Agent security

ITRS Infrastructure Agent Security Copied

Opsview Monitor has the capability of a secure method of communication to the ITRS Infrastructure Agent. Using SSL certificates offers encryption and authentication, so both the client and server know that they are indeed talking to each other, and not a man-in-the-middle. For more information, see the PKI documentation.

Opsview and the Infrastructure Agent must be using the same using ciphers and SSL certificates. See Infrastructure Agent Operation for more configuration on the agent side, and the below for configuration on the Opsview side.

The certificates can be generated using any valid method; however, the simplest way to get started is by using the Opsview Public Key Infrastructure. You can follow these steps in PKI to generate both client and server certificates.

Host Variables Copied

We have added default parameters to every check_nrpe-based Service Check that comes with Opsview Monitor. If you check their definitions, you will see two Host variables, NRPE_CIPHERS and NRPE_CERTIFICATES. You must add these variables yourself if you are upgrading from an older version of Opsview Monitor. To do this add these two variables:

NRPE_CIPHERS

NRPE_CERTIFICATES

For each check_nrpe based service check that is to be used with the new feature, add these parameters:

-C '%NRPE_CERTIFICATES:1%' -k '%NRPE_CERTIFICATES:2%' -r '%NRPE_CERTIFICATES:3%' -y '%NRPE_CIPHERS:1%'

Opsview Agent Security Copied

Opsview Agent

The Opsview Agent is still supported, but we recommend that new customers and existing customers deploying new monitoring use the ITRS Infrastructure Agent instead. Please follow the instructions above for the latest information on the ITRS Infrastructure Agent.

To view information about the Opsview Agent, you can refer to the Opsview documentation version 6.8.4 or earlier.

["Opsview On-premises"] ["User Guide", "Technical Reference", "Installation"]

Was this topic helpful?