Opsview Monitor has the capability of a secure method of communication to the ITRS Infrastructure Agent. Using SSL certificates offers encryption and authentication, so both the client and server know that they are indeed talking to each other, and not a man-in-the-middle. For more information, see the PKI documentation.
Opsview and the Infrastructure Agent must be using the same using ciphers and SSL certificates. See Infrastructure Agent Operation for more configuration on the agent side, and the below for configuration on the Opsview side.
The certificates can be generated using any valid method; however, the simplest way to get started is by using the Opsview Public Key Infrastructure. You can follow these steps in PKI to generate both client and server certificates.
We have added default parameters to every
check_nrpe-based Service Check that comes with Opsview Monitor. If you check their definitions, you will see two Host variables,
NRPE_CERTIFICATES. You must add these variables yourself if you are upgrading from an older version of Opsview Monitor. To do this add these two variables:
- Label Arg1: Cipher list
- Default Arg1: ADH-AES256-SHA:ADH-AES128-SHA
- Label Arg1: Path to certificate
- Label Arg2: Path to private key
- Label Arg3: Path to CA certificate
check_nrpe based service check that is to be used with the new feature, add these parameters:
-C '%NRPE_CERTIFICATES:1%' -k '%NRPE_CERTIFICATES:2%' -r '%NRPE_CERTIFICATES:3%' -y '%NRPE_CIPHERS:1%'
The Opsview Agent is still supported, but we recommend that new customers and existing customers deploying new monitoring use the ITRS Infrastructure Agent instead. Please follow the instructions above for the latest information on the ITRS Infrastructure Agent.
To view information about the Opsview Agent, you can refer to the Opsview documentation version 6.8.4 or earlier.