Internal documentation only
This page has been marked as draft.
Using Opsview Monitor with older Agents
Opsview take security very seriously so all recent versions of Opsview Monitor default to using TLSv1.2 for all inter-process communication only. Consequently, agents for older versions of Opsview Monitor are unlikely to work without additional configuration to downgrade encryption to use TLSv1.0 or TLSv1.1. We recommend that you upgrade to later versions of Opsview Agents that support TLSv1.2. However, if you have an operational need to run older Opsview Agents then a workaround is available to downgrade security to use TLSv1.0 or TLSv1.2 for those specific Opsview Agents only.
Please see Transport Layer Security for more information on the issues with using TLSv1.0.
The Infrastructure Agent supports TLSv1.2 and should be used in preference to the Opsview Agent.
If you require the Opsview Agent, the following listed versions support TLSv1.2 and it is recommended that you upgrade to at least these versions:
- Opsview Windows Agent (NSClient++) - 0.3.9.509 2017-11-21 or 0.3.9.504 2017-07-04
- CentOS 6 - 6.0.0.201811091647
- CentOS 7 - 6.0.0.201811091647
- Debian 7 - 6.0.0.201811091647
- Debian 8 - 6.0.0.201811091647
- Oracle Enterprise Linux 7 - 6.0.0.201811091647
- RHEL 6 - 6.0.0.201811091647
- RHEL 7 - 6.0.0.201811091647
- Ubuntu 14.04 - 6.0.0.201811091647
- Ubuntu 16.04 - 6.0.0.201811091647
Agents or operating systems that do not support TLSV1.2, such as Solaris, will need the following workaround to be applied to downgrade TLS security to TLSv1.0:
Workaround steps
-
On the Orchestrator, install the Opsview Support Scripts
-
Run the command:
/opt/opsview/support-scripts/bin/enable_check_nrpe_tlsv1
- Perform an
Apply Changes