Passive checks or Active checks and agents

[jkinning]

As I continue to research things for our migration from Nagios core to Nagios XI I encounter so many new items of interest. Recently, I read a couple articles that recommended passive checks for larger environments yet alot of threads on this forum kinda hint towards active checks. Is there a best practice or recommendation on when to utilize passive checks or if your Nagios XI instance is on a VM just use active checks and increase VM resources when needed?

I am always looking around trying to figure out how to configure agents to use passive checks (nrpe, ncpa) where if they aren't reporting in so many minutes to try again. That probably isn't the correct wording but I want to prevent a client from queuing up its status and thought I read somewhere about retry intervals or something along those lines from the client perspective. Still on the fence on nrpe or ncpa but it does appear many are using the nrpe so I am leaning towards that agent. On the agent side of things for those using nrpe how are you managing the configs? Or do you utilize the check_xi_service_nsclient to monitor some checks? Previously, we used wmi checks with Nagios core but I would like to take advantage of some key items an agent brings such as attempting to restart a service before sending out notifications. Currently, we also receive quite a few false positives from Nagios, not sure if that is from the wmi checks using a wmi proxy or from our Nagios core from being overwhelmed. Once you get a notification that a check is critical most people wait another 5 or 10 minutes to see if another alerts comes through stating all is well. Most of what we are checking are CPU, Memory, Disk spaces utilization on all drives, certain services and processes. I recently looked into checking outbound and inbound network utilization but not sure how valuable that data is.

Numbers will grow but our current core environment is checking 4370 services on 1140 hosts. These numbers will grow as the plan with Nagios XI is to include just about everything, servers (test, dev/uat, production) along with all the networking equipment.

[slansing]

NRPE has definitely been around longer, but will only execute plugins remotely. NCPA offers that, as well as a query-able? API, and NRDP packaged in for passive checks. When it comes to passive checks, I typically set them up on systems that endure higher loads, passive checks are *typically* less resource intensive, but of course, if you are using the same check plugin passively as you were actively, that is less likely to be the case. One of the least resource intensive passive options I have come across is SNMP traps, that is of course another option.