Agentless Windows monitors

Andreas Ericsson ae at op5.se
Wed Mar 30 02:11:41 CEST 2005
Previous message: Agentless Windows monitors
Next message: Agentless Windows monitors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Glenn Meisenheimer wrote:
> Hi Andreas				
> 

Ahoy.

> 
> 
> You said:
> 
> 
> 
> Ok, so no client needs to be installed and it can (according to
>  MS
> 
> themselves) be done securely, but the configuration process to set
>  it up
> 
> still requires hands-on configuration of the machine in question
>  which
> 
> will most likely be more confusing than installing a package on
>  each of
> 
> the monitored hosts and with a far greater impact if it's done wrong.
> 
> 
> 
> Perhaps you don't understand.  No agents need to be set up on the
>  remote machines and the only configuration required is that a user
>  needs to be set up so that nagios can access the machine.  You
>  have to do the same thing with many of the other Nagios monitoring
>  tools.  Also, the user can be a domain user, so you really don't
>  even need to touch the monitored machines at all.
> 

Except that MS by default ships DCOM access with very loose 
access-restrictions which means it needs to be tweaked on each machine 
if this is to be done in a secure manner.

Even so, minimal access is usually all it takes to increase possibility 
of successfully exploiting a vulnerabilities about 40 times.

> 
> 
> And hopefully, if you have Windows systems in your infrasturcture
>  you shouldn't find it too confusing to set up a user.
> 
> 
> 
> Now your earlier point of scalability bears investigation.

Common sense says it will work poorly. If the proxy could have a script 
server that would greatly reduce the load, as code doesn't need to be 
initialized every time. That would call for a complete re-design of 
nrpe-nt though, so it's probably better to start from scratch.

>  I have
>  not rolled out thousands of these monitors yet, so I obviously
>  need to do some benchmarking to see just how scalable this approach
>  is.  To do it correctly, I need to use an enterprise level server
>  as the proxy host.  (if one intends to do large numbers of these
>  things this would make sense).
> 
> 
> 
> One could, of course, use more than one proxy server.  That would
>  be scalable.  Nothing says that you can't have more than one of
>  these things out there.  Perhaps you could select one machine in
>  each domain and install nrpe-nt and these scripts on it.
> 

Yes, but is it really interesting to waste computer power on proxies? 
One must also consider the fact that the proxy will become a single 
point of failure (SOP running windows ... *shudder*). If the proxy goes 
down you'll loose monitoring on all the windows nodes and considering 
you have decided to invest in a proxy to monitor them, you probably have 
quite a few.

One could ofcourse set up a redundant mesh of proxies and nagios servers 
but then we're eating up the time saved pretty fast.

> 
> 
> Now, where to find an enterprise server that I can appropriate for
>  this testing... hehe  Might be time for a midnight foray through
>  the lab!
> 

Don't forget the 3am lunar toast. ;)

> 
> 
> Glenn A. Meisenheimer
> 
> Customer Support Manager
> 
> Groundwork Open Source Solutions
> 
> 
> 
> -----------------------
> 
> This thread is located in the archive at this URL:
> 
> http://www.nagiosexchange.org/nagios-users.34.0.html?&tx_maillisttofaq_pi
> 1[showUid]=4519
> 
> 					
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Agentless Windows monitors
Next message: Agentless Windows monitors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list