There are alot of advantages of using NSclient. Mainly reduced load on the host as it uses NRPE, which is very low bandwidth and uses litte resources to execute the checks.
NRPE works much like SSH or telnet etc. It relays a command and awaits the result. In the above diagram what happens is:
- Nagios executes check_nrpe with the proper arguments.
- NSClient++ receives the command to be executed.
- NSClient++ will execute the command and get a result on the form of, and optionally
- NSClient++ sends the result back to Nagios
- Nagios gets the result from check_nrpe (and uses it much like any other plugin).
NRPE imposes less overhead than SSH and you don't need ssh keys. SSH is perfectly fine if you have a small environment but when the Monitoring host is establishing 100's (or 1000's) of SSH sessions a minute it becomes a problem with CPU overhead.
Plus you can write checks for virtually anything on your server not just what is presented to you through the WMI controls. You also get full access to the same info as WMI through the local performance counters without adding overhead from WMI.
Also increased security:
NSclient only needs 1 port open (2 if you have checks using SSL). WMI needs quite a few security exceptions to function properly:
- DCOM needs to be running on both servers
- DCOM needs open UDP ports in the 1024-5000 range.
- The firewall needs the WMI exception added and remote administration.
- The Monitoring user need to have remote access rights in COM and WMI, Or be a domain admin.
Generally these aren't a security issue as long as your network has a properly configured hardware firewall on the edge. However it does introduce more layers where issues can arise.
Also if Network bandwidth is an issue you can use NSCA passive checks with NSclient ++ which has an even smaller footprint. I stopped using Nagios before NSCA was available so I"m not sure how small the footprint is compared to NRPE.
Don't think I'm bashing WMI here as I now use a NMS that is almost exclusively WMI dependent. I just use it because I receive support and any admin in my group can setup WMI checks (easily) through web UI. However, my vendor suggests only 120 WMI checks per monitoring server and I noticed over 200 checks I needed to upgrade the monitoring VM to a quad core just to use GUI on the server. So if you do have big environment with lots of monitoring over WMI be prepared to setup your monitoring server as a cluster.