Using SNMP as an alternative to NRPE

Sébastien Barbereau barbereau at gmail.com
Mon Jul 17 13:30:39 CEST 2006


Here my 2cents: I've always used SNMP for gathering data on my devices.
Why:
* Security
I don't find SNMP security being that worse than that of any network daemon.
It provides ACL and can distinguish betwen various privileges levels. (Of
course this depends on the snmp implementation but you'll always have a
distinguish betwen read and write priv). What snmp v1/v2 mainly lacks IMHO
is the absence of any encryption capacity. On the other hand you have to
keep in mind that the data your polling is not a TOP SECRET data file. Also,
most of my customers prefer to run daemons and services provided by their OS
vendor and not some third party tidbit they don't trust. This is also true
for the security management teams I've been working with, they prefer to see
some well known protocol rather than some "obscur" thing travelling through
their firewalls (obscur for them I mean).

* Functionnality
Of course, SNMP can and will not provide you as much flexibility as NRPE to
gather information from systems. But for monitoring standard thinks like
CPU,MEM,disk, processes,  ... it does the job and it does it well. So once
the snmp service is running I do not have to bother to install the NRPE
service, check wether it's available for this platform or not, recompile ...
Also, on commercial systems, I'm much more confident that any upgrade done
by the customer on his systems won't brake the SNMP layer, this is not
something I can be sure of with NRPE (have seen some rare cases where it
stopped working after upgrades).

Concerning, the functionnalities of SNMP, you can do anything you want when
using some advanced snmp services like NET-SNMP (retrieving script results
for example). Some OS and hardware providers had developed very interesting
SNMP MIBS containing lots of information to gather and analyse. This can
also be interresting to quickly start your Nagios project in the company:
just ask for a readonly community and your up&running. But of course, there
are thinks you will not be able to check as easyly as expected with SNMP.

This brings us to last point:

* Learning curve
Learning to use SNMP, learning where the interresting things are, can be a
real nightmare with SNMP.

So, as said, I've always used SNMP in my Nagios installations and never had
to regret it. The choice betwen NRPE & SNMP is I think more a question of
habits and of the context of the installation.

Cheers,
Seb.

PS:
Concerning the monitoring through ssh here is why I would not recommend this
: security (need an account on every system), ssh is not available on some
systems, traffic overhead, ...


==========================
See Nagios in action: http://runnagios.be
On 7/17/06, Alexander Harvey <alexh19740110 at gmail.com> wrote:
>
> I'm not sure I can shed much light onto the subject, but I can say that we
> were going to use a product called 'SolarWinds' that called upon the
> net-snmp package and we found that the documentation for that project was
> quite hopeless and we gave up in despair. This is how we came to be pushing
> for Nagios as a Unix server monitoring solution. I'd have to say that now
> I've got SSH up and running the question that's puzzling me is why not just
> always use ssh? Here is a paper you might find interesting: http://www.google.com.au/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fwww.sans.org%2Freading_room%2Fpapers%2Fdownload.php%3Fid%3D332%26c%3D80c9dec08d4b581d738caceb89082798%26portal%3D4792e83567dbe8752b5c56325ead20d4&ei=N2G7RMPlHqKQpwKqrdHOBA&sig2=Vqu6xtjB84fCTZ9atR68Zg
>
>
> Alex
>
>
> On 7/17/06, Thomas Sluyter <nagios at kilala.nl> wrote:
> >
> > Anybody else have any good ideas on this subject? I'm still curious
> > to hear more :)
> >
> > cheers!
> >
> >
> > Thomas
> >
> >
> > On 13 Jul, 2006, at 12:02, Thomas Sluyter wrote:
> >
> > > On 13 Jul, 2006, at 11:42, Tobias Klausmann wrote:
> > >
> > >> Hi!
> > >>
> > >> ( And he made a lot of good points... )
> > >
> > > All very good points Tobias... Generally speaking...
> > >
> > > In our case they won't steer us away from using the SNMP daemon, but
> > > in another situation it's a whole different kettle of fish...
> > >
> > > And yes, we'll pay close mind to our security settings... Thanks for
> > > the reminder :)
> > >
> > > Cheers!
> > >
> > >
> > > Thomas
> >
> >
> >
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060717/1d4ba96b/attachment.html>
-------------- next part --------------

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list