System monitoring with osquery

Posted May 26, 2017 10:31 UTC (Fri) by amarao (guest, #87073)
In reply to: System monitoring with osquery by mathstuf
Parent article: System monitoring with osquery

Yes, we could use ssh for this. Actually, in production, we're already using ssh, with old-school nagios checks under shinken. It works, but constant ssh sessions cause big strain on system. PAM, auth logging, key negotiations (including host key changes) - it's all too bulky and asks for refactoring.

I thought about trying osquery for this, but, as it seems, it wouldn't solve any of those problems. Too sad.

to post comments

System monitoring with osquery

Posted May 29, 2017 11:34 UTC (Mon) by robbe (guest, #16131) [Link] (1 responses)

Take a look at ControlMaster and friends in ssh_config(5).

System monitoring with osquery

Posted May 29, 2017 12:05 UTC (Mon) by amarao (guest, #87073) [Link]

> Take a look at ControlMaster and friends in ssh_config(5).

As administrator I could say one thing: Never ever use ControlMaster for monitoring purposes. ControlMaster works well if servers and networks work well. But monitoring should continue to work even there are some nasty things happen with network and hosts. If previous TCP connection stuck in oblivion due to stalled contrack, or RST which was lost in turbulence, ControlMaster will cause massive false positives, distracting people from actual issues, or even masking actual problems on hosts by mundane 'network glitch' issue.