Re: [Nagios-users] Agentless monitoring with Nagios?
On Mon, May 15, 2006 at 03:34:53PM -0700, Keller, Steve wrote: a replacement. One of the issues we have is that we cannot, for various (mostly political) reasons, install an agent on the hosts we monitor. By any chance is SNMP already in place on the target hosts? That might cut down on the number of agent-on-demand checks you have to run. So my question is, does anyone know of a reasonable approach to agentless monitoring using Nagios? We are planning to try SSH4, which Check out FSH (http://freshmeat.net/projects/fsh/) which does a similiar thing. That should take care of the SSH overhead problem. this has the problem that a host which is down, or busy, could delay checking other hosts. If you are writing this in perl, you can have your plugins timeout gracefully to prevent that. Nagios can be configured to time out plugins as well. -Jason Martin -- Keyboard? How quaint! - Scotty This message is PGP/MIME signed. pgpMscx7OSfNM.pgp Description: PGP signature
Re: [Nagios-users] Agentless monitoring with Nagios?
Bringing up SNMP is a valid point (I'm currently handling ~25% of my active service checks this way). However there are a number of scenarios where the load on both the server/network/client is significantly greater to pull down a tree that needs processing (process table for instance), as the impact on the client is fairly large to process its own /proc entries to generate the values, pull them down sequentially, and parse the tree on the server. Same deal with a variety of network tables... Even Cisco/Foundry/etc do a horrible job of having their devices process generate ARP tables, etc. Even executing a remote command over SSH with the crypto overhead is faster in most situations (for me), and actually consumes less cycles on BOTH ends... This FSH project looks promising, though hasn't been updated since 2001... A scary prospect for anything that is crypto/authentication based :) I don't see any reason we couldn't whip up an active check script that runs a number of commands sequentially over the SSH session that's set up at the beginning, applies the results as separate passive service checks. That's the only way I can think of to handle it, since each service check will otherwise be initiating a separate connection, at whatever rate is determined by its schedule in the queue. Then again, check_by_fsh sounds nice too! Have to look at SSH4 features now that you mentioned it Steve. Just my thoughts. /eli On 5/15/06 3:56 PM, Jason Martin [EMAIL PROTECTED] wrote: On Mon, May 15, 2006 at 03:34:53PM -0700, Keller, Steve wrote: a replacement. One of the issues we have is that we cannot, for various (mostly political) reasons, install an agent on the hosts we monitor. By any chance is SNMP already in place on the target hosts? That might cut down on the number of agent-on-demand checks you have to run. So my question is, does anyone know of a reasonable approach to agentless monitoring using Nagios? We are planning to try SSH4, which Check out FSH (http://freshmeat.net/projects/fsh/) which does a similiar thing. That should take care of the SSH overhead problem. this has the problem that a host which is down, or busy, could delay checking other hosts. If you are writing this in perl, you can have your plugins timeout gracefully to prevent that. Nagios can be configured to time out plugins as well. -Jason Martin --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Agentless monitoring with Nagios?
In message [EMAIL PROTECTED], Eli Stair writes: Even executing a remote command over SSH with the crypto overhead is faster in most situations (for me), and actually consumes less cycles on BOTH ends... This FSH project looks promising, though hasn't been updated since 2001... A scary prospect for anything that is crypto/authentication based :) Actually fsh is just a wrapper over ssh/rsh so it doesn't have any security implications on it's own. It shares the security of the underlying transport. I don't see any reason we couldn't whip up an active check script that runs a number of commands sequentially over the SSH session that's set up at the beginning, applies the results as separate passive service checks. That's the only way I can think of to handle it, since each service check will otherwise be initiating a separate connection, at whatever rate is determined by its schedule in the queue. check_by_ssh can run multiple commands in one shot and report each output line to the proper service. See the -s flag and it's use with multiple -C commands. Then again, check_by_fsh sounds nice too! Have to look at SSH4 features now that you mentioned it Steve. One problem is that you have to keep a master ssh connection permanently open and mangage the connection if you aren't using fsh. For a lot of hosts (1000+), this could put a resource strain on the server as ports are taken up and 1000 ssh permanent ssh process are created. One thing that would also be nice for check_by_ssh would be the ability to use an ssh_agent for the keys. Sadly the current check_by_ssh sanitizes the environment a bit too well and removed the environment variables used to allow ssh to communicate with it's agent. -- rouilj John Rouillard === My employers don't acknowledge my existence much less my opinions. --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Agentless monitoring with Nagios?
On Tue, May 16, 2006 at 12:13:08PM -0700, Eli Stair wrote: in most situations (for me), and actually consumes less cycles on BOTH ends... This FSH project looks promising, though hasn't been updated since 2001... A scary prospect for anything that is crypto/authentication based :) I think it just acts as a 'ssh session manager' and doesn't do any crypto itself. Then again, check_by_fsh sounds nice too! Have to look at SSH4 features now that you mentioned it Steve. Can you provide a link to SSH4? I'm not seeing anything relevant on google. -Jason Martin -- Cats aren't clean, they're just covered with cat spit! This message is PGP/MIME signed. pgpHGv75qctWf.pgp Description: PGP signature
RE: [Nagios-users] Agentless monitoring with Nagios?
Wow! I did not expect a reply so quickly! We'll look into fsh, it looks promising. Thanks for the advice. Steve -Original Message- From: Jason Martin [mailto:[EMAIL PROTECTED] Sent: Monday, May 15, 2006 3:56 PM To: Keller, Steve Cc: nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] Agentless monitoring with Nagios? On Mon, May 15, 2006 at 03:34:53PM -0700, Keller, Steve wrote: a replacement. One of the issues we have is that we cannot, for various (mostly political) reasons, install an agent on the hosts we monitor. By any chance is SNMP already in place on the target hosts? That might cut down on the number of agent-on-demand checks you have to run. So my question is, does anyone know of a reasonable approach to agentless monitoring using Nagios? We are planning to try SSH4, which Check out FSH (http://freshmeat.net/projects/fsh/) which does a similiar thing. That should take care of the SSH overhead problem. this has the problem that a host which is down, or busy, could delay checking other hosts. If you are writing this in perl, you can have your plugins timeout gracefully to prevent that. Nagios can be configured to time out plugins as well. -Jason Martin -- Keyboard? How quaint! - Scotty This message is PGP/MIME signed. --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
RE: [Nagios-users] Agentless monitoring with Nagios?
You can get it from openssh.com. Directions on setting up persistent connections are in the installation files. It basically just requires a config file in ~/.ssh and a directory underneath it to store temp files Steve -Original Message- From: Jason Martin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 16, 2006 1:12 PM To: Eli Stair Cc: Keller, Steve; nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] Agentless monitoring with Nagios? On Tue, May 16, 2006 at 12:13:08PM -0700, Eli Stair wrote: in most situations (for me), and actually consumes less cycles on BOTH ends... This FSH project looks promising, though hasn't been updated since 2001... A scary prospect for anything that is crypto/authentication based :) I think it just acts as a 'ssh session manager' and doesn't do any crypto itself. Then again, check_by_fsh sounds nice too! Have to look at SSH4 features now that you mentioned it Steve. Can you provide a link to SSH4? I'm not seeing anything relevant on google. -Jason Martin -- Cats aren't clean, they're just covered with cat spit! This message is PGP/MIME signed. --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Agentless monitoring with Nagios?
On Tue, May 16, 2006 at 02:37:09PM -0700, Keller, Steve wrote: You can get it from openssh.com. Directions on setting up persistent Ooh, OpenSSH version 4. That makes more sense. connections are in the installation files. It basically just requires a config file in ~/.ssh and a directory underneath it to store temp files I see now, the ControlMaster / ControlPath directives. I think you'll still need something like fsh as these directives appear to only help when you have multiple connections to the same host running concurrently, not when you want to cache a connection over a long period of time. -Jason Martin -Original Message- From: Jason Martin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 16, 2006 1:12 PM To: Eli Stair Cc: Keller, Steve; nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] Agentless monitoring with Nagios? On Tue, May 16, 2006 at 12:13:08PM -0700, Eli Stair wrote: in most situations (for me), and actually consumes less cycles on BOTH ends... This FSH project looks promising, though hasn't been updated since 2001... A scary prospect for anything that is crypto/authentication based :) I think it just acts as a 'ssh session manager' and doesn't do any crypto itself. Then again, check_by_fsh sounds nice too! Have to look at SSH4 features now that you mentioned it Steve. Can you provide a link to SSH4? I'm not seeing anything relevant on google. -Jason Martin -- A true adman writes the prose and cons. This message is PGP/MIME signed. pgpwD59Unlz7l.pgp Description: PGP signature