[collectd] Network Plugin - Clients in a DMZ

[Florian Forster]

Hi Benjamin,

On Thu, Jun 04, 2009 at 05:41:32PM +0200, shygh at gmx.de wrote:
> i looked for several sollutions, but nothing semmed to satisify me.
> the best thing would be, if the network plugin could "ask" for new
> data to the client, instead of listening. but that's not possible,
> isnt't it?

quite some time ago I started working on a `netcmd' plugin which is
similar in nature to the `unixsock' plugin but allows one to use network
based sockets, too.

One could then add to the `netcmd' and `unixsock' plugin the possibility
to activate a `dump' mode, i. e. tell the plugin that from now on you
want to have one line printed for each value that is dispatched. This
could be nice for graphing frontends, too, since they no longer need to
poll for new data.

Then writing a plugin which connects to a UNIX domain socket or a TCP
socket, issues the `DUMP' command and then reads and dispatches all
values it receives. How does that idea sound to you?

The current version of the `netcmd' plugin is available from the
`ff/netcmd' branch. It has not been merged to the `master' branch
because the code is highly experimental and I want to have TLS-
encryption before including the plugin in the main codebase.

> my second idea was, to store the .rrd files on each client locally and
> geht them via rsync or something similar. disadvantages are lots of
> traffic and maybe many I/O for the server.

Spreading the IO-load to many computers is not a bad idea and will
probably work quite well. Collecting the RRD-files periodically might
prove to be a costly and error-prone task.

> third idea was, to store .csv files on the clients, get and the server
> gets and parse them into .rrd files via script. problem is, there is
> no such script, i had to write it and it must be complex and iam not a
> good programmer.

Writing such a script is not very hard. Once you've figured out which
the next `new' value in the file is, putting that into an RRD-file could
probably even be written as a simple shell script. The IO-load this
would produce might be quite high though.

> is there any "simple" sollution? iam relatively new to
> networking/monitoring so maybe i missed something very easy.

Since the communication of the `network' plugin is unidirectional (data
is sent to the server only, the server never answers) opening that port
in one direction might be an option – depending on your company's
policy.

Another option might be to place the central server in the DMZ.

Regards,
-octo
-- 
Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
http://verplant.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20090620/eab38598/attachment.pgp