round robin checks, read the checks reference.

Validate the check

Before you validate the check, make sure that you’ve registered the sensu/http-checks dynamic runtime asset and added the proxy subscription to a Sensu agent.

Use sensuctl to confirm that Sensu is monitoring docs.sensu.io, packagecloud.io, and github.com with the check-http, returning a status of 0 (OK):

sensuctl event list

The response should list check status data for the sensu-docs, packagecloud-site, and github-site proxy entities:

       Entity              Check                                         Output                                   Status   Silenced             Timestamp                             UUID                  
──────────────────── ────────────────── ──────────────────────────────────────────────────────────────────────── ──────── ────────── ─────────────────────────────── ───────────────────────────────────────
  github-site         check-http         http-check OK: HTTP Status 200 for https://github.com                         0   false      2021-10-21 19:27:04 +0000 UTC   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  
                                                                                                                                                                                                            
  packagecloud-site   check-http         http-check OK: HTTP Status 200 for https://packagecloud.io                    0   false      2021-10-21 19:27:04 +0000 UTC   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  
                                                                                                                                                                                                            
  sensu-centos        keepalive          Keepalive last sent from sensu-centos at 2021-10-21 19:27:44 +0000 UTC        0   false      2021-10-21 19:27:44 +0000 UTC   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  
  sensu-docs          check-http         http-check OK: HTTP Status 200 for https://docs.sensu.io                      0   false      2021-10-21 19:27:03 +0000 UTC   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  
                                                                                                                                                                                                            
  sensu-site          check-sensu-site   http-check OK: HTTP Status 200 for https://sensu.io                           0   false      2021-10-21 19:27:05 +0000 UTC   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  

Next steps

The files you created with check and entity definitions can become part of your monitoring as code repository. Storing your Sensu configurations the same way you would store code means they are portable and repeatable. Monitoring as code makes it possible to move to a more robust deployment without losing what you’ve started here and reproduce one environment’s configuration in another.

Now that you know how to run a proxy check to verify the status of a website and use proxy requests to run a check on two different proxy entities based on label evaluation, read these recommended resources: