CMDBsyncer

CMDBsyncer is a rule-based, modular synchronization hub for host and configuration data. It connects your source systems — CMDBs, asset management tools, APIs, CSV files — with your target systems like Checkmk, Netbox, or I-Doit, and keeps them in sync automatically.

Every connection to an external system is configured through an Account. Rules control what gets synchronized, how attributes are transformed, and which hosts are included.

Rules overview

Key Features

Web Interface with login, 2FA, and user management — all configuration after installation is done in the UI
Rule Engine to control synchronization based on host attributes, with rewrite, filter, and condition support
Jinja support throughout rules and configuration fields
Built-in CMDB mode for managing objects, hosts, and templates directly in CMDBsyncer
Plugin API to integrate custom data sources with minimal code
Cron management to schedule sync jobs from the UI, including externally-triggered runs via per-group webhook tokens
Notifications with email out of the box and rule-based routing — Slack, MS Teams and signed webhooks add on with the Enterprise license
REST API for external automation
Ansible support — dynamic inventory source plus a built-in UI runner, run history, and event-driven onboarding rules
Encryption of stored credentials, with optional external secret stores (KeePass / Vault) under the Enterprise license
Debug tooling via CLI and web-based debug views
Monitoring integration via Checkmk Exchange check

What's New in 4.0

Version 4.0 is a major release. Highlights — see the changelog for the full list:

Community Edition

Admin UI refresh across every page — consistent card layout for edit forms, sticky table headers, modernised login and start page, plugin-picker for new accounts
Notifications — Settings → Notifications with Channels and Rules, email out of the box
Cron groups: external webhook trigger with per-group token; resilient mode that continues remaining tasks on failure; auto-released locks; per-group "last successful run" tracking

Enterprise (license-gated)

Audit log — append-only compliance trail with field-level diffs, CSV/JSON export, optional SIEM streaming (Splunk HEC, syslog, generic webhook)
Native OIDC login — Azure AD, Okta, Keycloak, Google Workspace, Auth0
4-Eyes Approval Workflow — changes to critical resources queue up until a second admin approves
Scheduled backups — encrypted, rotated DB backups to any S3-compatible target or local path, each backup auto-manages its own protected cron group
Prometheus metrics — /metrics endpoint with license info, per-cron-group state and host totals
Signed webhook triggers — HMAC-signed cron-trigger requests with replay window and per-group IP allowlists
Notification routing — Slack, MS Teams, signed webhooks; rules with templates, cooldowns and hourly caps
Secrets manager — account passwords resolve from KeePass, LastPass, HashiCorp Vault, AWS Secrets Manager or an environment variable, transparent to every plugin
JSON log stream — Elastic Common Schema on stdout for Loki / Elastic / CloudWatch / Datadog / Splunk

Coming Soon

Two larger features are on dedicated branches and will land in a follow-up 4.x release:

Ansible Workspace

A first-class workspace for running Ansible from CMDBsyncer:

Ansible Projects — per-project rule sources, served as their own inventory provider
Run Playbook page with a --check --diff preview button and a per-run inventory-provider picker
Fire Rule outcome that triggers a playbook with the inventory of the matched hosts and is recorded as an audit event
Playbook catalog via manifest with friendly names plus a .local override file
CLI under cmdbsyncer ansible … with backward-compat shims for the old -i ansible/inventory invocations

Notification Hub

A local "who do we alert and how" layer that is event-source agnostic, with Checkmk wired as the first caller:

Contacts, Contact Groups (static + tag-dynamic + LDAP) and Vacation records
Shift calendars synced from any iCal URL (Google, Outlook, CalDAV) — used as an on-call intersection filter
Dispatch rules that match by source / event type / context regex and pick channels per recipient
REST endpoint POST /api/v1/notify/dispatch and a sample Checkmk notification script
Channel reuse — Slack, MS Teams, signed webhooks and email come from the Enterprise Notification Channels when licensed; falls back to a stdout log otherwise

How it Works

CMDBsyncer imports hosts and attributes from one or more sources, processes them through the rules engine, and exports the result to the configured targets. Sources and targets can overlap — a system like Checkmk or Netbox can be both.

→ How it Works

Supported Integrations

Full-Featured Modules

Module	Import	Export	Notes
Checkmk	✓	✓	Full host lifecycle, rules, tags, labels, groups, BI, DCD, agents, sites — tested with 140,000+ hosts
Netbox	✓	✓	Devices, VMs, interfaces, IPAM, contacts, sites
I-Doit	✓	✓	Template-based device sync
Ansible	—	✓	Dynamic inventory source, Checkmk agent and site management, UI playbook runner with run history and rule-driven firing
CMDB Mode	✓	✓	Use CMDBsyncer itself as a lightweight CMDB

Import Sources

Module	Description
REST API / JSON	Import from any REST API or JSON file structure
CSV	Import hosts or enrich attributes from CSV files
LDAP	Import objects from LDAP directories
JDisc	Import devices from JDisc Discovery
Jira	Import objects from Jira (on-prem and cloud)
Cisco DNA	Import devices and interface information
BMC Remedy	Limited import from BMC Remedy
PRTG	Import objects from PRTG
VMware	Import and export attributes for VMware VMs
MySQL	Import and inventorize MySQL database tables
MSSQL / ODBC	Import from any ODBC-compatible database (FreeTDS, MSSQL, etc.)

Getting Started

Install CMDBsyncer: Docker or Apache/WSGI
Understand how it works
Create your first Account
Set up an Import
Configure Rules
Export to a target system