-
WMI in Pandora 4.0.2 dont working
In 4.0.1 if i search hosts with wmi they are was founded but not initialising and the data was empty. If i assign template with wmi monitoring manually it work properly.
In 4.0.2 it doesnt work in any cases.
I create agent, assign template WMI-Basic to this client. After one day data is empty and has message This agent doesn’t have any module. But it has 3 modules from template WMI-Basic.
I try to use wmic with keys speccified and it return me os version. In that modules i changed username and password for wmi query. -
25 Replies
-
-
Hi Blitzkrieg,
Could you paste here wmic execution and its output, please? For example, wmi query OS version. Have you enabled wmiserver in /etc/pandora/pandora_server.conf?
# cat /etc/pandora/pandora_server.conf | grep wmiserver
Regards.
Thanks.
yes, i did.
cat /usr/local/etc/pandora/pandora_server.conf | grep wmi # wmiserver : 1 or 0. Set to 1 to activate WMI server with this setup wmiserver 1 # wmic: Needed by Pandora FMS wmi server. wmi_client /usr/local/bin/wmic
wmic -U DOMAIN/admin%password //172.16.4.201 "SELECT Caption FROM Win32_OperatingSystem" CLASS: Win32_OperatingSystem Caption|Name Microsoft Windows XP Professional|Microsoft Windows XP Professional|C:WINDOWS|DeviceHarddisk0Partition1
It is very strange. I asign to agent WMI Basic monitoring in last friday but now the list of modules is empty.
Pandora_server.error is empty, it has only2012-07-25 10:19:06 - flogger Starting Pandora FMS Server. Error logging activated. 2012-07-27 16:07:56 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-27 16:25:06 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-27 16:34:50 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-27 16:36:39 - logger Starting Pandora FMS Server. Error logging activated.
-
-
With pleasure.
http://imageshack.us/photo/my-images/507/pandorawmi.jpg -
-
It strange. I asigned WMI basic monitoring to agent. There is 3 modules in this template. Os version, cpu load and free memory. Today i see only one modul OS version and its data is empty.
Yesterday i change username in this modul from username to DOMAIN/username. In 4.0.1 WMI monitoring works well whithout DOMAIN.
I try to follow your advise. I changed field number. -
Thanks, it start working. I must use username with DOMAIN and Number Field set to 0.
But in 4.0.1 in this view i can see DATA but in 4.0.2 this field is empty. But if i open Raw data than i can see os version.
http://imageshack.us/photo/my-images/207/pandorayu.jpg -
-
I have the same problem as in 4.0.1.
If i create agent manually and asign WMI template to it it works.
But if i use recon task to find hosts it did not.
Work
Not work
If i use ps auxw|grep wmic while pandora server is running i can see this
root   84513 0.0 0.1 10100 3000 ?? S  10:52AM 0:00.09 /usr/local/bin/wmic -U OK/unix%password //172.16.6.184 SELECT Caption FROM Win32_OperatingSystem
But in DATA i see only 0
If i use this:
flogger# /usr/local/bin/wmic -U OK/unix%password //172.16.6.184 "SELECT Caption FROM Win32_OperatingSystem" CLASS: Win32_OperatingSystem Caption|Name Microsoft Windows XP Professional|Microsoft Windows XP Professional|C:WINDOWS|DeviceHarddisk0Partition1
-
-
-
-
cat /usr/local/etc/pandora/pandora_server.conf | grep verbosity # verbosity: level of detail on errors/messages (0 default, 1 verbose, 2 debug.... 10 noisy) verbosity 10
pandora_server.error is empty. It has only this
2012-07-24 17:31:26 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-24 17:36:36 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-24 17:41:30 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-25 10:19:06 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-27 16:07:56 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-27 16:25:06 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-27 16:34:50 - logger Starting Pandora FMS Server. Error logging activated. 2012-07-27 16:36:39 - logger Starting Pandora FMS Server. Error logging activated. 2012-08-02 10:46:14 - logger Starting Pandora FMS Server. Error logging activated.
In pandora_server.log there is no eny strange message. Just something like this
emory"' 2012-08-02 15:43:09 logger [V10] Processing module 'Free RAM' for agent ID 54. 2012-08-02 15:43:09 logger [V10] Processing module 'Windows version' for agent ID 39. 2012-08-02 15:43:09 logger [V9] Executing AM # 99 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem"' 2012-08-02 15:43:09 logger [V9] Executing AM # 91 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.184 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"' 2012-08-02 15:43:09 logger [V10] Processing module 'Windows version' for agent ID 53. 2012-08-02 15:43:10 logger [V9] Executing AM # 73 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.79 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"' 2012-08-02 15:43:10 logger [V10] Processing module 'CPU load' for agent ID 51. 2012-08-02 15:43:14 logger [V9] Executing AM # 121 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.40 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"' 2012-08-02 15:43:16 logger [V10] Processing module 'CPU load' for agent ID 61. 2012-08-02 15:43:16 logger [V9] Executing AM # 156 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.234 "SELECT Caption FROM Win32_OperatingSystem"' 2012-08-02 15:43:16 logger [V10] Processing module 'Windows version' for agent ID 72. 2012-08-02 15:43:16 logger [V9] Executing AM # 100 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.232 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"' 2012-08-02 15:43:18 logger [V10] Processing module 'CPU load' for agent ID 54. 2012-08-02 15:43:18 logger [V9] Executing AM # 145 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.189 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"' 2012-08-02 15:43:18 logger [V10] Processing module 'CPU load' for agent ID 45. 2012-08-02 15:43:19 logger [V9] Executing AM # 139 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.23 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"' 2012-08-02 15:43:19 logger [V10] Processing module 'CPU load' for agent ID 69. 2012-08-02 15:43:21 logger [V10] Processing module 'CPU load' for agent ID 67. 2012-08-02 15:43:24 logger [V9] Executing AM # 82 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.231 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"' 2012-08-02 15:43:28 logger [V10] Processing module 'CPU load' for agent ID 48. 2012-08-02 15:43:39 logger [V9] Executing AM # 56 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.242 "SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory"' 2012-08-02 15:43:39 logger [V9] Executing AM # 65 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.43 "SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory"' 2012-08-02 15:43:39 logger [V10] Processing module 'Free RAM' for agent ID 39. 2012-08-02 15:43:39 logger [V10] Processing module 'Free RAM' for agent ID 42. 2012-08-02 15:43:39 logger [V9] Executing AM # 66 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.43 "SELECT Caption FROM Win32_OperatingSystem"' 2012-08-02 15:43:39 logger [V9] Executing AM # 146 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.189 "SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory"' 2012-08-02 15:43:39 logger [V10] Processing module 'Windows version' for agent ID 42. 2012-08-02 15:43:40 logger [V10] Processing module 'Free RAM' for agent ID 69. 2012-08-02 15:43:40 logger [V9] Executing AM # 149 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.190 "SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory"' 2012-08-02 15:43:40 logger [V9] Executing AM # 154 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.234 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"' 2012-08-02 15:43:40 logger [V10] Processing module 'Free RAM' for agent ID 70. 2012-08-02 15:43:41 logger [V10] Processing module 'CPU load' for agent ID 72.
-
Pandora server log shows it works fine. If you execute this command
/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem"
It returns a valid data?
Executing it without Domain information?
/usr/local/bin/wmic -U "unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem"
Try to find module data with this sql query:
select datos, utimestamp from tagente_datos where id_agente_modulo=99;
99 is the agent module ID. You can change it by other module ID.
Regards.
-
Yes, if i execute this command it returns valid data.
Without domain information i get error Access denied/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem" CLASS: Win32_OperatingSystem Caption|Name Microsoft Windows XP Professional|Microsoft Windows XP Professional|C:windows|DeviceHarddisk0Partition1 flogger# /usr/local/bin/wmic -U "unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem" [wmi/wmic.c:196:main()] ERROR: Login to remote object. NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
If i use your sql query with id of agent that was founded by recon task i get something like this^
select * from tagente_datos where id_agente_modulo=155; +------------------+-------+------------+ | id_agente_modulo | datos | utimestamp | +------------------+-------+------------+ | Â Â Â Â Â Â Â 155 | Â 0.00 | 1343720057 | | Â Â Â Â Â Â Â 155 | Â 0.00 | 1343806664 | | Â Â Â Â Â Â Â 155 | Â 0.00 | 1343893088 | +------------------+-------+------------+
But if i use ID=55 i suppose that this id of agent that i manually asign template.
| Â Â Â Â Â Â Â 55 | Â 63.00 | 1343911122 | | Â Â Â Â Â Â Â 55 | Â 71.00 | 1343911428 | | Â Â Â Â Â Â Â 55 | Â 63.00 | 1343911733 | | Â Â Â Â Â Â Â 55 | Â 68.00 | 1343912075 | | Â Â Â Â Â Â Â 55 | Â 65.00 | 1343912798 | | Â Â Â Â Â Â Â 55 | Â 58.00 | 1343913503 | | Â Â Â Â Â Â Â 55 | Â 59.00 | 1343913855 | | Â Â Â Â Â Â Â 55 | Â 66.00 | 1343914211 | | Â Â Â Â Â Â Â 55 | Â 60.00 | 1343914555 | | Â Â Â Â Â Â Â 55 | Â 69.00 | 1343914930 | | Â Â Â Â Â Â Â 55 | Â 66.00 | 1343915367 | | Â Â Â Â Â Â Â 55 | Â 59.00 | 1343915805 | | Â Â Â Â Â Â Â 55 | Â 74.00 | 1343916251 | | Â Â Â Â Â Â Â 55 | Â 54.00 | 1343916807 | +------------------+--------+------------+ 393 rows in set (0.01 sec)
1. WMI queries from pandora_server.log works fine.
2. Data from that queries cant insert into mysql table for some unknown reasons. -
-
You are welcome.
select * from tagente_modulo where id_agente_modulo=155; +------------------+-----------+----------------+---------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+---------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+ | id_agente_modulo | id_agente | id_tipo_modulo | descripcion                    | extended_info | nombre     | unit | id_policy_module | max  | min  | module_interval | tcp_port | tcp_send | tcp_rcv | snmp_community | snmp_oid                                  | ip_target   | id_module_group | flag | id_modulo | disabled | id_export | plugin_user | plugin_pass | plugin_parameter | id_plugin | post_process   | prediction_module | max_timeout | custom_id | history_data | min_warning | max_warning | str_warning | min_critical | max_critical | str_critical | min_ff_event | delete_pending | policy_linked | policy_adopted | custom_string_1 | custom_string_2 | custom_string_3 | custom_integer_1 | custom_integer_2 | +------------------+-----------+----------------+---------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+---------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+ |        155 |     72 |        1 | Available RAM memory in bytes |        | Free RAM | NULL |         0 |   0 |   0 |       300 |     0 |      |     | public     | SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory | 172.16.6.234 |        1 |   0 |     6 |     0 |     0 | OK/unix   | password |          |     0 | 0.0000000000000 |         0 |      0 |      |       1 |     0.00 |     0.00 |       |     0.00 |     0.00 |        |       0 |        0 |       0 |        0 | NULL       | NULL       | NULL       |         0 |         0 | +------------------+-----------+----------------+---------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+---------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+ 1 row in set (0.00 sec)
+------------------+-----------+----------------+----------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+-----------------------------------------------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+ | id_agente_modulo | id_agente | id_tipo_modulo | descripcion                     | extended_info | nombre     | unit | id_policy_module | max  | min  | module_interval | tcp_port | tcp_send | tcp_rcv | snmp_community | snmp_oid                                                     | ip_target   | id_module_group | flag | id_modulo | disabled | id_export | plugin_user | plugin_pass | plugin_parameter | id_plugin | post_process   | prediction_module | max_timeout | custom_id | history_data | min_warning | max_warning | str_warning | min_critical | max_critical | str_critical | min_ff_event | delete_pending | policy_linked | policy_adopted | custom_string_1 | custom_string_2 | custom_string_3 | custom_integer_1 | custom_integer_2 | +------------------+-----------+----------------+----------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+-----------------------------------------------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+ |        55 |     39 |        1 | Created by template  . CPU0 load average |        | CPU load | NULL |         0 |  100 |   0 |       300 |     1 |      |     |         | SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0" | 172.16.6.242 |        1 |   0 |     6 |     0 |     0 | OK/unix   | password |          |     0 | 0.0000000000000 |         0 |      0 |      |       1 |     0.00 |     0.00 |       |     0.00 |     0.00 |        |       0 |        0 |       0 |        0 | NULL       | NULL       | NULL       |         0 |         0 | +------------------+-----------+----------------+----------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+-----------------------------------------------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+ 1 row in set (0.00 sec)
-
-
I found something interesting. I use system calls tracer to detect problem.
If i use button to manually initiate data updating on DATA screen of manually added agent than i see in system calls tracer output something like thiscat /mnt/pandora.truss | grep -i INSERT write(17,"k^CINSERT INTO tagente_da"...,111) = 111 (0x6f) write(17,"s^CINSERT INTO tagente_da"...,119) = 119 (0x77)
But if i use the same button on DATA screen of agent that was added with recon task i cant see INSERT.
Something wrong with script that add data into table. -
