Kevin Grittner wrote:
> Greg Smith <greg@2ndquadrant.com> wrote:
>
>> In many of the more secure environments I've worked in (finance,
>> defense), there is *no* access to the database server beyond what
>> comes out of port 5432 without getting a whole separate team of
>> people involved. If the DBA can write a simple monitoring program
>> themselves that presents data via the one port that is exposed,
>> that makes life easier for them.
>
> Right, we don't want to give the monitoring software an OS login for
> the database servers, for security reasons.
depending on what you exactly mean by that I do have to wonder how you
monitor more complex stuff (or stuff that require elevated privs) - say
raid health, multipath configuration, status of OS level updates, "are
certain processes running or not" as well as basic parameters like CPU
or IO load. as in stuff you cannot know usless you have it exported
through "some" port.
Stefan
