Agent security
ITRS Infrastructure Agent Security
Opsview Monitor has the capability of a secure method of communication to the ITRS Infrastructure Agent. Using SSL certificates offers encryption and authentication, so both the client and server know that they are indeed talking to each other, and not a man-in-the-middle. For more information, see the PKI documentation.
Opsview and the Infrastructure Agent must be using the same using ciphers and SSL certificates. See Infrastructure Agent Operation for more configuration on the agent side, and the below for configuration on the Opsview side.
The certificates can be generated using any valid method; however, the simplest way to get started is by using the Opsview Public Key Infrastructure. You can follow these steps in PKI to generate both client and server certificates.
Host Variables
We have added default parameters to every check_nrpe-based Service Check that comes with Opsview Monitor. If you check their definitions, you will see two Host variables, NRPE_CIPHERS and NRPE_CERTIFICATES. You must add these variables yourself if you are upgrading from an older version of Opsview Monitor. To do this add these two variables:
NRPE_CIPHERS
- Label Arg1: Cipher list
- Default Arg1: ADH-AES256-SHA:ADH-AES128-SHA
NRPE_CERTIFICATES
- Label Arg1: Path to certificate
- Label Arg2: Path to private key
- Label Arg3: Path to CA certificate
For each check_nrpe based service check that is to be used with the new feature, add these parameters:
-C '%NRPE_CERTIFICATES:1%' -k '%NRPE_CERTIFICATES:2%' -r '%NRPE_CERTIFICATES:3%' -y '%NRPE_CIPHERS:1%'
Opsview Agent Security
End of life for Opsview Agent
The Opsview Agent is deprecated and is no longer supported, so the steps in this section are no longer relevant in this version. You can still access the older version of the documentation to view the steps for reference, but we recommend that you use the ITRS Infrastructure Agent.
Please follow the instructions above for the most up-to-date information.