Diana Scannicchio <diana.scannicc...@cern.ch>
writes:
> does someone know if mod_gearman, that happily works with Icinga, can
> be used to replace NRPE?
I recommend you do not. A combination of mod_gearman and NRPE is good.
NRPE should be used for the monitored nodes, mod_gearman should be used
for distributing jobs in the monitoring cluster.
NRPE has, by default, statically configured checks. This makes NRPE much
more resilient regarding check command security on the monitored nodes.
mod_gearman uses shared_secret encrypted messages on gearman queues, and
there is no specific access control.
If any of the nodes running mod_gearman (worker or module) are
compromised, that can be used to send commands to be run on the other
worker nodes. mod_gearman worker nodes should be kept separate and
access to the gearman server should be restricted.
If you need something to distribute NRPE configuration, look at puppet,
chef or cfengine (or roll your own with make, rdist and m4 if you're
feeling particularly masochistic).
--
Stig Sandbeck Mathisen
Any sufficiently advanced incompetence
is indistinguishable from malice
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
icinga-users mailing list
icinga-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/icinga-users
