-
Problem with windows agent
Good morning,
I have a problem with the Pandora FMS Windows Agent installed on a SERVER.
I have a server that has two network cards on two different networks.
After an indefinite period my agent stops working and his staut es unknown.
Do you have an idea ?
Thank you in advance.Matthew
-
6 Replies
-
Hello Matthew,
It could be due to different reasons. Check that the pandora_agent service keeps running on your windows system.
Also check if it has some .data files on the pandora_agent/tmp dir, if this is the case, then more likely you will have some communication problems between the agent and the server.Anyway perform a restart of the service to see if it comes back to normal status.
Also, there may be some module causing it to stop working due to an incorrect execution. If you’ve added new modules recently, try disabling them to see if the agent responds again.
Kind regards,
Antonio. -
First of all thank you for your responsiveness.
The pandora_agent service does not stop working on my Windows system.
The pandora agent is basic without any additional modules installed.
If I restart the agent, it normally resumes for a random time (1 hour, 6 hours, or 1 day) and then stops for no particular reason.
I encounter this problem only on my servers that have two network cards on totally different networks.Would you have another track?
Is it possible to specify the network card to be used in the configuration file?Matthieu
-
Hi matthieu,
The only way to configure that is at system level, you would need to set static routes on your system so you get to choose which network card is used for certain type of connections.
Anyway, if the agent works for a certain period of time after a restart it may be something wrong with your agent actually. Can you tell me which are the modules those agents have by default? There was certain modules that we disabled as default checks on the Windows agents because they caused them to stall, such as inventory checks, system events and log parsing, etc. Could you attach the configuration file of your Win agent? Thanks!
Kind regards,
Antonio. -
Attached is the configuration file for the Pandora agent :
# (c) 2006-2015 Artica Soluciones Tecnologicas
# Version 6.0SP4# This program is Free Software, you can redistribute it and/or modify it # under the terms of the GNU General Public Licence as published by the # Free Software Foundation; either version 2 of the Licence or any later # version. This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY, without ever the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
# General Parameters
server_ip 172.16.34.27
server_path /var/spool/pandora/data_in
temporal “C:Program Filespandora_agenttemp”# Group assigned for this agent (descriptive, p.e: Servers)
group “Servers”
# If set to 1 allows the agent to be configured via the web console
# (only works on enterprise version).remote_config 0
#include “C:Archivos de programapandora_agentpandora_agent_alt.conf”
#broker_agent name_agent# Agent uses your hostname automatically, if you need to change agent name
# use directive agent_name (do not use blank spaces, please).
# This parameter is CASE SENSITIVE.# agent_name My_Custom_Agent_name
# To define agent name by specific command, define ‘agent_name_cmd’.
# If agent_name_cmd is defined, agent_name is ignored.
# (In the following example, agent name is ‘hostname_IP’)
#agent_name_cmd cscript.exe //B “%ProgramFiles%Pandora_Agentutilagentname.vbs”#Parent agent_name
#parent_agent_name caprica# address: Enforce to server a ip address to this agent
# You can also try to detect the first IP using “auto”, for example#address auto
# or setting a fixed IP address, like for example:
#address 192.168.36.73# This limits operation if temporal dir has not enough free disk.
#temporal_min_size 1024# Delay start execution X second before start to minonitoring nothing
#startup_delay 30# Interval is defined in seconds
interval 300# tranfer_modes: Possible values are local, tentacle (default), ftp and ssh.
transfer_mode tentacle
server_port 41121# In case of using FTP or tentacle with password. User is always “pandora”
#server_pwd pandora# Extra options for the Tentacle client (for example: server_opts -v -r 5).
# server_opts# If set to 1 disables log writing into pandora_agent.log
#disable_logfile 1# Debug mode do not copy XML data files to server.
# debug 1# Set XML encoding (ISO-8859-1 by default). For Windows 7 and 2012 works fine UTF-8 encoding.(Recommended)
#encoding UTF-8# If set to 1 start Drone Agent’s Proxy Mode
# proxy_mode 1# Max number of simmultaneus connection for proxy (by default 10)
# proxy_max_connection 10# Proxy timeout (by default 1s)
# proxy_timeout 1# Enable or disable XML buffer.
xml_buffer 0# Secondary server configuration
# ==============================# If secondary_mode is set to on_error, data files are copied to the secondary
# server only if the primary server fails. If set to always, data files are
# always copied to the secondary server.
#secondary_mode on_error
#secondary_server_ip localhost
#secondary_server_path /var/spool/pandora/data_in
#secondary_server_port 41121
#secondary_transfer_mode tentacle
#secondary_server_pwd mypassword
#secondary_server_ssl no
#secondary_server_opts# Example UDP server to be able to execute remote actions such
# as starting or stopping process.
#udp_server 1
#udp_server_port 4321
#udp_server_auth_address 192.168.1.23
#process_firefox_start firefox
#process_firefox_stop killall firefox
#service_messenger 1# Module Definition
# Check online documentation and module library at http://pandorafms.org
# =================# CPU Load using WMI
module_begin
module_name CPU Load
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
module_wmicolumn LoadPercentage
module_description CPU Load (%)
module_min_warning 80
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_end# Number processes
module_begin
module_name Number processes
module_type generic_data
module_exec tasklist | gawk “NR > 3 {print$0}” | wc -l
module_description Number of processes running
module_min_warning 175
module_max_warning 249
module_min_critical 250
module_max_critical 300
module_end# Free Memory
module_begin
module_name FreeMemory
module_type generic_data
module_freepercentmemory
module_description Free memory (%).
module_min_warning 21
module_max_warning 30
module_min_critical 0
module_max_critical 20
module_end# Log events
module_begin
module_name System Events (TermService)
module_type async_string
module_logevent
module_description Log Events coming from Terminal Service
module_source System
module_application TermService
module_endmodule_begin
module_name Security Events (Invalid Login)
module_type async_string
module_description Security log events for invalid login attempt
module_logevent
module_source Security
module_eventcode 529
module_end# Check if Dhcp service is enabled
module_begin
module_name DHCP Enabled
module_type generic_proc
module_service Dhcp
module_description Check DCHP service enabled
module_end#Antivirus monitoring
#This modules checks the antivirus is running on your system, if there is and antivirus
#This module gets the last date the signature file was updated and send this date to pandora.
module_begin
module_name Antivirus Last Update
module_type async_string
module_precondition =~ avguard.exe cmd.exe /c tasklist | grep avguard.exe | gawk “{print $1}”
module_exec dir “%ProgramFiles%AviraAntiVir Desktopaevdf.dat” | grep aevdf.dat | gawk “{print $1” “$2}”
module_description Last update for Antivirus Signature file
module_end# Example plugin to retrieve drive usage
module_plugin cscript.exe //B “%ProgramFiles%Pandora_Agentutildf.vbs”# Free space on disk C: (%)
#module_begin
#module_name FreeDiskC
#module_type generic_data
#module_freepercentdisk C:
#module_description Free space on drive C: (%)
#module_min_warning 31
#module_max_warning 40
#module_min_critical 0
#module_max_critical 30
#module_end# CPU usage percentage
#module_begin
#module_name CPUUse
#module_type generic_data
#module_cpuusage all
#module_description CPU# usage
#module_min_warning 70
#module_max_warning 90
#module_min_critical 91
#module_max_critical 100
#module_end# Free space on disk D: (%)
# module_begin
# module_name FreeDiskD
# module_type generic_data
# module_freepercentdisk D:
# module_description Free space on drive D: (%)
# module_end## Windows inventory module (This information will be displayed only in enterprise version)
## Please check the WMI is healthy before activate this functionality# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilcpuinfo.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilmoboinfo.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutildiskdrives.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilcdromdrives.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilvideocardinfo.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilifaces.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilmonitors.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilprinters.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilraminfo.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilsoftware_installed.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutiluserslogged.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilproductkey.vbs”
# module_crontab * 12-15 * * 1
# module_end# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_AgentutilproductID.vbs”
# module_crontab * 12-15 * * 1
# module_end## Plugin example for custom fields (version, architecture, IP, IPv6, MAC)
# module_begin
# module_plugin cscript.exe //B //t:20 “%PROGRAMFILES%Pandora_Agentutilwin_cf.vbs”
# module_crontab * 12-15 * * 1
# module_end# Example plugin to retrieve last 5 min events in log4x format
# module_plugin cscript.exe //B “%ProgramFiles%Pandora_Agentutillogevent_log4x.vbs” Aplicacion System 300# Sample on how to get a value from registry
# This returns the last time user launch microsoft Windows update
#module_begin
#module_name Windows_Update_LastRun
#module_type generic_data_string
#module_exec getreg LM “SOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto Update” SetupWizardLaunchTime
#module_description Last date and time user launch microsoft Windows update
#module_end# Example of a remote TCP check
#module_begin
#module_name Google Port 80
#module_type generic_proc
#module_tcpcheck http://www.google.com
#module_port 80
#module_timeout 5
#module_description Check local port 80
#module_end# Example of regexp matching
#module_begin
#module_name PandoraAgent_log
#module_type generic_data_string
#module_regexp C:archivos de programapandora_agentpandora_agent.log
#module_description This module will return all lines from the specified logfile
#module_pattern .*
#module_end# Get processor time from Performance Counter (SPANISH only, check your
# locale string) using the Windows Performance tool to
# identify proper PerCounter strings. Check documentation for detailed steps.
#module_begin
#module_name Processor_Time
#module_type generic_data
#module_perfcounter Procesador(_Total)% de tiempo de procesador
#module_end# Example of module exec, used to know about the memory used by pandora process
# grep.exe and gawk.exe are included in the util directory of the agent.
#module_begin
#module_name PandoraFMS RAM
#module_type generic_data
#module_exec tasklist | grep Pandora | gawk “{ print $5 }” | tr -d “.”
#module_end# Example of module exec, used get number of active terminal services sessions
# Works on Windows 2003. In Windows XP the query.exe and quser.exe files were
# moved to %WINDIR%system32dllcache. If XP, copy the exe to %WINDIR%system32
#module_begin
#module_name Active TS Sessions
#module_type generic_data_string
#module_exec query session | grep Activ | gawk “{ print $2 }” |wc -l
#module_description Number of active TS Sessions
#module_end# Example of watchdog process opening it if it gets closed
# NOTE: This need to enable “Service can interactuate with the deskop” option
# in the Pandora FMS Service configuration (Windows Service Control management).
#module_begin
#module_name TaskManager
#module_type generic_proc
#module_proc taskmgr.exe
#module_description This keeps taskmgr always running in the system
#module_async yes
#module_watchdog yes
#module_start_command c:windowssystem32taskmgr.exe
#module_end# Example of watchdog service opening it if it gets closed
#module_begin
#module_name ServiceVNC_Server
#module_type generic_proc
#module_service winvnc
#module_description Service VNC Server watchdog/service
#module_async yes
#module_watchdog yes
#module_end# Example of preconditions
#module_begin
#module_name Test Precondicion
#module_type generic_data
#module_precondition 10 cmd.exe /c echo 15
#module_precondition = 10 cmd.exe /c echo 10
#module_precondition != 10 cmd.exe /c echo 5
#module_precondition =~ 10 cmd.exe /c echo 10
#module_precondition (5,15) cmd.exe /c echo 10
#module_freepercentmemory
#module_description Precondition test module
#module_end# Example of postconditions
#module_begin
#module_name Test Postcondicion
#module_type generic_data
#module_condition > c:log.txt
#module_condition > 3 cmd.exe /c echo max >> c:log.txt
#module_condition = 5 cmd.exe /c echo equal >> c:log.txt
#module_condition != 10 cmd.exe /c echo diff >> c:log.txt
#module_condition =~ 5 cmd.exe /c echo regexp >> c:log.txt
#module_condition (3,8) cmd.exe /c echo range >> c:log.txt
#module_exec echo 5
#module_description Postcondition test module
#module_end# Example of native encoding.
#module_begin
#module_name Written Accent
#module_type generic_data_string
#module_exec echo Bordón
#module_native_encoding OEM
#module_end -
Hello Matthieu,
Try disabling these modules:
– System Events (TermService)
– Security Events
– Antivirus Last Update
If the agent doesn’t stop working, we can then filter one by one what may be the module causing problems, and why.Also, when it stops working, can you check if it creates files under its temp folder (“C:Program Filespandora_agenttemp”)?
Kind regards,
Antonio. -
