Nagios Support Forum

We are getting a lot of requests to remove the nrpe agent due to all kind of audit findings.
check_by_ssh works fine but not sure it will scale as we have over 15000 services.

I recall reading about ssh connection pooling.
Does anyone have any pointers / pitfalls on how to get this working right for large installation?

Thanks in advance.

I've read of some folks using check_multi through check_by_ssh, but that imposes some loss of fidelity in your results. Is NRDS or NCPA an option? It relies on more compliant security standards and (hopefully) is less likely to raise audit flags. Or alternatively NRPE can be performed securely using the nsclient client and server components in concert using certificate based security.

My best advice returning to the original question would be to roll out check_by_ssh to a test suite. You can monitor check execution performance on that group of hosts apart from the NRPE hosts and compare. Maybe no optimizations will be needed.

jdalrymple wrote:I've read of some folks using check_multi through check_by_ssh, but that imposes some loss of fidelity in your results. Is NRDS or NCPA an option? It relies on more compliant security standards and (hopefully) is less likely to raise audit flags. Or alternatively NRPE can be performed securely using the nsclient client and server components in concert using certificate based security.

My best advice returning to the original question would be to roll out check_by_ssh to a test suite. You can monitor check execution performance on that group of hosts apart from the NRPE hosts and compare. Maybe no optimizations will be needed.

Thanks for the pointers. We use active checks only in our environment.
I am pretty sure we will hit performance issues due to our install size.
So we would like to go for a scaleable option from day 1.

For those interested in implementing SSH connection pooling, here is a good resource I found

https://labs.consol.de/nagios/omd/2012/ ... ction.html

Thanks for sharing! Let us know when you try using check_by_ssh with a persistent connection. I am curious to see what the performance improvements would be with a large installation as yours.

lmiltchev wrote:Thanks for sharing! Let us know when you try using check_by_ssh with a persistent connection. I am curious to see what the performance improvements would be with a large installation as yours.

We are just starting with about 10 servers. So this is more like a preventive measure.
Will update once I get it to work.

Sounds good! I will keep this thread open.