Re: [Nagios-users] Agentless monitoring with Nagios?

[Jason Martin]

On Mon, May 15, 2006 at 03:34:53PM -0700, Keller, Steve wrote:
 a replacement.  One of the issues we have is that we cannot, for various
 (mostly political) reasons, install an agent on the hosts we monitor.
By any chance is SNMP already in place on the target hosts? That
might cut down on the number of agent-on-demand checks you have
to run.

 So my question is, does anyone know of a reasonable approach to
 agentless monitoring using Nagios?  We are planning to try SSH4, which
Check out FSH (http://freshmeat.net/projects/fsh/) which does a
similiar thing. That should take care of the SSH overhead problem.


 this has the problem that a host which is down, or busy, could delay
 checking other hosts.  
If you are writing this in perl, you can have your plugins
timeout gracefully to prevent that. Nagios can be configured to
time out plugins as well.

-Jason Martin
-- 
Keyboard? How quaint! - Scotty
This message is PGP/MIME signed.


pgpMscx7OSfNM.pgp
Description: PGP signature

Re: [Nagios-users] Agentless monitoring with Nagios?

[Eli Stair]

Bringing up SNMP is a valid point (I'm currently handling ~25% of my active
service checks this way).  However there are a number of scenarios where the
load on both the server/network/client is significantly greater to pull down
a tree that needs processing (process table for instance), as the impact on
the client is fairly large to process its own /proc entries to generate the
values, pull them down sequentially, and parse the tree on the server.  Same
deal with a variety of network tables... Even Cisco/Foundry/etc do a
horrible job of having their devices process  generate ARP tables, etc.

Even executing a remote command over SSH with the crypto overhead is faster
in most situations (for me), and actually consumes less cycles on BOTH
ends... This FSH project looks promising, though hasn't been updated since
2001... A scary prospect for anything that is crypto/authentication based :)

I don't see any reason we couldn't whip up an active check script that runs
a number of commands sequentially over the SSH session that's set up at the
beginning, applies the results as separate passive service checks.  That's
the only way I can think of to handle it, since each service check will
otherwise be initiating a separate connection, at whatever rate is
determined by its schedule in the queue.

Then again, check_by_fsh sounds nice too!  Have to look at SSH4 features now
that you mentioned it Steve.

Just my thoughts.

/eli


On 5/15/06 3:56 PM, Jason Martin [EMAIL PROTECTED] wrote:

 On Mon, May 15, 2006 at 03:34:53PM -0700, Keller, Steve wrote:
 a replacement.  One of the issues we have is that we cannot, for various
 (mostly political) reasons, install an agent on the hosts we monitor.
 By any chance is SNMP already in place on the target hosts? That
 might cut down on the number of agent-on-demand checks you have
 to run.
 
 So my question is, does anyone know of a reasonable approach to
 agentless monitoring using Nagios?  We are planning to try SSH4, which
 Check out FSH (http://freshmeat.net/projects/fsh/) which does a
 similiar thing. That should take care of the SSH overhead problem.
 
 
 this has the problem that a host which is down, or busy, could delay
 checking other hosts.
 If you are writing this in perl, you can have your plugins
 timeout gracefully to prevent that. Nagios can be configured to
 time out plugins as well.
 
 -Jason Martin



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Agentless monitoring with Nagios?

[John P. Rouillard]

In message [EMAIL PROTECTED],
Eli Stair writes:
Even executing a remote command over SSH with the crypto overhead is faster
in most situations (for me), and actually consumes less cycles on BOTH
ends... This FSH project looks promising, though hasn't been updated since
2001... A scary prospect for anything that is crypto/authentication based :)

Actually fsh is just a wrapper over ssh/rsh so it doesn't have any
security implications on it's own. It shares the security of the
underlying transport.

I don't see any reason we couldn't whip up an active check script that runs
a number of commands sequentially over the SSH session that's set up at the
beginning, applies the results as separate passive service checks.  That's
the only way I can think of to handle it, since each service check will
otherwise be initiating a separate connection, at whatever rate is
determined by its schedule in the queue.

check_by_ssh can run multiple commands in one shot and report each
output line to the proper service. See the -s flag and it's use with
multiple -C commands.

Then again, check_by_fsh sounds nice too!  Have to look at SSH4
features now that you mentioned it Steve.

One problem is that you have to keep a master ssh connection
permanently open and mangage the connection if you aren't using
fsh. For a lot of hosts (1000+), this could put a resource strain on
the server as ports are taken up and 1000 ssh permanent ssh process
are created.

One thing that would also be nice for check_by_ssh would be the
ability to use an ssh_agent for the keys. Sadly the current
check_by_ssh sanitizes the environment a bit too well and removed the
environment variables used to allow ssh to communicate with it's
agent.

-- rouilj
John Rouillard
===
My employers don't acknowledge my existence much less my opinions.


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Agentless monitoring with Nagios?

[Jason Martin]

On Tue, May 16, 2006 at 12:13:08PM -0700, Eli Stair wrote:
 in most situations (for me), and actually consumes less cycles on BOTH
 ends... This FSH project looks promising, though hasn't been updated since
 2001... A scary prospect for anything that is crypto/authentication based :)
I think it just acts as a 'ssh session manager' and doesn't do
any crypto itself.

 Then again, check_by_fsh sounds nice too!  Have to look at SSH4 features now
 that you mentioned it Steve.
Can you provide a link to SSH4? I'm not seeing anything relevant
on google.

-Jason Martin
-- 
Cats aren't clean, they're just covered with cat spit!
This message is PGP/MIME signed.


pgpHGv75qctWf.pgp
Description: PGP signature

RE: [Nagios-users] Agentless monitoring with Nagios?

[Keller, Steve]

Wow!  I did not expect a reply so quickly!

We'll look into fsh, it looks promising.

Thanks for the advice.
Steve

-Original Message-
From: Jason Martin [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 15, 2006 3:56 PM
To: Keller, Steve
Cc: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Agentless monitoring with Nagios?

On Mon, May 15, 2006 at 03:34:53PM -0700, Keller, Steve wrote:
 a replacement.  One of the issues we have is that we cannot, for
various
 (mostly political) reasons, install an agent on the hosts we monitor.
By any chance is SNMP already in place on the target hosts? That
might cut down on the number of agent-on-demand checks you have
to run.

 So my question is, does anyone know of a reasonable approach to
 agentless monitoring using Nagios?  We are planning to try SSH4, which
Check out FSH (http://freshmeat.net/projects/fsh/) which does a
similiar thing. That should take care of the SSH overhead problem.


 this has the problem that a host which is down, or busy, could delay
 checking other hosts.  
If you are writing this in perl, you can have your plugins
timeout gracefully to prevent that. Nagios can be configured to
time out plugins as well.

-Jason Martin
-- 
Keyboard? How quaint! - Scotty
This message is PGP/MIME signed.


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue.
::: Messages without supporting info will risk being sent to /dev/null

RE: [Nagios-users] Agentless monitoring with Nagios?

[Keller, Steve]

You can get it from openssh.com.  Directions on setting up persistent
connections are in the installation files.  It basically just requires a
config file in ~/.ssh and a directory underneath it to store temp files

Steve

-Original Message-
From: Jason Martin [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 16, 2006 1:12 PM
To: Eli Stair
Cc: Keller, Steve; nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Agentless monitoring with Nagios?

On Tue, May 16, 2006 at 12:13:08PM -0700, Eli Stair wrote:
 in most situations (for me), and actually consumes less cycles on BOTH
 ends... This FSH project looks promising, though hasn't been updated
since
 2001... A scary prospect for anything that is crypto/authentication
based :)
I think it just acts as a 'ssh session manager' and doesn't do
any crypto itself.

 Then again, check_by_fsh sounds nice too!  Have to look at SSH4
features now
 that you mentioned it Steve.
Can you provide a link to SSH4? I'm not seeing anything relevant
on google.

-Jason Martin
-- 
Cats aren't clean, they're just covered with cat spit!
This message is PGP/MIME signed.


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue.
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Agentless monitoring with Nagios?

[Jason Martin]

On Tue, May 16, 2006 at 02:37:09PM -0700, Keller, Steve wrote:
 You can get it from openssh.com.  Directions on setting up persistent
Ooh, OpenSSH version 4. That makes more sense.

 connections are in the installation files.  It basically just requires a
 config file in ~/.ssh and a directory underneath it to store temp files
I see now, the ControlMaster / ControlPath directives. I think
you'll still need something like fsh as these directives appear
to only help when you have multiple connections to the same
host running concurrently, not when you want to cache a
connection over a long period of time. 

-Jason Martin
 -Original Message-
 From: Jason Martin [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, May 16, 2006 1:12 PM
 To: Eli Stair
 Cc: Keller, Steve; nagios-users@lists.sourceforge.net
 Subject: Re: [Nagios-users] Agentless monitoring with Nagios?
 
 On Tue, May 16, 2006 at 12:13:08PM -0700, Eli Stair wrote:
  in most situations (for me), and actually consumes less cycles on BOTH
  ends... This FSH project looks promising, though hasn't been updated
 since
  2001... A scary prospect for anything that is crypto/authentication
 based :)
 I think it just acts as a 'ssh session manager' and doesn't do
 any crypto itself.
 
  Then again, check_by_fsh sounds nice too!  Have to look at SSH4
 features now
  that you mentioned it Steve.
 Can you provide a link to SSH4? I'm not seeing anything relevant
 on google.
 
 -Jason Martin

-- 
A true adman writes the prose and cons.
This message is PGP/MIME signed.


pgpwD59Unlz7l.pgp
Description: PGP signature