Agent-Based vs. Agentless Monitoring with Nagios
By: Shamas Demoret
One of the key strengths of Nagios XI is that it supports a wide variety of approaches for monitoring various operating systems, featuring both agentless and agent-based options.
This flexibility often leads to the natural question, “Should I use an agent-based or agentless monitoring method?” Ultimately, the best method will depend on a variety of factors unique to your deployment and requirements.
In this article, we’ll explore the pros and cons of each option, so that you can make an informed decision on the monitoring approach you choose.
Some would correctly argue that even a native protocol such as SNMP should be considered an agent, but for the purposes of this article we’ll consider ‘agentless’ monitoring to be any method that doesn’t require a separate Nagios agent to be installed.
Nagios XI supports options such as SNMP (Simple Network Management Protocol), WMI (Windows Management Instrumentation), and SSH (Secure Shell). ICMP ping checks, TCP/UDP port checks, and website checks are other examples of agentless monitoring.
- Agentless approaches can help reduce administrative overhead, since there is no separate agent to install or manage.
- Agentless methods may be easier to get approval to use from systems teams, since again no third-party utilities need be installed.
- Nagios XI includes smart wizards for SNMP and WMI which scan hosts for things like drives and running services, providing context on the unique characteristics of the host during monitoring configuration.
- SNMP traps provide a passive monitoring option, meaning the device will send results upstream to Nagios, as opposed to an active check where Nagios contacts the system for data. Traps can also provide realtime results when problems occur.
- You will likely still need to take some action on the monitored host, for example verifying the WMI service is running, enabling the SNMP listener and defining credentials, or loading plugins you wish to execute via SSH.
- The available checks would be limited to whatever metrics are supported by the native protocol (with the exception of SSH checks, which can leverage custom plugins).
- Agentless methods can introduce higher load on your Nagios server, so may not scale as well as agents. Passive agents however can significantly reduce load on the monitoring engine.
Agent-based monitoring methods require that you install a separate agent on the monitored system, which is then called by Nagios to execute checks on specific services, either using plugins stored alongside the agent or an agent API.
Nagios XI supports a wide variety of agents covering many different operating systems, including long-running options such as NRPE, NSCA, and NSClient++. NCPA (Nagios Cross Platform Agent) is a modern option that supports Linux, Windows, OSX, AIX and Solaris monitoring.
- Greater monitoring depth may be possible with an agent, since you are able to leverage the thousands of free plugins on the Nagios Exchange community site, as well as custom plugins you write to extend the default capabilities.
- In addition to running status checks agents provide a way to run custom remediation scripts on your monitored hosts, for example to restart a stopped service. These can be run either automatically when Nagios detects a specific status (known as ‘event handlers’), or proactively by clicking an icon you’ve associated with the action (the Actions component).
- Both active and passive agents are available, and some like NCPA support both. This means you can either configure Nagios to actively check the system on a schedule, or configure the system to check itself and send the results upstream back to Nagios
- Agents require that you install them on your systems, so there would be an additional item to install, manage, and secure.
- Since they require something be installed, it may be more difficult to gain approval from systems teams to roll out agents.
- With the exception of NCPA, which includes a smart wizard to scan your host for unique characteristics, most agents require that you manually define the drives, services, and interfaces you wish to monitor.
As you can see, there are a lot of considerations to take into account when deciding which approach is best for your requirements. It’s also possible to leverage a mix of agentless and agent-based methods in your environment, if for example only certain systems require custom checks, but the rest are covered by the options a native protocol can support. Hopefully the above details will be of help as you decide which approach to take in your own environment.
Still have questions? Our Sales Team would be happy to answer them: firstname.lastname@example.org