Difference between revisions of "Pandora: Documentation en: Configuration"

From Pandora FMS Wiki
Jump to: navigation, search
(recon_location_scatter_radius)
(WEB Console)
 
(526 intermediate revisions by 17 users not shown)
Line 1: Line 1:
 
[[Pandora:Documentation_en|Go back Pandora FMS documentation index]]
 
[[Pandora:Documentation_en|Go back Pandora FMS documentation index]]
  
= Pandora FMS Configuration =
+
Pandora FMS has three essential components essential to configure correctly for good functioning, which are the web console, the server and the database.
  
Pandora FMS has three basic components which must be properly configured for correct operation. The first two are the server and the web console, which should interact between each other and the database to introduce, to process and to show the stored data. There are also the software agents which transmit the data to the Pandora FMS server.
+
{{Tip|Even if you already have a Pandora FMS installed and running, if you have installed it through the [[Pandora:QuickGuides_EN:General_Quick_Guide#Installing_the_Appliance_CD|''appliance software'']], consider adjusting and revising the configuration for a much more optimal operation.}}
  
In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.
+
You may get more information about Pandora FMS optimization[[Pandora:Documentation_en:Optimization#Optimizing_Pandora_FMS| in this section]]. In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.
  
== Server ==
+
[[Image:Pandora_FMS-standard_design.png|center|thumb|alt=Diseño estándar de Pandora FMS|''Standard Pandora FMS design''|600px]]
  
Pandora FMS server has a configuration file that allows several application parameters to be adjusted to obtain excellent performance. The configuration file '' pandora_server.conf'' is located at ''/etc/pandora/'' by default.
+
= Server =
  
=== Configuration File Elements ===
+
Pandora FMS server main configuration can be found in the file <code>pandora_server.conf</code> is located at <code>/etc/pandora</code> by default.
  
Pandora FMS configuration file is a UNIX standard plain text where the variables that aren't used or the comments are preceded by a "#" character. The comments must start the line and as for the entire line, the .conf file must not have any line which shares code and comment.
+
From Pandora FMS version 7.0NG.752 onwards, it is possible to make some modifications related to the Pandora FMS server using a graphical interface, without the need to access the configuration file in plain text (neither through terminal nor from the web console).  
  
Now we are going to explain all the configuration parameters.  
+
'''To do this, the remote configuration should be previously enabled inside the <code>pandora_server.conf</code> configuration file'''. You should access to the [[Pandora:Documentation_en:Managing_and_Administration#Servers|servers view]], and then click on the remote configuration icon enabled in the data server line.
  
==== servername ====
+
[[Image:Servers-manage-servers-pandora-fms-servers-remote-configuration-icon.png|center|300px]]
  
Pandora FMS server name. If it's commented we should use the name of the equipment or "host". Please do not change the name of the server after executing it the first time because all reference goes linked to the name (remote agent modules and other information). If you change it, you're required to re-assign the server to all your agents.
+
There you may find in the first section, '''Server Features'',a token next to the server to enable or disable it accordingly.
  
==== incomingdir ====
+
[[Image:server_editor_formulario.png|center|800px]]
  
It's the incoming directory of XML data packages. It's located under '/var/spool/pandora/data_in/' by default. You can improve the performance by setting up a RAM disk or very fast hard drive here.
+
There is also a second configuration part, '''Optimization settings''', devoted to optimization settings. In this section you will be able to modify parameters such as the timeout times or the threads dedicated to the servers.
  
==== log_file ====
+
And finally, a space reserved for other configurations: '''Other server settings'''. This section includes the possibility of indicating the group ID to which the agents that are added to the Pandora FMS environment will be assigned by default if one is not specifically indicated during its creation. Force auto-creation and enable agent auto-creation when receiving data files with an agent ID that does not exist in the system.
  
The Pandora FMS record file (log). It's located under ''/var/log/pandora/pandora_server.log'' by default. This is the main logfile and it's very important for debugging.
+
== Configuration File Elements ==
  
==== snmp_logfile ====
+
It is a UNIX standard plain text file, where unused variables or comments are preceded by character <code>#</code>. If you are editing from MS Windows®, make sure to use an editor that supports that format. Eventually, if you need to encrypt specific characters check the Pandora FMS [[Pandora:Documentation_en:Console_Setup#Setup|'''Change remote config encoding''']] parameter. All file configuration parameters are listed below.
  
Located under ''/var/log/pandora/pandora_snmptrap.log'' by default. This is a log file which contains all received SNMP traps BEFORE the Pandora FMS server processes them. It's not recommended to edit or even touch this file.
+
=== servername ===
  
==== errorlog_file====
+
It is the name that the server will have when it is displayed in the console. By default it is commented and uses the name of the machine for the operating system.
  
The Pandora FMS error registry file (log). It's located under ''/var/log/pandora/pandora_server.error'' by default. This logfile stores all non-controlled errors or non-captured output from tools executed by the server. It's important for locating problems and debugging as well.
+
{{Warning|Changing the name once it is running could cause remote checks to stop working, since the default server would have to be reconfigured in all existing agents to use the new server, as well as deleting the old server name from the server list.}}
  
====dbname====
 
  
The name of the database the server will connect to. It's located under 'pandora' by default.
+
=== incomingdir ===
  
====dbuser====
+
It is the incoming directory of XML data packages. It is located under <code>/var/spool/pandora/data_in/</code> by default. This allows setting up a RAM disk or a very fast hard drive here ([https://pandorafms.com/blog/hard-disk-types/ SSD, for example]) to optimize Pandora MFS.
  
Username used in the Pandora database connection. It's located under 'pandora' by default.
+
=== log_file ===
  
==== dbengine ====
+
The Pandora FMS record file (log). It is located under <code>/var/log/pandora/pandora_server.log</code> by default. This is the main log file and it is very important for debugging.
  
Deprecated: always 'Mysql' (default value).
+
=== snmp_logfile ===
  
==== dbpass ====
+
Located under <code>/var/log/pandora/pandora_snmptrap.log</code> by default. This is a log file from [[Pandora:Documentation_en:SNMP_traps_Monitoring|SNMP console]] that contains all received SNMP traps BEFORE Pandora FMS server processes them.
  
The password for the connection against the Pandora FMS Database.
+
=== errorlog_file===
  
==== dbhost ====
+
The Pandora FMS error registry file (log). It is located under <code>/var/log/pandora/pandora_server.error</code> by default. This log file stores all non-controlled errors or non-captured output from tools executed by the server.
  
The IP address or equipment name which hosts the Pandora FMS database. In reduced installations, it's usually the same equipment where the server is located, which is ''localhost''.
+
===daemon===
  
==== dbport ====
+
It shows whether or not Pandora FMS server is executed as a daemon. If the server is launched with the <code>–D</code> option, it is executed as daemon.
  
It's used to define a different port in your database setup (optional).
+
=== dbengine ===
  
====daemon====
+
Deprecated: always <code>Mysql</code> (default value, [[Pandora:Documentation_en:Architecture#Pandora_FMS_Architecture|MySQL is Pandora FMS database software]]).
  
It shows whether or not Pandora server is executed as a daemon. If the server is launched with the '–D' option, it's executed as daemon.
+
===dbname===
  
====verbosity====
+
Database name to which the server will connect. The default value is <code>pandora</code>.
  
The detail level for the server and error messages, the register or log files. 0: default, 1: detailed, 2: debug, 3-10: noisy. If you experience any problem with Pandora FMS, put this value to 10 to get the maximum detail. High values (e.g. 10) are not intended to be used in production systems because they have a '''great performance impact'''.
+
===dbuser===
  
====master====
+
Username used in the Pandora FMS database connection. It is <code>pandora</code> by default.
  
Master Server priority. The running server with the highest master value will be the master. Ties are broken at random.  If set to 0, this server will never become master. See the [[Pandora:Documentation_en:HA|High Availability (HA)]] chapter for more information.
+
===dbpass===
  
==== snmpconsole ====
+
Password for the connection to Pandora FMS database.
  
'1' enables the SNMP traps reception console, '0' disables it. The console depends on the ''snmptrapd'' UNIX service. Before starting Pandora FMS server, please make sure that the 'snmptrapd' process IS NOT running on your server.
+
===dbhost===
  
==== networkserver ====
+
IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as that of the server, which is <code>127.0.0.1</code>.
  
'1' enables the Pandora FMS Network Server, '0' disables it.
+
===dbport===
  
==== dataserver ====
+
TCP port where the the database engine listens (optional). <code>3306</code> is set by default if the value is commented.
  
'1' enables the Pandora FMS Data Server, '0' disables it. This server processes the XML files coming from the agents, among many other tasks. This server should be always running on the system.
+
===verbosity===
  
==== reconserver ====
+
It is the level of detail for server logs. Possible values range from 0 (off) to 10 (maximum level of detail). With a value of 10, the log will show all the executions that the server performs, including modules, plugins and alerts.
  
'1' enables the Pandora FMS Recon Server, '0' disables it. If you don't want to use the recon server, it's better to keep it disabled.
+
{{Warning|The use of high values is not recommended on an ongoing basis due to the large growth of log files, which can cause performance problems in the system.}}
  
==== pluginserver ====
+
===master===
  
'1' enables the Pandora FMS Plugin Server, '0' disables it.
+
Master server priority. The server with the highest value (a numerical value, positive and without decimals) that is running will be the master. Ties are resolved at random. If set to 0, this server will never become a master. See the [[Pandora:Documentation_en:HA|High Availability (HA)]] chapter for more information.
  
==== predictionserver ====
+
=== snmpconsole ===
  
'1' enables the Pandora FMS Prediction Server, '0' disables it. Prediction server manages Services and synthetic modules, among others.
+
Enabling it (value <code>1</code>) indicates that the [[Pandora:Documentation_en:SNMP_traps_Monitoring|SNMP trap reception console]] is enabled in the configuration. <code>0</code> that it is not. The console depends on the UNIX <code>snmptrapd</code> service and stops and starts it when Pandora FMS boots. Before starting Pandora FMS, verify that the <code>snmptrapd</code> process has not been started in the system.
  
==== wmiserver ====
+
=== snmpconsole_threads ===
  
'1' enables the Pandora FMS WMI Server, '0' disables it.
+
Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to <code>1</code> by default.
  
==== inventoryserver ====  
+
=== translate_variable_bindings ===
  
(Pandora FMS Enterprise only)
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]If set to <code>1</code>, the SNMP console will attempt to translate variable <code>bindings</code> when processing SNMP traps. Set to <code>0</code> by default.
  
'1' enables the Pandora FMS Inventory Server, '0' disables it. It manages the '''remote inventory data'''. The inventory data transmitted by software agents is processed by the Data Server, so there's no need to enable this server unless you want to get inventory data from devices monitored remotely.
+
=== translate_enterprise_strings ===
  
==== exportserver ====
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]If set to <code>1</code> (default value), the SNMP console will attempt to translate enterprise strings when processing SNMP traps.
  
(Pandora FMS Enterprise only)
+
=== snmp_ignore_authfailure ===
  
'1' enables the Pandora FMS Export Server, '0' disables it.
+
''Snmptrapd'' will ignore the <code>authenticationFailure</code> traps in case of it being activated, <code>1</code> (default value).
  
==== webserver ====  
+
=== snmp_pdu_address ===
  
(Pandora FMS Enterprise only)
+
If enabled (value <code>1</code>) Snmptrapd will read from the '''Protocol data units''' (PDU) address instead of the agent address. Its value is <code>0</code> by default.
  
'1' enables the Pandora FMS Web Server (also known as Goliath Server), '0' disables it.
+
=== snmp_trapd ===
  
==== eventserver ====
+
Path to the <code>snmp_trapd</code> binary. If set to manual, the server will not attemp to start <code>snmp_trapd</code>. Its value is manual by default.
  
(Pandora FMS Enterprise only)
+
=== snmp_forward_trap ===
  
'1' enables the Pandora FMS Event correlation Server, '0' disables it (default value is '1').
+
Enables (<code>1</code>) or disables (<code>0</code>) SNMP trap forwarding to the host specified in [[#.28.3E.3D_5.X.29_snmp_forward_ip|snmp_forward_ip]].
  
==== icmpserver ====
+
=== snmp_forward_ip ===
 
 
(Pandora FMS Enterprise only)
 
 
 
Enables (1) or disables (0) the Enterprise ICMP server (default value is 0).
 
The Enterprise ICMP server uses ''NMAP'' to perform block ICMP requests. The XML output of older versions of ''NMAP'' does not report round-trip time. If all your ICMP latency modules return a value of '0', please set this configuration variable to '0'. If the version is incorrect, please install NMAP 5.51 or higher. If you're unsure, you may run NMAP and see if the round-trip time is returned:
 
 
 
nmap -nsP -PE -oX - www.pandorafms.com | grep srtt
 
 
 
==== snmpserver ====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Enables ('1') or disables ('0') the Enterprise SNMP server (default value is '0'). The Enterprise SNMP server uses an external utility called ''braa'' to perform the block of SNMP queries. Modules which can't be processed by ''braa'' will be marked as uninitiated and handled by the Network server. If you experience additional problems with ''braa'', simply set this configuration variable to '0'.
 
 
 
====network_timeout====
 
 
 
It's the timeout -in seconds- for the network server connections on network ICMP modules. Default value is 2 seconds. If you are performing remote checks on WAN networks, you probably should increase this value to avoid incorrect results.
 
 
 
====server_keepalive====
 
 
 
Time before classifying the server as 'down' in seconds. The default value is '45'.
 
 
 
====server_threshold====
 
 
 
The number of seconds for the main loop. Its value is '5' by default. This is a very important configuration token, because it defines how many times Pandora FMS looks into the database or on the hard drives for new data to process. '5' through '10' are good values in most cases - the minimum value is '1'. If you set it to '1', the system CPU load will be very high. You can set it to '1' in in specific cases, e.g. your server has been down for a while and you're required to process the pending XML files and network modules as quick as the system can. Set this to '1', wait for all pending modules / XML processes to be finished and set them to 5 - 15 again. This value, used in conjunction with 'server_threads' and 'max_queue_files', is used to adjust the performance of your server.
 
 
 
====network_threads====
 
 
 
Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires much more processing capacity. Its default value is 5. Please do not use more than 20 - 25 threads or the system could either get unstable or have very low performance.
 
 
 
====icmp_checks====
 
 
 
Defines the number of pings to each 'icmp_proc' kind of module. At least one of these checks has to give back '1' to the module for getting classified as correct. Its default value is '1'. If you set '5' here and the first ping is OK, the other 4 will be skipped.
 
 
 
====(> 5.1SP2) icmp_packets====
 
 
 
Defines the number of ICMP packets sent in each ping request. 1 by default.
 
 
 
====tcp_checks====
 
 
 
Number of TCP retries in case the first one fails. Its default value is 1.
 
 
 
====tcp_timeout====
 
 
 
Specific timeout for TCP connections. The default value is '30'.
 
 
 
====snmp_checks====
 
 
 
Number of SNMP retries in case the first one fails. The default value is '1'.
 
 
 
====snmp_timeout====
 
 
 
Specific expiration time for SNMP connections. Its default value is '3'.
 
 
 
====snmp_proc_deadresponse====
 
 
 
Gives back 'DOWN' if it's impossible to connect with a boolean SNMP module (proc) or if it gets 'NULL' as a response. If set to '0' it should be ignored.
 
 
 
====plugin_threads====
 
 
 
Number of threads for the plugin server. It shows how many checks could be done simultaneously. Its default value is '3'.
 
 
 
====plugin_timeout====
 
 
 
Timeout for the checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is 5, so you'll need to raise this value if your plugins' execution take a few seconds.
 
If a plugin has a higher timeout value, the value set at this parameter of the server will prevail.
 
 
 
==== wmi_timeout ====
 
 
 
WMI timeout checks. After this time, the module status will be shown as 'unknown'. Its default value is '10'.
 
 
 
====wmi_threads====
 
 
 
Number of threads for the WMI server. It shows how many checks can be done simultaneously. Its default value is '2'.
 
 
 
====prediction_threads====
 
 
 
Number of threads for the prediction server.
 
 
 
====recon_threads====
 
 
 
Number of threads for the network recon server. Shows how many checks can be done simultaneously. Its default value is '2'.
 
 
 
====dataserver_threads====
 
 
 
Number of threads for the data server. Shows how many threads for XML processing can be active simultaneously. Its default value is '2'. Recommended max. is '4'.
 
 
 
====inventory_threads====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads assigned to the remote inventory server. It shows how many simultaneous threads are assigned to this component.
 
 
 
====export_threads====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.
 
 
 
====web_threads====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads assigned to the WEB test server. It shows how many simultaneous threads are assigned to this component.
 
 
 
====web_engine====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Set this parameter to "curl" to use cURL instead of LWP for web monitoring. The cURL binary must be installed and set in PATH.
 
 
 
====mta_address====
 
 
 
Mail Server IP address (Mail Transfer Agent)
 
 
 
====mta_port====
 
 
 
Mail server port ('25' by default)
 
 
 
====mta_user====
 
 
 
Mail server user (if necessary for use with authentication)
 
 
 
====mta_pass====
 
 
 
Password for the mail server (if necessary with authentication)
 
 
 
====mta_auth====
 
 
 
Mail server authentication system (if necessary. The supported values are: 'LOGIN', 'PLAIN', 'CRAM-MD5' and 'DIGEST-MD')
 
 
 
====mta_from====
 
 
 
Mail address from which messages will be sent. The default value is ''[email protected]''.
 
 
 
====mail_in_separate====
 
 
 
'1' by default. If set to '1', it delivers separate mail for each destination.
 
If set to '0', the mail will be shared among all destinations.
 
 
 
====xprobe2====
 
 
 
Used to determine the operating system of the remote systems, assigned to the agents when a recon network task is launched. The default path is ''/usr/bin/xprobe2''. If not provided, NMAP will be used instead - it's much more imprecise, though.
 
 
 
====snmpget====
 
 
 
Required for SNMP checks. The default path is ''/usr/bin/snmpget''. It refers to the location of the SNMP standard client for the system. It's recommended not to change this parameter unless you know exactly what you're doing.
 
 
 
====nmap====
 
 
 
Required for the recon server. The default path is ''/usr/bin/nmap''. It's recommended not to change this parameter unless you know exactly what you're doing.
 
 
 
==== (> 5.1) nmap_timing_template ====
 
 
 
A value that specifies how aggressive nmap should be, from 1 to 5. '1' means slower but more reliable, '5' means faster but less reliable. '2' by default.
 
 
 
==== (> 5.1) recon_timing_template ====
 
 
 
Like nmap_timing_template, but applies to Satellite Server and Recon Server network scans.
 
 
 
====plugin_exec====
 
 
 
Shows the absolute path to the program which executes the plugins in a controlled way in time. The default path is ''/usr/bin/timeout''. It's recommend not to change this parameter unless you know exactly what you're doing. ''If your base system doesn't have a timeout command, you should use the path ''/usr/bin/pandora_exec'' instead.
 
 
 
====autocreate_group====
 
 
 
Numeric ID of the default group for the new agents, created with the data server through the datafile reception. The default value is '2'.
 
 
 
====autocreate====
 
 
 
If you change this value to '1' the agents will be created automatically when processing a XML file which hasn't been sent by an existing agent. When set to '0', autocreation is disabled and XML files sent by unknown agents will be discarded, so they will have to be created by hand (bear in mind, agent names are case sensitive).
 
 
 
====max_log_size====
 
 
 
Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to ''pandora_server.log.old'' and the server generates a new one. Default size is 65536 Bytes.
 
 
 
====max_queue_files====
 
 
 
Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by '''incomingdir'''. This prevents the Data Server from trying to process too many files, which would affect server performance. Default value is 5000.
 
 
 
{{warning|Incremental modules may not work properly if this value is not big enough to hold all the XML data files.}}
 
 
 
====use_xml_timestamp====
 
 
 
Deactivated by default. If activated ('1') it uses the XML file timestamp, generated with time and date of the server in the moment of reception, instead of the internal XML file timestamp, which was generated by the server. This can be deactivated globally in case of conflict with the use of the dates generated by the agents and date / hour (timestamp) of the server as a reference for all data. In systems which experience problems with synchronization or systems with wrong date / hour, it's an option which could solve almost any problem.
 
 
 
====auto_restart====
 
 
 
Deactivated by default. If it's activated (value in seconds), it forces the server to do an internal restart each X seconds (1 day = '86400'). This option is useful if you observe a degradation or loss of control of any thread or specific server in use with Pandora FMS.
 
 
 
====restart====
 
 
 
Default value is '0'. If set to '1', the server will restart on critical errors after a given number of seconds.
 
 
 
====restart_delay====
 
 
 
Default value is '60'. The number of seconds the server will wait before restarting after a critical error if '''restart''' is enabled.
 
 
 
====self_monitoring====
 
 
 
The server has a self monitoring flag which creates a virtual agent in the server which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter ''self_monitoring'' must be set to '1'.
 
 
 
==== (>= 5.1SP1) self_monitoring_interval ====
 
 
 
Time interval for self_monitoring in seconds.
 
 
 
====update_parent====
 
 
 
Although the server has a parameter to define if the agent can update it's parent by sending the parents name on the XML: If this parameter is not defined or set to '0', the agent information is ignored. If not, when the server receives an XML with 'parent_name' attribute, it is going to look for an agent with this name - and if it's found, it updates the parent of the agent from the XML.
 
 
 
====icmp_threads====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads for the ICMP Enteprise server (default value is '3').
 
 
 
====snmp_threads====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads for the Enteprise SNMP server (default value is '3').
 
 
 
====block_size====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Block size for block producer / consumer servers, which is the number of modules per block (default value is 15).
 
 
 
====braa====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Location of the braa binary required for the Enterprise SNMP server (default path is '/usr/bin/braa').
 
 
 
====braa_retries====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of retries before braa handles a module over to the Network Server in case of an error.
 
 
 
====event_window ====
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Event window: It's the time window (in seconds) in which the event server will look for events. For example, if set to '3600', the event server is going to check events generated within the last hour.
 
 
 
==== wmi_client ====
 
 
 
Default WMI client used (default value is 'wmic'). Changing this value is ''not'' recommended.
 
 
 
==== activate_gis ====
 
 
 
Flag to activate GIS (positional information for agents and maps). It's deactivated by default.
 
 
 
==== location_error ====
 
 
 
Radius of error in meters to consider two GIS locations as the same location.
 
 
 
==== recon_reverse_geolocation_mode ====
 
 
 
Recon reverse geolocation mode [disabled, sql, file]
 
 
 
* disabled    The recon task doesn't try to geolocate the IP discovered.
 
* sql        The recon task tries to query the SQL database to geolocate the IP discovered.
 
* file        The recon task tries to find the geolocation information of the IP discovered in the file indicated in the 'recon_reverse_geolocation_file' parameter.
 
 
 
==== recon_reverse_geolocation_file ====
 
 
 
Recon reverse geolocation file. This is the database with the reverse geolocation information using MaxMind GPL (GeoLiteCity.dat format).
 
 
 
==== recon_location_scatter_radius ====
 
 
 
Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. Center of the circle is guessed by geolocating the IP.
 
 
 
==== google_maps_description ====
 
 
 
This enable realtime reverse geocoding using Google Maps public API. This requires internet access and could have performance penalties processing GIS information due the connection needed to resolve all GIS input. NOTE: If you don't pay the service to Google, they are going to ban your IP in a few days.
 
 
 
==== openstreetmaps_description ====
 
 
 
This enable realtime reverse geocoding using Openstreet Maps public API. This requires internet access, and could have performance penalties processing GIS information due the connection needed to resolve all GIS input. You can alter the code to use a local (your own) openstreet maps server.
 
 
 
==== event_file ====
 
 
 
This configuration token lets you configure a text file where events, generated by Pandora FMS, will be written in CSV format.
 
 
 
For example:
 
 
 
event_file /var/log/pandora/pandora_events.txt
 
 
 
The first line of the text file is a header containing a list of field names. The contents of pandora_events.txt could be:
 
 
 
id_agente,id_grupo,evento,timestamp,estado,utimestamp,event_type,id_agentmodule,id_alert_am,criticity,user_comment,tags,source,id_extra,id_usuario,critical_instructions,warning_instructions,unknown_instructions,ack_utimestamp
 
Agent_1,Servers,Module Connections opened (136.00) is going to NORMAL,2013-07-01 19:00:57,1,1372698057,going_down_normal,Connections  opened,,2,,,Pandora,,,,,,1372698057
 
Agent_2,Servers,Alert recovered (Critical condition) assigned to (Network Traffic (Outgoing)),2013-07-01 19:00:59,0,1372698059,alert_recovered,Network Traffic (Outgoing),Critical condition,4,,,Pandora,,,,,,0
 
 
 
==== snmp_storm_protection ====
 
 
 
Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.
 
 
 
==== snmp_storm_timeout ====
 
 
 
Time interval for snmp_storm_protection in seconds.
 
 
 
To e.g. prevent a single source from sending more than 1000 traps per 10 minutes:
 
 
 
snmp_storm_protection 1000
 
snmp_storm_timeout 600
 
 
 
==== text_going_down_normal ====
 
 
 
Text for the event that is generated when a module goes to normal status. The macros '_module_ and _data_' are supported.
 
 
 
text_going_down_normal Module '_module_' is going to 'NORMAL'(_data_)
 
 
 
==== text_going_up_critical ====
 
 
 
Text for the event which is generated when a module goes to 'critical' status.
 
 
 
==== text_going_up_warning ====
 
 
 
Text for the event which is generated when a module goes from 'normal' to 'warning' status.
 
 
 
==== text_going_down_warning ====
 
 
 
Text for the event which is generated when a module goes from 'critical' to 'warning' status.
 
 
 
==== text_going_unknown ====
 
 
 
Text for the event which is generated when a module goes to 'unknown' status.
 
 
 
==== event_expiry_time ====
 
 
 
Events older that the specified time (in seconds) will be auto-validated. Set to '0' to disable this feature.
 
 
 
To e.g. automatically validate events 10 hours after they were generated, just use the command:
 
 
 
'event_expiry_time 36000'
 
 
 
==== event_expiry_window ====
 
 
 
This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be bigger than event_expiry_time.
 
 
 
The default value ('86400') is the equivalent of one day:
 
 
 
event_expiry_window 86400
 
 
 
==== (>= 5.X) snmp_forward_trap ====
 
 
 
Enables ('1') or disables ('0') the SNMP trap forwarding to the host specified in [[#.28.3E.3D_5.X.29_snmp_forward_ip|snmp_forward_ip]].
 
 
 
==== (>= 5.X) snmp_forward_ip ====
 
  
 
IP address of the host to which SNMP traps will be forwarded to.
 
IP address of the host to which SNMP traps will be forwarded to.
  
{{warning|Bear in mind that setting a local IP address will cause a forwarding loop that is going to induce a collapse of the Monitoring Server. }}
+
{{warning|Bear in mind that setting a forwarding address to Pandora FMS itself will cause a forwarding loop that will make the Monitoring Server collapse. }}
  
==== (>= 5.X) snmp_forward_version ====
+
=== snmp_forward_version ===
  
 
SNMP version to use when forwarding SNMP traps. This token can only have the following values:
 
SNMP version to use when forwarding SNMP traps. This token can only have the following values:
* 1
+
* <code>1</code>
* 2c
+
* <code>2c</code>
* 3
+
* <code>3</code>
  
==== (>= 5.X) snmp_forward_secName ====
+
=== snmp_forward_secName ===
  
Only for SNMP version 3. It defines the security name. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
Only for SNMP version 3. It defines the authentication security name. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's guide].
  
==== (>= 5.X) snmp_forward_engineid ====
+
=== snmp_forward_engineid ===
  
Only for SNMP version 3. It defines the authoritative (security) engine ID. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
Only for SNMP version 3. It defines the authorized '''engine ID'''. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's manual].
  
==== (>= 5.X) snmp_forward_authProtocol ====
+
=== snmp_forward_authProtocol ===
  
 
Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:
 
Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:
Line 505: Line 152:
 
*SHA
 
*SHA
  
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's manual].
  
==== (>= 5.X) snmp_forward_authPassword ====
+
=== snmp_forward_authPassword ===
  
Only for SNMP version 3. It defines the authentication pass phrase. For more information, please go to [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
Only for SNMP version 3. It defines the authentication password. For more information, go to [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's manual].
  
==== (>= 5.X) snmp_forward_privProtocol ====
+
=== snmp_forward_privProtocol ===
  
 
Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:
 
Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:
Line 518: Line 165:
 
*AES
 
*AES
  
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's manual].
  
==== (>= 5.X) snmp_forward_privPassword ====
+
=== snmp_forward_privPassword ===
  
Only for SNMP version 3. It defines the privacy pass phrase. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
Only for SNMP version 3. It defines the privacy pass phrase. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's manual].
  
==== (>= 5.X) snmp_forward_secLevel ====
+
=== snmp_forward_secLevel ===
  
 
Only for SNMP version 3. It defines the security level. This token can only have the following values:
 
Only for SNMP version 3. It defines the security level. This token can only have the following values:
  
*noAuthNoPriv
+
* <code>noAuthNoPriv</code>.
*authNoPriv
+
* <code>authNoPriv</code>.
*authPriv
+
* <code>authPriv</code>.
  
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
=== snmp_forward_community ===
  
==== (>= 5.1) claim_back_snmp_modules ====
+
[https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol SNMP community] to be defined (<code>public</code>, <code>private</code>, etc.).<br><br><br>
  
If set to 1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (pandora_db) is run.
+
=== networkserver ===
  
==== (> 5.1) snmpconsole_threads ====
+
<code>1</code> enables the Pandora FMS Network Server, <code>0</code> disables it.
  
Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to '1' by default.
+
=== dataserver ===
  
==== (> 5.1) translate_enterprise_strings ====
+
<code>1</code> enables the Pandora FMS Data Server, <code>0</code> disables it.  
  
(Pandora FMS Enterprise only)
+
{{Warning|The [[Pandora:Documentation_en:Architecture#The_Data_Server|Data server]] is a special server that also performs other delicate tasks. If you have several Pandora FMS servers in your installation, at least one of them must have a <code>dataserver</code> thread running.}}
  
If set to 1 the SNMP console will attempt to translate enterprise strings when processing SNMP traps. Set to '1' by default.
+
=== reconserver ===
  
==== (> 5.1) translate_variable_bindings ====
+
Network discovery server, now called Pandora FMS [[Pandora:Documentation_es:Arquitectura#Servidor_de_reconocimiento|Discovery server]]: enabled <code>1</code> or disabled <code>0</code>.
  
(Pandora FMS Enterprise only)
+
=== pluginserver ===
  
If set to 1 the SNMP console will attempt to translate variable bindings when processing SNMP traps. Set to '0' by default.
+
Pandora FMS remote plugin server: <code>1</code> enabled, <code>0</code> disabled.
  
==== (> 5.1SP1) async_recovery ====
+
===plugin_exec===
  
If set to 1 asynchronous modules that do not receive data for twice their interval will become normal. Set to 0 to disable.
+
Shows the absolute path to the program which executes the plugins in a controlled way in time. The default value is <code>/usr/bin/timeout</code>. If your base system does not have this command, use <code>/usr/bin/pandora_exec</code> instead, which is included in Pandora FMS.
  
==== (>= 6.0) console_api_url ====
+
=== predictionserver ===
  
Console's api direction. Usually the direction of the server and the console ended with the route ''/include/api.php''.
+
<code>1</code> enables Pandora FMS Prediction Server, <code>0</code> disables it.
  
==== (>= 6.0) console_api_pass ====
+
=== wmiserver ===
  
Password of the console's api. This password can be found into the general section of the setup and can be empty.
+
<code>1</code> enables Pandora FMS WMI Server, <code>0</code> disables it.
  
==== (>= 6.0) console_user ====
+
===network_timeout===
  
User of the console with permissions to execute the required actions, like get a module graph image to put it in an alert email.
+
It is the timeout -in seconds-  for ICMP checks. Its value is <code>2</code> seconds by default. If you are going to perform checks on WAN networks, it is advisable to increase this value to avoid false positives taking into account that some checks may require more time.
  
==== (>= 6.0) console_pass ====
+
{{Tip|The more timeout you have, the more time you will need to run checks in the worst-case scenario.}}
  
Password of the previously introduced console user.
+
===server_keepalive===
  
==== (>= 6.0) unknown_interval ====
+
It is the time -in seconds- before declaring the server down. Each server checks the status of the servers around it, and in case the date of last update of one of them exceeds this value, it will mark it as down. This affects, to how [[Pandora:Documentation_en:HA|High Availability (HA)]] works, in the case of having several servers.
  
Time interval (as a multiple of the module interval) before a module becomes unknown. Twice the module's interval by default.
+
{{Tip|It is essential that if you have multiple servers, all their internal clocks are synchronized through NTP.}}
  
==== (>= 6.0) global_alert_timeout ====
+
=== thread_log===
  
Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to 0, Pandora Server ignores it and the alert execution will not be interrupted.
+
{{Tip|Version NG  7 or superior.}}
  
==== (>= 6.0) remote_config ====
+
Set to <code>0</code> unless you are debugging your Pandora FMS Server. <code>1</code> causes server threads to periodically dump their status to disk at:
 +
/tmp/<server name>.<server type>.<thread number>.log
  
This parameter controls the possibility to configure the server remotely from the console Manage servers view. It works by Tentacle similarly to agents remote configuration. It's deactivated by default. This parameter, in addition to other remote configuration tokens, is only useful in the Enterprise version.
+
For example:
 
 
==== (>= 6.0) remote_config_address ====
 
 
 
Machine IP Address where remote configuration files will be sent. It is localhost by default.
 
 
 
==== (>= 6.0) remote_config_port ====
 
 
 
Tentacle port for remote configuration. It is 41121 by default.
 
 
 
==== (>= 6.0) remote_config_opts ====
 
 
 
Allows to give additional parameters to the Tentacle client for advanced configurations. They should be between "" (e.g. "-v-r 5").
 
 
 
==== (> 6.0) warmup_event_interval ====
 
 
 
Module status change events will not be generated and module alerts will not be executed for the specified number of seconds since the server starts up (disabled by default). System events will be generated when the warmup interval starts and ends, but the ending event will be delayed until a status change or an alert check occurs.
 
 
 
==== (> 6.0) warmup_unknown_interval ====
 
 
 
Modules will not become unknown (so no unknown events will be generated) and keepalive modules will not be set to 0 for the specified number of seconds since the server starts up (5 minutes by default). System events will be generated when the warmup interval starts and ends.
 
 
 
==== (> 6.0SP4) enc_dir ====
 
 
 
Path to a directory containing additional [http://search.cpan.org/~msergeant/XML-Parser-2.36/Parser.pm#ENCODINGS .enc]  files for the XML parser. This files will be automatically loaded by the Data Server at startup.
 
 
 
==== (> 6.0SP4) unknown_events ====
 
 
 
Enable (1) or disable (0) events related to the unknown module status.
 
 
 
==== (>= 7.0) dynamic_updates ====
 
 
 
The number of times dynamic thresholds will be recalculated per dynamic interval.
 
 
 
==== (>= 7.0) dynamic_warning ====
 
 
 
Percentage relative to the length of the critical interval used to calculate dynamic warning thresholds. The lower the value, the closer the critical and warning thresholds will be.
 
 
 
==== (>= 7.0) dynamic_constant ====
 
 
 
Percentage relative to the module's mean used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.
 
 
 
=== Snmptrapd configuration ===
 
 
 
The SNMP Console of Pandora FMS uses snmptrapd to grab SNMP traps. Snmptrapd is a standard tool, present on almost all UNIX systems, to grab traps and write a logfile. Pandora FMS configures snmptrapd to write a custom logfile and reads it every x seconds, executing alerts if defined.
 
 
 
Previously, snmptrapd will accept all incoming notifications, and log them automatically (even if no explicit configuration is provided). Starting with 5.3 release, access control checks will be applied to incoming notifications.
 
 
 
If snmptrapd is running without a suitable configuration file (or equivalent access control settings), then such traps will not be processed.
 
 
 
You're probably required to configure your snmptrapd using the file ''/etc/snmp/snmptrapd.conf''. If it doesn't exist, please check ''/var/log/pandora/pandora_snmp.log'' file for warnings or errors.
 
 
 
A basic snmptrapd.conf could be like:
 
 
 
authCommunity log public
 
 
 
If doesn't work on your linux distribution, please check your version syntax to enable the reception of traps in your snmptrapd daemon with
 
 
 
man snmptrapd.conf
 
 
 
=== Tentacle Configuration ===
 
 
 
By default, Pandora FMS software agents send the data packages to the server through the Tentacle protocol (Port 41121/TCP assigned by IANA [http://www.iana.org/assignments/port-numbers]). The agent could also be reconfigured to it send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. IF you want them to send the data packages by usinf the Tentacle protocol, then you're required to configure a Tentacle server where this data is intended to be received. When a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.
 
 
 
If it would be necessary to adjust some parameters of the Tentacle server configuration, then it could be done modifying the script that launches the Tentacle Server daemon directly which is in:
 
 
 
/etc/init.d/tentacle_serverd
 
 
 
Furthermore, there is a list of the different options for Tentacle Server configuration:
 
 
 
'''PANDORA_SERVER_PATH'''
 
 
 
The path to the entry directory of data. The default path is ''/var/spool/pandora/data_in''
 
 
 
'''TENTACLE_DAEMON'''
 
 
 
The Tentacle daemon. The default command is 'tentacle_server'.
 
 
 
'''TENTACLE_PATH'''
 
 
 
The path to the Tentacle binary. The default path is '/usr/bin'.
 
 
 
'''TENTACLE_USER'''
 
 
 
User from which the Tentacle demon will be launched. The default value is ''pandora''.
 
 
 
'''TENTACLE_ADDR'''
 
 
 
Direction to listen to the data packages. If you fix 0.0.0.0. it will be listened to all of them. The default value is to listen in all directions. This is true when it's IP is 0.0.0.0.
 
 
 
'''TENTACLE_PORT'''
 
 
 
The listening port for package reception. By default it's 41121 (official port assigned by IANA).
 
 
 
'''TENTACLE_EXT_OPTS'''
 
 
 
Additional options for executing the Tentacle server. You can setup Tentacle to use authentication with certs (x509) and/or simmetric password in both sides here.
 
 
 
=== Tentacle secure configuration ===
 
 
 
Both the server and the agents can use a secure configuration with SSL and/or password using Tentacle. The communication can be established tentacle_client -> tentacle_server, or tentacle_client -> tentacle_proxy -> tentacle_server.
 
 
 
The most common actions are:
 
 
 
'''Simple file transfer with password authentication (not secure):'''
 
 
 
Extra parameters in the tentacle server setup
 
 
 
-x password
 
 
 
Extra parameters in the client side (TENTACLE_EXT_OPTS)
 
 
 
  -x password
 
 
 
'''Secure file transfer without client certificate:'''
 
 
 
Extra parameters in the tentacle server setup
 
 
 
  -e cert.pem -k key.pem
 
 
 
'''Secure file transfer with client certificate:'''
 
 
 
Extra parameters in the tentacle server setup
 
 
 
  -e cert.pem -k key.pem -f cacert.pem
 
 
 
Extra parameters in the client side (TENTACLE_EXT_OPTS)
 
 
 
  -e cert.pem -k key.pem
 
 
 
'''Secure file transfer with client certificate and password authentication:'''
 
 
 
Extra parameters in the Tentacle Server setup
 
  
  -x password -e cert.pem -k key.pem -f cacert.pem
+
[[email protected]]# cat /tmp/pandorafms.*
 +
2017-12-05 09:44:19 pandorafms dataserver (thread 2):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms dataserver (thread 3):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:40 pandorafms eventserver (thread 21):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:40 pandorafms eventserver (thread 22):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms inventoryserver (thread 17):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms inventoryserver (thread 18):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms networkserver (thread 4):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:14 pandorafms networkserver (thread 5):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:14 pandorafms networkserver (thread 6):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:14 pandorafms networkserver (thread 7):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms networkserver (thread 8):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms pluginserver (thread 13):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms pluginserver (thread 14):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms predictionserver (thread 15):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms predictionserver (thread 16):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:39 pandorafms reconserver (thread 10):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms reconserver (thread 9):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:15 pandorafms webserver (thread 19):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:40 pandorafms webserver (thread 20):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms wmiserver (thread 11):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms wmiserver (thread 12):[PRODUCER] Queuing tasks.
  
Extra parameters on the client side (TENTACLE_EXT_OPTS)
+
===server_threshold===
  
  -x password -e cert.pem -k key.pem
+
The number of seconds for the main loop. Its value is '5' by default.  
  
 +
{{Tip|This is a very important value for server configuration, it defines how many times Pandora FMS will search to see whether there are pending data in the database or in the hard disk (to search XML files). 5 to 15 is a valid value in most cases. If set to 1, the CPU usage will go up a lot. You can use the value 1 for special occasions, such as when Pandora FMS has been stopped for some time and there are many XML files and network tasks to process. When set to 1, it will process the pending tasks a little faster, but when it is finished, it should be set between 5 and 15 again.}}
  
==== Secure configuration, real case ====
+
{{Warning|With very low values and high load, there will be an "overheating" effect that progressively increases the CPU and memory consumption of the server.}}
  
We will explain step by step how to configure the agents and the Tentacle server for a secure connection, using Tentacle proxy as well.
+
This value together with the <code>_thread</code> and <code>max_queue_files</code> parameters are used to configure server performance.
  
At first, we really recommend to make the previous testing manually from the shell terminal to make sure that the configuration, parameters and certificates are correct.
+
===network_threads===
  
'''Manual testing:'''
+
Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires many more server resources.  Having more than twenty threads requires having a machine with many independent processors or cores.
  
1. Start tentacle_server manually:
 
  sudo -u ''user'' tentacle_server -x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem -s /tmp -v
 
  
2. Start proxy manually (only if you will use a Tentacle proxy, if not, skip this step):
+
===icmp_checks===
  sudo -u ''user'' tentacle_server -b ''ip_server'' -g 41124
 
  
3. Launch tentacle_client manually:
+
It defines the number of pings to each '<code>icmp_proc</code> module. At least one of these checks has to return 1 to the module to be classified as correct. Its default value is 1. If you set '5' here and the first ping is OK, the other 4 will be skipped.
  sudo -u ''user'' tentacle_client -a ''ip_proxy/ip_server'' -x password -e tentaclecert.pem -k tentaclekey.pem -v /bin/ls (or any file)
 
  
 +
{{Tip|In case of networks that have limited reliability, it is recommended to key in 2 or 3. A higher number will cause the rate of checks per second to decrease significantly in the event of any network segment failure.}}
  
{{Warning|It is necessary to '''ALWAYS''' specify the absolute path where the certificates are stored, for example ''/home/tentaclecert.pem''}}
+
Do not mistake it with the <code>icmp_packets</code> parameter which refers to the number of packets within the ping itself. The <code>icmp_checks</code> value defines the number of pings, each with its <code>icmp_packets</code>.
  
Once we have checked that the sending of the file has been successful, we can proceed to permanently configure tentacle_server and the clients.
+
=== icmp_packets===
  
To configure tentacle_server with the secure certificate options, we have to edit the starting script of the '''tentacle_serverd''' service, commonly on ''/etc/init.d/tentacle_serverd'', the same for the intermediate proxy.
+
Defines the number of ICMP packets sent in each ping request. <code>1</code> by default.
To configure the agents to use the secure tentacle comunication, we have to edit the configuration files of the agent '''pandora_agent.conf''', commonly on ''/etc/pandora/pandora_agent.conf''.
 
  
'''Permanent configuration:'''
+
===tcp_checks===
  
1. Start the server with SSL. Modify the script ''/etc/init.d/tentacle_serverd''. Search the line TENTACLE_EXT_OPTS, and add "-x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem". It should look like this:
+
Number of TCP retries in case the first one fails. Its default value is <code>1</code>.
  TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"
 
  
2. Start the proxy. Modify the script ''/etc/init.d/tentacle_serverd'' on the system that will act as a proxy. Same as in the previous step, search for the line TENTACLE_EXT_OPTS, and add "-b ''ip_server'' -g 41121". Like this:
+
===tcp_timeout===
  TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -b 192.168.70.208 -g 41121"
 
  
3. Launch the agent with the related options. Modify the pandora_agent.conf file, search the token server_opts and add "-x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem". Don't forget to set the token ''server_ip'' with the ip of the proxy instead of the main server if you will use it. It should look like this:
+
Specific timeout for TCP connections. The default value is <code>30</code> seconds.
  server_opts -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem
 
  
 +
{{Tip|A high number (>40) will cause the rate of checks per second to decrease significantly in the event of a network segment failure.}}
  
{{tip|If you don't want to use any of the options, like for example the password, just don't set it on the configuration.}}
+
===snmp_checks===
  
== WEB Console ==
+
Number of SNMP retries in case the first one fails. The default value is <code>1</code>.
  
The Pandora FMS web console has a configuration file which usually is created and configured when it's installed. If the installation is done through the DEB or RPM packages or from the Pandora FMS installation CD, then it's configured in an automated way. If it's installed in a manual way, it's contained in the tarball package. It could also be configured by the web assistant through ''http://ip_instalacion_consola/pandora_console/install.php''
+
===snmp_timeout===
  
The configuration file config.php is in the directory '/include/' in the console installation directory. This could be '/var/www/pandora_console' (Debian, Ubuntu) or '/srv/www/htdocs/pandora_console/' (SUSE, RH, Fedora...), depending on the distribution.
+
Specific expiration time for SNMP connections. Its default value is <code>3</code>.
  
=== Configuration File config.php ===
+
{{Tip|A high number  will cause the rate of checks per second to decrease significantly in the event of a network segment failure.}}
  
The configuration options in the file are contained in the header, and these are:
+
===snmp_proc_deadresponse===
  
'''$config["dbname"]'''
+
Returns <code>DOWN</code> if it is impossible to connect with a boolean SNMP module ('''proc''') or if it gets <code>NULL</code> as a response. If set to <code>0</code>, it is ignored.
  
Database name to connect to. The default value is 'pandora'.
+
===plugin_threads===
  
'''$config["dbuser"]'''
+
Number of threads for the remote plugin server. It shows how many checks could be done simultaneously.
  
User name for the connection against the Pandora database. The default value is 'pandora'.
+
===plugin_timeout===
  
'''$config["dbpass"]'''
+
Timeout for checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is <code>5</code>, but you may want to raise it to a higher value in case you have plugins that may take longer than that.
Password for the connection against Pandora FMS database.
 
  
'''$config["dbhost"]'''
+
=== wmi_timeout ===
  
IP adress or equipment name which hosts the Pandora FMS database. In a reduced installation, it usually is the same equipment where the server is, which is 'localhost'.
+
Expiry time of WMI checks. After this time, the module status will be displayed as unknown. Its default value is <code>10</code>.
  
'''$config["homedir"]'''
+
===wmi_threads===
  
Directory where the Pandora FMS web console is located. This is usually '/var/www/pandora_console' or '/srv/www/htdocs/pandora_console'.
+
Number of threads for the [[Pandora:Documentation_en:Architecture#The_WMI_Server|WMI server]]. It shows how many checks can be done simultaneously.
  
'''$config["homeurl"]'''
+
===recon_threads===
  
Base directory for Pandora FMS. This is usually '/pandora_console'.
+
Number of threads for the [[Pandora:Documentation_en:Architecture#The_Recon_Server|network recon server]]. It shows how many checks can be done simultaneously.
  
'''$config["public_url"]'''
+
===dataserver_threads===
  
The full URL is set with the string value, the value is the URL of inside Pandora FMS Server if you use a inverse proxy e.g. 'mod_proxy' from Apache.
+
Number of threads for the data server. Shows how many XML files can be processed simultaneously. As a specific rule for the ''dataserver'', a number of threads higher than the machine's physical processors should not be used.
  
==== Redirection to  '/pandora_console' from / ====
+
{{Tip|In the specific case of the ''dataserver'', a value higher than 5 or 6 does not imply better performance.}}
  
If you only have one Pandora FMS in your Apache server then it's possible that you could benefit by automatically re-addressing '/pandora_console' when users connect with the URL of their server. To do this, you could create the following file ''index.html'' and put it in the web server root directory ('/var/www' or '/srv/www/htdocs'):
+
===mta_address===
  
For the case if users connect with the URL / of their server. You can create the following file ''index.html'' and put it in the web servers root directory for it:
+
Mail Server IP address (Mail Transfer Agent).
 
 
<pre>
 
<html>
 
<head>
 
<meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
 
</head>
 
</html>
 
</pre>
 
  
== Pandora FMS Software Agents ==
+
{{Warning|If you are using a Pandora FMS ISO installation and you want to use the Postfix server distributed in it, make sure that your Pandora FMS server is able to resolve through its DNS server the mail server in charge of your e-mail domain.
  
=== What is an Agent ? ===
+
<code><nowiki>nslookup -type=mx my.domain</nowiki></code>
  
Pandora FMS software agents collect all data from their systems. They are each executed in a local system, but they also can collect remote information through the monitoring systems installation for the agent in several different machines.
+
Also, make sure in this case that your mail server accepts the emails redirected from Pandora FMS server.}}
  
They are developed to work with a fixed platform, using specific tools from the language which was used: VBScript / Windows scripting for Microsoft platforms (Windows 2000, Windows XP, Windows 2003 and Windows Vista), ShellScripting for UNIX including GNU/Linux, Solaris, AIX, HP-UX and BSD and also the Nokia IPSO. The Pandora FMS agents could be developed in any language as long as it would be a system with an easy API and open code. There are modalities of the Pandora FMS project which has been started for the agents creation in Posix, C, Perl and Java for systems which require closed agents.
+
{{Warning|If not set, [[Pandora:Documentation_en:Console_Setup#General_Setup|Pandora FMS Console configuration]] will be used. It is possible to have a different MTA configuration for the Pandora FMS Server and the Pandora FMS Console.}}
  
''' Pandora FMS is 100% open code''', e.g. in the way the agents collect and send information is documented and could analyze and / or modify the code to suit to your needs. An agent could be created again in any programming language and could also be easily updated to improve aspects of the program that hadn't been covered completely.
+
===mta_port===
  
This document describes the agent installation in machines that work with the Windows and UNIX operating systems.
+
Mail server port (<code>25</code> by default)
  
==== General Role of Software Agents ====
+
===mta_user===
  
The Software Agents general role is based on obtaining information about the operating system on which they are installed, to collect this information and sending it to the Server.
+
Mail server user (if necessary for authentication).
  
Pandora FMS software agents use the specific commands of the operative system in order to obtain the information. The Pandora FMS Data Server keeps and processes the data generated by these commands and sent to the server in an XML file.
+
===mta_pass===
  
The information returned by these commands is kept in what is called a 'Module'. If the agent has been added in 'learning mode', the modules which have been sent and which haven't been previously defined in the logical agent will be created automatically by the server.
+
Mail server password (if necessary for authentication).
  
=== Introduction to the Agent Configuration ===
+
===mta_auth===
  
The agent is controlled by a unique configuration file which has a syntax which is almost identical in UNIX systems as it's in Windows Systems. This file is named ''pandora_agent.conf'' and it's located in the agent installation directory (in Windows Systems) and under ''/etc/pandora/pandora_agent.conf'' in Unix systems.
+
Mail server authentication system if necessary; the supported values are:
  
This configuration file is a plain text file with different options which could all be modified by the administrator. To modify it or it's performance, just configure where ther data is supposed to get sent to, which things have to be monitored and how it's going to be done.
+
* <code>LOGIN</code>.
 +
* <code>PLAIN</code>.
 +
* <code>CRAM-MD5</code>.
 +
* <code>DIGEST-MD</code>.
  
{{warning|Configuration file encoding. It's very important and has to have the same value which is set in the '''encoding''' configuration parameter. If the encoding is set properly, the reception of data with improper encoding characters is going to be avoided.}}
+
===mta_from===
  
Now we're going to deal with all the general parameters for the Software Agent and the monitoring modules - which are the ones defining how and what is locally monitored with the Software Agent.
+
Mail address from which messages will be sent. The default value is <code>[email protected]</code>.
  
=== General Agent Parameters ===
+
===mta_encryption===
  
The Configuration of the General Agent Parameters is defined in this section. Some of them are common for all systems and others are intended specifically for Windows or Unix machines. The general parameters are:
+
{{Tip|Version NG 7 or superior.}}
  
 +
SMTP connection encryption type (<code>none</code>, <code>ssl</code>, <code>starttls</code>).
  
{{warning|The first time the server receives data from an agent is going to save all of the information into the database. For the following received data it will only update (depending on learning mode status enabled/disabled) the following fields from XML file: '''version''', '''date''', '''OS version''', and the following parameters from the configuration file: '''gis_exec''', '''latitude''', '''longitude''', '''altitude''' '''parent_agent_name''', '''timezone_offset''', '''address''' and '''custom_field'''.}}
+
===mail_in_separate===
  
====server_ip====
+
<code>1</code> by default. If set to <code>1</code>, it delivers separate mail for each recipient.
 +
If set to <code>0</code>, the mail will be shared among all recipients.
  
It's the IP address or the name of Pandora FMS Server Host where all data will be stored. The server has to be prepared to collect the data either by SSH (listening on port 22), Tentacle (port 41121), FTP (port 21), SMB or NFS.
+
===xprobe2===
  
====server_path====
+
If  provided, it  is used to determine the operating system of the remote systems, when a recon network task is launched. The default path is <code>/usr/bin/xprobe2</code>.
  
The server path is the comprehensive file path where the server stores all the data which was sent by the agent. The default path is '/var/spool/pandora/data_in'.
+
===nmap===
  
====temporal====
+
Required for the [[Pandora:Documentation_en:Architecture#The_Recon_Server|Discovery server]]. The default path is <code>/usr/bin/nmap</code>.
  
This is the complete path of the folder where the agent stores the local data before sending them to the server.
+
===fping===
  
Please consider the data packages are deleted by default once the agent tries to contact with the Pandora FMS Server. It's not taking into account if the connection was successful or not (although this function could be changed, as we see later).
+
Required for the ICMP server. It is located at <code>/usr/sbin/fping</code> by default.
  
This is done to prevent an overload on the harddrive of the host system where the agent runs. The location of the local file changes, depending on the architecture of the host system. Under UNIX systems it's usually at '/var/spool/pandora/data_out', and under Windows systems it's 'C:\program files\pandora_agent\temp'. The Windows installer is going to create this directory depending on where it decides to install Pandora FMS by default.
+
=== nmap_timing_template ===
  
And under Windows systems, the Windows installer is going to create this directory by default, depending on where it decides to install Pandora FMS.
+
A value that specifies how aggressive '''nmap''' should be, from <code>1</code> to <code>5</code>. <code>1</code> means slower but more reliable, <code>51</code> means faster but less reliable. <code>2</code> set by default.
  
====description====
+
=== recon_timing_template ===
  
Sends the description of the agent in XML and Pandora FMS imports this description when it creates the Agent.
+
It is just like the [[Pandora:Documentation_en:Configuration#nmap_timing_template|nmap_timing_template]], but applied to Satellite Server and Recon Server network scans.
  
====group====
+
===snmpget===
  
Sends the name of the group we want the agent to own, and that is only used in the moment the agent is created. The Pandora FMS Server will automatically use this group to put the agent in the selected group.
+
Required for SNMP checks. The default path is <code>/usr/bin/snmpget</code>. It refers to the location of the SNMP standard client for the system. In the case of Windows, a binary is provided for this purpose.
  
====temporal_min_size====
+
===braa===
  
If the free space (in MB) of the partition in which the temporary directory is located. If it's smaller than this value, it would continue generating data packages. It avoids the disk becoming full if the connection with the server is lost during an extended interval under any circumstances.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
====logfile====
+
Location of the '''braa''' binary required for the Enterprise SNMP server (default path is <code>/usr/bin/braa</code>).
  
The path to the Pandora FMS agent events record file. The file could be used to check the system and to investigate other things.
+
===braa_retries===
  
====interval====
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
 +
Number of retries before '''braa''' hands a module over to the Network Server in case of an error.<br><br>
  
This is the time interval (in seconds) in which the agent is going to collect data from the host system and send the data packages to the server. The range of recommended values constitutes from 300 (5 minutes) to 600 (10 minutes). This value could be bigger, but it's important to consider the impact of a higher value in the database. The execution is not recommended if it's configured to be below 30-60 seconds.
+
=== fsnmp ===
 +
{{Tip|Version NG  7 or superior.}}
  
====disable_logfile====
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
 +
Path to the '''pandorafsnmp''' binary, used by the Enterprise SNMP Server for SNMPv3 requests (<code>/usr/bin/pandorafsnmp</code> by default).
  
This parameter disables log writing in pandora_agent.log. Only for Windows.
+
===autocreate_group===
  
====debug====
+
Numeric ID of the default group for new agents, created with the data server through the datafile reception. If there is no defined group here, the agents will be created in the group containing the XML.
  
This parameter is used to check the creation of data in the files, so the data content of the files could be checked. No data is destroyed when the process has been completed, so the data of the files will be at the temporary directory. The activity is registered in the registry file. The registry file is 'pandora_agent.log' (see logfile above).
+
===autocreate_group_force===
  
Before Pandora 6.0, an agent in debug mode did not report to server.
+
If set to <code>1</code>, new agents will be added to the group specified by [[Pandora:Documentation_en:Configuration#autocreate_group|autocreate_group]] (the group specified by the agent will be used as fallback).
  
====agent_name====
+
If set to <code>0</code>, new agents will be added to the group specified by the agent (the group specified by '''autocreate_group''' will be used as fallback).
  
This is an alternative name for the host. This parameter is optional. This has not been declared but obtained directly from the system. The parameter could be used to overwrite the host name for another one in case of a conflict.
+
For example, with the following configuration a new agent would be placed in the group specified in its XML data file if possible, or the group with ID 10 if not:
  
====(>=5.1SP2) agent_name_cmd====
+
autocreate_group 10
 +
autocreate_group_force 0
  
If you want to define agent name using external command, set this parameter. This is optional. When this parameter is set, 'agent_name' is ignored. External command should return agent name string to STDOUT. If that returns several rows, string in the first row is used as the agent name.
+
===autocreate===
  
====address====
+
Setting it to <code>1</code> will autocreate agents when data files with an agent ID that does not exist in the system are received.
  
This is the IP address of the software agent. It could be an IP address with the format X.X.X.X or a domain name such as 'localhost' or 'auto'. If it's an IP address or a domain name, it will be added to the addresses of the agent and established as a main address. If the value is 'auto', it will obtain the IP address from the host and added to the agent as in the previous case.
+
{{Tip|If you want to set up a security mechanism, you can set a group password.}}
  
====encoding====
+
===max_log_size===
  
Installs the kind of codification of the local system, such as ISO-8859-15 or UTF-8. This option is available for the UNIX and Windows agents from Pandora FMS 2.0.
+
Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to <code>pandora_server.log.old</code> and the server generates a new one with the original name, <code>pandora_server.log</code>. Default size is 65&nbsp;536 Bytes.
  
====server_port====
+
===max_log_generation===
  
This parameter allows to identify the remote port of the server that is waiting. By default it's 41121 for Tentacle. In case Tentacle is not used or that the server is configured to use another port, this is the place where it should be changed.
+
It specifies max generation count (between <code>1</code> and <code>9</code>) of Pandora FMS server log files. The default value is <code>1</code>.
  
====transfer_mode====
+
===max_queue_files===
  
This parameter specifies the transfer mode we have to install in order send the agent data to the server. The available modes are  '''SSH''' (using SCP), Tentacle, FTP o local. The local mode is only for systems where the agent is executed in the same machine that the server, because it is basically an copy between directories. The local mode is available only for GNU/Linux agents.
+
Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by [[Pandora:Documentation_en:Configuration#incomingdir|incomingdir]]. This prevents the Data Server from trying to process too many files, which would affect server performance. The default value is 5000.  
  
==== (>= 6.0) transfer_timeout ====
+
{{warning|Incremental modules may not work properly if this value is not high enough to hold all the XML data files.}}
  
This parameter specifies timeout in seconds for file transfer programs execution. The default value is '30' if not defined.
+
===use_xml_timestamp===
  
====server_pwd====
+
It is enabled (<code>1</code>) by default and it uses the date and time (timestamp) defined '''inside the XML''' (<code>.data</code>), that is, the timestamp generated by the agent.
  
Specific for the password of Windows FTP  and for the Tentacle transference mode, although the password at the last one is optional. Server password for authentication with password.
+
If disabled (<code>0</code>), it will use the timestamp of the XML file, that is '''the server's timestamp'''. This could be useful to '''globally''' disable the use of dates generated by agents and just use the server's date and time as a reference for all data, because this timestamp is generated right when Pandora FMS server receives the XML.  
 
   
 
   
====server_ssl====
+
{{warning|These settings changed in Pandora FMS 747 version. In previous versions this token is disabled by default.}}
  
Specific for the Tentacle transfer mode. Allows to authorize ('1') or deny ('0) the connections which encrypt through SSL.
+
{{Tip|There is a similar feature at agent level, so that the agent data gets evaluated with the date the file was received.}}
  
====server_opts====
+
===auto_restart===
  
Specific for the Tentacle transfer mode. Allows to give additional parameters to the Tentacle client for advanced configurations. For example: server_opts -v -r 5
+
Deactivated by default. If activated (value in seconds) it forces the server to restart internally every N seconds (1 day = 86400). This option is useful if degradation is noticed due to the uncontrolled failure of some thread or specific Pandora FMS server.
  
Coming with the 3.2 agent version, tentacle supports the optional use of a HTTP proxy (using CONNECT) mode to send information to the server. This is implemented using an advanced option like this:
+
===restart===
  
server_opts -y user:[email protected].inet:8080
+
It is disabled by default (<code>0</code>). The server will restart in the face of critical errors after a few seconds.
  
This will force the tentacle client to use 'proxy.inet' on port 8080 using "user" and "pass" for authentication. If you intend to use a proxy on e.g. 192.168.1.2 on port 9000 without credentials, the command would have to be:
+
===restart_delay===
  
server_opts -y 192.168.1.2:9000
+
The default value is <code>60</code>. The number of seconds the server will wait before restarting after a critical error if [[Pandora:Documentation_en:Configuration#restart|restart]] is enabled.
  
====delayed_startup====
+
=== activate_gis ===  
  
This parameter allows to configure the Pandora FMS agent in order to start working after any specific amount of time (in minutes) after manual execution. It could be useful for systems with a lot of load packages. It's deactivated by default, which means the Pandora FMS agent is going to start working from the moment it will be executed manually. This option is only valid for UNIX agents.
+
Enable (<code>1</code>) or disable (<code>0</code>) [[Pandora:Documentation_en:Pandora_GIS|server GIS features]].
  
====pandora_nice====
+
=== location_error ===  
  
This parameter allows to specify the priority, the Pandora FMS agent process will have within the system. It's only available for Unix / Linux agents.
+
Margin of error in meters to consider two GIS locations as the same location.
  
====autotime====
+
=== recon_reverse_geolocation_file ===  
  
If it's enabled ('1') it's going to send a timestamp of special execution (AUTO) that makes the server use its local date / hour to establish the data hour, not paying attention to the hour sent by the agent. This is necessary in agents which have a wrong hour or a different hour from the server for any reason.
+
Recon reverse geolocation file. This file must be in MaxMind GPL format (<code>GeoLiteCity.dat</code> format). If this option is commented on in the configuration file, it will disable geolocation by IP when creating agents using recon and software agents. Geolocation will not be carried out either if the GIS features ([[Pandora:Documentation_en:Configuration#activate_gis|activate_gis]]) are disabled overall.
  
====cron_mode====
+
=== recon_location_scatter_radius ===  
  
With this parameter, it's possible to make the agents using the Linux crontab functions to execute itself in a predetermined interval instead of using the agents internal system to execute itself on a certain time. It's deactivated by default and it's -not- recommended to use it unless it's an absolute necessity.
+
Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. The center of the circle is found out by geolocating the IP.
  
====remote_config====
+
===self_monitoring===
  
This parameter controls the possibility to configure the agent remotely from the console. '1': The remote configuration is allowed. '0': The remote configuration is not allowed. It's deactivated by default.
+
The server has a self monitoring flag which creates an agent with the same name as the server, which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter <code>self-monitoring</code> must be set to <code>1</code>.
  
====xml_buffer====
+
=== self_monitoring_interval ===  
  
The default value is '0'. If set to '1', the agent is going to save any XML data files which couldn't be sent and retries later.
+
Time interval for [[Pandora:Documentation_en:Configuration#self_monitoring|self_monitoring]] in seconds.
  
if you are in a secured environment under UNIX and want to enable the XML buffer, you should consider changing the temporal directory, since anyone has the right to write into '/tmp'.
+
===update_parent===
  
''An example of the general parameters from a UNIX configuration would be:
+
Defines whether the agent can update its parent by sending the parent name in XML, but if the parameter is not set or is 0, then the agent information will be ignored.
  
server_ip      192.168.1.1
+
If this is not the case, when the server receives an XML with the <code>parent_name</code> attribute, it searches for an agent with this name, and if it finds it, it updates the parent of the XML agent.
server_path    /var/spool/pandora/data_in
 
temporal        /var/spool/pandora/data_out
 
logfile        /var/log/pandora/pandora_agent.log
 
interval        300
 
debug          0
 
agent_name      box01
 
server_port    41121
 
transfer_mode  tentacle
 
remote_config  1
 
  
''An example of the general parameters from a Windows configuration would be :''
+
=== google_maps_description ===
  
server_ip      192.168.1.1
+
This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Google Maps API. To be able to use this feature you need internet access, and you can have performance penalties processing GIS information due to the connection speed against Google API from Pandora FMS server.
server_path    /var/spool/pandora/data_in
 
temporal        c:\archivos de programa\pandora_agent\temp
 
interval        300
 
debug          0
 
agent_name      box01
 
server_port    41121
 
transfer_mode  tentacle
 
remote_config  1
 
  
====timezone_offset====
+
{{Warning|The Google Maps API is a paid service and requires credentials, you will need to obtain the KEY API and pay, otherwise the service will be suspended after a couple of days of use.}}
  
The agent can set it's timezone offset with the server now. It's very useful to have agents with a different timezone synchronized on the same time with a server in another timezone. Agents will send the shifted timezone to the server.
+
=== openstreetmaps_description ===
  
  # Timezone offset: Difference with the server timezone
+
This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the [https://en.wikipedia.org/wiki/OpenStreetMap OpenStreetMaps] API. This service is not as accurate as Google Maps, but it is free. It also has the advantage that it can - through code modifications - be modified to connect to a local server.
timezone_offset 3
 
  
It is calculated by subtracting the agent's timezone from the server's timezone. For example, if the server's timezone is UTC+1 and the agent's timezone is UTC-5, the timezone offset should be 6 = 1 - (-5).
+
{{Tip|If used with direct Internet connection (default), Internet access is required, and you can have performance penalties processing GIS information to the OpenStreetMaps API from Pandora FMS server due to the connection speed.}}
  
====parent_agent_name====
+
=== webserver ===  
  
If the server allows it, it's also now possible to update the parent of an agent by sending the name of the parent agent in XML.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
parent_agent_name parent_name
+
WEB check server, which can be enabled (<code>1</code>) or disabled (<code>0</code>). It is also known as [[Pandora:Documentation_en:Architecture#The_web_server_.28Goliat.29|Goliat server]]. It has nothing to do with the Web User Experience (WUX) monitoring server.<br><br>
  
==== agent_threads <threads> ====
+
===web_threads===
  
Number of threads the agent is going to launch to execute modules simultaneously. by default there is a single thread, to execute one module, and later the other, and go on until finish all of them. This is only available in Unix agents.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
====include <filename> ====
+
Number of threads assigned to the WEB test server (Goliath). It shows how many simultaneous threads are assigned to this component.
  
This is the alternative configuration file path. This file can contain additional modules and collections alongside the ones found in the main configuration file. This token is optional. In matters related to perl agents, it allows for filename wildcards.
+
===web_timeout===
  
====broker_agent <name>====
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
It manages configuration and data collection from an agent like if they would be multiple numbers of it. A new configuration file is created for each broker agent added in the main configuration file with the name we have assigned to it. This token will be used only in the broker agent and not in the new agents created by it. These new agents will start reporting after the next execution. This token is optional.
+
Default expiration time in seconds for web monitoring modules (Goliath).
  
====pandora_user <user>====
+
===web_engine===
  
This parameter is optional and allows to execute the agent with the specified system user. This user has to have have permissions to execute the agent and all associated resources.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
As we can see, most of the parameters from a Windows and a UNIX agent are the same.
+
'''cURL''' is used by default from version 747 onwards. Set this parameter to <code>LWP</code> to use [https://www.perl.com/pub/2002/08/20/perlandlwp.html/ Library for WWW in Perl (LWP)] instead of '''cURL''' for web monitoring.
  
====(>= 5.X) custom_id====
+
=== inventoryserver ===  
  
Custom ID of the agent for external applications.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
====(>= 5.X) url_address====
+
<code>1</code> enables the Pandora FMS Inventory Server, <code>0</code> disables it.
  
Custom URL to open it from the agent in the console.
+
===inventory_threads===
  
====(>= 5.X) custom_fieldX_name====
+
[[Image:icono-modulo-enterprise.png|left|Versión Enterprise.]]
  
Name of an agent custom field which already exists on the system. If doesn't exist, it will be ignored.
+
Number of threads assigned to the remote inventory server.
  
Example:
+
=== exportserver ===
  
custom_field1_name Model
+
[[Image:icono-modulo-enterprise.png|left|Versión Enterprise.]]
  
====(>= 5.X) custom_fieldX_value====
+
<code>1</code> enables Pandora FMS Export Server, <code>0</code> disables it.<br><br>
  
Value for the custom field X defined in the previous parameter.
+
===export_threads===
  
Example:
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
custom_field1_value C1700
+
Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.
  
==== (> 5.1 Unix agent only) macro<macro> <value> ====
+
=== eventserver ===  
  
It defines a local execution macro which could be used in the module definition. This kind of macros are used mostly in the metaconsole system, and in the local module component system to "abstract" the difficulty of use a local module, to do not have to edit the source module definition. With these, a new field will appear in the GUI. The local execution macros have similar names than the local plugin macros: _field1_, _field2_....
+
[[Image:icono-modulo-enterprise.png|left|Versión Enterprise.]]
  
Example:
+
<code>1</code> enables Pandora FMS Event correlation Server, <code>0</code> disables it (default value is <code>1</code>).<br><br>
  
<pre>
+
===event_window ===
module_begin
 
module_name FreeDisk_opt
 
module_type generic_data
 
module_exec df -kh _field1_ | tail -1 |  awk '{ print $5}' | tr -d "%"
 
module_macro_field1_ /opt
 
module_end
 
</pre>
 
  
==== (>= 6.0SP5) group_password <password> ====
+
[[Image:icono-modulo-enterprise.png|left|Versión Enterprise.]]
  
Password for the agent group. Leave commented if the group is not password protected.
+
Event window: It is the time window (in seconds) where the event server will look for events. For example, if set to '3600', the event server will check events generated within the last hour. If you have rules where the time window is longer, you will have to modify this value. A very large value will cause the system to degrade and require more resources (CPU, RAM) to operate.
  
==== (>= 7.0) ehorus_conf <path> ====
+
=== event_inhibit_alerts ===
  
Absolute path to a valid [https://ehorus.com/ eHorus] agent configuration file. The agent will create a custom field named ''eHorusID'' that contains the eHorus agent's identifying key.
+
{{Tip|Version NG  7 or superior.}}
  
 +
If set to <code>1</code>, an alert will not be executed (unless it is recovered) if the last event it generated is in 'in progress' status. <code>0</code> by default.
  
Sample:
+
=== icmpserver ===
  
ehorus_conf /etc/ehorus/ehorus_agent.conf (linux)
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
ehorus_conf /usr/local/ehorus_agent/ehorus_agent.conf (mac)
 
ehorus_conf "c:\program files\ehorus_agent\ehorus_agent.conf" (windows)
 
  
=== Secondary Server ===
+
Enables (<code>1</code>) or disables (<code>0</code>) the Enterprise ICMP server.
  
An special kind of general configuration parameter is the definition of a secondary server. This allows the definition of a server to send data to, in a complementary way to the server defined the standard way. The secondary server mode works in two different ways:
+
{{Tip|The ICMP Enterprise server uses the [[Pandora:Documentation_en:Configuration#fping|'''fping''' binary]] binary to perform ICMP requests in bulk. If this component is not enabled, the network server will run the checks, but with a much worse performance.}}
  
* '''on_error''': Send data to the secondary server only in cases it could not send them to the primary one.
+
===icmp_threads===
* '''always''': Always send data to the secondary server, no matter if it's able to contact the main server or not.
 
  
Configuration example:
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
secondary_server_ip    192.168.1.123
+
Number of threads for the ICMP Enteprise server (default value is <code>3</code>).<br><br>
secondary_server_path  /var/spool/pandora/data_in
 
secondary_mode          on_error
 
secondary_transfer_mode tentacle
 
secondary_server_port  41121
 
  
=== UDP Server ===
+
=== snmpserver ===  
  
The Pandora FMS Agent (both, Unix and Windows) allows to configure the agent for listening to remote commands. This server listens on a user specfied UDP port and allows to receive orders from a remote system - ideally from Pandora FMS through the execution of alerts on the server.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
There are several options to configure the UDP remote server. The default file is ''pandora_agent.conf''
+
Pandora FMS snmp server enabled (<code>1</code>) or disabled (<code>0</code>).
  
* '''udp_server''': To activate the UDP server, set it on '1'. This is deactivated by default.
+
{{Tip|The SNMP Enterprise server uses the [[Pandora:Documentation_en:Configuration#braa|''braa'' binary]] to execute SNMP queries in block. If this component is not enabled, the network server will run the checks.}}
* '''udp_server_port''': Port where it listens.
 
* '''udp_server_auth_address''': Authorized IP address to send orders. Several Addresses can be set splitting them by comma. If it is configured with 0.0.0.0, UDP Server will accept orders from all addresses. Nevertheless, for security reasons, please restrict the access to this agent from known IPs.
 
* '''process_<name>_start <command>''': Command which is going to start a user-defined process.
 
* '''process_<name>_stop <command>''': Command which is going to stop the process.
 
* '''service_<name> 1''': Allows the service <name> to be started or stopped remotely from the UDP server.
 
  
Configuration Example:
+
===snmp_threads===
  
udp_server 1
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
udp_server_port 4321
 
udp_server_auth_address 192.168.1.23
 
process_firefox_start firefox
 
process_firefox_stop killall firefox
 
service_messenger 1
 
  
The server accepts the following commands:
+
Number of threads for Enteprise SNMP server (default value is <code>3</code>).<br><br>
  
* '''<START|STOP> SERVICE <name of the service>''': Starting or stopping a service.
+
===transactionalserver===
* '''<START|STOP> PROCESS <name of the process>''': Starting or stopping a process.
 
* '''REFRESH AGENT <name of the agent>''': Forces one execution of the agent and refreshes data.
 
  
In 5.0 version, Unix agent only implements REFRESH AGENT command.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
For example:
+
Pandora FMS transactional server enabled (<code>1</code>) or disabled (<code>0</code>).<br><br>
  
STOP SERVICE messenger
+
===transactional_threads===
START PROCESS firefox
 
REFRESH AGENT 007
 
  
There is a script on the server at ''/util/udp_client.pl''which is used by the Pandora FMS Server as a command of an alert to start process or services. It has this syntax:
+
Set to <code>1</code> by default. The presence of this parameter is a mere transaction, its modification will not alter the operation of the transactional server.
  
./udp_client.pl <address> <port> <command>
+
===transactional_threshold===
  
To e.g. restart an agent:
+
Maximum number of seconds that a [[Pandora:Documentation_en:Transactional_Monitoring|Transactional server]] transaction may take.
  
./udp_client.pl 192.168.50.30 41122 "REFRESH AGENT"
+
===prediction_threads===
  
For more information, please go to the Alert Configuration section.
+
Number of threads for the prediction server.
 
 
=== Modules definition ===
 
 
 
Each piece of information which is collected has to be perfectly defined in each module, using the most precise syntax. You can implement as many values as necessary in order to be collected, adding, at the end of the general parameters as many modules as the number of values to compile. Each module is composed of several directives. The list which appears bellow is a descriptive list of all available modules and signals for UNIX agents (almost all of them could be also apply to the Windows agent).
 
 
 
The general syntax is the following:
 
 
 
module_begin
 
module_name NombreDelMódulo
 
module_type generic_data
 
.
 
.
 
.
 
module_description Ejecución del comando
 
module_interval Número
 
module_end
 
 
 
There are different kinds of modules, with different ''suboptions'', but all modules have an structure similar to this. The parameters ''module_interval'' and ''module_description'' are optional and the rest of them completely compulsory. First, we're going to see the common elements.
 
 
 
==== Common elements of all modules  ====
 
 
 
{{warning|Module fields (except module data, description and extended info) are only stored on module creation and will never be updated if the module is already created. This behaviour is identical to the agent's enabled learning mode.}}
 
 
 
===== '''module_begin''' =====
 
Defines the beginning of the module (compulsory).
 
 
 
===== module_name <name> =====
 
 
 
Name of the module. This is the module ID. Please pick a name without blanks and not too long. There is no specific limitation (max. 250 characters), but a short name would be easier to work with. This name '' CAN NOT be duplicated ''' with a similar name in the same agent. This name could be duplicated with other modules in other agents. Just like in other chapters, Pandora FMS is sensitive to the difference between capital and small letters (compulsory).
 
 
 
===== module_type =====
 
 
 
The data type that the module is going to use. There are several data types for agents:
 
  
* '''Numerical''' (generic_data). Simple numerical data, in floating points or wholes. If the values are in the floating point type, they are going to be cut to their whole value.
+
===block_size===
  
* '''Incremental''' (generic_data_inc). Numeric data equal to the difference between the current value and the previous one divided by the elapsed time in seconds. When this difference is negative, the value is reset.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
* '''Absolute incremental''' (generic_data_inc_abs). Numeric data equal to the difference between the current value and the previous one, with no division made, so the value is the total difference or increment, and not the increment per second. When this difference is negative, the value is reset, this means that at the time when the difference is again a positive value, the base value used to make this calculation is the last one from which the incremental value is positive.
+
Block size for block producer / consumer servers, which is the number of modules per block (the default value is <code>15</code>). This affects to how requests are processed by SNMP Enterprise and ICMP Enterprise servers.
  
* '''Alphanumeric''' (generic_data_string). Collect alphanumeric text strings.
+
===dataserver_lifo===
  
* '''Monitors''' (generic_proc). Useful to evaluate the state of a process or service. This type of data is called 'monitor', because it assigns a '0' to a 'false' state and any value higher than '1' to a 'true' state.
+
If enabled (<code>1</code>), XML data files will be processed in a stack instead of a queue, and stale data (i.e., data with a timestamp older than its module's current timestamp) will not trigger events or alerts. Disabled (<code>0</code>) by default.
  
* '''Asynchronous Alphanumeric''' (async_string). Collects alphanumeric text strings which could enter any moment without a fixed periodicity. The rest of the parameters (generic) have a synchronous working, which means they expect the data entry every XX time, and if they don't arrive then it's said they are in an unknown state (unknown). The asynchronous modules are unable to adopt this state.  
+
{{warning|Incremental modules will lose resolution if XML data files pile up, since newer data will be processed first, causing older data to be discarded.}}
  
* '''Asynchronous Monitor''' (async_proc). Similar to 'generic_proc' but asynchronous (compulsory).
+
===policy_manager===
  
* '''Asynchronous Numerical''' (async_data). Similar to 'generic_data' but asynchronous (compulsory).
+
If active (<code>1</code>), the server listens to the policy queue. By default its value is <code>1</code>.
  
===== module_min <value> =====
+
===event_replication===
  
This is the minimum valid value to generated data within this module. If the module has not been defined in the web console yet, this value would be taken from this directory. This command is not compulsory. This value does not eliminate the defined value within the agent. If the module does not exist in the dashboard, then it's going to get created automatically when the learning mode is in use.
+
In case of being active (<code>1</code>) the process of event replication to Metaconsole is performed. This process will not be activated if it is not correctly configured in the console. By default its value is <code>0</code>.
  
===== module_max <value> =====
+
===event_auto_validation===
  
This is the maximum valid value for generated data in this module. If the module has not been defined in the web console yet, this value could be taken from this directory. This guideline is not compulsory and it's not supported by the Windows agent. It doesn't eliminate the defined value within the agent. If the module does not exist in the dashboard, it will be created automatically when the learning mode is in use.
+
In case of being active (<code>1</code>) new created events autovalidate previous events of the same module. Its value is <code>1</code> by default.
  
===== module_min_warning <value> =====
+
=== event_file ===
  
This is the minimum value which will make the module state go to the 'warning' status. This guideline is not compulsory. If the module doesn't exist in the dashboard, then it's going to get created automatically when the learning mode is in use.
+
This configuration option allows to specify a text file in which the events generated by Pandora FMS in CSV format will be written. Enabling this option adds a Pandora FMS performance penalty.
 
 
===== module_max_warning <value> =====
 
 
 
This is the maximum value which will make the module go to 'warning' status. This guideline is not compulsory. It uses a <= (less than) operator.
 
 
 
===== module_min_critical <value> =====
 
 
 
This is the minimum value which will make the module state go to 'critical' status. This guideline is not compulsory. This uses a > operator, not a >= operator.
 
 
 
===== module_max_critical <value> =====
 
 
 
This is the maximum value which will make the module state go to 'critical' status. This guideline is not compulsory. This uses a <= operator.
 
 
 
===== module_disabled <value> =====
 
 
 
Indicates if the module is enabled ('0') or disabled ('1'). This guideline is not compulsory. If the module does not exist in the dashboard, it's going to get created automatically when the learning mode is in use.
 
 
 
===== module_min_ff_event <value> =====
 
 
 
This is the interval between new status changes which are filtered to avoid continuous changes of module state. This guideline is not compulsory. If the module doesn't exist in the dashboard, it's going to be created automatically when the learning mode is in use.
 
 
 
===== (>= 6.0 SP4) module_each_ff <value> =====
 
 
 
If enabled (1), per status flip flop thresholds are used instead of module_min_ff_event (module_min_ff_event_normal, module_min_ff_event_warning and module_min_ff_event_critical). Set to 0 to disable.
 
 
 
===== (>= 6.0 SP4) module_min_ff_event_normal <value> =====
 
 
 
Per status flip flop thresholds. See ''module_min_ff_event'' and ''module_each_ff''.
 
 
 
===== (>= 6.0 SP4) module_min_ff_event_warning <value> =====
 
 
 
Per status flip flop thresholds. See ''module_min_ff_event'' and ''module_each_ff''.
 
 
 
===== (>= 6.0 SP4) module_min_ff_event_critical <value> =====
 
 
 
Per status flip flop thresholds. See ''module_min_ff_event'' and ''module_each_ff''.
 
 
 
===== (>= 6.0 SP4) module_ff_timeout <seconds> =====
 
 
 
Reset the flip flop threshold counter after the given number of seconds. This means ''module_min_ff_event'' status changes must be triggered within ''module_ff_timeout'' seconds before the status is actually changed.
 
 
 
===== module_description <text> =====
 
 
 
This guideline will be employed to add a comment to the module. This guideline in not compulsory and it doesn't overwrite the value defined by the agent. If the module doesn't exist in the dashboard, it's going to get created automatically when the learning mode is in use.
 
 
 
===== module_interval <factor> =====
 
 
 
Since Pandora 1.2 introduced this new type, it's possible for each module to fix its own interval. This interval is calculated as a multiplier for the agent interval. If the agent has e.g. an interval 300 (5 minutes) and you want a module which is going to get processed every 15 minutes only, you should add this line: module_interval 3. This module will be processed every 300sec x 3 = 900sec (15 minutes).
 
 
 
===== module_timeout <secs> =====
 
 
 
''(Windows only)''
 
 
 
In the 3.1 version, Pandora FMS supports specifying the total of seconds in each module independently. The agent is going to wait for the execution of the module, so if it takes more than XX seconds, it's going to abort the execution of the module (to avoid becoming 'dead' in the implementation of a module). In version 3.1, it's supported on Windows only - but in future versions, it's also going to get implemented into the UNIX agents.
 
 
 
===== module_postprocess <factor> =====
 
 
 
Same as in the definition of post processing of a module that is done from the console, a numeric value of floating comma could be defined here which is going to send this value to Pandora FMS in order to use it to multiply the received (raw) by the agent. If you e.g. want to multiply the value that the agent returns by 1024, just put "1024" in here. If you want to divide it by 1024, then just put 1/1024 here - which is 0,000976563.
 
 
 
===== module_save <variable name> =====
 
 
 
From version 3.2, it's possible to save the modules return value in an environment mode variable, so it could be used in other modules later. It's important to consider the values are updated after the modules are executed in the same order in which they were defined.
 
  
 
For example:
 
For example:
  
  module_begin
+
  event_file /var/log/pandora/pandora_events.txt
module_name echo_1
 
module_type generic_data
 
module_exec echo 41121
 
module_save ECHO_1
 
module_end
 
  
module_begin
+
{{Warning|There is no rotation mechanism for this file, you will have to take it into account since it can grow considerably.}}
module_name echo_2
 
module_type generic_data
 
module_exec echo $ECHO_1
 
module_end
 
  
 +
=== snmp_storm_protection ===
  
===== module_crontab <minute> <hour> <day> <month> <day of the week> =====
+
Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.
  
From version 3.2, it's possible to schedule modules in the order they'll be executed on a specific date.
+
=== snmp_storm_timeout ===
To do this, you're required to define the '''module_crontab'''', using a similar format to that of the crontab file: (http://es.wikipedia.org/wiki/Cron_(Unix)#Sintaxis)
 
  
module_crontab <minute> <hour> <day> <month> <day of the week>
+
Time interval for [[Pandora:Documentation_en:Configuration#snmp_storm_protection|snmp_storm_protection]] in seconds.
  
Being:
+
E.g. to prevent a single source from sending more than 1000 traps per 10 minutes:
  
* Minute 0-59
+
snmp_storm_protection 1000
* Hour 0-23
+
  snmp_storm_timeout 600
* Day of the month 1-31
 
* Month 1-12
 
* Day of the week 0-6 (0 is Sunday)
 
  
It's also possible to specify intervals using the '''-'''character as a divider.
+
=== text_going_down_normal ===
  
In order to one module will be executed e.g. every Monday between 12 and 15, we could use the following configuration:
+
Text for the event that is generated when a module goes into normal status. It supports the <code>_module_</code> and <code>_data_</code> macros.
  
module_begin
+
=== text_going_up_critical ===
module_name crontab_test
 
module_type generic_data
 
module_exec script.sh
 
module_crontab * 12-15 * * 1
 
module_end
 
  
The module will be executed once during the interval. If we want it to be executed while the interval is on, we could use the '''module_cron_interval 0''' option in the following way:
+
Text to be displayed in module events going into critical status. It supports the <code>_module_</code> and <code>_data_</code> macros.
  
module_begin
+
=== text_going_up_warning ===
module_name crontab_test2
 
module_type generic_data
 
module_exec script.sh
 
module_crontab * 12-15 * * 1
 
module_cron_interval 0
 
module_end
 
  
To execute a command every hour, in an hour and 10 minutes:
+
Text to be displayed in module events going from 'normal' into warning status. It supports the <code>_module_</code> and <code>_data_</code> macros.
  
module_begin
+
=== text_going_down_warning ===
module_name crontab_test3
 
module_type generic_data
 
module_exec script.sh
 
module_crontab 10 * * * *
 
module_cron_interval 0
 
module_end
 
  
===== module_condition <operation> <command> =====
+
Text to be displayed in module events going from 'critical' into warning status. It supports the <code>_module_</code> and <code>_data_</code> macros.
  
From version 3.2, it's possible to define commands that will be executed if the module returns some specific values. It's necessary to specify one of the following options:
+
=== text_going_unknown ===
  
* '''>''' [value]: Executes the command if the module value is higher than the given one.
+
Text to be displayed in module events going into unknown status. It supports the <code>_module_</code> and <code>_data_</code> macros.
  
* '''<''' [valor]: Executes the command if the module value is lower than the given one.
+
=== event_expiry_time ===
  
* '''=''' [valor]: Executes the command if the module value is equal to the given one.
+
Events older that the specified time (in seconds) will be auto-validated. Set it to <code>0</code> to disable this feature.
  
* '''!=''' [valor]: Executes the command if the module value is different to the given one.
+
For example, to automatically validate events 10 hours after they were generated, just use the command:
  
* '''=~''' [regular expression]: Executes the command if the module value coincides with the given regular expression.
+
event_expiry_time 36000
  
* '''('''valor, valor''')''': Executes the command if the module value is ranged between the given values.
+
=== event_expiry_window ===
  
It's possible to specify multiple conditions for the same module. For example:
+
This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be higher than event_expiry_time.
  
module_begin
+
The default value is the equivalent of one day:
module_name condition_test
 
module_type generic_data
 
module_exec echo 2.5
 
module_condition (1, 3) script_1.sh
 
module_condition > 5.5 script_2.sh
 
module_end
 
  
Examples:
+
event_expiry_window 86400
  
module_begin
+
=== claim_back_snmp_modules ===
module_name MyProcess
 
module_type generic_data
 
module_exec tasklist | grep MyProcess | wc -l
 
module_condition > 2 taskkill /IM MyProcess* /F
 
module_end
 
  
module_begin
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
module_name PandoraLogSize
 
module_type generic_data
 
module_exec ls -la "c:\Archivos de programa\pandora_agent\pandora_agent.log" | gawk "{ print $5 }"
 
module_condition > 10000 del "c:\Archivos de programa\pandora_agent\pandora_agent.log"
 
module_end
 
  
module_begin
+
If set to <code>1</code>, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (<code>pandora_db</code>) is run.
module_name Service_Spooler
 
module_type generic_proc
 
module_service Spooler
 
module_condition = 0 net start Spooler
 
module_end
 
  
*'''NOTE''': On Windows platforms, it's recommended to use '''cmd.exe /c''' to execute the command to ensure it's executed properly. For example:
+
=== async_recovery ===
  
module_begin
+
If set to <code>1</code>, asynchronous modules that do not receive data for twice their interval will become normal. Set to <code>0</code> to disable.
module_name condition_test
 
module_type generic_data
 
module_exec echo 5
 
module_condition (2, 8) cmd.exe /c script.bat
 
module_end
 
  
===== module_precondition <operation> <command> =====
+
=== console_api_url ===
  
If the precondition is true, the module is going to run. It's necessary to specify one of the following options:
+
Console's api direction. Usually, the direction of the server and the console ending with the route <code>/include/api.php</code>.
  
* '''>''' [value]: Executes the command if the module value is higher than the given one.
+
=== console_api_pass ===
  
* '''<''' [value]: Executes the command if the module value is lower than the given one.  
+
Password of the console's API. This password can be found in the general section of the setup and can be left empty.
  
* '''=''' [value]: Executes the command if the module value is equal to the given one.
+
=== console_user ===
  
* '''!=''' [value]: Executes the command if the module value is different to the given one.
+
Console user with permissions to execute API-required actions, like getting a module graph image to add it to an alert email, among others.
  
* '''=~''' [regular expression]: Executes the command if the module value coincides with the given regular expression.
+
{{Tip|For security reasons, it is recommended to use an exclusive user for the API. Such user should not have permission for interactive access to the console, and use of the API should be restricted to only a set of well-known IPs.}}
  
* '''('''value, value''')''': Executes the command if the module value is ranged between the given values.
+
=== console_pass ===
  
An example of a module using preconditions is the following:
+
Password of the [[Pandora:Documentation_en:Configuration#console_user|API user for the Console]].
  
module_begin
+
===encryption_passphrase===
module_name Precondition_test1
 
module_type generic_data
 
module_precondition (2, 8) echo 5
 
module_exec monitoring_variable.bat
 
module_end
 
  
Like postconditions, it's also possible to use several preconditions. The module is only going to be executed if all preconditions are met:
+
An encryption phrase used to [[Pandora:Documentation_en:Password_Encryption|generate the key for the encrypted password]]. It is commented by default.
  
module_begin
+
=== unknown_events ===
module_name Precondition_test2
 
module_type generic_data
 
module_precondition (2, 8) echo 5
 
module_precondition < 3 echo 5
 
module_exec monitoring_variable.bat
 
module_end
 
  
*'''NOTE''': On Windows platforms, it's recommended to use '''cmd.exe /c''' to execute the command to ensure it's proper execution. For example:
+
If active (<code>1</code>), events for <code>unknown</code> module status will be enabled. The value set by default is <code>1</code>.
  
module_begin
+
=== unknown_interval ===
module_name Precondition_test3
 
module_type generic_data
 
module_precondition (2, 8) cmd.exe /c script.bat
 
module_exec monitoring_variable.bat
 
module_end
 
  
===== (>= 5.x) module_unit <value> =====
+
Time interval (as a multiple of the module interval) before a module becomes unknown. It equals twice the module's interval by default.
  
This is a unit of the value retrieved by the module.
+
=== global_alert_timeout ===
  
Example:
+
Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to <code>0</code>, Pandora FMS Server ignores it and alert execution will not be interrupted.
  
module_unit %
+
=== remote_config ===
  
===== (>= 5.x) module_group <value> =====
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
This is the name of the module group. If the group doesn't exist, the module will be created without getting assigned.
+
This parameter controls whether it is possible to configure the server remotely from the console in the server view. It works by Tentacle in a similar way to the remote configuration of the [[Pandora:Documentation_en:Configuration_Agents|software agents.]].<br><br><br>
  
Example:
+
=== remote_config_address ===
  
module_group Networking
+
IP address of the machine where remote configuration files will be sent. It is <code>localhost</code> by default.
  
===== (>= 5.x) module_custom_id <value> =====
+
=== remote_config_port ===
  
This is a custom identifier for the module.
+
[[Pandora:Documentation_en:Tentacle|Tentacle]] port for remote configuration. It is 41121 by default.
  
Example:
+
=== remote_config_opts ===
  
module_custom_id host101
+
Allows to give additional parameters to the Tentacle client for advanced configurations. They should appear between quotation marks (e.g. <code>"-v -r 5"</code>).
  
===== (>= 5.x) module_str_warning <value> =====
+
=== warmup_event_interval ===
  
This is a regular expression to define the 'warning' status in the string types modules.
+
In seconds, it specifies the time it will take until status change events are generated again and runs alerts after a server restart.
  
Example:
+
=== warmup_unknown_interval ===
  
module_str_warning .*NOTICE.*
+
In seconds, it specifies how long it takes for modules to go into unknown status after a server restart.
  
===== (>= 5.x) module_str_critical <value> =====
+
=== enc_dir ===
  
This is a regular expression to define the 'critical' status in the string type modules.
+
Path to a directory containing additional [http://search.cpan.org/~msergeant/XML-Parser-2.36/Parser.pm#ENCODINGS .enc]  files for the XML parser. These files will be automatically loaded by the [[Pandora:Documentation_en:Architecture#The_Data_Server|Data server]] at startup.
  
Example:
+
=== dynamic_updates ===
  
module_str_critical .*CRITICAL.*
+
{{Tip|Version NG  7 or superior.}}
  
===== (>= 5.x) module_warning_instructions <value> =====
+
The number of times dynamic thresholds will be recalculated per dynamic interval.
  
These are the instructions to the operator if the module changes to 'warning' status.
+
=== dynamic_warning ===
  
Example:
+
{{Tip|Version NG  7 or superior.}}
  
module_warning_instructions Increase incident priority
+
Percentage relative to the length of the critical interval used to calculate dynamic <code>warning</code> thresholds. The lower the value, the closer the <code>critical</code> and <code>warning</code> thresholds will be.
  
===== (>= 5.x) module_critical_instructions <value> =====
+
=== dynamic_constant ===
  
These are the instructions to the operator if the modules changes to 'critical' status.
+
{{Tip|Version NG  7 or superior.}}
  
Example:
+
Percentage relative to the module's average used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.
  
module_critical_instructions Call to sys department
+
=== unknown_updates===
  
===== (>= 5.x) module_unknown_instructions <value> =====
+
{{Tip|Version NG  7 or superior.}}
  
These are the instructions to the operator if the module changes to 'unknown' status.
+
Set to <code>0</code> by default. If set to <code>1</code>, unknown modules will be periodically updated, instead of only once when they become unknown. Alerts associated to unknown modules will be periodically evaluated too.
  
Example:
+
{{Warning|Setting <code>unknown_updates</code> to <code>1</code> may affect server performance.}}
  
module_unknown_instructions Open incident
+
=== wuxserver ===
  
===== (>= 5.x) module_tags <value> =====
+
{{Tip|Version NG  7 or superior.}}
  
These are the tags which will be assigned to the module separated by commas. It will only be assigned to tags which exist in the system.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
Example:
+
It enables Web User Experience Analysis (WUX) server. It requires configuration of <code>wux_host</code> and <code>wux_port</code>.<br><br><br>
  
module_tags tag1,tag2,tag3
+
=== wux_host===
  
===== (>= 5.x) module_warning_inverse <value> =====
+
{{Tip|Version NG  7 or superior.}}
  
This is a flag (0/1) which will inverse the 'warning' threshold of the defined value when activated.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
Furthermore, if you use a negative value for the interval, e.g. the 'warning' status for values under '-50', you need set the 'min_warning' to '-50' and set this parameter.
+
It indicates the IP address / FQDN of the server hosting the Pandora Web Robot Daemon service (PWRD).
  
Example:
+
=== wux_port===
  
module_critical_inverse 0
+
{{Tip|Version NG  7 or superior.}}
  
===== (>= 5.x) module_critical_inverse <value> =====
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
This is a flag (0/1) which will inverse the 'critical' threshold of the defined value when activated.
 
  
Furthermore, if you use a negative value for the interval, e.g. the critical state for values under '-75', you're required to set the 'min_critical' to '-75' and set this parameter.
+
It indicates the port of the Pandora Web Robot Daemon service (PWRD). Its default value is <code>4444</code>.
  
Example:
+
=== wux_webagent_timeout===
  
module_critical_inverse 1
+
{{Tip|Version NG  7 or superior.}}
  
===== (>= 5.x) module_native_encoding <value> =====
+
Maximum time to connect to a destination web address and Selenium server. It is commented by default, with the value <code>15</code>.
(Win32 only)
 
  
This configuration token only affects executed modules by command line, that is, there is a module_exec in the module configuration.
+
=== syslogserver===
  
Windows manages three encodings for its processes: the command line encoding (OEM), the system encoding (ANSI) and UTF-16. Both encodings are agree on basic characters, but they are different on less common characters, like written accent. With this token, the Pandora's agent transforms the output to the encoding specified in the configuration file (pandora_agent.conf).
+
{{Tip|Version NG  7 or superior.}}
  
module_native_encoding has four acceptable values:
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
* module_native_encoding OEM: to command line encoding
 
* module_native_encoding ANSI: to system encoding
 
* module_native_encoding UTFLE: to UTF-16 little-endian
 
* module_native_encoding UTFBE: to UTF-16 big-endian
 
  
If module_native_encoding does not appear, no re-encoding will be done.
+
<code>1</code> enables Pandora FMS '''Syslog''' Server, <code>0</code> disables it.
  
===== (>= 5.x) module_quiet <value> =====
+
=== syslog_file===
  
This is a flag (0/1) which will turn the module into quiet mode when activated. It won't generate events or alerts anymore, and won't store historic data, so the reports such as SLA won't be affected.  
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
Example:
 
  
module_quiet 1
+
Full path to '''syslog''''s output file. For example:
 +
syslog_file /var/log/messages
  
===== (>= 5.x) module_ff_interval <value> =====
+
=== syslog_threads===
  
This is the flip flop execution threshold of the module (in seconds).
+
{{Tip|Version NG  7 or superior.}}
  
Example:
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
module_ff_interval 2
 
  
===== (>= 5.x) module_macro<macro> <value> =====
+
Number of threads for the '''Syslog''' Server.
  
This is a macro generated by the console in conjunction with the components macro system. Setting this parameter from the configuration file is futile, because it's intended for modules created with local components only.
+
=== syslog_max===
  
Example:
+
{{Tip|Version NG  7 or superior.}}
  
module_macro_field1_ 8080
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
 +
Maximum number of lines read by the '''Syslog''' Server on each run.
  
===== (>= 5.1 SP4) module_alert_template <template_name> =====
+
===sync_port ===
  
This macro assigns to the module the alert template that corresponds to the name introduced as parameter(see [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Alerts#Alert_Templates Alert templates])
+
Communication port of the [[Pandora:Documentation_en:syncserver_Monitoring|Sync server]]. It is commented by default, with the value <code>41121</code>.
  
Example:
+
=== sync_ca ===
  
<module>
+
CA certificate path to sign certificates to configure SSl communication of the [[Pandora:Documentation_en:syncserver_Monitoring|Sync&nbsp;server]]. It is commented by default, with path <code>/home/cacert.pem</code>.
<name><![CDATA[CPU usage]]></name>
 
<type>generic_data</type>
 
<module_interval>1</module_interval>
 
<min_critical>91</min_critical>
 
<max_critical>100</max_critical>
 
<min_warning>70</min_warning>
 
<max_warning>90</max_warning>
 
<alert_template><![CDATA[Critical condition]]></alert_template>
 
<data><![CDATA[92]]></data>
 
</module>
 
  
===== module_end =====
+
=== sync_cert ===
  
Defines the end of the module (compulsory).
+
Server certificate path for configuring SSl communication of the [[Pandora:Documentation_en:syncserver_Monitoring|Sync&nbsp;server]]. It is commented by default, with path <code>/home/tentaclecert.pem</code>.
  
==== Specific guidelines to obtain information ====
+
=== sync_key ===
  
Furthermore, there are the specific guidelines that could be specified for each module in order to obtain information. Only one kind of them can be used in each module.
+
Private key path of the server certificate for configuring SSl communication of the [[Pandora:Documentation_en:syncserver_Monitoring|Sync&nbsp;server]]. It is commented by default, with the path <code>/home/tentaclekey.pem</code>.
  
===== module_exec <command> =====
+
=== sync_retries ===
  
This is the general way to gather information by executing a command. Both for the UNIX and for the Windows agent. There is only one guideline to obtain data the generic way, executing only one command (it's able to use pipes to re-address the execution to another command). This guideline executes a command and keeps the return value. This method is also available under the agents for Windows; it's the general purpose method for both agents.
+
Number of attempts to make the connection with the [[Pandora:Documentation_en:syncserver_Monitoring|Sync&nbsp;server]]. It is commented by default, with the value <code>3</code>.
  
 +
===sync_timeout ===
  
{{Warning|If execution returns a return code different from '0', it will be interpreted as "execution error" and the information will be discarded.}}
+
Maximum connection time with the [[Pandora:Documentation_en:syncserver_Monitoring|Sync&nbsp;server]]. It is commented by default, with the value <code>10</code>.
  
In some cases where you're sure your command is ok, even if returning code is !=0, you can pipe the execution to another "dump" command to clean the return code, e.g.:
+
===sync_address===
 +
Address of the Tentacle server for the [[Pandora:Documentation_en:syncserver_Monitoring|Sync&nbsp;server]].
  
top -n 1
+
=== logstash_host===
  
Will give you error code 1 (check which echo $?). To "clean" that error code, just use this command:
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
 
top -n 1 | grep ""
 
  
There are the following, additional guidelines for the agents to obtain data:
+
'''Outdated from version 749 NG'''. Name or IP of the machine with Logstash installed.
  
===== module_service <service> =====
+
=== logstash_port===
  
Checks if a specific service is being executed on the machine. Remember to use the  «" "» characters if the name of the service contains blanks.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
module_begin
+
'''Outdated from version 749 NG'''. Port of the machine with Logstash installed.<br><br>
module_name Service_Dhcp
 
module_type generic_proc
 
module_service Dhcp
 
module_description Service DHCP Client
 
module_end
 
  
The service is identified with the short name of the service (service name), such as it appears in the Windows services manager. There is one other identifier, called "display name", longer and usually more descriptive, but this is not the one used by Pandora FMS to identify the process. Neither it is the process related to the server. In this snapshot, we can see the short name (service name) of the service monitored in the previous example. It is important to stress that '''there is a difference in the use of the "capital and the small letters''' (case sensitivity).
+
===ha_interval===
 
<center>
 
[[image:Service_name_id.png]]
 
</center>
 
  
'''UNIX'''
+
Execution interval in seconds of [[Pandora:Documentation_en:HA|Pandora FMS HA Database tool]]. It is commented by default, with the value <code>30</code>.
  
Under Unix, it works like under Windows, but under UNIX, 'service' and 'process' is considered the same concept. For example, to see if the process named ''sshd'' is running, the module definition would be:
+
===ha_monitoring_interval===
  
module_begin
+
Monitoring interval, set in seconds, of the [[Pandora:Documentation_en:HA|Pandora FMS HA database tool]]. It is commented by default, with the value <code>60</code>.
module_name Service_sshd
 
module_type generic_proc
 
module_service sshd
 
module_description Process SSHD running
 
module_end
 
  
'service watchdog' and 'service asynchronous detection' aren't possible under UNIX agents.
+
=== provisioningserver===
  
'' Asynchronous Way ''
+
{{Tip|Version NG  7 or superior.}}
  
Pandora FMS usually executes a test battery (each of it defined by a module) every X seconds (300 seg. = 5 min. by default). If a service is down just after an execution of Pandora, it's going to take additional 300 seconds to recognize the service went down. The difference on asynchronous mode is that modules immediatly notify Pandora FMS about the fail or shutdown of this service. This is called ''asynchronous'' operation mode. It would be sufficient to add the following command to the guideline to use it:
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
module_async yes
 
  
'' Watchdog of services ''
+
<code>1</code> enables Pandora FMS [[Pandora:Metaconsole:Documentation_en:Synchronization_and_propagation|Provisioning Server (Metaconsole)]], <code>0</code> disables it.
  
There is a watchdog mode for the services, so the agent is able to restart them if they stop. In this case, the restarted service doesn't require any parameter, because Windows already knows how to do it. In such cases, the configuration is a lot easier:
+
===(>= 7.0) provisioningserver_threads===
  
  module_begin
+
{{Tip|Version NG 7 or superior.}}
module_name ServiceSched
 
module_type generic_proc
 
module_service Schedule
 
module_description Service Task scheduler
 
module_async yes
 
module_watchdog yes
 
module_end
 
  
===== module_proc <process> =====
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
Checks if an specific name of process is working in this machine. If the name of the process has blanks ''' no use «" " '''», please consider that the name of the process should have the .exe extension. The module is going to return the number of processes executed with this name. Same as in the other cases, it's important to know that the name of the process has to be exactly the same as the one shown by the Windows Task Manager, including blanks, capital letters / small letters; e.g. ''cmd.exe'' is not the same as ''CMD.exe'' (case sensitivity).
+
Number of threads for [[Pandora:Metaconsole:Documentation_en:Synchronization_and_propagation|Provisioning Server (Metaconsole)]].
  
This is an example of the monitoring of the process 'cmd.exe':
+
=== provisioning_cache_interval===
  
  module_begin
+
{{Tip|Version NG 7 or superior.}}
module_name CMDProcess
 
module_type generic_proc
 
module_proc cmd.exe
 
module_description Process Command line
 
module_end
 
  
'''UNIX'''
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
Under UNIX, this module works like 'module_service'. It doesn't support asynchronous and / or watchdog mode.
 
  
'' Asynchronous mode ''
+
[[Pandora:Metaconsole:Documentation_en:Synchronization_and_propagation|Provisioning Server (Metaconsole)]] cache refresh interval in seconds (500 by default). The cache contains all the configured Pandora FMS nodes.
  
In a similar way to the services, monitoring processes can be critical in some cases. The Windows agent supports ''asynchronous checking for the ''module_proc.'' module now. In this case, the agent '''immediately''' reports it if the process changes its state without waiting for the agent ''to execute'' the verification as it's configured in the agent interval again. In this way, you're able to get informed about the failure of critical processes almost in the moment they happen. This is an example of asynchronous monitoring of the processes:
+
=== ssh_launcher ===
  
module_begin
+
{{Tip|Version NG 743 or superior.}}
module_name Notepad
 
module_type generic_proc
 
module_proc notepad.exe
 
module_description Notepad
 
module_async yes
 
module_end
 
  
The difference is located in the configuration token 'module_async yes'.
+
It indicates the absolute path to the script <b>ssh_launcher.sh</b> that executes remote execution modules. The default path of the script is:
  
''Processes Watchdog ''
+
/usr/share/pandora_server/util/ssh_launcher.sh
  
A Watchdog is a system which allows to act immediately if an agent is down, usually picking up the process which went down. The Pandora FMS Windows Agent could act as a watchdog when a process is down. This is called watchdog mode for the process.
+
{{Tip|Only for <b>el6</b> in Linux systems.}}
  
 +
=== rcmd_timeout ===
  
Executing a process would require some parameters, so here are some additional configuration options for these kinds of modules. It is important to keep in mind that the ''watchdog'' mode only works if the module type is set to ''asynchronous''. This is an example of configuration of 'module_proc' with 'watchdog' enabled:
+
{{Tip|Version NG 743 or superior.}}
  
module_begin
+
In seconds, maximum time for the execution of remote execution modules. <code>10</code> by default.
module_name Notepad
 
module_type generic_proc
 
module_proc notepad.exe
 
module_description Notepad
 
module_async yes
 
module_watchdog yes
 
module_start_command c:\windows\notepad.exe
 
module_startdelay 3000
 
module_retrydelay 2000
 
module_retries 5
 
module_end
 
  
This is the definition of additional parameters for 'module_proc' with watchdog enabled:
+
<br>
 
 
* '''module_retries''': Number of consecutive attempts for the module will try to start the process before deactivating the watchdog. If the limit is reached, the watchdog device for this module will be deactivated. It's never going to try and start the process, even if it's recovered by the user (at least until the agent gets rebooted). There is no limit for the number of retries for the watchdog by default.
 
 
 
* '''module_startdelay''': Number of milliseconds the module is going to wait before starting the process for the first time. If the process takes lot of time at starting, it would be a good idea to order the agent to wait by using this parameter until it starts checking for if the process has been started or not. In this example, it has been set to wait for 3 seconds.
 
 
 
* '''module_retrydelay''': Similar to the previous one but for subsequent falls / reattempts, after having detected a fall. When Pandora detects a fall, it relaunches the process, waits for the preset number of milliseconds and checks if the process is already up again.
 
 
 
It's important to keep in mind that Pandora FMS is executed as a service. If you want to utilize the watchdog functionality to execute processes which allow interaction with the desktop, you should check the box 'Interactive access with desktop' under the Pandora FMS service functionalities as shown in this snapshot:
 
 
 
<center>
 
[[image:Service_interactive.png]]
 
</center>
 
 
 
It's also necessary to understand that Pandora FMS is executed under the count of "SYSTEM" if started as a service. The executed process is going to run with the user and environment of the one who started it, so if it wants to e.g. execute a specific process which requires the environment and rights of a specific user, one should include the previous processes for starting the environment (environment variables, etc.) and execute this script as a watchdog action in a script (.bat or similar).
 
 
 
===== module_cpuproc <process> =====
 
 
 
''(UNIX only)''
 
 
 
Returns the CPU usage of a specific process.
 
 
 
module_begin
 
module_name myserver_cpu
 
module_type generic_data
 
module_cpuproc myserver
 
module_description Process Command line
 
module_end
 
 
 
===== module_memproc <process>  =====
 
 
 
''(Unix only)''
 
 
 
Returns the memory used by a specific process.
 
 
 
module_begin
 
module_name myserver_mem
 
module_type generic_data
 
module_memproc myserver
 
module_description Process Command line
 
module_end
 
 
 
===== module_freedisk <unit_letter:>|<volume> =====
 
 
 
This module works under UNIX and Windows. It checks for the free space in the disk unit (don't forget «":"» after the '''unit_letter''') or the UNIX volume e.g. '/var'.
 
 
 
===== module_freepercentdisk <unit_letter:>|<volume> =====
 
 
 
This module returns the free disk percentage under a Windows unit: (don't forget the ":") or on a Unix system, the volume, like '/var'.
 
 
 
<pre>
 
module_begin
 
module_name freepercentdisk
 
module_type generic_data
 
module_freepercentdisk C:
 
module_end
 
</pre>
 
 
 
module_begin
 
module_name disk_var
 
module_type generic_data
 
module_freepercentdisk /var
 
module_end
 
 
 
===== module_occupiedpercentdisk <unit_letter:>|<volume> =====
 
 
 
(Unix only)
 
 
 
This module returns the occupied disk percentage in a UNIX volume e.g. '/var'.
 
 
 
module_begin
 
module_name disk_var
 
module_type generic_data
 
module_occupiedpercentdisk /var
 
module_end
 
 
 
===== module_cpuusage <cpu id> =====
 
 
 
This works under UNIX and Windows. It returns the CPU usage in a CPU number. If there is only one CPU, please leave it blank or use 'all'. It's also possible to obtain the average use of all CPU in multiprocessor systems in this way:
 
 
 
module_begin
 
module_name SystemCPU
 
module_type generic_data
 
module_cpuusage all
 
module_description Average CPU use in systme
 
module_end
 
 
 
To check the CPU usage in CPU #1:
 
 
 
module_begin
 
module_name SystemCPU_1
 
module_type generic_data
 
module_cpuusage 1
 
module_description Average CPU use in system for CPU #1
 
module_end
 
 
 
===== module_freememory =====
 
 
 
Supported under Windows and UNIX. It returns the free memory of the whole system:
 
 
 
module_begin
 
module_name FreeMemory
 
module_type generic_data
 
module_freememory
 
module_description Non-used memory on system
 
module_end
 
 
 
===== module_freepercentmemory =====
 
 
 
Supported under UNIX and Windows. This module returns the free memory percentage on one system:
 
 
 
module_begin
 
module_name freepercentmemory
 
module_type generic_data
 
module_freepercentmemory
 
module_end
 
 
 
===== module_tcpcheck =====
 
 
 
(Windows only)
 
 
 
This module tries to connect with an IP and a specified port. It returns '1' if successful and '0' if not. It's also recommended to specify a timeout:
 
 
 
module_begin
 
module_name tcpcheck
 
module_type generic_proc
 
module_tcpcheck www.artica.es
 
module_port 80
 
module_timeout 5
 
module_end
 
 
 
===== module_regexp =====
 
 
 
(Windows only)
 
 
 
This module monitors a record file (log) looking for coincidences using regular expressions, ruling out the already existing lines when starting the monitoring. The data returned by the module depend on the module type:
 
 
 
* '''generic_data_string''', '''async_string''': Returns all the lines which fit the regular expression.
 
* '''generic_data''': Returns the number of lines which fit with the regular expression.
 
* '''generic_proc''': Returns '1' if there is a coincidence and '0' if not.
 
* '''module_noseekeof''': With this configuration token active, with a '0' default value in each module execution and independently from any modification of the target file, the module will restart its check process without searching for the file's EOF flag. It will always extract all our search pattern's the matching lines to the XML output.
 
 
 
module_begin
 
module_name regexp
 
module_type generic_data_string
 
module_regexp C:\WINDOWS\my.log
 
module_pattern ^\[error\].*
 
module_noseekeof 1
 
module_end
 
 
 
To obtain more information about the syntax of regular expressions in general, please visit [http://www.regular-expressions.info/reference.html].
 
 
 
===== module_wmiquery =====
 
 
 
(Windows only)
 
 
 
The WMI modules allow to locally execute any WMI query without the use of an external tool. It's configured through two parameters:
 
 
 
* '''module_wmiquery''': Used WQL query. As a result, several lines could be obtained which will be placed as several data.
 
 
 
* '''module_wmicolumn''': Name of the column which is going to be used as a data source.
 
 
 
For example, we could obtain a list of the installed services:
 
 
 
module_begin
 
module_name Services
 
module_type generic_data_string
 
module_wmiquery Select Name from Win32_Service
 
module_wmicolumn Name
 
module_end
 
 
 
Or the current CPU load:
 
 
 
module_begin
 
module_name CPU_speed
 
module_type generic_data
 
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
 
module_wmicolumn LoadPercentage
 
module_end
 
 
 
===== module_perfcounter =====
 
 
 
(Win32 only)
 
 
 
Obtains data from the performance counter ([http://msdn.microsoft.com/en-us/library/aa373083(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/aa373083(v=vs.85).aspx Performance Counters (Documentación en ingles] Performance Counters Documentation) through the PDH interface (the library '' pdh.dll'' should be installed in the system. PDH.DLL is a Windows library. If you have not installed it yet, you have to install the Windows performance analysis tool (which is usually installed by default).
 
 
 
module_begin
 
module_name perfcounter
 
module_type generic_data
 
module_perfcounter \Memory\Pages/sec
 
module_end
 
 
 
The Windows performance monitor is a powerful tool which has hundreds of parameters that could be used for monitoring. Each manufacturer also adds his owns monitors, so this is a powerful, versatile and easy to use tool to monitor the system parameters and also the devices which run on it.
 
 
 
The syntax of the perfcounter elements depend on the language. In a e.g. German version, Windows is going to have specific identification strings and in an English version, Windows will have other ones. This makes it difficult to use on systems with heterogeneous languages.
 
 
 
To explore the different values which could be used, you can use the the Windows tool "Performance" to see which strings of performance you're able to monitor.
 
 
 
You can see the Windows performance monitor on this snapshot:
 
 
 
<center>
 
[[image:Perfcounter_screen1.png|center|450px]]
 
</center>
 
 
 
On this snapshot you can see how the interface shows things if we want to add a new monitoring element.
 
 
 
We could visualize several parameters of the ''Procesador'' (in Spanish in the original version) which has different sub elements, of which we have selected ''% of processor time'' and in several sub elements here. We're interested in total ''_Total'' in this case.
 
 
 
<center>
 
[[image:Perfcounter_screen2.png]]
 
</center>
 
 
 
Surfing with the SO tool in this way, we could get different elements of the system performance. For this specific example, the module would be:
 
 
 
module_begin
 
module_name Processor_Time
 
module_type generic_data_inc
 
module_perfcounter \Procesador(_Total)\% de tiempo de procesador
 
module_end
 
 
 
By default the raw value of the counter is shown, to get the cooked value add the '''module_cooked 1''' parameter:
 
 
 
module_begin
 
module_name Disk_E/S_Seg
 
module_type generic_data
 
module_cooked 1
 
module_perfcounter \DiscoFísico(_Total)\E/S divididas por seg.
 
module_end
 
 
 
Most of the returned data that are counters, so you should use 'generic_data_inc' as data type. It's also able to return values in very high data scales
 
(several millions), so you could reduce these values using the module post process with values like '0.000001' or similar.
 
 
 
===== module_inventory =====
 
 
 
''It's implemented as an agent plugin under Linux / Unix''
 
 
 
Using predefined WMI consults and queries on the registry. This module obtains information about the different aspects of a machine ... from software to hardware.
 
 
 
The module can get different parameters to mark the kind of information it gets. Here is the parameter list and the kind of information that it gives:
 
 
 
* '''CPU''': Gets information about the system CPUs (processor name, watch frequency and description).
 
* '''CDROM''': Gets information about the CD-ROM (name, description and unity letter).
 
* '''Video''': Gets information about video cards (description, RAM and processor).
 
* '''HDs''': Gets information about the hard disks (model, size and name in the system).
 
* '''NICs''': Gets information about the network interface controllers(description, MAC address and IP address).
 
* '''Patches''': Gets information about the installed patches (identifier, description and comments).
 
* '''Software''': Gets information about MSI packages installed (name and version).
 
* '''RAM''': Gets information about RAM modules (tag, capacity and name).
 
* '''Services''': Gets information about the installed services. The short name shown in the first column is the name of the service that Pandora FMS probably uses to monitor services.
 
 
 
Additional Module Parameters:
 
 
 
* '''module_interval''': This module has an additional line to specify the interval ''in days'', where one can obtain the information for the module.
 
 
 
This is an example to use this module:
 
 
 
module_begin
 
module_name Inventory
 
module_interval 7
 
module_type generic_data_string
 
module_inventory RAM Patches Software Services
 
module_description Inventory
 
module_end
 
 
 
===== module_logevent =====
 
 
 
(Windows only)
 
 
 
This new module allows to obtain information from the Windows event log file. It returns the elements which fit to a given pattern, also allowing to filter by source and event type. The module implemented in version 2.0 has been improved, using the Win32 native API now to have access to the events from the file, instead of using the WMI subsystem (much slower). This method is quicker and allows to work in systems with many elements. The new implementation also allows to filter through much more fields compared to the previous version. The standard format of the module is the following:
 
 
 
module_begin
 
module_name MyEvent
 
module_type async_string
 
module_logevent
 
module_source <logName>
 
module_eventtype <event_type/level>
 
module_eventcode <event_id>
 
module_application <source>
 
module_pattern <text substring to match>
 
module_description
 
module_end
 
 
 
To avoid showing which has already been shown, we only consider those events which had occurred since the last time the agent was executed, as it happens with other modules (e.g. 'regexp').
 
 
 
'module_logevent' accepts the following parameters (all of them case sensitive):
 
 
 
* '''module_source''': Event source (System, Application, Security). This field is compulsory.
 
* '''module_eventtype''': Event type (failure, information). This is an optional field.
 
* '''module_pattern''': Pattern to search (substring). It's an optional field.
 
* '''module_eventcode''': It's a numeric ID of the event, e.g. 5112. It's an optional field.
 
* '''module_application''': Application source of the event. Be careful not to confuse it with 'module_source' which shows the name, source or log file where the events are looked for.
 
 
 
For showing all events of an error type system we e.g. should define the following module:
 
 
 
module_begin
 
module_name log_events
 
module_type generic_data_string
 
module_description System errors
 
module_logevent
 
module_source System
 
module_eventtype error
 
module_end
 
 
 
To show all events which contain the word 'PandoraAgent':
 
 
 
module_begin
 
module_name log_events_pandora
 
module_type async_string
 
module_description PandoraAgent related events
 
module_logevent
 
module_source System
 
module_pattern PandoraAgent
 
module_end
 
 
 
Another example: Filtering the event showed on the snapshot:
 
 
 
<center>
 
[[Image:Event sample.png|center|450px]]
 
</center>
 
 
 
module_begin
 
module_name MyEvent
 
module_type async_string
 
module_source Application
 
module_eventtype Information
 
module_eventcode 6000
 
module_application Winlogon
 
module_pattern unavailable to handle
 
module_description
 
module_end
 
 
 
It's very important to understand that Pandora FMS '''is not a system to collect logs'''. This tool is intended to be used to select ''critical'' or ''important'' events for monitoring which collects all events without classifying them from a common source (as the 'system' could be one). Doing so will only cause problems in a way that e.g. the DB will be collapse and the system will work very badly. It's extremely important to understand that the event collection which comes with Pandora should always be used with taking this into account and not to abuse Pandora FMS as a generic event collector.
 
 
 
===== module_plugin =====
 
 
 
It's a parameter to define the data which is obtained at the exit of a plugin agent. It's a special case of module which builds all its XML on its own. It also doesn't require any other delimiter like 'module_begin', 'module_type', etc. It requires this format:
 
 
 
module_plugin plugin_filename parámetro_1 parámetro_2 parámetro_3
 
 
 
In order to configure additional parameters for the plugin, please use the standard syntax:
 
 
 
module_begin
 
module_plugin plugin_filename parameter_1 parameter_2 parameter_3
 
module_interval 2
 
module_condition (0, 1) script.sh
 
module_end
 
 
 
Each plugin has its own syntax. We are going to describe the regular expressions plugin which comes with the agent by default.
 
 
 
module_plugin grep_log /var/log/syslog Syslog ssh
 
 
 
In this example, the name of the plugin is 'grep_log'. It's going to search for the regular expression 'ssh' in the file '/var/log/syslog' which will be kept in a module called 'Syslog'.
 
 
 
Another example intended to be solely used on Windows-based systems (and only on versions 3.1 or later):
 
 
 
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent.vbs"
 
 
 
''' File collection and plugins '''
 
 
 
When you use file collections, you need to know where the file collection stores the files. File collections use a "handle" or short name which is generated when you first create the collection. It has to have a name similar to "fc_2". Here are some examples of 'module_plugin' usage using file collections:
 
 
 
UNIX:
 
 
 
module_plugin /etc/pandora/collections/fc_1/always_1.sh
 
 
 
Windows:
 
 
 
module_plugin cscript //B "%ProgramFiles%\pandora_agent\collections\fc_2\df_percent.vbs"
 
 
 
It's very important to know the plugin execution output could return more than one module, because it returns a full XML structure. This is e.g. the plugin output of the '/util/df.vbs' plugin in windows:
 
 
 
<module>
 
    <name><![CDATA[C:]]></name>
 
    <description><![CDATA[Drive C: free space in MB]]></description>
 
    <data><![CDATA[2361]]></data>
 
</module>
 
<module>
 
    <name><![CDATA[D:]]></name>
 
    <description><![CDATA[Drive D: free space in MB]]></description>
 
    <data><![CDATA[32020]]></data>
 
</module>
 
<module>
 
    <name><![CDATA[Z:]]></name>
 
    <description><![CDATA[Drive Z: free space in MB]]></description>
 
    <data><![CDATA[10168]]></data>
 
</module>
 
 
 
===== module_ping <host> =====
 
 
 
(Only for Windows versions 4.0.1 or newer)
 
 
 
This module pings the preset host and returns '1' if it's up and '0' if not. It's a wrapper for ''ping.exe''.
 
 
 
Is supports the following configuration parameters:
 
  
* '''module_ping_count x''': Number of 'ECHO_REQUEST' packets to be sent ('1' by default).
+
{{Warning|This timeout only works to indicate the time that Pandora FMS server will wait to obtain data. The connections will be closed, but the termination of the execution of the command in the remote machine is not assured (this has to be controlled with the command itself).}}
* '''module_ping_timeout x''': Timeout in milliseconds to wait for each reply ('1000' by default).
 
* '''module_advanced_options''': Advanced options for ''ping.exe''.
 
  
Example:
+
=== rcmd_timeout_bin ===
  
module_begin
+
{{Tip|Version NG 743 or superior.}}
module_name Ping
 
module_type generic_proc
 
module_ping 192.168.1.1
 
module_ping_count 2
 
module_ping_timeout 500
 
module_end
 
  
===== module_snmpget =====
+
It indicates the absolute path to the timeout executable for the remote execution modules. It only has effect with the use of Sólo tiene efecto con el uso de [[Pandora:Documentation_en:Configuration#ssh_launcher|<code>ssh_launcher</code>]], connections through <b>plink</b> from Windows to Linux and connections to Windows® systems.
  
(From version 4.0.1 onwards, Windows only)
+
*In Pandora FMS on '''Windows®''' the default executable path is:
 
 
This module performs an SNMP get query and returns the requested value. It's a wrapper for ''snmpget.exe''.
 
 
 
It supports the following configuration parameters:
 
 
 
* '''module_snmpversion [1,2c,3]''': SNMP version (1 by default).
 
* '''module_snmp_community <community>''': SNMP community (''public'' by default).
 
* '''module_snmp_agent <host>''': Target SNMP agent.
 
* '''module_snmp_oid <oid>''': Target OID.
 
* '''module_advanced_options''': Advanced options for ''snmpget.exe''.
 
 
 
Example:
 
 
 
module_begin
 
module_name SNMP get
 
module_type generic_data
 
module_snmpget
 
module_snmpversion 1
 
module_snmp_community public
 
module_snmp_agent 192.168.1.1
 
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.148
 
module_end
 
 
 
=== Examples ===
 
 
 
Example of a Windows module, checking if 'EventLog' works. Example:
 
 
   
 
   
<pre>
+
C:\PandoraFMS\Pandora_Server\bin\pandora_exec.exe
module_begin
 
module_name ServicioReg
 
module_type generic_proc
 
module_service Eventlog
 
module_description Eventlog service availability
 
module_end
 
</pre>
 
  
An example for a UNIX module would be:
+
*In Pandora FMS on <b>Linux</b> the default executable path is:  
  
<pre>
+
/usr/bin/timeout
module_begin
 
module_name cpu_user
 
module_type generic_data
 
module_exec vmstat | tail -1 | awk '{ print $14 }'
 
module_min 0
 
module_max 100
 
module_description User CPU
 
module_end
 
Tipos de agentes software
 
</pre>
 
  
=== Specific Configuration by Technologies ===
+
=== User and group ===
  
With Pandora FMS it's possible to monitor any system. This could either be done with an installed Software agent on the system, which collects data straight from the system to be monitored, or by using a 'Satellite Agent' which consists of an agent which is executed in a server and monitor some parameters of systems which have adjacents through SNMP or user-defined commands.
+
{{Tip|Version NG  7 or superior.}}
  
The software agents could be Windows or UNIX agents. The agents could be installed using any of the agents described in the following lines. To use a satellite agent, it will be sufficient to install a software agent and define the configured modules to collect data from an external system through, e.g. the ''snmpget'' tool or ''ping''.
+
From Pandora FMS version 7, it is possible to define in customized installations both the token "user" and the token "group" to indicate which user and group will make the modifications in the console files, such as those related to policies or mass operations or with the <code>.conf</code> of the agents located at <code>/var/spool/pandora/data_in/conf</code>.
  
==== UNIX / Linux Agents ====
+
== Environment variables ==
  
UNIX has several command line tools that allow that get data through commands would be a very simple thing. The Unix agents are based in this premise. There are two kinds of UNIX agents:
+
Pandora FMS' server supports more options than what the configuration file offers. In some particular cases, environmental variables are necessary because the configuration is done on the machine itself. To do this, the server startup script loads the variables of a file in ''bash'' format which is <code>/etc/pandora/pandora_server.env</code> by default.
  
* ShellScript: With a defined shellscript for each kind of SO based on bash, ksh or csh. In the classical UNIX Systems (Solaris, AIX, HPUX), all functionalities are not implemented yet - but under Linux or MAC they are.
+
The variables that can be configured are the following:
  
* Perl: There is a unique multiplatform agent based on Perl 5.8 that works alike in all Unix systems. You're required to have a Perl 5.8 system or higher installed for proper functioning.
+
===PANDORA_RB_PRODUCT_NAME===
  
The shellscript agents have been designed to work in even the oldest UNIX versions: HPUX11.0, AIX 4.1, Solaris 6 ... They work, but are feature limited e.g. not having the Tentacle client and having to use the FTP or SSH system to upload the monitoring data to its server.
+
This variable is required to customize the product name displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.
  
===== Pandora FMS UNIX Agents Configuration =====
+
===PANDORA_RB_COPYRIGHT_NOTICE===
  
There is hardly any difference between AIX, Solaris and GNU / Linux. We are going to describe some of their most important parameters and paths.  
+
This variable is required to customize the author of the product displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.
  
After starting the installer, the agents main directory or 'home' directory is '/usr/share/pandora_agent/' where the Pandora FMS agent is installed. In the system where this isn't possible for reasons of e.g. a strict system policy, we recommend to create a link to this path from the real installation path, e.g. '/opt/pandora' -> '/usr/share/pandora_agent'.
+
===Example of an environment variable file===
  
The other important folders are:
+
#!/bin/bash
 +
PANDORA_RB_PRODUCT_NAME="Custom product"
 +
PANDORA_RB_COPYRIGHT_NOTICE="Custom copyright"
  
* ''/var/spool/pandora/data_out'': Folder where the collected data from the agents is kept.
+
== SNMPTRAPD configuration ==
  
* ''/etc/pandora/pandora_agent.conf'': Main agent configuration folder. The definition of where the data is collected is defined by the used command.
+
The SNMP Console of Pandora FMS uses '''snmptrapd''' to receive [[Pandora:Documentation_en:SNMP_traps_Monitoring|SNMP traps]]. '''Snmptrapd''' is a standard tool, present on almost all UNIX systems, to receive traps and write a logfile. Pandora FMS configures '''snmptrapd''' to write a custom logfile and reads it every x seconds, executing alerts if defined.
  
* ''/usr/local/bin/pandora_agent'': The current Pandora FMS agent. This file is a shellscript which collects the configuration data in the 'pandora_agent.conf' files and sends the data packages to the Pandora Server. It usually has a link to '/usr/bin/pandora_agent'.
+
Previously, '''snmptrapd''' accepted traps by default, without explicitly configuring anything. From version 5.3 onwards, the configuration for access control is more restrictive and it does not allow to receive traps from anyone by default.
  
* ''/usr/local/bin/tentacle_client'': The agent which adds the Tentacle client for being able to send the data files to the server. This is a client written in Perl 5.8. It usually has a link to '/usr/bin/tentacle_client'.
+
If '''snmptrapd''' runs without a custom configuration, traps are not received and Pandora FMS cannot show them in the console, because the system rejects them.
  
* ''/etc/init.d/pandora_agent_daemon'': Script for starting and stopping. This daemon calls up 'pandora_agent' and gives two options (start / stop). On the AIX systems, the daemon's name is '''/etc/rc.pandora_agent_daemon'''.  
+
You are probably required to configure your snmptrapd using the file <code>/etc/snmp/snmptrapd.conf</code>. If it does not exist, please check <code>/var/log/pandora/pandora_snmp.log</code> file for warnings or errors.
  
* ''/var/log/pandora/pandora_agent.log'': Text file where the activity of the Pandora FMS agent is kept if the agent is executed in depuration mode.
+
A basic <code>snmptrapd.conf</code> could be something similar to this:
  
* ''/etc/pandora/plugins'': Directory which keeps the agent's plugins. It's a link to ''/usr/share/pandora_agent/plugins''.
+
authCommunity log public
  
===== Initial Execution of a UNIX Agent =====
+
If does not work on your Linux distribution, please check your '''snmptrapd''' version syntax to enable trap reception in your '''snmptrapd''' daemon with the command:
  
When you start the Pandora FMS agent, this should copy the data file to the Pandora FMS server through the dispatch system which is specified in the configuration file of ''/etc/pandora/pandora_agent.conf''. It's recommended to configure the dispatch system (Tentacle, SSH, FTP) before that.
+
man snmptrapd.conf
  
To start the agent, you're only required to execute:
+
== Tentacle Configuration ==
  
/etc/init.d/pandora_agent_daemon start
+
{{Tip|Yo may get more information about '''Tentacle protocol''' [[Pandora:Documentation_en:Tentacle|in this section]].}}
  
For IPSO systems the agent will be launched with a priority of '-10', so it turns into the process with the lowest priority in the system CPU. It will be executed when other processes with a higher priority are in a wait state in the CPU system queue. The IPSO agent has a special parameter (''harmless_mode '') for a special management of the CPU process on systems ''Checkpoint/NOKIA''. This is a very special case.
+
By default, Pandora FMS [[Pandora:Documentation_es:Configuracion_Agentes|software agents]] send data packages to the server through Tentacle protocol (Port <code>41121/tcp</code> assigned by [https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=41121 IANA]). The agent could also be reconfigured to send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. If you want them to send data packages using Tentacle protocol, configure a Tentacle server where this data is intended to be received. '''By default hen a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.'''
  
In BSD systems the highest priority is '+20' and the lowest '-20'.
+
If it is necessary to adjust some '''''parameters of Tentacle server configuration''''', it can be done by modifying the script that launches the Tentacle Server daemon directly, which is at:
  
To stop the agent, just execute:
+
/etc/init.d/tentacle_serverd
  
/etc/init.d/pandora_agent_daemon stop
+
Furthermore, there is a list of the different options for Tentacle Server configuration:
 
 
===== Advanced Configuration for the UNIX Agent =====
 
 
 
The real power of Pandora FMS is on the agent capacity to start processing the user defined scripts. This could be used to collect specific data or to make an operation which returns any desired value, because it's the aim of the agent plugin structure. For more information, please check the Annex on creating Agent Plugins.
 
 
 
===== Examples of Implementation for UNIX Agents =====
 
 
 
Example #1: Calculate the number of displays on the Apache Web server main page (it could degrade the running of huge records):
 
 
 
module_begin
 
module_name WEB_Hits
 
module_type generic_data_inc
 
module_exec cat /var/log/apache/access.log | grep "index" | wc -l
 
module_end
 
 
 
Example #2: Checks if the process of the (named) DNS is working or not:
 
 
 
module_begin
 
module_name DNS_Daemon
 
module_type generic_proc
 
module_exec ps -Af | grep named | grep -v "grep" | wc -l
 
module_end
 
  
===== Altering the way UNIX Agents obtain system information =====
+
;PANDORA_SERVER_PATH: The path to the entry directory of data. The default path is <code>/var/spool/pandora/data_in</code>.
  
This is valid for UNIX Perl agents only (version 3.2 or higher).
+
;TENTACLE_DAEMON: The Tentacle daemon. The default command is <code>tentacle_server</code>.
  
There are some modules which work like "blackboxes". They are performing operations the user doesn't have to know about what it's really doing. These modules are:
+
;TENTACLE_PATH: The path to the Tentacle binary. The default path is <code>/usr/bin</code>.
  
* module_procmem
+
;TENTACLE_USER: User from which the Tentacle daemon will be launched. The default value is <code>pandora</code>.
* module_freedisk
 
* module_freepercentdisk
 
* module_cpuproc
 
* module_proc
 
* module_procmem
 
* module_cpuusage
 
* module_freememory
 
* module_freepercentmemory
 
  
Modules like e.g. 'module_cpuusage' return a percentage of the current system CPU usage, but the user doesn't need to use a command. On windows and on UNIX systems, Pandora 'already knows' what to do.
+
;TENTACLE_ADDR: Direction to listen to data packages. If you set 0.0.0.0., it listens to all of them. The default value is to listen in all directions. This is true when its IP is <code>0.0.0.0</code>.
  
Pandora UNIX Agents have predefined commands to do that. The below mentioned commands are executed in different ways depending on the OS:
+
;TENTACLE_PORT: The listening port for package reception. It is <code>41121</code> (official port assigned by IANA) by default.
  
linux => 'vmstat 1 2 | tail -1 | awk \'{ print $13 }\'',
+
;TENTACLE_EXT_OPTS: Additional options for executing the Tentacle server. You can set up Tentacle to use authentication with [[Pandora:QuickGuides_EN:Secure_communication_with_tentacle|certificates and/or symmetric password]].
solaris => 'vmstat 1 2 | tail -1 | awk \'{ print $21 }\'',
 
hpux => 'vmstat 1 2 | tail -1 | awk \'{ print $16 }\''
 
  
It could happen that your system is slightly different from the tested system and the command is not valid. You're able to use your own command with a simple 'module_exec' or redefine internal pandora commands to do that. You need to edit some lines of Pandora FMS Unix Agent code for that, but don't worry - it's Perl code and it's very basic editing.
+
;MAX_CONECTIONS: Maximum number of simultaneous connections. The default value is <code>10</code>.
  
The Pandora agent is usually located in '/usr/bin/pandora_agent'. Please edit with vi or nano (they are common text editors for the console), and search for "Commands to retrieve" text. You should see something like this:
+
;MAX_SIZE: Maximum file size allowed by the server in bytes. The default value is <code>2000000</code>.
  
# Commands to retrieve total memory information in kB
+
==Pandora Web Robot Daemon (PWRD)==
use constant TOTALMEMORY_CMDS => {
 
linux => 'cat /proc/meminfo  | grep MemTotal: | awk \'{ print $2 }\'',
 
solaris => 'MEM=`prtconf | grep Memory | awk \'{print $3}\'` bash -c \'echo $(( 1024 * $MEM ))\'',
 
hpux => 'swapinfo -t | grep memory | awk \'{print $2}\''
 
};
 
  
This is the piece of code which defines how pandora gets information from the system to get the total memory. AIX is not defined because we don't have the information on how to get this information in a AIX system yet.
+
[[Image:icono-modulo-enterprise.png|left|Enterprise version.]]
  
# Commands to retrieve partition information in kB
+
Pandora Web Robot Daemon is a service from Enterprise version that provides the necessary tools to automate web browsing sessions. It is part of the WUX feature. It is available in the [https://library.pandorafms.com module library].
use constant PART_CMDS => {
 
# total, available, mount point
 
linux => 'df -P | awk \'NR > 1 {print $2, $4, $6}\'',
 
solaris => 'df -k | awk \'NR > 1 {print $2, $4, $6}\'',
 
hpux => 'df -P | awk \'NR > 1 {print $2, $4, $6}\'',
 
aix => 'df -kP | awk \'NR > 1 {print $2, $4, $6}\''
 
};
 
  
These are the commands to get disk the information in KB (total, free and mount point). To change any of the predefined values to get the information, just edit the command but be careful with it:
+
It contains:
  
# Check that lines end with ";"
+
* Firefox browser binary version 46.
# Check that commands are between ' ' symbols.
+
* Pre-built profile for recording and running web browsing sessions.
# Check that any ' symbol you use ends on the \ symbol, e.g.:
+
* Session Automation Server.
 +
* Web browsing session recorder (<code>.xpi</code>).
  
df -P | awk 'NR > 1 {print $2, $4, $6}'
+
For more information related to PWRD, please follow this [[Pandora:Documentation_en:User_Monitorization|link.]]
  
Will be
+
= WEB Console =
  
df -P | awk \'NR > 1 {print $2, $4, $6}\'
+
[[Pandora:Documentation_en:Architecture#The_Pandora_FMS_Console|Pandora FMS web console]] has a configuration file which is created and configured automatically while it is being installed. Its location is: /consolepath/include/config. php.
 +
For example in CentOS systems:
  
It's the same used above, so see how it's written in the code.
+
/var/www/html/pandora_console/include/config.php
  
==== Pandora FMS Windows Agents ====
+
== Configuration File config.php ==
  
===== Checking of the Windows agent working =====
+
The configuration options in the file are included in the header, and these are:
  
The exit of the Pandora FMS Windows agent can be checked in the file ''C:\archivos de programa\pandora_agent\pandora_agent.log''. It's a plain text file that contains information about the agent's execution flow.
+
;$config["dbtype"]: Type of database used. It is MySQL by default.
  
To check if Tentacle or SSH are working well, you can use the command ''tentacle_client'' or the parameter '--test-ssh' on the binary. The first command will return an error, because neither the address nor the file to send is specified, but it checks if the Tentacle client ''tentacle-client'' is in the system the second one will force Pandora FMS to connect using SSH internally and copy a file called ''ssh.test''. Remember that you're required to configure SSH properly, to generate the required keys and to import them onto the server if you want to use it.
+
;$config["dbname"]: Database name to connect to. The default value is <code>pandora</code>.
  
===== Checking of Pandora FMS Agent service =====
+
;$config["dbuser"]: Username for the connection to Pandora FMS database. The default value is <code>pandora</code>.
  
The Pandora FMS 3.0 version has been carefully checked and "debugged" in order to avoid all kinds of memory ''leaks'', ''handles'' of processes, files or TCP/IP ports. It's very stable and has been tested on all Windows platforms where it has to operate. Nevertheless, it could happen that the service crashes a few times on some systems. We have tried to give some solutions to those users which require a restarted system or a supplementary control of the agent for it.
+
;$config["dbpass"]: Password for the connection to Pandora FMS database.
  
There are two ways of having more control over the agent. The first one is to force the restart of the agent every X days through the Windows internal programmer for tasks through the AT command.
+
;$config["dbhost"]: IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as the server, which is <code>127.0.0.1</code> or <code>localhost</code>.
  
''' Restart with AT '''
+
;$config["homedir"]: Directory where the Pandora FMS web console is located. This is usually <code>/var/www/pandora_console</code> or <code>/srv/www/htdocs/pandora_console</code>.
  
'' In English ''
+
;$config["homeurl"]: Base directory for Pandora FMS. This is usually <code>/pandora_console</code>.
  
To schedule a restart on Mondays and Fridays:
+
;$config["public_url"]: The full URL is set with the string value, the value is the URL inside Pandora FMS Server if you use an inverse proxy e.g. <code>mod_proxy</code> from Apache.
  
at 00:00 /every:Monday,Friday "c:\program files\pandora_agent\scripts\restart_pandora_agent.bat"
+
=== Apache server redirection ===
 
 
'' In Spanish ''
 
 
 
For example, to schedule an every day restart:
 
 
 
at 00:00 /every:L,M,Mi,J,V,S,D "c:\archivos de programa\pandora_agent\scripts\restart_pandora_agent.bat"
 
 
 
To see a list of the scheduled tasks, just execute the following command in the command line:
 
 
 
at
 
 
 
This will give you the scheduled tasks.
 
 
 
''' Automatic control of the service in case of crashes'''
 
 
 
Windows provides an additional way of controlled restart of the service if this crashes for any reason. This allows to tell the Windows service to restart it automatically in case of a crash. You have to go to the Windows services dashboard and to the Pandora FMS agent and click on 'Properties' for it. On the 'Recovery' slide, you're required to change the default values into this:
 
 
 
<center>
 
[[image:Service_control_restart.png]]
 
</center>
 
 
 
This causes an automatic restart if the service crashes - but only once a day. If it happens to crash more than once a day, it won't get restarted again. The reason this configuration is avoidance of a possible system overload due to a forced execution that downs too much of the other services, which is caused by a problem within the system. Pandora FMS should never be down. In any case, you can adjust these parameters if a Pandora FMS service crash should be controlled by the system and to make sure that you'll always have the agent running this way.
 
 
 
===== Configuration of Pandora FMS Windows Agent =====
 
 
 
The whole installation is done through the file ''pandora_agent.conf''. This file is a list of pairs of keys and values which have been described before. Here is an example of this file:
 
  
 +
If you only have one Pandora FMS in your Apache server, then it is possible that you could benefit by automatically redirecting <code>/pandora_console</code> when users connect with the <code>/</code> URL of their server. To do this, create the following file <code>index.html</code> and put it in the web server root directory (<code>/var/www</code> or <code>/srv/www/htdocs</code>):
  
 
<pre>
 
<pre>
# General Parameters
+
  <html>
# ==================
+
  <head>
   
+
  <meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
server_ip mypandoraserver.host.com
+
  </head>
server_path /var/spool/pandora/data_in
+
  </html>
temporal "c:\windows\temp"
 
interval 300
 
agent_name myagent_name
 
   
 
# Module Definition
 
# =================
 
   
 
# Counting OpenedConnections (please check language string)
 
module_begin
 
module_name OpenNetConnections
 
module_type generic_data
 
module_exec netstat -na | grep ESTAB | wc -l | tr -d " "
 
module_description Conexiones abiertas (interval 2)
 
module_interval 2
 
module_end
 
 
# Is Eventlog service running ?
 
module_begin
 
module_name ServicioReg
 
module_type generic_proc
 
module_service Eventlog
 
module_description Servicio Registro de sucesos
 
module_end
 
 
# Is lsass.exe process alive ?
 
module_begin
 
module_name Proc_lsass
 
module_type generic_proc
 
module_proc lsass.exe
 
module_description LSASS.exe process.
 
module_end
 
 
# Received packets.
 
# Please notice that "Paquetes recibidos" string must be replaced by
 
# the correct string in your Windows system language.
 
module_begin
 
module_name ReceivedPackets
 
module_type generic_data
 
module_exec netstat -s | grep "Paquetes recibidos  " |  tr -d " " | cut -f 2 -d "=" | tr -d "\n"
 
module_description Conexiones abiertas (interval 2)
 
module_end
 
   
 
# Free space on disk
 
module_begin
 
module_name FreeDiskC
 
module_type generic_data
 
module_freepercentdisk C:
 
module_description Free space on drive C:
 
module_end
 
 
 
module_begin
 
module_name FreeMemory
 
module_type generic_data
 
module_freepercentmemory
 
module_description Amount of free memory.
 
module_end
 
 
</pre>
 
</pre>
  
===== Extending the agents functionality with VBS code =====
+
== Apache Configuration ==
 
 
Starting with the 3.1 version, Windows agents started to have plugins like the Unix agents, but don't forget they also have the possibility of executing the external scripts, based on VBScript as simple modules. Take a look at the VBS code which obtains the CPU total use of a system:
 
 
 
strComputer = "."
 
Set objWMIService = GetObject("winmgmts:" _
 
    & "{impersonationLevel=impersonate}!\\" _
 
    & strComputer & "\root\cimv2")
 
 
    Set object1 = objWMIService.Get( _
 
    "Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
 
    N1 = object1.PercentProcessorTime
 
    D1 = object1.TimeStamp_Sys100NS
 
    Wscript.Sleep(1000)
 
    set object2 = objWMIService.Get( _
 
    "Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
 
    N2 = object2.PercentProcessorTime
 
    D2 = object2.TimeStamp_Sys100NS
 
 
    ' CounterType - PERF_100NSEC_TIMER_INV
 
    ' Formula - (1- ((N2 - N1) / (D2 - D1))) x 100
 
    PercentProcessorTime = (1 - ((N2 - N1)/(D2-D1)))*100
 
 
    Wscript.Echo PercentProcessorTime
 
 
 
We keep it in a file called "CPUTotal.vbs" which is located at ''c:\program files\pandora_agent\util''.
 
 
 
Now we're going to create the new module type of 'module_exec' with this content:
 
 
 
cscript.exe /NoLogo c:\program_filespandora_agent\util\CPUTotal.vbs
 
 
 
We already have a new module that returns the CPU total use, obtained through the external script in VB. There are plenty of things that can be obtained through VBScript. Microsoft has an excellent online documentation about VBS that you can check in MSDN:
 
[http://msdn.microsoft.com/en-us/library/aa394582(VS.85).aspx].
 
 
 
===== Running the Pandora FMS Agent under a different user than SYSTEM =====
 
 
 
You can setup the Windows agent to run under a different user. You're required to configure the startup service with a different user and provide this user with special privileges to do that. That user is required to get included in the 'Administrators' group.
 
 
 
In the WMI console, all users from the group 'Administrators' have ALL permissions enabled.
 
 
 
This is an example of a user and it's WMI settings for the ROOT environment. Branches will inherit the root permissions by default:
 
 
 
<center>
 
<br>
 
[[image:Service_image001.png]]
 
</center>
 
<br>
 
 
 
<center>
 
<br>
 
[[image:Service_image002.png]]
 
</center>
 
<br>
 
 
 
You can look up some Microsoft links related to this issue on : [http://support.microsoft.com/kb/325353/en] [http://msdn.microsoft.com/en-us/library/ms188690.aspx]
 
 
 
==== Auto-upgrading Software Agents ====
 
 
 
Pandora FMS 3.2 has a new feature called "File collection". File collections are described in a few chapters below, they are a 'centralized file distribution system' to copy files (binary, scripts and data) from the console to the agents running the Pandora FMS software agent.
 
 
 
We can provide a way to 'auto-upgrade' the software agents using that mechanism and a very special tool. It works in the following way:
 
 
 
1. Agents receive new binaries e.g. in the file collection's incoming directory:
 
 
 
c:\program files\pandora_agent\collections\fc_1\pandoraAgent.exe
 
 
 
2. The agent utilizes a special module to execute the pandora_update tool. This tool receives a single parameter, the FileCollection handle (or short name). In this scenario, it's ''fc_1''. It checks for a file called 'pandoraagent.exe' (or 'pandora_agent' under UNIX), looks at the size and contents of both files (by using a HASH), the running 'pandora_agent' and the binary provided in the file collection. If they are different, 'pandora_update' stops the agent, replaces the binary and restarts the agent again, using the new binary.
 
 
 
3. Furthermore, 'Pandora_update' writes the update event to a small log to be able to recover the next execution and warns the user about the agent's updating process by means of an 'async_string' module.
 
 
 
This means that the used modules could be configured to have a high interval to perform the update process.
 
 
 
'''UNIX Standard Installation'''
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec nohup /etc/pandora/plugins/pandora_update fc_1 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
'''UNIX Custon Installation'''
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec nohup /var/opt/PandoraFMS/etc/pandora/plugins/pandora_update fc_1 /var/opt/PandoraFMS 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
NOTE: The second parameter of the 'pandora_update' command is the installation path of Pandora FMS. This parameter is only required if Pandora FMS is installed in a path different from the default path.
 
 
 
'''Windows'''
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec pandora_update.exe fc_1
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
NOTE: If it has the agent in a non "standard" path under UNIX, you're required to modify some of the 'pandora_update' utility values, specifically the following lines:
 
 
 
 
 
# Setup your particular paths / process settings here
 
# [SETUP BEGIN] 12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)
 
# Location of binaries
 
 
 
# UNIX
 
my $running_binary = "/usr/bin/pandora_agent";
 
my $updated_binary = "/etc/pandora/collections/$fc_path/pandora_agent";
 
 
# UNIX style
 
 
my $start_pandora = "/etc/init.d/pandora_agent_daemon start";
 
my $stop_pandora = "/etc/init.d/pandora_agent_daemon stop";
 
 
 
Please change the paths to the ones which fit with your system manually.
 
 
 
==== Process to Auto Upgrade Agents from versions previous to 3.2  ====
 
 
 
The first thing is to get the executables from the Pandora FMS agent and the 'pandora_update' tool ('pandoraAgent.exe' and 'pandora_update.exe' under Windows and 'pandora_agent' and 'pandora_update' under UNIX).
 
 
 
Many of the steps that we are giving here means the following things:
 
 
 
1. You have a way to copy files to the systems which you want to update. This is a feature which the Pandora FMS 3.2 version provides (File Collection) but just now, you want to migrate to the 3.2 version, because this feature is missing there. It's assumed that you have alternative mechanisms.
 
 
 
2. The agent's configuration and remote management is activated and working. This will be useful. It's recommended to create several directories and configure a new module in your Pandora FMS agent configuration.
 
 
 
'''Windows Platforms'''
 
 
 
We should copy 'pandora_update' to one directory of the system path or to the directory '/util' of our Pandora (in Windows).
 
 
 
Supposing that we have Pandora FMS installed in:
 
 
 
C:\Archivos de programa\pandora_agent
 
 
 
We have to copy 'pandora_update.exe' in the directory:
 
 
 
C:\Archivos de programa\pandora_agent\util
 
 
 
Then we create two directories:
 
 
 
C:\Archivos de programa\pandora_agent\collections
 
C:\Archivos de programa\pandora_agent\collections\fc_1
 
 
 
And after this, we should copy the new agent's binary to the last directory which we have created:
 
 
 
C:\Archivos de programa\pandora_agent\collections\fc_1\PandoraAgent.exe
 
 
 
We create one module in the agent as the one that follows:
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec pandora_update.exe fc_1
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
This special module that uses the 'pandora_update' executable, executes a special tool ('pandora_update') which compares the current executable with the one that already exists in the directory '/collections/xxxx', where 'xxxx' is a parameter that is passed on to the module. This location is the one specified with the file collections. After using the 3.2 version, the distribution of the new *.exe of the agents will be done through filecollections and this identifier will be necessary to 'locate' in which file collection our executable is located.
 
 
 
'''UNIX Platforms'''
 
 
 
Similar to the Windows platforms, we have to copy the executable of the UNIX agent and the 'pandora_update' feature. If it has a non-standard installation and possesses customized paths, you should have to pay lot of attention to the previous paragraph where it's described which files should be modified.
 
 
 
You have to copy ''pandora_update'' into your agent's plugins / folder:
 
 
 
/etc/pandora/plugins/pandora_update
 
 
 
Now create directory 'collection/fc_1' in the base directory of your '/etc/pandora':
 
 
 
/etc/pandora/collections/
 
/etc/pandora/collections/fc_1
 
 
 
The call to 'pandora_update' will be done on its system paths to the plugins. In this case, the default path is '/etc/pandora/plugins/pandora_update'.
 
 
 
The module for the UNIX case will be the following:
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec nohup /etc/pandora/plugins/pandora_update fc_1 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
'''NOTE''': It's recommended to check if both 'pandora_update' and 'pandora_agent' have suitable permissions and owners, executing permissions and the same user which owns the 'pandora_agent' executable.
 
 
 
=== Pandora FMS Drone Agents ===
 
 
 
==== What is a Drone Agent ? ====
 
 
 
The Pandora FMS Drone Agent is a running mode of Pandora FMS Software Agent. This running mode only works on Windows and Linux machines. It was developed to deal with complicated environments with restricted access to the machines. The Drone Agent has two main features:
 
 
 
* '''Proxy mode'''
 
* '''Broker mode'''
 
 
 
Running in this mode, the Drone Agent can report data and utilize all features of the standard Pandora FMS Software Agent.
 
 
 
 
 
The picture below shows an architecture of Pandora FMS using Drone Agents:
 
 
 
<center>
 
[[image:Architecture_il1.png‎|500px]]
 
</center>
 
 
 
===== Proxy Mode =====
 
 
 
Proxy Mode is very useful for networks which have restrictions in their communications. The agent running this mode enabled a Tentacle Proxy Server to allow agents to communicate with the Pandora FMS Server through itself.
 
 
 
The new Tentacle version supports proxy usage (HTTP/Connect mode), so that agents can contact with the server using an intermediate standard proxy directly. You also can use a new tool called 'Tentacle Proxy Server' is used to centralize all communication between Pandora FMS and the agents, allowing the file management and remote configuration for policy based-monitoring. You can see [http://www.openideas.info/wiki/index.php?title=Tentacle more about the Tentacle Proxy Server here].
 
 
 
 
 
You'll get all functionalities of a proxy but managed by Pandora FMS Software Agent with this feature. This mode has two '''requirements''' 1. The agent '''cannot be run by the root'''. 2. If you want to use the proxy mode with Unix agent then '''it must be installed with a user without root privileges''' (the same user will execute the agent in proxy mode later).
 
 
 
All parameters to configure the Tentacle Proxy Server are available trough its agent configuration file:
 
 
 
'''server_ip'''
 
 
 
It's the IP address or the name of Pandora FMS server host. '''Be careful with the enabled Proxy Mode. This parameter cannot take values like 127.0.0.1, locahost, 0.0.0.0 or related'''.
 
 
 
'''proxy_mode'''
 
 
 
Proxy mode status. If the 'proxy_mode' is set to '1', the proxy feature of the drone agent is activated. If the proxy_mode is set to '0', the proxy feature is off. This feature is disabled by default.
 
 
 
'''proxy_max_connection'''
 
 
 
Number of max. simultaneous connections of the proxy. 10 connections are allowed by default.
 
 
 
'''proxy_timeout'''
 
 
 
Timeout for the proxied server. Default value is '1 second'.
 
 
 
====== Usage Examples ======
 
 
 
'''I only have one connection to the Pandora FMS Server'''
 
 
 
This situation is not a problem for the Pandora FMS Drone Agent. To configure the proxy mode, just set 'server_ip' to the Pandora FMS IP and the 'proxy_mode' parameter to '1'. You can configure some parameters like the number of connections and timeout if needed. You'll have the agent and the Tentacle Proxy Server up and running on the machine which can connect with Pandora FMS Server with this configuration.
 
 
 
To configure the other agent, just set the 'server_ip' parameter to the IP address of the Drone Agent with proxy mode enabled. That's all you have to do. The agents are going to use the drone agent to connect to the Pandora FMS Server.
 
 
 
'''I'm required to setup a double proxied connection'''
 
 
 
You're able to connect a Drone Agent to another. It's very easy.
 
 
 
To perform the double proxy, just configure the Drone Agent which can connect to Pandora FMS Server to set the 'server_ip' to the Pandora FMS IP address. 'proxy_mode' must be set to '1' and the other parameters if you need.
 
 
 
To configure the second Drone Agent, just set the 'server_ip' to the one of the first Drone Agent and enable the proxy mode by setting 'proxy_mode' to '1'.
 
 
 
With this configuration, an agent connected to the second Drone Agent can send data to Pandora FMS Server through the two proxies.
 
 
 
===== Broker Mode =====
 
 
 
The Broker Mode is designed to "recreate" different agents (as an entity) from a single software agent installed on a server. Broker agents execute different setups, like if it has different personalities or different agents installed on the same server with different configurations. Each configuration file is independent and can have it's own plugins, inventory modules, etc. It can be remotely managed as any other agent of course. This is perfect to monitor servers / Comm devices nearby and useful when you're unable to reach a router but can install an agent in a nearby host. You can monitor ten routers from a single agent and have eleven agents in your Pandora FMS console (10 routers + 1 host) for example.
 
 
 
It's important to know that the ''broker_agent'' token will be ignored in the configuration of an agent which is set like a broker agent.
 
 
 
The main features of "broker mode" are:
 
 
 
* Send local data with another agent name. Useful to monitoring different instances of a software applicationn as independent agents.
 
 
 
* Send data from remote devices / checks executed from a single host and have it under Pandora FMS like they were different independent agents.
 
 
 
====== Examples ======
 
 
 
'''Send data to server with different agent names, using different configurations'''
 
 
 
Modify your pandora_agent.conf with following lines:
 
 
 
broker_agent router_1
 
broker_agent router_2
 
broker_agent router_3
 
 
 
On the next execution or restart you will have three new files: 'router_1.conf', 'router_2.conf' and 'router_3.conf'. They are an exact copy from origial "pandora_agent.conf" file, except the attribute of 'agent_name' which will be selected from the 'broker_agent' call.
 
 
 
You now have four agents with different configuration files. You can now add different modules in each configuration file, e.g. edit 'router_1.conf' and add:
 
 
 
'''Sample of remote check'''
 
  
Please add the following line to the remote configuration file 'pandora_agent.conf':
+
Pandora FMS has a series of folders with some files that complete its functionality. To avoid accessing these files, some folders in the console have a <code>.htaccess</code> file that restricts access to them. For this to be effective in the [https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride Apache configuration], it is necessary to allow these permissions to be overwritten using <code>htaccess</code>, for which the token <code>AllowOverride</code> must be set to <code>All</code>.
  
broker_agent server_1
 
  
A new file called 'server_1.conf' will be created and we'll edit it for the purpose of adding specific modules for this broker agent:
+
  AllowOverride All
 
 
  module_begin
 
module_name Check SSH Status
 
module_type generic_proc
 
module_tcpcheck 192.168.1.1
 
module_port 22
 
module_timeout 5
 
module_end
 
 
 
This configuration can be interesting when making checks against another remote machine. Even if it has an agent installed Pandora, is unattainable by the server.
 
 
 
'''This feature is available since 4.0 version.'''
 
 
 
=== Agent / Module Autocreation from XML File / Learning Mode ===
 
 
 
Pandora FMS supports the creation of agents and/or modules in an automated way if you receive the information coming from an XML (data server). This happens automatically, unless you completely disable this behaviour by disabling the server ''autocreate'' parameter. The 'creation' only happens the first time agent data arrives on the server. That means you can '''create the information''' but you cannot '''update''' the agent or module information each time you're getting a new XML - with a few exceptions as you can see below.
 
 
 
<center>
 
<br><br>
 
[[File:Learning mode.png]]
 
<br><br>
 
</center>
 
 
 
 
 
This behaviour could be avoided in specific agents by disabling the ''learning mode'' of the agent. By disabling this feature, the agent will not create new modules when the XML arrives with the new module. The information won't update the agent configuration parameters.
 
 
 
 
 
'''Autodisable mode:''' From version 6.1 onward agents have this third mode available. In terms of creating agents and modules it behaves exactly the same as an agent in learning mode: when the first XML reaches it, the first agent is created and, on each report, if there are new modules they can also be added automatically. Nevertheless, when all modules from an agent that are in ''autodisable'' mode are also marked as unknown, the agent is automatically disabled. In any case, if the agent reports again, it gets enabled again on its own.
 
 
 
==== Loaded Data from the XML in the Creation of an Agent ====
 
 
 
Stored Data for an agent is the following:
 
 
 
''' In 4.x version: '''
 
 
 
* Agent name.
 
* IP address.
 
* Agent description.
 
* Agent's parent.
 
* Timezone offset.
 
* Group.
 
* Operating system.
 
* Agent interval.
 
* Agent version
 
 
 
''' In 5.x version '''
 
 
 
It's the same as in 4.x version, plus the following:
 
 
 
* Custom fields.
 
* Custom ID.
 
* URL address.
 
 
 
''' In 6.1 version '''
 
 
 
* Agent mode: (Learning -''default''-, No-learn, Autodisable).
 
 
 
==== Data modified in the Agent when receiving XML (Learning Mode enabled) ====
 
 
 
* Agent's IP address
 
* Agent's parent (if defined in server setup, for v4.x parents it's always updated)
 
* OS Version.
 
* Agent's version.
 
* Timezone.
 
* Custom fields.
 
 
 
 
 
{{tip|The GIS data are always updated. It doesn't matter at all if the learning mode is enabled or not.}}
 
 
 
By enabling the learning mode, the new modules which get received through the XML file, are going to be created under Pandora FMS.
 
 
 
==== Data added to the Module on Creation Time ====
 
 
 
The first time you get data coming from an XML for a module, the read data from the XML and inserted in the system are the following:
 
 
 
''' In 4.x version '''
 
 
 
* Name.
 
* Type.
 
* Description.
 
* Max Min value filter.
 
* Post process.
 
* Module interval.
 
* Min / Max Critical.
 
* Min / Max Warning.
 
* Disabled module.
 
 
 
''' In 5.x version'''
 
 
 
The same as in 4.x plus the following:
 
 
 
* Units.
 
* Module group.
 
* Custom ID.
 
* Str. Warning / Critical.
 
* Critical instructions.
 
* Warning instructions.
 
* Unknown instructions.
 
* Tags.
 
* Critical inversion mode.
 
* Warning inversion mode.
 
* Quiet mode.
 
* Min. FF Threshold.
 
* Alert template (from SP4)
 
 
 
 
 
''' In 6.x version'''
 
 
 
* Crontab
 
 
 
==== Loaded Data when Module already exists ====
 
 
 
If the data server processes an XML containing information for a pre-existent module, part of its information will be overwritten / updated. The description and extended information (see next epigraph) are updated.
 
 
 
Note: GIS data are always updated unless you have the GIS update disabled for that agent (this is configured in agent's GIS setup).
 
 
 
=== Extended Module Information ===
 
 
 
This epigraph is for advanced and development environments. You're able to send custom XML data (using your own application or altering the Pandora agent's source code). This XML file has two 'custom' tags named 'rack_number' and 'severity':
 
 
 
<pre>
 
 
 
<module>
 
    <name><![CDATA[battery_level]]></name>
 
    <description><![CDATA[The actually device battery level]]></description>
 
    <type><![CDATA[generic_data]]></type>
 
    <data><![CDATA[61]]></data>
 
    <rack_number>2</rack_number>
 
    <severity>MAJOR</severity>
 
  </module>
 
</pre>
 
  
The module is going to be shown like on the picture below.
+
instead of:
  
<center>
+
AllowOverride None
<br><br>
 
[[File:Extended module xml.png|800px]]
 
<br><br>
 
</center>
 
  
{{Tip|These fields don't store history values. They're only going to store the last received value from the XML data.}}
 
  
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
+
[[Pandora:Documentation_en|Go back to Pandora FMS Documentation Index]]
  
 
[[Category:Pandora FMS]]
 
[[Category:Pandora FMS]]
 
[[Category:Documentation]]
 
[[Category:Documentation]]

Latest revision as of 08:59, 24 March 2021

Go back Pandora FMS documentation index

Pandora FMS has three essential components essential to configure correctly for good functioning, which are the web console, the server and the database.

Info.png

Even if you already have a Pandora FMS installed and running, if you have installed it through the appliance software, consider adjusting and revising the configuration for a much more optimal operation.

 


You may get more information about Pandora FMS optimization in this section. In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.

Diseño estándar de Pandora FMS
Standard Pandora FMS design

Contents

1 Server

Pandora FMS server main configuration can be found in the file pandora_server.conf is located at /etc/pandora by default.

From Pandora FMS version 7.0NG.752 onwards, it is possible to make some modifications related to the Pandora FMS server using a graphical interface, without the need to access the configuration file in plain text (neither through terminal nor from the web console).

To do this, the remote configuration should be previously enabled inside the pandora_server.conf configuration file. You should access to the servers view, and then click on the remote configuration icon enabled in the data server line.

Servers-manage-servers-pandora-fms-servers-remote-configuration-icon.png

There you may find in the first section, 'Server Features,a token next to the server to enable or disable it accordingly.

Server editor formulario.png

There is also a second configuration part, Optimization settings, devoted to optimization settings. In this section you will be able to modify parameters such as the timeout times or the threads dedicated to the servers.

And finally, a space reserved for other configurations: Other server settings. This section includes the possibility of indicating the group ID to which the agents that are added to the Pandora FMS environment will be assigned by default if one is not specifically indicated during its creation. Force auto-creation and enable agent auto-creation when receiving data files with an agent ID that does not exist in the system.

1.1 Configuration File Elements

It is a UNIX standard plain text file, where unused variables or comments are preceded by character #. If you are editing from MS Windows®, make sure to use an editor that supports that format. Eventually, if you need to encrypt specific characters check the Pandora FMS Change remote config encoding parameter. All file configuration parameters are listed below.

1.1.1 servername

It is the name that the server will have when it is displayed in the console. By default it is commented and uses the name of the machine for the operating system.

Template warning.png

Changing the name once it is running could cause remote checks to stop working, since the default server would have to be reconfigured in all existing agents to use the new server, as well as deleting the old server name from the server list.

 



1.1.2 incomingdir

It is the incoming directory of XML data packages. It is located under /var/spool/pandora/data_in/ by default. This allows setting up a RAM disk or a very fast hard drive here (SSD, for example) to optimize Pandora MFS.

1.1.3 log_file

The Pandora FMS record file (log). It is located under /var/log/pandora/pandora_server.log by default. This is the main log file and it is very important for debugging.

1.1.4 snmp_logfile

Located under /var/log/pandora/pandora_snmptrap.log by default. This is a log file from SNMP console that contains all received SNMP traps BEFORE Pandora FMS server processes them.

1.1.5 errorlog_file

The Pandora FMS error registry file (log). It is located under /var/log/pandora/pandora_server.error by default. This log file stores all non-controlled errors or non-captured output from tools executed by the server.

1.1.6 daemon

It shows whether or not Pandora FMS server is executed as a daemon. If the server is launched with the –D option, it is executed as daemon.

1.1.7 dbengine

Deprecated: always Mysql (default value, MySQL is Pandora FMS database software).

1.1.8 dbname

Database name to which the server will connect. The default value is pandora.

1.1.9 dbuser

Username used in the Pandora FMS database connection. It is pandora by default.

1.1.10 dbpass

Password for the connection to Pandora FMS database.

1.1.11 dbhost

IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as that of the server, which is 127.0.0.1.

1.1.12 dbport

TCP port where the the database engine listens (optional). 3306 is set by default if the value is commented.

1.1.13 verbosity

It is the level of detail for server logs. Possible values range from 0 (off) to 10 (maximum level of detail). With a value of 10, the log will show all the executions that the server performs, including modules, plugins and alerts.

Template warning.png

The use of high values is not recommended on an ongoing basis due to the large growth of log files, which can cause performance problems in the system.

 


1.1.14 master

Master server priority. The server with the highest value (a numerical value, positive and without decimals) that is running will be the master. Ties are resolved at random. If set to 0, this server will never become a master. See the High Availability (HA) chapter for more information.

1.1.15 snmpconsole

Enabling it (value 1) indicates that the SNMP trap reception console is enabled in the configuration. 0 that it is not. The console depends on the UNIX snmptrapd service and stops and starts it when Pandora FMS boots. Before starting Pandora FMS, verify that the snmptrapd process has not been started in the system.

1.1.16 snmpconsole_threads

Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to 1 by default.

1.1.17 translate_variable_bindings

Enterprise version.
If set to 1, the SNMP console will attempt to translate variable bindings when processing SNMP traps. Set to 0 by default.

1.1.18 translate_enterprise_strings

Enterprise version.
If set to 1 (default value), the SNMP console will attempt to translate enterprise strings when processing SNMP traps.

1.1.19 snmp_ignore_authfailure

Snmptrapd will ignore the authenticationFailure traps in case of it being activated, 1 (default value).

1.1.20 snmp_pdu_address

If enabled (value 1) Snmptrapd will read from the Protocol data units (PDU) address instead of the agent address. Its value is 0 by default.

1.1.21 snmp_trapd

Path to the snmp_trapd binary. If set to manual, the server will not attemp to start snmp_trapd. Its value is manual by default.

1.1.22 snmp_forward_trap

Enables (1) or disables (0) SNMP trap forwarding to the host specified in snmp_forward_ip.

1.1.23 snmp_forward_ip

IP address of the host to which SNMP traps will be forwarded to.

Template warning.png

Bear in mind that setting a forwarding address to Pandora FMS itself will cause a forwarding loop that will make the Monitoring Server collapse.

 


1.1.24 snmp_forward_version

SNMP version to use when forwarding SNMP traps. This token can only have the following values:

  • 1
  • 2c
  • 3

1.1.25 snmp_forward_secName

Only for SNMP version 3. It defines the authentication security name. More information at snmpcmd's guide.

1.1.26 snmp_forward_engineid

Only for SNMP version 3. It defines the authorized engine ID. More information at snmpcmd's manual.

1.1.27 snmp_forward_authProtocol

Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:

  • MD5
  • SHA

More information at snmpcmd's manual.

1.1.28 snmp_forward_authPassword

Only for SNMP version 3. It defines the authentication password. For more information, go to snmpcmd's manual.

1.1.29 snmp_forward_privProtocol

Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:

  • DES
  • AES

More information at snmpcmd's manual.

1.1.30 snmp_forward_privPassword

Only for SNMP version 3. It defines the privacy pass phrase. More information at snmpcmd's manual.

1.1.31 snmp_forward_secLevel

Only for SNMP version 3. It defines the security level. This token can only have the following values:

  • noAuthNoPriv.
  • authNoPriv.
  • authPriv.

1.1.32 snmp_forward_community

SNMP community to be defined (public, private, etc.).


1.1.33 networkserver

1 enables the Pandora FMS Network Server, 0 disables it.

1.1.34 dataserver

1 enables the Pandora FMS Data Server, 0 disables it.

Template warning.png

The Data server is a special server that also performs other delicate tasks. If you have several Pandora FMS servers in your installation, at least one of them must have a dataserver thread running.

 


1.1.35 reconserver

Network discovery server, now called Pandora FMS Discovery server: enabled 1 or disabled 0.

1.1.36 pluginserver

Pandora FMS remote plugin server: 1 enabled, 0 disabled.

1.1.37 plugin_exec

Shows the absolute path to the program which executes the plugins in a controlled way in time. The default value is /usr/bin/timeout. If your base system does not have this command, use /usr/bin/pandora_exec instead, which is included in Pandora FMS.

1.1.38 predictionserver

1 enables Pandora FMS Prediction Server, 0 disables it.

1.1.39 wmiserver

1 enables Pandora FMS WMI Server, 0 disables it.

1.1.40 network_timeout

It is the timeout -in seconds- for ICMP checks. Its value is 2 seconds by default. If you are going to perform checks on WAN networks, it is advisable to increase this value to avoid false positives taking into account that some checks may require more time.

Info.png

The more timeout you have, the more time you will need to run checks in the worst-case scenario.

 


1.1.41 server_keepalive

It is the time -in seconds- before declaring the server down. Each server checks the status of the servers around it, and in case the date of last update of one of them exceeds this value, it will mark it as down. This affects, to how High Availability (HA) works, in the case of having several servers.

Info.png

It is essential that if you have multiple servers, all their internal clocks are synchronized through NTP.

 


1.1.42 thread_log

Info.png

Version NG 7 or superior.

 


Set to 0 unless you are debugging your Pandora FMS Server. 1 causes server threads to periodically dump their status to disk at:

/tmp/<server name>.<server type>.<thread number>.log 

For example:

[[email protected]]# cat /tmp/pandorafms.*
2017-12-05 09:44:19 pandorafms dataserver (thread 2):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms dataserver (thread 3):[PRODUCER] Queuing tasks.
2017-12-05 09:44:40 pandorafms eventserver (thread 21):[CONSUMER] Waiting for data.
2017-12-05 09:44:40 pandorafms eventserver (thread 22):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms inventoryserver (thread 17):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms inventoryserver (thread 18):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms networkserver (thread 4):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 5):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 6):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 7):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms networkserver (thread 8):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms pluginserver (thread 13):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms pluginserver (thread 14):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms predictionserver (thread 15):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms predictionserver (thread 16):[PRODUCER] Queuing tasks.
2017-12-05 09:44:39 pandorafms reconserver (thread 10):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms reconserver (thread 9):[CONSUMER] Waiting for data.
2017-12-05 09:44:15 pandorafms webserver (thread 19):[CONSUMER] Waiting for data.
2017-12-05 09:44:40 pandorafms webserver (thread 20):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms wmiserver (thread 11):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms wmiserver (thread 12):[PRODUCER] Queuing tasks.

1.1.43 server_threshold

The number of seconds for the main loop. Its value is '5' by default.

Info.png

This is a very important value for server configuration, it defines how many times Pandora FMS will search to see whether there are pending data in the database or in the hard disk (to search XML files). 5 to 15 is a valid value in most cases. If set to 1, the CPU usage will go up a lot. You can use the value 1 for special occasions, such as when Pandora FMS has been stopped for some time and there are many XML files and network tasks to process. When set to 1, it will process the pending tasks a little faster, but when it is finished, it should be set between 5 and 15 again.

 


Template warning.png

With very low values and high load, there will be an "overheating" effect that progressively increases the CPU and memory consumption of the server.

 


This value together with the _thread and max_queue_files parameters are used to configure server performance.

1.1.44 network_threads

Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires many more server resources. Having more than twenty threads requires having a machine with many independent processors or cores.


1.1.45 icmp_checks

It defines the number of pings to each 'icmp_proc module. At least one of these checks has to return 1 to the module to be classified as correct. Its default value is 1. If you set '5' here and the first ping is OK, the other 4 will be skipped.

Info.png

In case of networks that have limited reliability, it is recommended to key in 2 or 3. A higher number will cause the rate of checks per second to decrease significantly in the event of any network segment failure.

 


Do not mistake it with the icmp_packets parameter which refers to the number of packets within the ping itself. The icmp_checks value defines the number of pings, each with its icmp_packets.

1.1.46 icmp_packets

Defines the number of ICMP packets sent in each ping request. 1 by default.

1.1.47 tcp_checks

Number of TCP retries in case the first one fails. Its default value is 1.

1.1.48 tcp_timeout

Specific timeout for TCP connections. The default value is 30 seconds.

Info.png

A high number (>40) will cause the rate of checks per second to decrease significantly in the event of a network segment failure.

 


1.1.49 snmp_checks

Number of SNMP retries in case the first one fails. The default value is 1.

1.1.50 snmp_timeout

Specific expiration time for SNMP connections. Its default value is 3.

Info.png

A high number will cause the rate of checks per second to decrease significantly in the event of a network segment failure.

 


1.1.51 snmp_proc_deadresponse

Returns DOWN if it is impossible to connect with a boolean SNMP module (proc) or if it gets NULL as a response. If set to 0, it is ignored.

1.1.52 plugin_threads

Number of threads for the remote plugin server. It shows how many checks could be done simultaneously.

1.1.53 plugin_timeout

Timeout for checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is 5, but you may want to raise it to a higher value in case you have plugins that may take longer than that.

1.1.54 wmi_timeout

Expiry time of WMI checks. After this time, the module status will be displayed as unknown. Its default value is 10.

1.1.55 wmi_threads

Number of threads for the WMI server. It shows how many checks can be done simultaneously.

1.1.56 recon_threads

Number of threads for the network recon server. It shows how many checks can be done simultaneously.

1.1.57 dataserver_threads

Number of threads for the data server. Shows how many XML files can be processed simultaneously. As a specific rule for the dataserver, a number of threads higher than the machine's physical processors should not be used.

Info.png

In the specific case of the dataserver, a value higher than 5 or 6 does not imply better performance.

 


1.1.58 mta_address

Mail Server IP address (Mail Transfer Agent).

Template warning.png

If you are using a Pandora FMS ISO installation and you want to use the Postfix server distributed in it, make sure that your Pandora FMS server is able to resolve through its DNS server the mail server in charge of your e-mail domain.

nslookup -type=mx my.domain

Also, make sure in this case that your mail server accepts the emails redirected from Pandora FMS server.

 


Template warning.png

If not set, Pandora FMS Console configuration will be used. It is possible to have a different MTA configuration for the Pandora FMS Server and the Pandora FMS Console.

 


1.1.59 mta_port

Mail server port (25 by default)

1.1.60 mta_user

Mail server user (if necessary for authentication).

1.1.61 mta_pass

Mail server password (if necessary for authentication).

1.1.62 mta_auth

Mail server authentication system if necessary; the supported values are:

  • LOGIN.
  • PLAIN.
  • CRAM-MD5.
  • DIGEST-MD.

1.1.63 mta_from

Mail address from which messages will be sent. The default value is [email protected].

1.1.64 mta_encryption

Info.png

Version NG 7 or superior.

 


SMTP connection encryption type (none, ssl, starttls).

1.1.65 mail_in_separate

1 by default. If set to 1, it delivers separate mail for each recipient. If set to 0, the mail will be shared among all recipients.

1.1.66 xprobe2

If provided, it is used to determine the operating system of the remote systems, when a recon network task is launched. The default path is /usr/bin/xprobe2.

1.1.67 nmap

Required for the Discovery server. The default path is /usr/bin/nmap.

1.1.68 fping

Required for the ICMP server. It is located at /usr/sbin/fping by default.

1.1.69 nmap_timing_template

A value that specifies how aggressive nmap should be, from 1 to 5. 1 means slower but more reliable, 51 means faster but less reliable. 2 set by default.

1.1.70 recon_timing_template

It is just like the nmap_timing_template, but applied to Satellite Server and Recon Server network scans.

1.1.71 snmpget

Required for SNMP checks. The default path is /usr/bin/snmpget. It refers to the location of the SNMP standard client for the system. In the case of Windows, a binary is provided for this purpose.

1.1.72 braa

Enterprise version.

Location of the braa binary required for the Enterprise SNMP server (default path is /usr/bin/braa).

1.1.73 braa_retries

Enterprise version.

Number of retries before braa hands a module over to the Network Server in case of an error.

1.1.74 fsnmp

Info.png

Version NG 7 or superior.

 


Enterprise version.

Path to the pandorafsnmp binary, used by the Enterprise SNMP Server for SNMPv3 requests (/usr/bin/pandorafsnmp by default).

1.1.75 autocreate_group

Numeric ID of the default group for new agents, created with the data server through the datafile reception. If there is no defined group here, the agents will be created in the group containing the XML.

1.1.76 autocreate_group_force

If set to 1, new agents will be added to the group specified by autocreate_group (the group specified by the agent will be used as fallback).

If set to 0, new agents will be added to the group specified by the agent (the group specified by autocreate_group will be used as fallback).

For example, with the following configuration a new agent would be placed in the group specified in its XML data file if possible, or the group with ID 10 if not:

autocreate_group 10
autocreate_group_force 0

1.1.77 autocreate

Setting it to 1 will autocreate agents when data files with an agent ID that does not exist in the system are received.

Info.png

If you want to set up a security mechanism, you can set a group password.

 


1.1.78 max_log_size

Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to pandora_server.log.old and the server generates a new one with the original name, pandora_server.log. Default size is 65 536 Bytes.

1.1.79 max_log_generation

It specifies max generation count (between 1 and 9) of Pandora FMS server log files. The default value is 1.

1.1.80 max_queue_files

Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by incomingdir. This prevents the Data Server from trying to process too many files, which would affect server performance. The default value is 5000.

Template warning.png

Incremental modules may not work properly if this value is not high enough to hold all the XML data files.

 


1.1.81 use_xml_timestamp

It is enabled (1) by default and it uses the date and time (timestamp) defined inside the XML (.data), that is, the timestamp generated by the agent.

If disabled (0), it will use the timestamp of the XML file, that is the server's timestamp. This could be useful to globally disable the use of dates generated by agents and just use the server's date and time as a reference for all data, because this timestamp is generated right when Pandora FMS server receives the XML.

Template warning.png

These settings changed in Pandora FMS 747 version. In previous versions this token is disabled by default.

 


Info.png

There is a similar feature at agent level, so that the agent data gets evaluated with the date the file was received.

 


1.1.82 auto_restart

Deactivated by default. If activated (value in seconds) it forces the server to restart internally every N seconds (1 day = 86400). This option is useful if degradation is noticed due to the uncontrolled failure of some thread or specific Pandora FMS server.

1.1.83 restart

It is disabled by default (0). The server will restart in the face of critical errors after a few seconds.

1.1.84 restart_delay

The default value is 60. The number of seconds the server will wait before restarting after a critical error if restart is enabled.

1.1.85 activate_gis

Enable (1) or disable (0) server GIS features.

1.1.86 location_error

Margin of error in meters to consider two GIS locations as the same location.

1.1.87 recon_reverse_geolocation_file

Recon reverse geolocation file. This file must be in MaxMind GPL format (GeoLiteCity.dat format). If this option is commented on in the configuration file, it will disable geolocation by IP when creating agents using recon and software agents. Geolocation will not be carried out either if the GIS features (activate_gis) are disabled overall.

1.1.88 recon_location_scatter_radius

Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. The center of the circle is found out by geolocating the IP.

1.1.89 self_monitoring

The server has a self monitoring flag which creates an agent with the same name as the server, which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter self-monitoring must be set to 1.

1.1.90 self_monitoring_interval

Time interval for self_monitoring in seconds.

1.1.91 update_parent

Defines whether the agent can update its parent by sending the parent name in XML, but if the parameter is not set or is 0, then the agent information will be ignored.

If this is not the case, when the server receives an XML with the parent_name attribute, it searches for an agent with this name, and if it finds it, it updates the parent of the XML agent.

1.1.92 google_maps_description

This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Google Maps API. To be able to use this feature you need internet access, and you can have performance penalties processing GIS information due to the connection speed against Google API from Pandora FMS server.

Template warning.png

The Google Maps API is a paid service and requires credentials, you will need to obtain the KEY API and pay, otherwise the service will be suspended after a couple of days of use.

 


1.1.93 openstreetmaps_description

This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the OpenStreetMaps API. This service is not as accurate as Google Maps, but it is free. It also has the advantage that it can - through code modifications - be modified to connect to a local server.

Info.png

If used with direct Internet connection (default), Internet access is required, and you can have performance penalties processing GIS information to the OpenStreetMaps API from Pandora FMS server due to the connection speed.

 


1.1.94 webserver

Enterprise version.

WEB check server, which can be enabled (1) or disabled (0). It is also known as Goliat server. It has nothing to do with the Web User Experience (WUX) monitoring server.

1.1.95 web_threads

Enterprise version.

Number of threads assigned to the WEB test server (Goliath). It shows how many simultaneous threads are assigned to this component.

1.1.96 web_timeout

Enterprise version.

Default expiration time in seconds for web monitoring modules (Goliath).

1.1.97 web_engine

Enterprise version.

cURL is used by default from version 747 onwards. Set this parameter to LWP to use Library for WWW in Perl (LWP) instead of cURL for web monitoring.

1.1.98 inventoryserver

Enterprise version.

1 enables the Pandora FMS Inventory Server, 0 disables it.

1.1.99 inventory_threads

Versión Enterprise.

Number of threads assigned to the remote inventory server.

1.1.100 exportserver

Versión Enterprise.

1 enables Pandora FMS Export Server, 0 disables it.

1.1.101 export_threads

Enterprise version.

Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.

1.1.102 eventserver

Versión Enterprise.

1 enables Pandora FMS Event correlation Server, 0 disables it (default value is 1).

1.1.103 event_window

Versión Enterprise.

Event window: It is the time window (in seconds) where the event server will look for events. For example, if set to '3600', the event server will check events generated within the last hour. If you have rules where the time window is longer, you will have to modify this value. A very large value will cause the system to degrade and require more resources (CPU, RAM) to operate.

1.1.104 event_inhibit_alerts

Info.png

Version NG 7 or superior.

 


If set to 1, an alert will not be executed (unless it is recovered) if the last event it generated is in 'in progress' status. 0 by default.

1.1.105 icmpserver

Enterprise version.

Enables (1) or disables (0) the Enterprise ICMP server.

Info.png

The ICMP Enterprise server uses the fping binary binary to perform ICMP requests in bulk. If this component is not enabled, the network server will run the checks, but with a much worse performance.

 


1.1.106 icmp_threads

Enterprise version.

Number of threads for the ICMP Enteprise server (default value is 3).

1.1.107 snmpserver

Enterprise version.

Pandora FMS snmp server enabled (1) or disabled (0).

Info.png

The SNMP Enterprise server uses the braa binary to execute SNMP queries in block. If this component is not enabled, the network server will run the checks.

 


1.1.108 snmp_threads

Enterprise version.

Number of threads for Enteprise SNMP server (default value is 3).

1.1.109 transactionalserver

Enterprise version.

Pandora FMS transactional server enabled (1) or disabled (0).

1.1.110 transactional_threads

Set to 1 by default. The presence of this parameter is a mere transaction, its modification will not alter the operation of the transactional server.

1.1.111 transactional_threshold

Maximum number of seconds that a Transactional server transaction may take.

1.1.112 prediction_threads

Number of threads for the prediction server.

1.1.113 block_size

Enterprise version.

Block size for block producer / consumer servers, which is the number of modules per block (the default value is 15). This affects to how requests are processed by SNMP Enterprise and ICMP Enterprise servers.

1.1.114 dataserver_lifo

If enabled (1), XML data files will be processed in a stack instead of a queue, and stale data (i.e., data with a timestamp older than its module's current timestamp) will not trigger events or alerts. Disabled (0) by default.

Template warning.png

Incremental modules will lose resolution if XML data files pile up, since newer data will be processed first, causing older data to be discarded.

 


1.1.115 policy_manager

If active (1), the server listens to the policy queue. By default its value is 1.

1.1.116 event_replication

In case of being active (1) the process of event replication to Metaconsole is performed. This process will not be activated if it is not correctly configured in the console. By default its value is 0.

1.1.117 event_auto_validation

In case of being active (1) new created events autovalidate previous events of the same module. Its value is 1 by default.

1.1.118 event_file

This configuration option allows to specify a text file in which the events generated by Pandora FMS in CSV format will be written. Enabling this option adds a Pandora FMS performance penalty.

For example:

event_file /var/log/pandora/pandora_events.txt

Template warning.png

There is no rotation mechanism for this file, you will have to take it into account since it can grow considerably.

 


1.1.119 snmp_storm_protection

Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.

1.1.120 snmp_storm_timeout

Time interval for snmp_storm_protection in seconds.

E.g. to prevent a single source from sending more than 1000 traps per 10 minutes:

snmp_storm_protection 1000
snmp_storm_timeout 600

1.1.121 text_going_down_normal

Text for the event that is generated when a module goes into normal status. It supports the _module_ and _data_ macros.

1.1.122 text_going_up_critical

Text to be displayed in module events going into critical status. It supports the _module_ and _data_ macros.

1.1.123 text_going_up_warning

Text to be displayed in module events going from 'normal' into warning status. It supports the _module_ and _data_ macros.

1.1.124 text_going_down_warning

Text to be displayed in module events going from 'critical' into warning status. It supports the _module_ and _data_ macros.

1.1.125 text_going_unknown

Text to be displayed in module events going into unknown status. It supports the _module_ and _data_ macros.

1.1.126 event_expiry_time

Events older that the specified time (in seconds) will be auto-validated. Set it to 0 to disable this feature.

For example, to automatically validate events 10 hours after they were generated, just use the command:

event_expiry_time 36000

1.1.127 event_expiry_window

This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be higher than event_expiry_time.

The default value is the equivalent of one day:

event_expiry_window 86400

1.1.128 claim_back_snmp_modules

Enterprise version.

If set to 1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (pandora_db) is run.

1.1.129 async_recovery

If set to 1, asynchronous modules that do not receive data for twice their interval will become normal. Set to 0 to disable.

1.1.130 console_api_url

Console's api direction. Usually, the direction of the server and the console ending with the route /include/api.php.

1.1.131 console_api_pass

Password of the console's API. This password can be found in the general section of the setup and can be left empty.

1.1.132 console_user

Console user with permissions to execute API-required actions, like getting a module graph image to add it to an alert email, among others.

Info.png

For security reasons, it is recommended to use an exclusive user for the API. Such user should not have permission for interactive access to the console, and use of the API should be restricted to only a set of well-known IPs.

 


1.1.133 console_pass

Password of the API user for the Console.

1.1.134 encryption_passphrase

An encryption phrase used to generate the key for the encrypted password. It is commented by default.

1.1.135 unknown_events

If active (1), events for unknown module status will be enabled. The value set by default is 1.

1.1.136 unknown_interval

Time interval (as a multiple of the module interval) before a module becomes unknown. It equals twice the module's interval by default.

1.1.137 global_alert_timeout

Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to 0, Pandora FMS Server ignores it and alert execution will not be interrupted.

1.1.138 remote_config

Enterprise version.

This parameter controls whether it is possible to configure the server remotely from the console in the server view. It works by Tentacle in a similar way to the remote configuration of the software agents..


1.1.139 remote_config_address

IP address of the machine where remote configuration files will be sent. It is localhost by default.

1.1.140 remote_config_port

Tentacle port for remote configuration. It is 41121 by default.

1.1.141 remote_config_opts

Allows to give additional parameters to the Tentacle client for advanced configurations. They should appear between quotation marks (e.g. "-v -r 5").

1.1.142 warmup_event_interval

In seconds, it specifies the time it will take until status change events are generated again and runs alerts after a server restart.

1.1.143 warmup_unknown_interval

In seconds, it specifies how long it takes for modules to go into unknown status after a server restart.

1.1.144 enc_dir

Path to a directory containing additional .enc files for the XML parser. These files will be automatically loaded by the Data server at startup.

1.1.145 dynamic_updates

Info.png

Version NG 7 or superior.

 


The number of times dynamic thresholds will be recalculated per dynamic interval.

1.1.146 dynamic_warning

Info.png

Version NG 7 or superior.

 


Percentage relative to the length of the critical interval used to calculate dynamic warning thresholds. The lower the value, the closer the critical and warning thresholds will be.

1.1.147 dynamic_constant

Info.png

Version NG 7 or superior.

 


Percentage relative to the module's average used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.

1.1.148 unknown_updates

Info.png

Version NG 7 or superior.

 


Set to 0 by default. If set to 1, unknown modules will be periodically updated, instead of only once when they become unknown. Alerts associated to unknown modules will be periodically evaluated too.

Template warning.png

Setting unknown_updates to 1 may affect server performance.

 


1.1.149 wuxserver

Info.png

Version NG 7 or superior.

 


Enterprise version.

It enables Web User Experience Analysis (WUX) server. It requires configuration of wux_host and wux_port.


1.1.150 wux_host

Info.png

Version NG 7 or superior.

 


Enterprise version.

It indicates the IP address / FQDN of the server hosting the Pandora Web Robot Daemon service (PWRD).

1.1.151 wux_port

Info.png

Version NG 7 or superior.

 


Enterprise version.


It indicates the port of the Pandora Web Robot Daemon service (PWRD). Its default value is 4444.

1.1.152 wux_webagent_timeout

Info.png

Version NG 7 or superior.

 


Maximum time to connect to a destination web address and Selenium server. It is commented by default, with the value 15.

1.1.153 syslogserver

Info.png

Version NG 7 or superior.

 


Enterprise version.

1 enables Pandora FMS Syslog Server, 0 disables it.

1.1.154 syslog_file

Enterprise version.


Full path to syslog's output file. For example:

syslog_file /var/log/messages

1.1.155 syslog_threads

Info.png

Version NG 7 or superior.

 


Enterprise version.


Number of threads for the Syslog Server.

1.1.156 syslog_max

Info.png

Version NG 7 or superior.

 


Enterprise version.

Maximum number of lines read by the Syslog Server on each run.

1.1.157 sync_port

Communication port of the Sync server. It is commented by default, with the value 41121.

1.1.158 sync_ca

CA certificate path to sign certificates to configure SSl communication of the Sync server. It is commented by default, with path /home/cacert.pem.

1.1.159 sync_cert

Server certificate path for configuring SSl communication of the Sync server. It is commented by default, with path /home/tentaclecert.pem.

1.1.160 sync_key

Private key path of the server certificate for configuring SSl communication of the Sync server. It is commented by default, with the path /home/tentaclekey.pem.

1.1.161 sync_retries

Number of attempts to make the connection with the Sync server. It is commented by default, with the value 3.

1.1.162 sync_timeout

Maximum connection time with the Sync server. It is commented by default, with the value 10.

1.1.163 sync_address

Address of the Tentacle server for the Sync server.

1.1.164 logstash_host

Enterprise version.

Outdated from version 749 NG. Name or IP of the machine with Logstash installed.

1.1.165 logstash_port

Enterprise version.

Outdated from version 749 NG. Port of the machine with Logstash installed.

1.1.166 ha_interval

Execution interval in seconds of Pandora FMS HA Database tool. It is commented by default, with the value 30.

1.1.167 ha_monitoring_interval

Monitoring interval, set in seconds, of the Pandora FMS HA database tool. It is commented by default, with the value 60.

1.1.168 provisioningserver

Info.png

Version NG 7 or superior.

 


Enterprise version.


1 enables Pandora FMS Provisioning Server (Metaconsole), 0 disables it.

1.1.169 (>= 7.0) provisioningserver_threads

Info.png

Version NG 7 or superior.

 


Enterprise version.

Number of threads for Provisioning Server (Metaconsole).

1.1.170 provisioning_cache_interval

Info.png

Version NG 7 or superior.

 


Enterprise version.


Provisioning Server (Metaconsole) cache refresh interval in seconds (500 by default). The cache contains all the configured Pandora FMS nodes.

1.1.171 ssh_launcher

Info.png

Version NG 743 or superior.

 


It indicates the absolute path to the script ssh_launcher.sh that executes remote execution modules. The default path of the script is:

/usr/share/pandora_server/util/ssh_launcher.sh

Info.png

Only for el6 in Linux systems.

 


1.1.172 rcmd_timeout

Info.png

Version NG 743 or superior.

 


In seconds, maximum time for the execution of remote execution modules. 10 by default.


Template warning.png

This timeout only works to indicate the time that Pandora FMS server will wait to obtain data. The connections will be closed, but the termination of the execution of the command in the remote machine is not assured (this has to be controlled with the command itself).

 


1.1.173 rcmd_timeout_bin

Info.png

Version NG 743 or superior.

 


It indicates the absolute path to the timeout executable for the remote execution modules. It only has effect with the use of Sólo tiene efecto con el uso de ssh_launcher, connections through plink from Windows to Linux and connections to Windows® systems.

  • In Pandora FMS on Windows® the default executable path is:
C:\PandoraFMS\Pandora_Server\bin\pandora_exec.exe
  • In Pandora FMS on Linux the default executable path is:
/usr/bin/timeout

1.1.174 User and group

Info.png

Version NG 7 or superior.

 


From Pandora FMS version 7, it is possible to define in customized installations both the token "user" and the token "group" to indicate which user and group will make the modifications in the console files, such as those related to policies or mass operations or with the .conf of the agents located at /var/spool/pandora/data_in/conf.

1.2 Environment variables

Pandora FMS' server supports more options than what the configuration file offers. In some particular cases, environmental variables are necessary because the configuration is done on the machine itself. To do this, the server startup script loads the variables of a file in bash format which is /etc/pandora/pandora_server.env by default.

The variables that can be configured are the following:

1.2.1 PANDORA_RB_PRODUCT_NAME

This variable is required to customize the product name displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.

1.2.2 PANDORA_RB_COPYRIGHT_NOTICE

This variable is required to customize the author of the product displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.

1.2.3 Example of an environment variable file

#!/bin/bash
PANDORA_RB_PRODUCT_NAME="Custom product"
PANDORA_RB_COPYRIGHT_NOTICE="Custom copyright"

1.3 SNMPTRAPD configuration

The SNMP Console of Pandora FMS uses snmptrapd to receive SNMP traps. Snmptrapd is a standard tool, present on almost all UNIX systems, to receive traps and write a logfile. Pandora FMS configures snmptrapd to write a custom logfile and reads it every x seconds, executing alerts if defined.

Previously, snmptrapd accepted traps by default, without explicitly configuring anything. From version 5.3 onwards, the configuration for access control is more restrictive and it does not allow to receive traps from anyone by default.

If snmptrapd runs without a custom configuration, traps are not received and Pandora FMS cannot show them in the console, because the system rejects them.

You are probably required to configure your snmptrapd using the file /etc/snmp/snmptrapd.conf. If it does not exist, please check /var/log/pandora/pandora_snmp.log file for warnings or errors.

A basic snmptrapd.conf could be something similar to this:

authCommunity log public

If does not work on your Linux distribution, please check your snmptrapd version syntax to enable trap reception in your snmptrapd daemon with the command:

man snmptrapd.conf

1.4 Tentacle Configuration

Info.png

Yo may get more information about Tentacle protocol in this section.

 


By default, Pandora FMS software agents send data packages to the server through Tentacle protocol (Port 41121/tcp assigned by IANA). The agent could also be reconfigured to send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. If you want them to send data packages using Tentacle protocol, configure a Tentacle server where this data is intended to be received. By default hen a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.

If it is necessary to adjust some parameters of Tentacle server configuration, it can be done by modifying the script that launches the Tentacle Server daemon directly, which is at:

/etc/init.d/tentacle_serverd

Furthermore, there is a list of the different options for Tentacle Server configuration:

PANDORA_SERVER_PATH
The path to the entry directory of data. The default path is /var/spool/pandora/data_in.
TENTACLE_DAEMON
The Tentacle daemon. The default command is tentacle_server.
TENTACLE_PATH
The path to the Tentacle binary. The default path is /usr/bin.
TENTACLE_USER
User from which the Tentacle daemon will be launched. The default value is pandora.
TENTACLE_ADDR
Direction to listen to data packages. If you set 0.0.0.0., it listens to all of them. The default value is to listen in all directions. This is true when its IP is 0.0.0.0.
TENTACLE_PORT
The listening port for package reception. It is 41121 (official port assigned by IANA) by default.
TENTACLE_EXT_OPTS
Additional options for executing the Tentacle server. You can set up Tentacle to use authentication with certificates and/or symmetric password.
MAX_CONECTIONS
Maximum number of simultaneous connections. The default value is 10.
MAX_SIZE
Maximum file size allowed by the server in bytes. The default value is 2000000.

1.5 Pandora Web Robot Daemon (PWRD)

Enterprise version.

Pandora Web Robot Daemon is a service from Enterprise version that provides the necessary tools to automate web browsing sessions. It is part of the WUX feature. It is available in the module library.

It contains:

  • Firefox browser binary version 46.
  • Pre-built profile for recording and running web browsing sessions.
  • Session Automation Server.
  • Web browsing session recorder (.xpi).

For more information related to PWRD, please follow this link.

2 WEB Console

Pandora FMS web console has a configuration file which is created and configured automatically while it is being installed. Its location is: /consolepath/include/config. php. For example in CentOS systems:

/var/www/html/pandora_console/include/config.php

2.1 Configuration File config.php

The configuration options in the file are included in the header, and these are:

$config["dbtype"]
Type of database used. It is MySQL by default.
$config["dbname"]
Database name to connect to. The default value is pandora.
$config["dbuser"]
Username for the connection to Pandora FMS database. The default value is pandora.
$config["dbpass"]
Password for the connection to Pandora FMS database.
$config["dbhost"]
IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as the server, which is 127.0.0.1 or localhost.
$config["homedir"]
Directory where the Pandora FMS web console is located. This is usually /var/www/pandora_console or /srv/www/htdocs/pandora_console.
$config["homeurl"]
Base directory for Pandora FMS. This is usually /pandora_console.
$config["public_url"]
The full URL is set with the string value, the value is the URL inside Pandora FMS Server if you use an inverse proxy e.g. mod_proxy from Apache.

2.1.1 Apache server redirection

If you only have one Pandora FMS in your Apache server, then it is possible that you could benefit by automatically redirecting /pandora_console when users connect with the / URL of their server. To do this, create the following file index.html and put it in the web server root directory (/var/www or /srv/www/htdocs):

 <html>
 <head>
 <meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
 </head>
 </html>

2.2 Apache Configuration

Pandora FMS has a series of folders with some files that complete its functionality. To avoid accessing these files, some folders in the console have a .htaccess file that restricts access to them. For this to be effective in the Apache configuration, it is necessary to allow these permissions to be overwritten using htaccess, for which the token AllowOverride must be set to All.


AllowOverride All

instead of:

AllowOverride None


Go back to Pandora FMS Documentation Index