8 Replies Latest reply on Apr 24, 2018 8:33 AM by aLTeReGo

    Linux Agent

    dragoon231

      Hello all,

           I am interested in using the agent instead of NET-SNMP and I've noticed a few differences regarding information, such as the agent pulling OS version for me.  I've also noticed on a linux-agent monitored node I am able to see disk queue length, but on my snmp machine I can not.  I believe monitoring with the agent will continue collecting data if the node loses connection with my poller?  I also read where aLTeReGo said in a post the Linux agent monitoring of memory utilization is far more accurate than NET-SNMP.  I think i have also read you do not need to mess with OiDs when using the linux agent?  Assuming this is all true, I am interested in this.  On a side note, it seems to only use a bit less than 30 megs of memory as well, has anyone observed more?  I'm only testing it on one machine atm.

       

           My big question is, is there a list of pros/cons to using linux agent vs snmp monitoring?  This is something I would have to get SysAdmins on board with for it to happen.  Thank you!

        • Re: Linux Agent
          kpmarcin

          Hello,

           

          I just found this question and I know it is a bit old, but I would like to address it for anyone who is interested with the subject.

           

          Regarding the memory used by the Agent in Linux and how it works, I have described it in below post:

          Re: what commands does the linux agent run?

           

          Polling via SNMP vs. Agent has it's pros and cons. There are advantages to both.

          At the bottom of my post, I am pasting screenshots from discovered resources from both SNMP and Linux. Please note that this is not a complete list.

           

          >> I also read where aLTeReGo said in a post the Linux agent monitoring of memory utilization is far more accurate than NET-SNMP

          It might be possible, but this would also depend on the SNMP daemon version, OS and other factors.

          SNMP is universal standard for monitoring, including the memory of device, so it needs to be accurate.

          However there might be some software dependencies on Linux, which makes Agent more accurate.

           

          Advantages to SNMP for Linux:

          - Routing Tables

          - Topology Layer 3 (discovering network links between devices)

          - Hardware status i.e. PSU redundancy, temperature, fans, disks health etc.

          - Contact and Location fields (can be used for automatic network map and alerting)

          - No third-party software required

          - Ability monitor RAM, Virtual Memory, Buffers, Cached and Shared Memory

          - SNMP in read only mode is very secure

           

          Advantages to Linux Agent:

          - Less traffic and queries for the monitoring

          - Ability to add more monitoring parameters, such as Quality of Experience

          - Ability to add SAM templates in one simple click, without the need of SSH traffic

          - Depending on the company, it might be easier to open Agent port in firewalls

          - Can be mass deployed automatically

           

          ---

           

          Disadvantages to SNMP for Linux :

          - Any additional monitoring needs to be done via SSH or Agent

          - Requires manual configuration (or advanced scripting or via third-party deployment solution such as Ansible)

           

          Disadvantages to Linux Agent:

          - Requires software, which needs to be maintain and up-to date (proprietary solution)

          - Requires Linux account and running process in the background

          - Requires open network port to incoming connections, which includes running scripts and is based on OpenSSL (possible vulnerabilities in the future)

           

           

          Those are the points that comes to mind. Probably there are few more for both solutions

           

          ------------------------------------------------------------------------

           

          ------------------------------------------------------------------------

          ------------------------------------------------------------------------

           

           

          Kind regards,

          Marcin Kazmierczak.

          ---

          IT-Indago Ltd. - Authorized Reseller & SolarWinds Certified SCP Professional

          IT-Indago – Be In Control!  |  Follow us on Facebook & LinkedIn

          2 of 2 people found this helpful
            • Re: Linux Agent
              aLTeReGo

              kpmarcin  wrote:

               

              Disadvantages to Linux Agent:

              - Requires open network port to incoming connections, which includes running scripts and is based on OpenSSL (possible vulnerabilities in the future)

               

              This is not correct. When the Agent is running in 'Active' mode (AKA: Agent Initiated Mode) the Agent has no listening ports, and therefore exposes zero footprint to exploit remote vulnerabilities.

               

              kpmarcin  wrote:

               

              Advantages to SNMP for Linux:

              - Hardware status i.e. PSU redundancy, temperature, fans, disks health etc.

              Server Hardware Health Monitoring is Fully Supported by the Linux Agent.

               

              Advantages to SNMP for Linux:

              - Contact and Location fields (can be used for automatic network map and alerting)

              This information is also collected by the Agent when NET-SNMP is installed on the host. The Agent will bind SNMP to the loopback interface so that it's not required to be remotely accessible.

               

              kpmarcin  wrote:

               

              Advantages to SNMP for Linux:

              - No third-party software required

              NET-SNMP is indeed a piece of 3rd party software which should be updated and maintained regularly.

               

               

              kpmarcin  wrote:

               

              Advantages to SNMP for Linux:

              - Ability monitor RAM, Virtual Memory, Buffers, Cached and Shared Memory

              All of this information is also collected via the Agent, but has zero reliance upon NET-SNMP. It therefore provides far more accurate information.

               

              kpmarcin  wrote:

               

              - SNMP in read only mode is very secure

              Even read-only SNMP is susceptible to information disclosure attacks, allowing unscrupulous individuals to easily identify vulnerable versions of other software running on the system for easy exploitation. This is not the case with the Agent.

              3 of 3 people found this helpful
                • Re: Linux Agent
                  kpmarcin

                  Hello Alterego,

                   

                  Thanks for the reply. This clarifies my pros & cons

                  Could I share my further comments with you?

                   

                  >> Server Hardware Health Monitoring is Fully Supported by the Linux Agent.

                   

                  Would that be accurate for all scenarios?

                  For example on Windows Servers, the Agent does not support additional hardware sensors such as Dell OpenManage software and accessing internal Arrays (built in the server rack).

                  My guess would be that Linux version of the Agent has the same limitations.

                   

                  >>  NET-SNMP is indeed a piece of 3rd party software which should be updated and maintained regularly.

                  It is third-party, however it is a part of the official repository for Redhat, SLES and others. So there is no need for additional internal approvals in companies.

                   

                  >>>> Ability monitor RAM, Virtual Memory, Buffers, Cached and Shared Memory

                  >> All of this information is also collected via the Agent, but has zero reliance upon NET-SNMP. It therefore provides far more accurate information.

                   

                  Do you know why I was not able to see those?

                  On the above screenshot from my lab, I was able to show that Agent did not see Physical memory, virtual memory, memory buffers, cached memory, shared memory and swap space. All of those were visible via SNMP. This was on CentOS.

                   

                  Kind regards,

                  Marcin Kazmierczak.

                  ---

                  IT-Indago Ltd. - Authorized Reseller & SolarWinds Certified SCP Professional

                  IT-Indago – Be In Control!  |  Follow us on Facebook & LinkedIn

                  1 of 1 people found this helpful
                    • Re: Linux Agent
                      aLTeReGo

                      kpmarcin

                      >> Server Hardware Health Monitoring is Fully Supported by the Linux Agent.

                       

                      Would that be accurate for all scenarios?

                      For example on Windows Servers, the Agent does not support additional hardware sensors such as Dell OpenManage software and accessing internal Arrays (built in the server rack).

                      My guess would be that Linux version of the Agent has the same limitations.

                      This is not the case with the Linux Agent. The issue with Windows is that Dell does not expose this information through any other means other than SNMP. That is because the array controller is sourced from a 3rd party. Ths Linux Agent allows users to specify optional SNMP credentials which allows us to collect Hardware Health information from Linux hosts.

                       

                      kpmarcin

                       

                      >>>> Ability monitor RAM, Virtual Memory, Buffers, Cached and Shared Memory

                      >> All of this information is also collected via the Agent, but has zero reliance upon NET-SNMP. It therefore provides far more accurate information.

                       

                      Do you know why I was not able to see those?

                      On the above screenshot from my lab, I was able to show that Agent did not see Physical memory, virtual memory, memory buffers, cached memory, shared memory and swap space. All of those were visible via SNMP. This was on CentOS.

                      In the HOST-RESOURCES MIB, SNMP represents these metrics as volumes, but their values were largely inaccurate. Rather than carry those inaccuracies through we opted instead to exclude them for now.

                      2 of 2 people found this helpful
                  • Re: Linux Agent
                    hailaeos

                    One huge difference between the Agent and SNMP. SNMP will monitor swap space which in my environment we consider critical its a huge mistake of solarwinds to think that this is not important. I am attempting to decide to scrap all our linux agents and go to snmp or just use a perl script to get the information back.

                      • Re: Linux Agent
                        kpmarcin

                        Hello hailaeos

                         

                        Yes, this is correct. Agent can have a lot of advantages, like offline monitoring. If I am not mistaken, aLTeReGo mentioned that monitoring via Agent is more precise than SNMP. If you could make a compromise with Agent + Perl scripts, this could be the way to go.

                         

                        It would of course depend on your use case and what is most important.

                        I have clients, to whom network layer 3 for Linux servers via SNMP is crucial for maps (also with automatic dependencies).

                         

                        Kind regards,

                        Marcin Kazmierczak.

                        ---

                        IT-Indago Ltd. - Authorized Reseller & SolarWinds Certified SCP Professional

                        IT-Indago – Be In Control!  |  Follow us on Facebook & LinkedIn

                          • Re: Linux Agent
                            aLTeReGo

                            Topology still functions with Agents, even though it's not a selectable item shown under 'List Resources'. This is because Topology comes from the switches and routers your servers are connected to. The only instance where topology wouldn't work with the Agent is if your Linux server was acting as a router, which is not very common these days. 

                            2 of 2 people found this helpful
                      • Re: Linux Agent
                        aLTeReGo

                        dragoon231  wrote:

                         

                        I believe monitoring with the agent will continue collecting data if the node loses connection with my poller?

                        Yes, that is correct. For up to 24 hours the Agent can be disconnected from the Orion server, running independently, and all polled data will remain cached on the Agent. When connectivity is restored the Agent will then upload all collected statistics to the main Orion server, filling in  gaps in charts.