When I’m evaluating a monitoring system, one of the first things I check for is if it is agent-based or agentless. The use of one method over another doesn’t necessarily spell disaster for the project in my eyes, but I do admit that I have a preference for agent-based monitoring these days.
Personally, I prefer the concept of push based monitoring rather than pull based. Pulling data from servers, or other devices, means more exposed services, managing authentication, and being mindful of explicit ingress firewall rules. With agent based monitoring, it pushes data which is typically easier to manage and secure on multiple fronts. Even better if the agent itself encrypts and compresses the data that it sends so the entire security issue is handled in one package.
Certainly with agentless data collection for monitoring systems there’s usually a reliance on an industry standard and vendor-supported system like WMI for Windows and SNMP for pretty much everything else (although SNMP is just fine for Windows too). Agentless is easier to deploy and has the potential for being more stable. With an agent you’re adding another always-on service to the machine with the potential for one more moving part that could hang and cause problems. It boils down to how much you trust the vendor to make a stable agent.
So what’s your preference and why? Agent based? Agentless? Mix and match?