Hi Kevin, I carefully read your speech about this subject and I found you a lot of insist on security offering by ssh, but you can also configure nrpe to work with ssl so I think we will have no difference at this level, then what do you think? best regards
2009/3/25 Kevin Keane <[email protected]>: > I think you are comparing apples and oranges here, because in most > situations that I can think of, the decision is dictated by the network > topology. If you are exclusively on a trusted private network, > check_by_ssh really doesn't offer any benefits. Conversely, if your > topology involves the Internet or some other untrusted network (WiFi), > then you wouldn't want NRPE in the first place. > > The only exception to the above that I can think of is when it comes to > deciding between using check_by_ssh over an untrusted network, vs. NRPE > through some other kind of tunnel or VPN. But in that case, you'd incur > encryption overhead either way, and the comparison is very different > from the question you asked. > > All that said: I don't have any first-hand experience, but I suspect > that the impact of establishing 2200 ssh connections in a five-minute > span (assuming that you are using a five-minute check interval) is > pretty substantial. The main impact actually lies in establishing and > tearing down the connections, key negotiations etc.; the encryption > during the data phase probably has only limited impact because most > checks only transmit a few bytes back and forth. > > SSH does much better with longer-duration connections when the keys are > already exchanged. This is even more true if you have a router-based > VPN, because in that case the overhead is offloaded to a different machine. > > So if you have the option of sending the checks as NRPE through one or a > few long-term VPNs: you are probably going to be better off. Of course, > in the big picture, your mileage may vary. > > Christopher McAtackney wrote: >> Hi all, >> >> I was wondering if someone could give a brief overview of the pros / >> cons of using NRPE to monitor my remote hosts versus using the >> check_by_ssh command? >> >> I'm aware that check_by_ssh increases the CPU overhead, but I'm not >> clear on the level of impact here - does this increase the load on the >> monitoring machine in direction relation to the number of hosts being >> monitored? For example, if I was using check_by_ssh to monitor, say, >> 2000 services spread across 200 hosts, would I experience significant >> slowdown on my monitoring machine? >> >> Cheers for any info, >> >> Chris >> > > > -- > Kevin Keane > Owner > The NetTech > Find the Uncommon: Expert Solutions for a Network You Never Have to Think > About > > Office: 866-642-7116 > http://www.4nettech.com > > This e-mail and attachments, if any, may contain confidential and/or > proprietary information. Please be advised that the unauthorized use or > disclosure of the information is strictly prohibited. The information herein > is intended only for use by the intended recipient(s) named above. If you > have received this transmission in error, please notify the sender > immediately and permanently delete the e-mail and any copies, printouts or > attachments thereof. > > > ------------------------------------------------------------------------------ > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > easily build your RIAs with Flex Builder, the Eclipse(TM)based development > software that enables intelligent coding and step-through debugging. > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > _______________________________________________ > Nagios-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null > -- Cordialement, Idriss ARABBAJ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
