On 2015-01-17 11:22, Lee Wilson wrote:
Couldn’t you just use a passive monitoring solution and have the
remote hosts sending their data in?
Precisely what I was thinking the problem is that all the current
plugins I'm aware of aren't what I would call public network
friendly, security seems to have been added as an after thought in
most cases. In an ideal world this is what I would like to see being
possible:1) A remote node is configured with a standard config and
send out to a new site - All it needs is an IP address, hostname of
central system and an authentication certificate.
2) once onsite the
node boots up and talks back to the central system via HTTPS to
retrieve it's config at which point it reconfigures itself and starts
monitoring3) Alerts are sent back using an external plugin also over
HTTPS to the central system4) Periodically the node checks back in to
see if it's configuration needs updating - May be possible to do this
live if a persistent HTTPS connection is maintained.5) The central
system monitors the node using freshness checks, if it doesn't
receive any updates for a period of time, it marks the node down and
sends an appropriate alert. In effect all that's really needed is an
HTTP to Naemon proxy, I guess kind of similar to how Thunk works with
MKLiveStatus but for write access instead of read. The basic idea is
not to reinvvent the wheel if something already exists (such as using
certificate-based auth rather than something more custom). I've been
working on this idea even before Naemon was created but not being a
developer by trade I do scratch my head on a few bits. Got the basic
elements to a proof of concept more or less worked out if it is of
interest. Lee
Merlin does exactly what you want, except you need to create a custom
"fetch config" script if you want to do it over https instead of over
ssh.
https://kb.op5.com/display/DOC/Scalable+Monitoring contains the kb
articles we have at op5 regarding this. They shouldn't be too markety
but mostly contain technical details regarding how you set it up.
Merlin is 100% opensource. If you have problems using it with Naemon,
I'll be happy to help you get it up and running.
/Andreas
