Nagios Support Forum

What is the official stance about having the Carbon Black agent (Endpoint Protection and App Control) on the Nagios XI servers? Our security team is telling us that we are required to have the agents running and we need to know the stance of Nagios about having agents like this running on the Nagios XI Servers.

Hi Henry,

To date, we haven't tested the compatibility with Nagios XI and Carbon Black and always recommend running Nagios XI on a clean (nothing else installed), minimal system.

I would recommend installing this on a test server as it may interfere with XI's ability to run checks against external devices or cause package conflicts.

We are seeing a bunch of issues after the install, which is why I was hoping there was an official stance on this product that I could bring to our Security department.

We a bunch of services start timing out for SNMP checks, LDAP checks and URL checks that didn't have issues before the install of the Carbon Black agent.
We are also seeing that when a large failure event seems to happen (Loss of a database, or physical hardware failure that takes out a bunch of VMs), our Nagios XI instance seems to go under heavy load that we didn't see before. The number of connections to the database spikes, the number of systems experiencing timeouts grows and we start seeing a bunch of flapping starting on the systems that lasts for hours.

I know others have had issues in the past, such as https://support.nagios.com/forum/viewto ... 16&t=47870

Hi Henry,

We don't provide out of the box compatibility or an official stance on Carbon Black, SELinux or any other available security or protection application as there are simply too many vendors and each system will have different requirements and settings to work properly.

We can review the System Profile from and provide feedback and guidance, but as far as configuring this software to work with Nagios XI, I would reach out to the security team at your company or contact the vendor.