Agentless monitoring: how does it work? Advantages over traditional monitoring?

monitoring system-monitoring

Solution 1:

The role of the Agent

Monitoring is umbrella term for many functions. The function of an "agent" is essentially to make data available to the rest of the system. To put it in context, you might try to fit it into the model proposed by Dickson from his "Working theory of Monitoring" talk.

enter image description here

So agents generally fit into "Sensing/Measurement" and maybe the "Collection" pieces of this model.

What is an agent anyways?

Agent-less monitoring is a bit of a misnomer. So what do people mean when they say "agent-less " monitoring? It essentially means that you are using functionality built-in to the thing being monitored, instead of installing a third-party utility to accomplish your data collecting goals. So to be more accurate, lets reform this as "using third-party collection tools vs standard OS functionality (or package that "ship" with the thing) to monitor.

Mosby's Pros and Cons

There are no absolute rules, and no holy grail, but generally I think the pros and cons are as follows:

Built-in Data collection Functionality:

  • Pro: Generally assumed to be more reliable. Less likely to have an impact on the system being monitored. SNMP for example is "tried and true".
  • Con: Can be less flexible, they may not provide the things you want to monitor
  • Pro/Con (Depending on how you look at it): Many third party collection agents are designed with a specific monitoring system in mind, so they fit nicely together.

Third-Party:

  • Pro: Integrate tightly with the other pieces of your monitoring system
  • Con: Since they are not as common as things that ship with the system, they don't get tested as much, and might be less reliable (have impact on their host system)
  • Pro: Since these agents run on the machine, they they can make local library and system calls and get information that might not be possible to get from standard built-in monitoring functionality.

Remember, these are generalizations. You can certainlly extend SNMP (but that almost becomes "third party"). And builtin tools could still use a lot of memory and crash. Your best bet is not to worry about one vs the other, but set out the requirements of what it is you need to monitor, and see what delivers that.

Related

OpenSSH daemon ignores ServerKeyBits directive
Exchange restore backup. What happens to local ost files?
tomcat cannot change port 8080 to 80
SSH tunnel (port forwarding) slow down a lot my mysql queries
How to override the hostname that DHCP configures on a CentOS7 box in AWS? [duplicate]
bind not able to query some servers / domains
gunicorn not fully reloading after an HUP signal
Resetting DC Password from DSRM
Nginx: How to use docker log collector when nginx is running under supervisord
How to switch between TLS 1.0 and SSL 3.0 at Java/JRE level?
How do I get a network interface up in rhel 7?
How can I validate a ZFS snapshot image residing on a backup system?