Skip to main content
NodeSniff NodeSniff

Security

This guide explains how NodeSniff protects communication between monitored systems and the platform, how monitoring data is handled, and which security mechanisms are built into both the platform and the monitoring agent.

Note: This page describes the security architecture and default security policies of the hosted NodeSniff platform available at www.nodesniff.com. Self-hosted deployments have full control over security configuration, infrastructure, data retention, backup policies, and other operational settings.

Overview

NodeSniff follows a security-first architecture based on encrypted communication, strong authentication, least-privilege execution, and transparent operation. Every monitored system authenticates individually, all communication is encrypted, and the monitoring agent is fully open source for independent verification.

  • Encrypted HTTPS communication
  • Per-agent authentication using API tokens
  • Authenticated requests with replay protection
  • Outbound-only communication
  • Open source monitoring agent
  • Plugin integrity verification
  • Isolated plugin execution
  • Centralized monitoring data storage
  • 30-day metric retention

Communication Security

All communication between the NodeSniff Agent and the platform is initiated by the agent using outbound HTTPS connections. No inbound ports need to be opened on monitored systems, reducing the attack surface and simplifying firewall configuration.

Each monitored system authenticates using a unique API token assigned during registration. Every request includes additional integrity and freshness checks to verify authenticity and reduce the risk of replay attacks.

After successful authentication, monitoring data is processed asynchronously before being stored in the platform database and evaluated by the alerting subsystem.

Communication features

  • TLS encrypted communication
  • Outbound connections only
  • Unique API token per monitored system
  • Authenticated requests with replay protection
  • Asynchronous metric processing

Agent Security

The NodeSniff Agent is designed to minimize both system impact and security risks while remaining completely transparent.

The complete source code is publicly available on GitHub, allowing administrators and security teams to independently verify exactly what information is collected and transmitted, perform security reviews, and contribute improvements.

Built-in security mechanisms

  • Runs under a dedicated system user whenever possible
  • Unique agent identity used to prevent duplicate registrations
  • Configuration validation before monitoring starts
  • Automatic credential validation and cleanup
  • Plugin integrity verification before execution
  • Isolated plugin execution
Open Source: The NodeSniff Agent is fully open source, allowing organizations to independently verify exactly what information is collected and transmitted.

Data Collection

NodeSniff collects only the information required for infrastructure monitoring. The platform intentionally limits collected information to operational and monitoring-related data.

Collected information

  • CPU utilization
  • Memory utilization
  • Disk usage and capacity
  • Load average
  • Hostname
  • Operating system information
  • Uptime
  • Network configuration
  • Hardware information
  • Agent version
  • Optional custom metrics configured by the user

Monitoring capabilities can be extended through optional modules and custom metrics. Depending on the enabled modules and user configuration, additional monitoring information may also be collected. The list above reflects the standard metrics collected by the core NodeSniff Agent and will be updated as new built-in monitoring capabilities are introduced.

Information not collected

  • User files
  • File contents
  • Passwords
  • SSH keys
  • Browser history
  • Personal documents
  • Keyboard input
  • Shell history

Data Storage

Monitoring data is stored in a centralized database. The platform uses asynchronous processing to efficiently handle incoming monitoring data before it is stored and made available for visualization, reporting, historical analysis, and alerting.

Stored information includes monitoring metrics, server inventory, alert history, user accounts, and platform configuration required for normal platform operation.

Data Retention

NodeSniff retains monitoring data only for as long as it is required for operational monitoring and historical analysis.

Data Type Retention
Monitoring metrics 30 days
Server inventory Until the monitored server is removed
User accounts Until the account is deleted
Alert history 30 days

Monitoring metrics and alert history older than 30 days are automatically removed from the hosted NodeSniff platform.

API Tokens

Each monitored system receives a unique API token during registration. Tokens uniquely identify monitored systems and are required for every communication with the platform.

If a token becomes invalid or is revoked, the agent automatically requires re-registration before monitoring can continue.

Warning: If an API token is exposed, regenerate it immediately and update the affected agent configuration.

Agent Registration

Each monitored system can only be registered once within the NodeSniff platform. This prevents duplicate registrations and ensures consistent monitoring data.

If an agent needs to be registered again on the same machine, the existing server must first be removed from the NodeSniff dashboard. Once removed, the standard registration process can be completed again using the same monitored system.

Note: Registering the same machine multiple times is intentionally blocked to prevent duplicate monitored systems and inconsistent monitoring data.

Security Best Practices

  • Always use HTTPS.
  • Protect API tokens as confidential credentials.
  • Run the NodeSniff Agent as a dedicated system user whenever possible.
  • Keep both the NodeSniff platform and agents up to date.
  • Use individual administrator accounts.
  • Review monitored systems regularly.
  • Rotate credentials when administrators change.
  • Create regular database backups.