| Do not compare Netdata with other monitoring solutions that centralize everything to one place, or with single installation applications. Netdata is a distributed application, and it is installed all over the place. So we needed to find a way to provide SSO. There are a few alternatives: 1. PAM (then LDAP or a DB), but this would significantly increase the attack surface of your Network, making Netdata an ideal component to test your security. We didn't want this. 2. LDAP, similar to the above and increased complexity. Probably too complex for the average user out there, and it would over-complicate things when you need to run Netdata in private and public clouds concurrently. We chose to provide a free service to everyone using Netdata, where we manage all this complexity and simplify the process. Netdata Cloud uses Google SSO, Github SSO, and email verification to authenticate users. It does not store user passwords. Combined with the claiming process of the Netdata Agents: a) it ensures you are the admin of each server you want to manage
b) it verifies your identify
c) it provides centralized control on who of the authenticated users has access to your servers. What happens when you use Netdata Cloud to access a Netdata agent, is that your web browser asks from Netdata Cloud to access this Netdata agent, Netdata Cloud verifies you and if this succeeds and you have trusted the agent before, it asks the agent (via their link) to generate a unique token for you, which is sent back to your browser and is then used as an authorization bearer to access the agent directly. So, your data do not flow through Netdata Cloud. You only get a token from the agent, via Netdata Cloud. |
I can see the benefit of what you've outlined. I really want good representation of journals.
Yet, I'm likely to not start using netdata, because it seems to be 'always online' / dependent on something external. If things are bad enough where I'm looking at logs... maybe I don't have Internet access.
While we retain the data, we don't retain full control over the access to it. This is a pro for some, con for others.
Sure, in this situation, we can go look at the data directly, but that kind of nullifies the point of collection/presentation...
I dare say that most who have needs complicated enough to warrant log collection have auth infrastructure, tooling, or knowledge to manage