Monitoring servers across the internet

[cairnsd]

Hi there

I need to monitor a few servers across the internet in AWS, from what I understood there are 2 possibilities:

1) check_ec2.py (from what I understood uses a boto client on port 443, I assume it is encrypted right?)
2) check_nsclient on port 5666 with a password and a source ip filter on both firewalls to the Nagios

Regarding the security point of view i have the following questions:
1) Is the traffic check_ec2.py encrypted?
2) Is it advisable to use these methods through the internet?
3) Would it be better to create a vpn site to site between the Nagios and AWS to protect these traffic?
4) Are there other methods more secure to protect this traffic ?
5) Is nsclient with a password enough or you would recommend further security?

Thanks in advance
diego

[benjaminsmith]

Hi Diego,

What type of servers are you planning to monitor and what type of checks. You could install an agent like NCPA on the hosts and then run the NCPA wizard from Nagios XI to setup your checks.

How To Monitor Devices Using The NCPA Agent and Wizard

On the Nagios XI, side you'll use check_ncpa.py plugin to run checks on the host. This will use TLS 1.2 encryption by default ( check the ncpa.cfg file for the settings).

Let me know if you have more questions.