Slashdot Mirror

← Back to Stories (view on slashdot.org)

Agent-based or Agent-less Network Monitoring

Posted by ryuzaki0 on from the but-are-they-useful dept.

An anonymous reader writes "ITO has published an interesting article on agent-based and agent-less network monitoring approaches: "Agents can monitor the status (availability and performance) of applications, servers, and network components in significantly more depth than generic management tools, since they are able to gather data through application-specific interfaces, exercise the full application functionality, and perform localised aggregation and summarisation of high volume metrics for example.""

6 of 34 comments (clear)

  1. I wonder . . . . by aneeshm · · Score: 0, Interesting

    . . . . how much of this overlaps with conventional AI ?

  2. I advise a mixed approach by Limburgher · · Score: 3, Interesting

    I use agents on the few where it's really critical that I be alerted to adverse conditions, say, low disk space, high load, etc. The rest I can jsut check TCP services and be done with it.

    --

    You are not the customer.

  3. To Agent, or Not To Agent, That is the Question by AndrewStephens · · Score: 3, Interesting
    It all really depends on how important the service is. If you can stand a few minutes delay in getting the information, then pinging the service remotely every 2 minutes is going suit you fine. If not, then a specific agent will be required to send out the alert. To be really safe you really need to do both, in case the whole data centre blows up and takes out your agent as well.

    A lot of Windows software that claims to be agentless really just remotely installs a small stub using a domain account behind the scenes to do the task. Microsoft is actually making a decent stab at the problem with WMI, a sort of big brother to SNMP. Unfortunately the implementation is complex, non-standard, and up until now nobody has really used it for the type of remote instrumentation that this article talks about. Even Microsoft's own software has not really been instrumented properly.

    --
    sheep.horse - does not contain information on sheep or horses.
    1. Re:To Agent, or Not To Agent, That is the Question by ocbwilg · · Score: 2, Interesting

      A lot of Windows software that claims to be agentless really just remotely installs a small stub using a domain account behind the scenes to do the task. Microsoft is actually making a decent stab at the problem with WMI, a sort of big brother to SNMP. Unfortunately the implementation is complex, non-standard, and up until now nobody has really used it for the type of remote instrumentation that this article talks about. Even Microsoft's own software has not really been instrumented properly.

      Which makes you wonder what the difference is between a really big, complex agent welded into your OS and WMI.

      But seriously, I use both agents and agentless monitoring with WMI. I use Insight Manager running on my servers to warn me of hardware issues, and use a VBScript that I wrote to connect to WMI on my servers to measure things that IM doesn't get. It also pings the servers at regular intervals. Between the two I think that we've got it pretty well covered.

      The interesting thing is that IM basically plugs into WMI itself, though it does have new WMI classes that are HP/Compaq specific. If you have a decent engineering with good scripting skills (VBS, Perl, Jscript, Python, whatever) then it's really easy to use WMI to monitor and manage just about evrything related to Windows servers.

  4. Agent servers by Spazmania · · Score: 3, Interesting

    At a previous job, the lead engineers used to joke that our email servers were actually agent servers that also ran email. It would have been funnier if it wasn't true.

    Most monitoring agents go overboard. They monitor everything under the sun, even things that require a significant amount of computing power to wrangle in to useful data.

    Even lightweight agents like Nagios' nrpe do stupid things like an expensive forking scan of the process table once for each monitored process. God help you if you're running HP's Openview.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  5. Re:"Agentless" monitoring does not exist by Onan · · Score: 2, Interesting


    This is not correct.

    It is absolutely true that snmpd, sar, and whathaveyou count as "agents" as much as anything else. However, you've artificially limited the discussion to only the range of monitoring appraoches that use such tools; of course when you only discuss types of monitoring that use agents, there is no such thing as agentless monitoring.

    However, many (and arguably many of the best) monitoring approaches simply observe the behaviour of the actual running services, without using any additional tools on the monitored systems.

    eg, want to know whether your webserver is up? Don't rely on a tool running on the webserver machine to look for the process and tell you whether it thinks it's up; just give it a request. Want to know how quickly your webserver serves requests? Just give it the request you care about and time how long the interesting bits of it take. This approach is often referred to as "black box" or "end to end" monitoring, though the latter can be something of a misnomer.

    I would argue that such approaches not only exist, they have decided advantages. Asking a tool on a monitored machine whether it is correctly handling requests will never be as authoritative as simply asking it to handle a request and confirming the results.