Here my 2cents: I've always used SNMP for gathering data on my devices.<br>Why:<br>* Security<br>I don't find SNMP security being that worse than that of any network daemon. It provides ACL and can distinguish betwen various privileges levels. (Of course this depends on the snmp implementation but you'll always have a distinguish betwen read and write priv). What snmp v1/v2 mainly lacks IMHO is the absence of any encryption capacity. On the other hand you have to keep in mind that the data your polling is not a TOP SECRET data file. Also, most of my customers prefer to run daemons and services provided by their OS vendor and not some third party tidbit they don't trust. This is also true for the security management teams I've been working with, they prefer to see some well known protocol rather than some "obscur" thing travelling through their firewalls (obscur for them I mean)
.
<br><br>* Functionnality<br>Of course, SNMP can and will not provide you as much flexibility as NRPE to gather information from systems. But for monitoring standard thinks like CPU,MEM,disk, processes, ... it does the job and it does it well. So once the snmp service is running I do not have to bother to install the NRPE service, check wether it's available for this platform or not, recompile ... Also, on commercial systems, I'm much more confident that any upgrade done by the customer on his systems won't brake the SNMP layer, this is not something I can be sure of with NRPE (have seen some rare cases where it stopped working after upgrades).
<br><br>Concerning, the functionnalities of SNMP, you can do anything you want when using some advanced snmp services like NET-SNMP (retrieving script results for example). Some OS and hardware providers had developed very interesting SNMP MIBS containing lots of information to gather and analyse. This can also be interresting to quickly start your Nagios project in the company: just ask for a readonly community and your up&running. But of course, there are thinks you will not be able to check as easyly as expected with SNMP.
<br><br>This brings us to last point:<br><br>* Learning curve<br>Learning to use SNMP, learning where the interresting things are, can be a real nightmare with SNMP.<br><br>So, as said, I've always used SNMP in my Nagios installations and never had to regret it. The choice betwen NRPE & SNMP is I think more a question of habits and of the context of the installation.
<br><br>Cheers,<br>Seb.<br><br>PS:<br>Concerning the monitoring through ssh here is why I would not recommend this : security (need an account on every system), ssh is not available on some systems, traffic overhead, ...<br>
<br><br>==========================<br>See Nagios in action: <a href="http://runnagios.be">http://runnagios.be</a><br><div><span class="gmail_quote">On 7/17/06, <b class="gmail_sendername">Alexander Harvey</b> <<a href="mailto:alexh19740110@gmail.com">
alexh19740110@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>I'm not sure I can shed much light onto the subject, but I can say that we were going to use a product called 'SolarWinds' that called upon the net-snmp package and we found that the documentation for that project was quite hopeless and we gave up in despair. This is how we came to be pushing for Nagios as a Unix server monitoring solution. I'd have to say that now I've got SSH up and running the question that's puzzling me is why not just always use ssh? Here is a paper you might find interesting:
<a href="http://www.google.com.au/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fwww.sans.org%2Freading_room%2Fpapers%2Fdownload.php%3Fid%3D332%26c%3D80c9dec08d4b581d738caceb89082798%26portal%3D4792e83567dbe8752b5c56325ead20d4&ei=N2G7RMPlHqKQpwKqrdHOBA&sig2=Vqu6xtjB84fCTZ9atR68Zg" title="http://www.google.com.au/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fwww.sans.org%2Freading_room%2Fpapers%2Fdownload.php%3Fid%3D332%26c%3D80c9dec08d4b581d738caceb89082798%26portal%3D4792e83567dbe8752b5c56325ead20d4&ei=N2G7RMPlHqKQpwKqrdHOBA&sig2=Vqu6xtjB84fCTZ9atR68Zg" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.google.com.au/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fwww.sans.org%2Freading_room%2Fpapers%2Fdownload.php%3Fid%3D332%26c%3D80c9dec08d4b581d738caceb89082798%26portal%3D4792e83567dbe8752b5c56325ead20d4&ei=N2G7RMPlHqKQpwKqrdHOBA&sig2=Vqu6xtjB84fCTZ9atR68Zg
</a><br><br>Alex</div><div><span class="e" id="q_10c7bfc4f0b84c11_1"><br><br><div><span class="gmail_quote">On 7/17/06, <b class="gmail_sendername">Thomas Sluyter</b> <<a href="mailto:nagios@kilala.nl" title="mailto:nagios@kilala.nl" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
nagios@kilala.nl</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Anybody else have any good ideas on this subject? I'm still curious<br>to hear more :)<br><br>cheers!<br><br><br>Thomas<br><br><br>On 13 Jul, 2006, at 12:02, Thomas Sluyter wrote:<br><br>> On 13 Jul, 2006, at 11:42, Tobias Klausmann wrote:
<br>><br>>> Hi!<br>>><br>>> ( And he made a lot of good points... )<br>><br>> All very good points Tobias... Generally speaking...<br>><br>> In our case they won't steer us away from using the SNMP daemon, but
<br>> in another situation it's a whole different kettle of fish...<br>><br>> And yes, we'll pay close mind to our security settings... Thanks for<br>> the reminder :)<br>><br>> Cheers!<br>><br>><br>
> Thomas<br><br><br><br></blockquote></div></span></div></blockquote></div><br>