Icinga2 agent operational security on mobile laptops


I’ve a question regarding the Windows Agent behaviour. I’d like to improve my understanding of how the agent will react when disconnected from a corporate network, and what if any security concerns there may be. Please note I’m not saying there are, this is due diligence before we deploy to mobile workers.

The scenario here, is pretty simple. Deploy the agent to the mobile workforce (laptop), to monitor typical stuff, CPU, RAM, HDD and key services. What happens when such a laptop is disconnected from the corp LAN. How often will the agent attempt a connection to the endpoint? Could there be an inferred risk from repeat failed connections. How long can the agent be disconnected.

I will be testing this from Wireshark, but was wondering if a dev could comment having knowledge of the source code.

Thank you.


While there might be a more sophisticated answer to your initial question, I want to elaborate a bit on why this might not be a good idea in the first place:

  • Icinga was not made for systems which might go on and off during normal operation. While you might build something that can deal hosts going offline deliberately you will lose some of the core functionality Icinga is providing
  • Using Icinga to monitor end user clients might be seen as illegal monitoring of employees in many countries. Please be very sure that you are allowed to use monitoring tools on your endusers.

Yeah I can see your point regarding impacting efficacy of the environment. It would certainly create a lot of noise on our dashboards even if we did filter them. We don’t currently have another performance monitor system for our laptops, so I need to find an alternative solution.

To be honest I would rely on users complaining for monitoring of workstations. If you really need something like that, then have a look at metricbeat with the Elastic Stack. But be aware that this gathers even more data about the user which might be illegal and unethical.

I love Elastic and beats, been using if for years, but sadly I’ve been told to use Icinga instead.

Well, they both work great together but they have a totally different focus. Icinga is great, too but it achieves different goals than Elastic Stack. Replacing one with the other only makes sense if you misused one of the tools before (I’ve seen that quite often, though)

I’m not kidding: Windows performance could be best monitored with its Performance Monitor using data collector sets. But this is going to be off-topic here I guess.

1 Like

@rsx You already heard about the new Powershell Module for Icinga? This will easily connect to Windows performance monitor.

1 Like

Unfortunately, I’ve had not enough time to get familiar with the new Windows staff. But I’d assume it’s not suitable here as well (using data collector sets would record performance data in the background and could be analysed later on). And even worse I’m afraid it might rely on WMI with which we have much bad experience.