Recommendations for server monitoring tool without central access to the monitored servers [closed]
I'm looking for an open source server monitoring tool for my servers:
- All servers running Linux, mostly current Debian Buster, but partly CentOS
- Other OS (Windows, *BSD etc.) don't matter
- Physical hardware servers and virtual servers (KVM/Qemu)
- Non-server devices like switches (SNMP) actually don't matter
I want to monitor at least standard parameters like load, free disk space etc. In case of the hardware servers, it was "nice to have" if the tool could access lm-sensors, IPMI or MegaCLI.
I'm looking for a tool (infrastructure) with a certain architecture:
- There's a central monitoring server listening to HTTP(S) (e.g. REST endpoint). (No binary (RMI, CORBA etc.) or proprietary mystery protocols allowed.) If there's no TLS support, that's no problem. I could place an Apache httpd in front of it for TLS termination.
- On all servers, there's an agent that sends operating parameters to the central monitoring server (PUSH) on a regular basis (by daemon or cron job).
- The agents must not listen to any other interfaces than 127.0.0.1. I don't want the central monitoring server to be able to connect to the agents in any way (pull).
- The central monitoring server must not be able run commands on the monitored nodes / servers.
- The central monitoring server has NO credentials / SSH / shell access to the monitored nodes / servers.
- If the monitoring server was infected or hacked, I don't want it to compromise the entire network and each and every server.
- I want the monitoring server to be only a passive data sink. (But it wasn't wrong if it could generate alarm emails when configured conditions occur. But that's no requirement.)
I thought about programming a very simple solution on my own - using shell scripts and curl
as "agents" and ElasticSearch for the central REST server.
But I thought, maybe there's something like that ready to use so I could get around that effort??? :)
Zabbix is able to do these things. You will need to run the Zabbix agent with Active mode.
Then, the servers will access to central monitoring server. The central monitoring server will not connect to your servers.