Agentless monitoring: how does it work? Advantages over traditional monitoring?
Solution 1:
The role of the Agent
Monitoring is umbrella term for many functions. The function of an "agent" is essentially to make data available to the rest of the system. To put it in context, you might try to fit it into the model proposed by Dickson from his "Working theory of Monitoring" talk.
So agents generally fit into "Sensing/Measurement" and maybe the "Collection" pieces of this model.
What is an agent anyways?
Agent-less monitoring is a bit of a misnomer. So what do people mean when they say "agent-less " monitoring? It essentially means that you are using functionality built-in to the thing being monitored, instead of installing a third-party utility to accomplish your data collecting goals. So to be more accurate, lets reform this as "using third-party collection tools vs standard OS functionality (or package that "ship" with the thing) to monitor.
Mosby's Pros and Cons
There are no absolute rules, and no holy grail, but generally I think the pros and cons are as follows:
Built-in Data collection Functionality:
- Pro: Generally assumed to be more reliable. Less likely to have an impact on the system being monitored. SNMP for example is "tried and true".
- Con: Can be less flexible, they may not provide the things you want to monitor
- Pro/Con (Depending on how you look at it): Many third party collection agents are designed with a specific monitoring system in mind, so they fit nicely together.
Third-Party:
- Pro: Integrate tightly with the other pieces of your monitoring system
- Con: Since they are not as common as things that ship with the system, they don't get tested as much, and might be less reliable (have impact on their host system)
- Pro: Since these agents run on the machine, they they can make local library and system calls and get information that might not be possible to get from standard built-in monitoring functionality.
Remember, these are generalizations. You can certainlly extend SNMP (but that almost becomes "third party"). And builtin tools could still use a lot of memory and crash. Your best bet is not to worry about one vs the other, but set out the requirements of what it is you need to monitor, and see what delivers that.