Difference between revisions of "Pandora: Documentation en: Configuration"

From Pandora FMS Wiki
Jump to: navigation, search
(use_xml_timestamp)
 
(318 intermediate revisions by 14 users not shown)
Line 1: Line 1:
 
[[Pandora:Documentation_en|Go back Pandora FMS documentation index]]
 
[[Pandora:Documentation_en|Go back Pandora FMS documentation index]]
  
 +
Pandora FMS has three essential components that it is fundamental to configure correctly for a good functioning, which are the web console, the server and the database.
  
 
+
{{Tip|Even if you already have a Pandora FMS installed and running, if you have installed it through the ''appliance software'', consider adjusting and revising the configuration for a much more optimal operation.}}
Pandora FMS has three basic components which must be properly configured for correct operation. The first two are the server and the web console, which should interact between each other and the database to introduce, to process and to show the stored data. There are also the software agents which transmit the data to the Pandora FMS server.
 
  
 
In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.
 
In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.
Line 9: Line 9:
 
= Server =
 
= Server =
  
Pandora FMS server has a configuration file that allows several application parameters to be adjusted to obtain excellent performance. The configuration file '' pandora_server.conf'' is located at ''/etc/pandora/'' by default.
+
The main configuration file '' pandora_server.conf'' is located at ''/etc/pandora/'' by default.
  
 
== Configuration File Elements ==
 
== Configuration File Elements ==
  
Pandora FMS configuration file is a UNIX standard plain text where the variables that aren't used or the comments are preceded by a "#" character. The comments must start the line and as for the entire line, the .conf file must not have any line which shares code and comment.
+
It is a UNIX standard plain text file, where unused variables or comments are preceded by this character (#). If you are editing from Windows, make sure to use an editor that supports that format. All the configuration parameters in the file are listed below.
 +
 
 +
=== servername ===
  
Now we are going to explain all the configuration parameters.  
+
It is the name that the server will have when it is displayed in the console. By default it is commented and uses the name of the machine.
  
=== servername ===
+
{{Warning|Changing the name once it is running could cause remote checks to stop working, since the default server would have to be reconfigured in all existing agents to use the new server, as well as deleting the old server name from the server list.}}
  
Pandora FMS server name. If it's commented we should use the name of the equipment or "host". Please do not change the name of the server after executing it the first time because all reference goes linked to the name (remote agent modules and other information). If you change it, you're required to re-assign the server to all your agents.
 
  
 
=== incomingdir ===
 
=== incomingdir ===
  
It's the incoming directory of XML data packages. It's located under '/var/spool/pandora/data_in/' by default. You can improve the performance by setting up a RAM disk or very fast hard drive here.
+
It is the incoming directory of XML data packages. It is located under ''/var/spool/pandora/data_in/'' by default. You can improve the performance of Pandora FMS by setting up a RAM disk or a very fast hard drive here.
  
 
=== log_file ===
 
=== log_file ===
  
The Pandora FMS record file (log). It's located under ''/var/log/pandora/pandora_server.log'' by default. This is the main logfile and it's very important for debugging.
+
The Pandora FMS record file (log). It is located under ''/var/log/pandora/pandora_server.log'' by default. This is the main logfile and it is very important for debugging.
  
 
=== snmp_logfile ===  
 
=== snmp_logfile ===  
  
Located under ''/var/log/pandora/pandora_snmptrap.log'' by default. This is a log file which contains all received SNMP traps BEFORE the Pandora FMS server processes them. It's not recommended to edit or even touch this file.
+
Located under ''/var/log/pandora/pandora_snmptrap.log'' by default. This is a log file which contains all received SNMP traps BEFORE the Pandora FMS server processes them. It is not recommended to edit or even touch this file.
  
 
=== errorlog_file===  
 
=== errorlog_file===  
  
The Pandora FMS error registry file (log). It's located under ''/var/log/pandora/pandora_server.error'' by default. This logfile stores all non-controlled errors or non-captured output from tools executed by the server. It's important for locating problems and debugging as well.
+
The Pandora FMS error registry file (log). It is located under ''/var/log/pandora/pandora_server.error'' by default. This logfile stores all non-controlled errors or non-captured output from tools executed by the server. It is important for locating problems and debugging as well.
  
===dbname===
+
===daemon===
  
The name of the database the server will connect to. It's located under 'pandora' by default.
+
It shows whether or not Pandora FMS server is executed as a daemon. If the server is launched with the '–D' option, it is executed as daemon.
  
===dbuser===
+
=== dbengine ===
  
Username used in the Pandora database connection. It's located under 'pandora' by default.
+
Deprecated: always 'Mysql' (default value).
  
=== dbengine ===
+
===dbname===
  
Deprecated: always 'Mysql' (default value).
+
Database name to which the server will connect. The default value is 'pandora'.
  
=== dbpass ===
+
===dbuser===
  
The password for the connection against the Pandora FMS Database.
+
Username used in the Pandora FMS database connection. It is 'pandora' by default.
  
=== dbhost ===
+
===dbpass===
  
The IP address or equipment name which hosts the Pandora FMS database. In reduced installations, it's usually the same equipment where the server is located, which is ''localhost''.
+
Password for the connection to Pandora FMS database.
  
=== dbport ===
+
===dbhost===
  
It's used to define a different port in your database setup (optional).
+
IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as that of the server, which is 127.0.0.1.
  
===daemon===
+
===dbport===
  
It shows whether or not Pandora server is executed as a daemon. If the server is launched with the '–D' option, it's executed as daemon.
+
TCP port where the the database engine listens (optional). 3306 is set by default if the value is commented.
  
 
===verbosity===
 
===verbosity===
  
The detail level for the server and error messages, the register or log files. 0: default, 1: detailed, 2: debug, 3-10: noisy. If you experience any problem with Pandora FMS, put this value to 10 to get the maximum detail. High values (e.g. 10) are not intended to be used in production systems because they have a '''great performance impact'''.
+
It is the level of detail for server logs. Possible values range from 0 (off) to 10 (maximum level of detail). With a value of 10, the log will show all the executions that the server performs, including modules, plugins and alerts.
 +
 
 +
{{Warning|The use of high values is not recommended on an ongoing basis due to the large growth of log files, which can cause performance problems in the system.}}
  
 
===master===
 
===master===
  
Master Server priority. The running server with the highest master value will be the master. Ties are broken at random. If set to 0, this server will never become master. See the [[Pandora:Documentation_en:HA|High Availability (HA)]] chapter for more information.
+
Master server priority. The server with the highest value (a numerical value, positive and without decimals) that is running will be the master. Ties are resolved at random. If set to 0, this server will never become a master. See the [[Pandora:Documentation_en:HA|High Availability (HA)]] chapter for more information.
  
 
=== snmpconsole ===
 
=== snmpconsole ===
  
'1' enables the SNMP traps reception console, '0' disables it. The console depends on the ''snmptrapd'' UNIX service. Before starting Pandora FMS server, please make sure that the 'snmptrapd' process IS NOT running on your server.
+
Enabling it (value 1) indicates that the SNMP traps reception console is enabled in the configuration. 0 that it is not. The console depends on the UNIX ''snmptrapd'' service and stops and starts it when Pandora FMS boots. Before starting Pandora FMS, verify that the ''snmptrapd'' process has not been started in the system.
  
=== networkserver ===
+
=== snmpconsole_threads ===
  
'1' enables the Pandora FMS Network Server, '0' disables it.
+
Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to '1' by default.
 
 
=== dataserver ===
 
 
 
'1' enables the Pandora FMS Data Server, '0' disables it. This server processes the XML files coming from the agents, among many other tasks. This server should be always running on the system.
 
 
 
=== reconserver ===
 
 
 
'1' enables the Pandora FMS Recon Server, '0' disables it. If you don't want to use the recon server, it's better to keep it disabled.
 
 
 
=== pluginserver ===
 
 
 
'1' enables the Pandora FMS Plugin Server, '0' disables it.
 
 
 
=== predictionserver ===
 
 
 
'1' enables the Pandora FMS Prediction Server, '0' disables it. Prediction server manages Services and synthetic modules, among others.
 
 
 
=== wmiserver ===
 
 
 
'1' enables the Pandora FMS WMI Server, '0' disables it.
 
 
 
=== inventoryserver ===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
'1' enables the Pandora FMS Inventory Server, '0' disables it. It manages the '''remote inventory data'''. The inventory data transmitted by software agents is processed by the Data Server, so there's no need to enable this server unless you want to get inventory data from devices monitored remotely.
 
 
 
=== exportserver ===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
'1' enables the Pandora FMS Export Server, '0' disables it.
 
 
 
=== webserver ===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
'1' enables the Pandora FMS Web Server (also known as Goliath Server), '0' disables it.
 
 
 
=== eventserver ===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
'1' enables the Pandora FMS Event correlation Server, '0' disables it (default value is '1').
 
 
 
=== icmpserver ===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Enables (1) or disables (0) the Enterprise ICMP server (default value is 0).
 
The Enterprise ICMP server uses ''NMAP'' to perform block ICMP requests. The XML output of older versions of ''NMAP'' does not report round-trip time. If all your ICMP latency modules return a value of '0', please set this configuration variable to '0'. If the version is incorrect, please install NMAP 5.51 or higher. If you're unsure, you may run NMAP and see if the round-trip time is returned:
 
 
 
nmap -nsP -PE -oX - www.pandorafms.com | grep srtt
 
 
 
=== snmpserver ===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Enables ('1') or disables ('0') the Enterprise SNMP server (default value is '0'). The Enterprise SNMP server uses an external utility called ''braa'' to perform the block of SNMP queries. Modules which can't be processed by ''braa'' will be marked as uninitiated and handled by the Network server. If you experience additional problems with ''braa'', simply set this configuration variable to '0'.
 
 
 
===network_timeout===
 
 
 
It's the timeout -in seconds- for the network server connections on network ICMP modules. Default value is 2 seconds. If you are performing remote checks on WAN networks, you probably should increase this value to avoid incorrect results.
 
 
 
===server_keepalive===
 
 
 
Time before classifying the server as 'down' in seconds. The default value is '45'.
 
 
 
===server_threshold===
 
 
 
The number of seconds for the main loop. Its value is '5' by default. This is a very important configuration token, because it defines how many times Pandora FMS looks into the database or on the hard drives for new data to process. '5' through '10' are good values in most cases - the minimum value is '1'. If you set it to '1', the system CPU load will be very high. You can set it to '1' in in specific cases, e.g. your server has been down for a while and you're required to process the pending XML files and network modules as quick as the system can. Set this to '1', wait for all pending modules / XML processes to be finished and set them to 5 - 15 again. This value, used in conjunction with 'server_threads' and 'max_queue_files', is used to adjust the performance of your server.
 
 
 
===network_threads===
 
 
 
Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires much more processing capacity. Its default value is 5. Please do not use more than 20 - 25 threads or the system could either get unstable or have very low performance.
 
 
 
===icmp_checks===
 
 
 
Defines the number of pings to each 'icmp_proc' kind of module. At least one of these checks has to give back '1' to the module for getting classified as correct. Its default value is '1'. If you set '5' here and the first ping is OK, the other 4 will be skipped.
 
 
 
===(> 5.1SP2) icmp_packets===
 
 
 
Defines the number of ICMP packets sent in each ping request. 1 by default.
 
 
 
===tcp_checks===
 
 
 
Number of TCP retries in case the first one fails. Its default value is 1.
 
 
 
===tcp_timeout===
 
 
 
Specific timeout for TCP connections. The default value is '30'.
 
 
 
===snmp_checks===
 
 
 
Number of SNMP retries in case the first one fails. The default value is '1'.
 
 
 
===snmp_timeout===
 
 
 
Specific expiration time for SNMP connections. Its default value is '3'.
 
 
 
===snmp_proc_deadresponse===
 
 
 
Gives back 'DOWN' if it's impossible to connect with a boolean SNMP module (proc) or if it gets 'NULL' as a response. If set to '0' it should be ignored.
 
 
 
===plugin_threads===
 
 
 
Number of threads for the plugin server. It shows how many checks could be done simultaneously. Its default value is '3'.
 
 
 
===plugin_timeout===
 
 
 
Timeout for the checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is 5, so you'll need to raise this value if your plugins' execution take a few seconds.
 
If a plugin has a higher timeout value, the value set at this parameter of the server will prevail.
 
 
 
=== wmi_timeout ===
 
 
 
WMI timeout checks. After this time, the module status will be shown as 'unknown'. Its default value is '10'.
 
 
 
===wmi_threads===
 
 
 
Number of threads for the WMI server. It shows how many checks can be done simultaneously. Its default value is '2'.
 
 
 
===prediction_threads===
 
 
 
Number of threads for the prediction server.
 
 
 
===recon_threads===
 
 
 
Number of threads for the network recon server. Shows how many checks can be done simultaneously. Its default value is '2'.
 
 
 
===dataserver_threads===
 
 
 
Number of threads for the data server. Shows how many threads for XML processing can be active simultaneously. Its default value is '2'. Recommended max. is '4'.
 
 
 
===inventory_threads===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads assigned to the remote inventory server. It shows how many simultaneous threads are assigned to this component.
 
 
 
===export_threads===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.
 
 
 
===web_threads===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads assigned to the WEB test server. It shows how many simultaneous threads are assigned to this component.
 
 
 
===web_timeout===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Default timeout in seconds for web modules.
 
 
 
===web_engine===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Set this parameter to "curl" to use cURL instead of LWP for web monitoring. The cURL binary must be installed and set in PATH.
 
 
 
===mta_address===
 
 
 
Mail Server IP address (Mail Transfer Agent)
 
 
 
===mta_port===
 
 
 
Mail server port ('25' by default)
 
 
 
===mta_user===
 
 
 
Mail server user (if necessary for use with authentication)
 
 
 
===mta_pass===
 
 
 
Password for the mail server (if necessary with authentication)
 
 
 
===mta_auth===
 
 
 
Mail server authentication system (if necessary. The supported values are: 'LOGIN', 'PLAIN', 'CRAM-MD5' and 'DIGEST-MD')
 
 
 
===mta_from===
 
 
 
Mail address from which messages will be sent. The default value is ''[email protected]''.
 
 
 
===mail_in_separate===
 
 
 
'1' by default. If set to '1', it delivers separate mail for each destination.
 
If set to '0', the mail will be shared among all destinations.
 
 
 
===xprobe2===
 
 
 
Used to determine the operating system of the remote systems, assigned to the agents when a recon network task is launched. The default path is ''/usr/bin/xprobe2''. If not provided, NMAP will be used instead - it's much more imprecise, though.
 
 
 
===snmpget===
 
 
 
Required for SNMP checks. The default path is ''/usr/bin/snmpget''. It refers to the location of the SNMP standard client for the system. It's recommended not to change this parameter unless you know exactly what you're doing.
 
 
 
===nmap===
 
 
 
Required for the recon server. The default path is ''/usr/bin/nmap''. It's recommended not to change this parameter unless you know exactly what you're doing.
 
 
 
=== (> 5.1) nmap_timing_template ===
 
 
 
A value that specifies how aggressive nmap should be, from 1 to 5. '1' means slower but more reliable, '5' means faster but less reliable. '2' by default.
 
 
 
=== (> 5.1) recon_timing_template ===
 
 
 
Like nmap_timing_template, but applies to Satellite Server and Recon Server network scans.
 
 
 
===plugin_exec===
 
 
 
Shows the absolute path to the program which executes the plugins in a controlled way in time. The default path is ''/usr/bin/timeout''. It's recommend not to change this parameter unless you know exactly what you're doing. ''If your base system doesn't have a timeout command, you should use the path ''/usr/bin/pandora_exec'' instead.
 
 
 
===autocreate_group===
 
 
 
Numeric ID of the default group for the new agents, created with the data server through the datafile reception. The default value is '2'.
 
 
 
===autocreate===
 
 
 
If you change this value to '1' the agents will be created automatically when processing a XML file which hasn't been sent by an existing agent. When set to '0', autocreation is disabled and XML files sent by unknown agents will be discarded, so they will have to be created by hand (bear in mind, agent names are case sensitive).
 
 
 
===max_log_size===
 
 
 
Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to ''pandora_server.log.old'' and the server generates a new one. Default size is 65536 Bytes.
 
 
 
===max_queue_files===
 
  
Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by '''incomingdir'''. This prevents the Data Server from trying to process too many files, which would affect server performance. Default value is 5000.
+
=== translate_variable_bindings ===
 
 
{{warning|Incremental modules may not work properly if this value is not big enough to hold all the XML data files.}}
 
 
 
===use_xml_timestamp===
 
 
 
Deactivated by default. If activated ('1') it uses the XML file timestamp, generated with time and date of the server in the moment of reception, instead of the internal XML file timestamp, which was generated by the server. This can be deactivated globally in case of conflict with the use of the dates generated by the agents and date / hour (timestamp) of the server as a reference for all data. In systems which experience problems with synchronization or systems with wrong date / hour, it's an option which could solve almost any problem.
 
 
 
===auto_restart===
 
 
 
Deactivated by default. If it's activated (value in seconds), it forces the server to do an internal restart each X seconds (1 day = '86400'). This option is useful if you observe a degradation or loss of control of any thread or specific server in use with Pandora FMS.
 
 
 
===restart===
 
 
 
Default value is '0'. If set to '1', the server will restart on critical errors after a given number of seconds.
 
 
 
===restart_delay===
 
 
 
Default value is '60'. The number of seconds the server will wait before restarting after a critical error if '''restart''' is enabled.
 
 
 
===self_monitoring===
 
 
 
The server has a self monitoring flag which creates a virtual agent in the server which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter ''self_monitoring'' must be set to '1'.
 
 
 
=== (>= 5.1SP1) self_monitoring_interval ===
 
 
 
Time interval for self_monitoring in seconds.
 
 
 
===update_parent===
 
 
 
Although the server has a parameter to define if the agent can update it's parent by sending the parents name on the XML: If this parameter is not defined or set to '0', the agent information is ignored. If not, when the server receives an XML with 'parent_name' attribute, it is going to look for an agent with this name - and if it's found, it updates the parent of the agent from the XML.
 
 
 
===icmp_threads===
 
 
 
(Pandora FMS Enterprise only)
 
 
 
Number of threads for the ICMP Enteprise server (default value is '3').
 
 
 
===snmp_threads===
 
  
 
(Pandora FMS Enterprise only)
 
(Pandora FMS Enterprise only)
  
Number of threads for the Enteprise SNMP server (default value is '3').
+
If set to 1, the SNMP console will attempt to translate variable bindings when processing SNMP traps. Set to '0' by default.
  
===block_size===
+
=== translate_enterprise_strings ===
  
 
(Pandora FMS Enterprise only)
 
(Pandora FMS Enterprise only)
  
Block size for block producer / consumer servers, which is the number of modules per block (default value is 15).
+
If set to 1, the SNMP console will attempt to translate enterprise strings when processing SNMP traps. Set to '1' by default.
 
 
===braa===
 
  
(Pandora FMS Enterprise only)
+
=== snmp_ignore_authfailure ===
  
Location of the braa binary required for the Enterprise SNMP server (default path is '/usr/bin/braa').
+
Snmptrapd will ignore the “authenticationFailure” traps in case of it being activated (1).  Its value is 1 by default.
  
===braa_retries===
+
=== snmp_pdu_address ===
  
(Pandora FMS Enterprise only)
+
Snmptrapd will read from the pdu address instead of the agent address if activated (1). Its value is 0 by default.
  
Number of retries before braa handles a module over to the Network Server in case of an error.
+
=== snmp_trapd ===
  
===event_window ===
+
Path to the snmp_trapd binary. If set to manual, the server will not attemp to start snmp_trapd. Its value is manual by default.
  
(Pandora FMS Enterprise only)
+
=== snmp_forward_trap ===
  
Event window: It's the time window (in seconds) in which the event server will look for events. For example, if set to '3600', the event server is going to check events generated within the last hour.
+
Enables ('1') or disables ('0') SNMP trap forwarding to the host specified in [[#.28.3E.3D_5.X.29_snmp_forward_ip|snmp_forward_ip]].
  
=== wmi_client ===
+
=== snmp_forward_ip ===
 
 
Default WMI client used (default value is 'wmic'). Changing this value is ''not'' recommended.
 
 
 
=== activate_gis ===
 
 
 
Flag to activate GIS (positional information for agents and maps). It's deactivated by default.
 
 
 
=== location_error ===
 
 
 
Radius of error in meters to consider two GIS locations as the same location.
 
 
 
=== recon_reverse_geolocation_mode ===
 
 
 
Recon reverse geolocation mode [disabled, sql, file]
 
 
 
* disabled    The recon task doesn't try to geolocate the IP discovered.
 
* sql        The recon task tries to query the SQL database to geolocate the IP discovered.
 
* file        The recon task tries to find the geolocation information of the IP discovered in the file indicated in the 'recon_reverse_geolocation_file' parameter.
 
 
 
=== recon_reverse_geolocation_file ===
 
 
 
Recon reverse geolocation file. This is the database with the reverse geolocation information using MaxMind GPL (GeoLiteCity.dat format).
 
 
 
=== recon_location_scatter_radius ===
 
 
 
Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. Center of the circle is guessed by geolocating the IP.
 
 
 
=== google_maps_description ===
 
 
 
This enables realtime reverse geocoding using Google Maps public API. This requires Internet access and could have performance penalties processing GIS information due to the connection needed to resolve all GIS input. NOTE: If you don't pay the Google, they are going to ban your IP in a few days.
 
 
 
=== openstreetmaps_description ===
 
 
 
This enables realtime reverse geocoding using Openstreet Maps public API. This requires Internet access, and could have performance penalties processing GIS information due the connection needed to resolve all GIS input. You can alter the code to use a local (your own) openstreet maps server.
 
 
 
=== event_file ===
 
 
 
This configuration token lets you configure a text file where events, generated by Pandora FMS, will be written in CSV format.
 
 
 
For example:
 
 
 
event_file /var/log/pandora/pandora_events.txt
 
 
 
The first line of the text file is a header containing a list of field names. The contents of pandora_events.txt could be:
 
 
 
id_agente,id_grupo,evento,timestamp,estado,utimestamp,event_type,id_agentmodule,id_alert_am,criticity,user_comment,tags,source,id_extra,id_usuario,critical_instructions,warning_instructions,unknown_instructions,ack_utimestamp
 
Agent_1,Servers,Module Connections opened (136.00) is going to NORMAL,2013-07-01 19:00:57,1,1372698057,going_down_normal,Connections  opened,,2,,,Pandora,,,,,,1372698057
 
Agent_2,Servers,Alert recovered (Critical condition) assigned to (Network Traffic (Outgoing)),2013-07-01 19:00:59,0,1372698059,alert_recovered,Network Traffic (Outgoing),Critical condition,4,,,Pandora,,,,,,0
 
 
 
=== snmp_storm_protection ===
 
 
 
Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.
 
 
 
=== snmp_storm_timeout ===
 
 
 
Time interval for snmp_storm_protection in seconds.
 
 
 
To e.g. prevent a single source from sending more than 1000 traps per 10 minutes:
 
 
 
snmp_storm_protection 1000
 
snmp_storm_timeout 600
 
 
 
=== text_going_down_normal ===
 
 
 
Text for the event that is generated when a module goes to normal status. The macros '_module_ and _data_' are supported.
 
 
 
text_going_down_normal Module '_module_' is going to 'NORMAL'(_data_)
 
 
 
=== text_going_up_critical ===
 
 
 
Text for the event which is generated when a module goes to 'critical' status.
 
 
 
=== text_going_up_warning ===
 
 
 
Text for the event which is generated when a module goes from 'normal' to 'warning' status.
 
 
 
=== text_going_down_warning ===
 
 
 
Text for the event which is generated when a module goes from 'critical' to 'warning' status.
 
 
 
=== text_going_unknown ===
 
 
 
Text for the event which is generated when a module goes to 'unknown' status.
 
 
 
=== event_expiry_time ===
 
 
 
Events older that the specified time (in seconds) will be auto-validated. Set to '0' to disable this feature.
 
 
 
To e.g. automatically validate events 10 hours after they were generated, just use the command:
 
 
 
'event_expiry_time 36000'
 
 
 
=== event_expiry_window ===
 
 
 
This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be bigger than event_expiry_time.
 
 
 
The default value ('86400') is the equivalent of one day:
 
 
 
event_expiry_window 86400
 
 
 
=== (>= 5.X) snmp_forward_trap ===
 
 
 
Enables ('1') or disables ('0') the SNMP trap forwarding to the host specified in [[#.28.3E.3D_5.X.29_snmp_forward_ip|snmp_forward_ip]].
 
 
 
=== (>= 5.X) snmp_forward_ip ===
 
  
 
IP address of the host to which SNMP traps will be forwarded to.
 
IP address of the host to which SNMP traps will be forwarded to.
  
{{warning|Bear in mind that setting a local IP address will cause a forwarding loop that is going to induce a collapse of the Monitoring Server. }}
+
{{warning|Bear in mind that setting a forwarding address to Pandora FMS itself will cause a forwarding loop that will make the Monitoring Server collapse. }}
  
=== (>= 5.X) snmp_forward_version ===
+
=== snmp_forward_version ===
  
 
SNMP version to use when forwarding SNMP traps. This token can only have the following values:
 
SNMP version to use when forwarding SNMP traps. This token can only have the following values:
Line 496: Line 125:
 
* 3
 
* 3
  
=== (>= 5.X) snmp_forward_secName ===
+
=== snmp_forward_secName ===
  
Only for SNMP version 3. It defines the security name. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
Only for SNMP version 3. It defines the authentication security name. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
  
=== (>= 5.X) snmp_forward_engineid ===
+
=== snmp_forward_engineid ===
  
 
Only for SNMP version 3. It defines the authoritative (security) engine ID. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
 
Only for SNMP version 3. It defines the authoritative (security) engine ID. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
  
=== (>= 5.X) snmp_forward_authProtocol ===
+
 
 +
=== snmp_forward_authProtocol ===
  
 
Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:
 
Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:
Line 513: Line 143:
 
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
 
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
  
=== (>= 5.X) snmp_forward_authPassword ===
+
=== snmp_forward_authPassword ===
  
Only for SNMP version 3. It defines the authentication pass phrase. For more information, please go to [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
Only for SNMP version 3. It defines the authentication password. For more information, go to [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
  
=== (>= 5.X) snmp_forward_privProtocol ===
+
=== snmp_forward_privProtocol ===
  
 
Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:
 
Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:
Line 526: Line 156:
 
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
 
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
  
=== (>= 5.X) snmp_forward_privPassword ===
+
=== snmp_forward_privPassword ===
  
 
Only for SNMP version 3. It defines the privacy pass phrase. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
 
Only for SNMP version 3. It defines the privacy pass phrase. More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
  
=== (>= 5.X) snmp_forward_secLevel ===
+
=== snmp_forward_secLevel ===
  
 
Only for SNMP version 3. It defines the security level. This token can only have the following values:
 
Only for SNMP version 3. It defines the security level. This token can only have the following values:
Line 538: Line 168:
 
*authPriv
 
*authPriv
  
More information at [http://net-snmp.sourceforge.net/docs/man/snmpcmd.html snmpcmd's man page].
+
=== snmp_forward_community ===
 +
Community to be defined
  
=== (>= 5.1) claim_back_snmp_modules ===
+
=== networkserver ===
  
If set to 1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (pandora_db) is run.
+
(1) enables the Pandora FMS Network Server, (0) disables it.
  
=== (> 5.1) snmpconsole_threads ===
+
=== dataserver ===
  
Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to '1' by default.
+
'1' enables the Pandora FMS Data Server, '0' disables it.  
  
=== (> 5.1) translate_enterprise_strings ===
+
{{Warning|The ''dataserver'' is a special server that also performs other delicate tasks. If you have several Pandora FMS servers in your installation, at least one of them must have a ''dataserver'' thread running.}}
  
(Pandora FMS Enterprise only)
+
=== reconserver ===
  
If set to 1 the SNMP console will attempt to translate enterprise strings when processing SNMP traps. Set to '1' by default.
+
(1) enables the Pandora FMS Recon Server, (0) disables it.
  
=== (> 5.1) translate_variable_bindings ===
+
=== pluginserver ===
  
(Pandora FMS Enterprise only)
+
(1) enables the Pandora FMS Plugin Server, (0) disables it.
  
If set to 1 the SNMP console will attempt to translate variable bindings when processing SNMP traps. Set to '0' by default.
+
===plugin_exec===
  
=== (> 5.1SP1) async_recovery ===
+
Shows the absolute path to the program which executes the plugins in a controlled way in time. The default path is ''/usr/bin/timeout''. If your base system does not have this command, use ''/usr/bin/pandora_exec'' instead, which is included with Pandora FMS.
  
If set to 1 asynchronous modules that do not receive data for twice their interval will become normal. Set to 0 to disable.
+
=== predictionserver ===
  
=== (>= 6.0) console_api_url ===
+
(1) enables the Pandora FMS Prediction Server, (0) disables it.
  
Console's api direction. Usually the direction of the server and the console ending with the route ''/include/api.php''.
+
=== wmiserver ===
  
=== (>= 6.0) console_api_pass ===
+
(1) enables the Pandora FMS WMI Server, (0) disables it.
  
Password of the console's api. This password can be found in the general section of the setup and can be left empty.
+
===network_timeout===
  
=== (>= 6.0) console_user ===
+
It is the timeout -in seconds-  for ICMP checks. Its value is 2 by default. If you are going to perform checks on WAN networks, it is advisable to increase this value to avoid false positives taking into account that some checks may require more time.
  
User of the console with permissions to execute the required actions, like get a module graph image to put it in an alert email.
+
{{Tip|The more timeout you have, the more time you will need to run checks in the worst-case scenario.}}
  
=== (>= 6.0) console_pass ===
+
===server_keepalive===
  
Password of the previously introduced console user.
+
It is the time -in seconds- before declaring the server down. Each server checks the status of the servers around it, and in case the date of last update of one of them exceeds this value, it will mark it as down. This affects, to how High Availability works, in the case of having several servers.
  
=== (>= 6.0) unknown_interval ===
+
{{Tip|It is essential that if you have multiple servers, all their internal clocks are synchronized through NTP.}}
  
Time interval (as a multiple of the module interval) before a module becomes unknown. Twice the module's interval by default.
+
===(>= 7.0) thread_log===
  
=== (>= 6.0) global_alert_timeout ===
+
Set to '0' unless you are debugging your Pandora FMS Server. '1' causes server threads to periodically dump their status to disk at ''/tmp/<server name>.<server type>.<thread number>.log''. For example:
  
Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to 0, Pandora Server ignores it and the alert execution will not be interrupted.
+
[[email protected]]# cat /tmp/pandorafms.*
 +
2017-12-05 09:44:19 pandorafms dataserver (thread 2):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms dataserver (thread 3):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:40 pandorafms eventserver (thread 21):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:40 pandorafms eventserver (thread 22):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms inventoryserver (thread 17):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms inventoryserver (thread 18):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms networkserver (thread 4):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:14 pandorafms networkserver (thread 5):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:14 pandorafms networkserver (thread 6):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:14 pandorafms networkserver (thread 7):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms networkserver (thread 8):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms pluginserver (thread 13):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms pluginserver (thread 14):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms predictionserver (thread 15):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms predictionserver (thread 16):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:39 pandorafms reconserver (thread 10):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms reconserver (thread 9):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:15 pandorafms webserver (thread 19):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:40 pandorafms webserver (thread 20):[PRODUCER] Queuing tasks.
 +
2017-12-05 09:44:14 pandorafms wmiserver (thread 11):[CONSUMER] Waiting for data.
 +
2017-12-05 09:44:39 pandorafms wmiserver (thread 12):[PRODUCER] Queuing tasks.
  
=== (>= 6.0) remote_config ===
+
===server_threshold===
  
This parameter controls the possibility to configure the server remotely from the console Manage servers view. It works by Tentacle similarly to agents remote configuration. It's deactivated by default. This parameter, in addition to other remote configuration tokens, is only useful in the Enterprise version.
+
The number of seconds for the main loop. Its value is '5' by default.  
  
=== (>= 6.0) remote_config_address ===
+
{{Tip|This is a very important value for server configuration, it defines how many times Pandora FMS will search to see whether there are pending data in the database or in the hard disk (to search XML files). 5 to 15 is a valid value in most cases. If set to 1, the CPU usage will go up a lot. You can use the value 1 for special occasions, such as when Pandora FMS has been stopped for some time and there are many XML files and network tasks to process. When set to 1, it will process the pending tasks a little faster, but when it is finished, it should be set between 5 and 15 again. Otherwise, with very low values and high load, there will be an "overheating" effect that progressively increases the CPU and memory consumption of the server.}}
  
Machine IP Address where remote configuration files will be sent. It is localhost by default.
+
This value together with the server _thread and max_queue_files parameters are used to configure server performance.
  
=== (>= 6.0) remote_config_port ===
+
===network_threads===
  
Tentacle port for remote configuration. It is 41121 by default.
+
Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires many more server resources.  Having more than twenty threads requires having a machine with many independent processors or cores.
  
=== (>= 6.0) remote_config_opts ===
 
  
Allows to give additional parameters to the Tentacle client for advanced configurations. They should be between "" (e.g. "-v-r 5").
+
===icmp_checks===
  
=== (> 6.0) warmup_event_interval ===
+
It defines the number of pings to each 'icmp_proc' module. At least one of these checks has to return '1' to the module to be classified as correct. Its default value is '1'. If you set '5' here and the first ping is OK, the other 4 will be skipped.
  
Module status change events will not be generated and module alerts will not be executed for the specified number of seconds since the server starts up (disabled by default). System events will be generated when the warmup interval starts and ends, but the ending event will be delayed until a status change or an alert check occurs.
+
{{Tip|In case of networks that have limited reliability, it is recommended to key in 2 or 3. A higher number will cause the rate of checks per second to decrease significantly in the event of any network segment failure.}}
  
=== (> 6.0) warmup_unknown_interval ===
+
Do not be mistaken with the "icmp_packets" parameter which refers to the number of packets within the ping itself. The "icmp_checks" value defines the number of pings, each with its icmp_packets.
  
Modules will not become unknown (so no unknown events will be generated) and keepalive modules will not be set to 0 for the specified number of seconds since the server starts up (5 minutes by default). System events will be generated when the warmup interval starts and ends.
+
=== icmp_packets===
  
=== (> 6.0SP4) enc_dir ===
+
Defines the number of ICMP packets sent in each ping request. 1 by default.
  
Path to a directory containing additional [http://search.cpan.org/~msergeant/XML-Parser-2.36/Parser.pm#ENCODINGS .enc]  files for the XML parser. This files will be automatically loaded by the Data Server at startup.
+
===tcp_checks===
  
=== (> 6.0SP4) unknown_events ===
+
Number of TCP retries in case the first one fails. Its default value is 1.
  
Enable (1) or disable (0) events related to the unknown module status.
+
===tcp_timeout===
  
=== (>= 7.0) dynamic_updates ===
+
Specific timeout for TCP connections. The default value is '30'.
  
The number of times dynamic thresholds will be recalculated per dynamic interval.
+
{{Tip|A high number (>40) will cause the rate of checks per second to decrease significantly in the event of a network segment failure.}}
  
=== (>= 7.0) dynamic_warning ===
+
===snmp_checks===
  
Percentage relative to the length of the critical interval used to calculate dynamic warning thresholds. The lower the value, the closer the critical and warning thresholds will be.
+
Number of SNMP retries in case the first one fails. The default value is '1'.
  
=== (>= 7.0) dynamic_constant ===
+
===snmp_timeout===
  
Percentage relative to the module's mean used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.
+
Specific expiration time for SNMP connections. Its default value is '3'.
  
== Snmptrapd configuration ==
+
{{Tip|A high number  will cause the rate of checks per second to decrease significantly in the event of a network segment failure.}}
  
The SNMP Console of Pandora FMS uses snmptrapd to grab SNMP traps. Snmptrapd is a standard tool, present on almost all UNIX systems, to grab traps and write a logfile. Pandora FMS configures snmptrapd to write a custom logfile and reads it every x seconds, executing alerts if defined.
+
===snmp_proc_deadresponse===
  
Previously, snmptrapd will accept all incoming notifications, and log them automatically (even if no explicit configuration is provided). Starting with version 5.3, access control checks will be applied to incoming notifications.
+
Returns 'DOWN' if it is impossible to connect with a boolean SNMP module (proc) or if it gets 'NULL' as a response. If set to '0', it should be ignored.
  
If snmptrapd is running without a suitable configuration file (or equivalent access control settings), then such traps will not be processed.
+
===plugin_threads===
  
You're probably required to configure your snmptrapd using the file ''/etc/snmp/snmptrapd.conf''. If it doesn't exist, please check ''/var/log/pandora/pandora_snmp.log'' file for warnings or errors.
+
Number of threads for the remote plugin server. It shows how many checks could be done simultaneously.
  
A basic snmptrapd.conf could be like:
+
===plugin_timeout===
  
authCommunity log public
+
Timeout for checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is 5, but you may want to raise it to a higher value in case you have plugins that may take longer than that.
  
If doesn't work on your linux distribution, please check your version syntax to enable the reception of traps in your snmptrapd daemon with
+
=== wmi_timeout ===
  
man snmptrapd.conf
+
Expiry time of WMI checks. After this time, the module status will be displayed as unknown. Its default value is 10.
  
=== Tentacle Configuration ===
+
===wmi_threads===
  
By default, Pandora FMS software agents send the data packages to the server through the Tentacle protocol (Port 41121/TCP assigned by IANA [http://www.iana.org/assignments/port-numbers]). The agent could also be reconfigured to send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. IF you want them to send the data packages using the Tentacle protocol, then you're required to configure a Tentacle server where this data is intended to be received. When a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.
+
Number of threads for the WMI server. It shows how many checks can be done simultaneously.
  
If it is necessary to adjust some parameters of the Tentacle server configuration, then it can be done by modifying the script that launches the Tentacle Server daemon directly which is in:
+
===recon_threads===
  
/etc/init.d/tentacle_serverd
+
Number of threads for the network recon server. Shows how many checks can be done simultaneously.
  
Furthermore, there is a list of the different options for Tentacle Server configuration:
+
===dataserver_threads===
  
'''PANDORA_SERVER_PATH'''
+
Number of threads for the data server. Shows how many XML files can be processed simultaneously. As a specific rule for the ''dataserver'', a number of threads higher than the machine's physical processors should not be used.
  
The path to the entry directory of data. The default path is ''/var/spool/pandora/data_in''
+
{{Tip|In the specific case of the ''dataserver'', a value higher than 5 or 6 does not imply better performance.}}
  
'''TENTACLE_DAEMON'''
+
===mta_address===
  
The Tentacle daemon. The default command is 'tentacle_server'.
+
Mail Server IP address (Mail Transfer Agent).
  
'''TENTACLE_PATH'''
+
{{Warning|If you are using a Pandora FMS ISO installation and you want to use the Postfix server distributed in it, make sure that your Pandora FMS server is able to resolve through its DNS server the mail server in charge of your e-mail domain.
  
The path to the Tentacle binary. The default path is '/usr/bin'.
+
''<nowiki>nslookup -type=mx my.domain</nowiki>''
  
'''TENTACLE_USER'''
+
Also, make sure in this case that your mail server accepts the emails redirected from Pandora FMS server.}}
  
User from which the Tentacle demon will be launched. The default value is ''pandora''.
+
{{Warning|If not set, the MTA configuration from the Pandora FMS Console will be used. It is possible to have a different MTA configuration for the Pandora FMS Server and the Pandora FMS Console.}}
  
'''TENTACLE_ADDR'''
+
===mta_port===
  
Direction to listen to the data packages. If you fix 0.0.0.0. it listens to all of them. The default value is to listen in all directions. This is true when it's IP is 0.0.0.0.
+
Mail server port ('25' by default)
  
'''TENTACLE_PORT'''
+
===mta_user===
  
The listening port for package reception. By default it's 41121 (official port assigned by IANA).
+
Mail server user (if necessary for authentication).
  
'''TENTACLE_EXT_OPTS'''
+
===mta_pass===
  
Additional options for executing the Tentacle server. You can set up Tentacle to use authentication with certs (x509) and/or symmetric password in both sides here.
+
Mail server password (if necessary for authentication).
  
=== Tentacle secure configuration ===
+
===mta_auth===
  
Both the server and the agents can use a secure configuration with SSL and/or password using Tentacle. The communication can be established tentacle_client -> tentacle_server, or tentacle_client -> tentacle_proxy -> tentacle_server.
+
Mail server authentication system (if necessary; the supported values are: 'LOGIN', 'PLAIN', 'CRAM-MD5' and 'DIGEST-MD').
  
The most common actions are:
+
===mta_from===
  
'''Simple file transfer with password authentication (not secure):'''
+
Mail address from which messages will be sent. The default value is ''[email protected]''.
  
Extra parameters in the tentacle server setup
+
===(>= 7.0)mta_encryption===
  
-x password
+
SMTP connection encryption type (none, ssl, starttls).
  
Extra parameters in the client side (TENTACLE_EXT_OPTS)
+
===mail_in_separate===
  
  -x password
+
'1' by default. If set to '1', it delivers separate mail for each recipient.
 +
If set to '0', the mail will be shared among all recipients.
  
'''Secure file transfer without client certificate:'''
+
===xprobe2===
  
Extra parameters in the tentacle server setup
+
If  provided, it  is used to determine the operating system of the remote systems, when a recon network task is launched. The default path is ''/usr/bin/xprobe2''.
  
  -e cert.pem -k key.pem
+
===nmap===
  
'''Secure file transfer with client certificate:'''
+
Required for the recon server. The default path is ''/usr/bin/nmap''.
  
Extra parameters in the tentacle server setup
+
===fping===
  
  -e cert.pem -k key.pem -f cacert.pem
+
Required for the ICMP server. It is located at ''/usr/sbin/fping'' by default.
  
Extra parameters in the client side (TENTACLE_EXT_OPTS)
+
=== nmap_timing_template ===
  
  -e cert.pem -k key.pem
+
A value that specifies how aggressive nmap should be, from 1 to 5. '1' means slower but more reliable, '5' means faster but less reliable. '2' set by default.
  
'''Secure file transfer with client certificate and password authentication:'''
+
=== recon_timing_template ===
  
Extra parameters in the Tentacle Server setup
+
It is just like the nmap_timing_template, but applied to Satellite Server and Recon Server network scans.
  
  -x password -e cert.pem -k key.pem -f cacert.pem
+
===snmpget===
  
Extra parameters on the client side (TENTACLE_EXT_OPTS)
+
Required for SNMP checks. The default path is ''/usr/bin/snmpget''. It refers to the location of the SNMP standard client for the system. In the case of Windows, a binary is provided for this purpose.
  
  -x password -e cert.pem -k key.pem
+
===braa===
  
 +
(Pandora FMS Enterprise only)
  
==== Secure configuration, real case ====
+
Location of the braa binary required for the Enterprise SNMP server (default path is /usr/bin/braa).
  
How to configure the agents and the Tentacle server for a secure connection, using Tentacle proxy as well.
+
===braa_retries===
  
Firstly, we recommend carrying out the previous testing manually from the shell terminal to make sure that the configuration, parameters and certificates are correct.
+
(Pandora FMS Enterprise only)
  
'''Manual testing:'''
+
Number of retries before braa hands a module over to the Network Server in case of an error.
  
1. Start tentacle_server manually:
+
===(>= 7.0) fsnmp ===
  sudo -u ''user'' tentacle_server -x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem -s /tmp -v
 
  
2. Start proxy manually (only if you will use a Tentacle proxy, if not, skip this step):
+
(Pandora FMS Enterprise only)
  sudo -u ''user'' tentacle_server -b ''ip_server'' -g 41124
 
  
3. Launch tentacle_client manually:
+
Path to the pandorafsnmp binary, used by the Enterprise SNMP Server for SNMPv3 requests (/usr/bin/pandorafsnmp by default).
  sudo -u ''user'' tentacle_client -a ''ip_proxy/ip_server'' -x password -e tentaclecert.pem -k tentaclekey.pem -v /bin/ls (or any file)
 
  
 +
===autocreate_group===
  
{{Warning|It is necessary to '''ALWAYS''' specify the absolute path where the certificates are stored, for example ''/home/tentaclecert.pem''}}
+
Numeric ID of the default group for new agents, created with the data server through the datafile reception. If there is no defined group here, the agents will be created in the group containing the XML.
  
Once we have checked that the sending of the file has been successful, we can proceed to permanently configure tentacle_server and the clients.
+
===autocreate_group_force===
  
To configure tentacle_server with the secure certificate options, you have to edit the starting script of the '''tentacle_serverd''' service, commonly on ''/etc/init.d/tentacle_serverd'', the same for the intermediate proxy.
+
If set to 1, new agents will be added to the group specified by autocreate_group (the group specified by the agent will be used as fallback).
To configure the agents to use the secure tentacle communication, you have to edit the configuration files of the agent '''pandora_agent.conf''', commonly on ''/etc/pandora/pandora_agent.conf''.
 
  
'''Permanent configuration:'''
+
If set to 0, new agents will be added to the group specified by the agent (the group specified by autocreate_group will be used as fallback).
  
1. Start the server with SSL. Modify the script ''/etc/init.d/tentacle_serverd''. Search the line TENTACLE_EXT_OPTS, and add "-x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem". It should look like this:
+
For example, with the following configuration a new agent would be placed in the group specified in its XML data file if possible, or the group with ID 10 if not:
  TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"
 
  
2. Start the proxy. Modify the script ''/etc/init.d/tentacle_serverd'' on the system that will act as a proxy. Same as in the previous step, search for the line TENTACLE_EXT_OPTS, and add "-b ''ip_server'' -g 41121". Like this:
+
autocreate_group 10
  TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -b 192.168.70.208 -g 41121"
+
autocreate_group_force 0
  
3. Launch the agent with the related options. Modify the pandora_agent.conf file, search the token server_opts and add "-x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem". Don't forget to set the token ''server_ip'' with the ip of the proxy instead of the main server if you use it. It should look like this:
+
===autocreate===
  server_opts -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem
 
  
 +
Setting it to 1 will autocreate agents when data files with an agent ID that does not exist in the system are received.
  
{{tip|If you don't want to use any of the options, like for example the password, just don't set it on the configuration.}}
+
{{Tip|If you want to set up a security mechanism, you can set a group password.}}
  
== WEB Console ==
+
===max_log_size===
  
The Pandora FMS web console has a configuration file which usually is created and configured when it's installed. If the installation is done through the DEB or RPM packages or from the Pandora FMS installation CD, then it's configured  automatically. If it's installed manually, it's contained in the tarball package. It could also be configured by the web assistant through ''http://ip_instalacion_consola/pandora_console/install.php''
+
Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to ''pandora_server.log.old'' and the server generates a new one with the original name, ''pandora_server.log'' . Default size is 65536 Bytes.
  
The configuration file config.php is in the directory '/include/' in the console installation directory. This could be '/var/www/pandora_console' (Debian, Ubuntu) or '/srv/www/htdocs/pandora_console/' (SUSE, RH, Fedora...), depending on the distribution.
+
===max_log_generation===
  
=== Configuration File config.php ===
+
It specifies max generation count (between 1 and 9) of Pandora FMS server log files. The default value is 1.
  
The configuration options in the file are contained in the header, and these are:
+
===max_queue_files===
  
'''$config["dbname"]'''
+
Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by '''incomingdir'''. This prevents the Data Server from trying to process too many files, which would affect server performance. The default value is 5000.
  
Database name to connect to. The default value is 'pandora'.
+
{{warning|Incremental modules may not work properly if this value is not big enough to hold all the XML data files.}}
  
'''$config["dbuser"]'''
 
  
User name for the connection against the Pandora database. The default value is 'pandora'.
+
===use_xml_timestamp===
 
 
'''$config["dbpass"]'''
 
Password for the connection against Pandora FMS database.
 
 
 
'''$config["dbhost"]'''
 
 
 
IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as the server, which is 'localhost'.
 
 
 
'''$config["homedir"]'''
 
 
 
Directory where the Pandora FMS web console is located. This is usually '/var/www/pandora_console' or '/srv/www/htdocs/pandora_console'.
 
 
 
'''$config["homeurl"]'''
 
 
 
Base directory for Pandora FMS. This is usually '/pandora_console'.
 
 
 
'''$config["public_url"]'''
 
 
 
The full URL is set with the string value, the value is the URL of inside Pandora FMS Server if you use an inverse proxy e.g. 'mod_proxy' from Apache.
 
 
 
==== Redirection to  '/pandora_console' from / ====
 
 
 
If you only have one Pandora FMS in your Apache server then it's possible that you could benefit by automatically re-addressing '/pandora_console' when users connect with the URL of their server. To do this, you could create the following file ''index.html'' and put it in the web server root directory ('/var/www' or '/srv/www/htdocs'):
 
 
 
For the case if users connect with the URL / of their server. You can create the following file ''index.html'' and put it in the web server's root directory:
 
 
 
<pre>
 
<html>
 
<head>
 
<meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
 
</head>
 
</html>
 
</pre>
 
 
 
== Pandora FMS Software Agents ==
 
 
 
=== What is an Agent? ===
 
 
 
Pandora FMS software agents collect all data from their systems. They are executed on local systems, but they can also collect information remotely through the monitoring system's agent installation on several different machines.
 
 
 
They are developed to work with a fixed platform, using specific tools from the language which was used: VBScript / Windows scripting for Microsoft platforms (Windows 2000, Windows XP, Windows 2003 and Windows Vista), ShellScripting for UNIX including GNU/Linux, Solaris, AIX, HP-UX and BSD and also the Nokia IPSO. The Pandora FMS agents could be developed in any language as long as it is a system with an easy API and open code. There are modalities of the Pandora FMS project which have been started for agent creation in Posix, C, Perl and Java for systems which require closed agents.
 
 
 
''' Pandora FMS is 100% open code''', e.g. in the way the agents collect and send information is documented and could analyze and / or modify the code to suit to your needs. An agent could be created again in any programming language and could also be easily updated to improve aspects of the program that hadn't been covered completely.
 
 
 
This document describes the agent installation in machines that work with Windows and UNIX operating systems.
 
 
 
==== General Role of Software Agents ====
 
 
 
The Software Agents general role is based on obtaining information about the operating system on which they are installed, to collect this information and send it to the Server.
 
 
 
Pandora FMS software agents use the specific commands of the operating system in order to obtain the information. The Pandora FMS Data Server keeps and processes the data generated by these commands and sends it to the server in an XML file.
 
 
 
The information returned by these commands is kept in what is called a 'Module'. If the agent has been added in 'learning mode', the modules which have been sent and which haven't been previously defined in the logical agent will be created automatically by the server.
 
 
 
=== Introduction to the Agent Configuration ===
 
 
 
The agent is controlled by a unique configuration file which has a syntax which is almost identical in UNIX systems as  in Windows Systems. This file is named ''pandora_agent.conf'' and it's located in the agent installation directory (in Windows Systems) and under ''/etc/pandora/pandora_agent.conf'' in Unix systems.
 
 
 
This configuration file is a plain text file with different options which could all be modified by the administrator. To modify it or its performance, just configure where the data is supposed to get sent to, which things have to be monitored and how it's going to be done.
 
 
 
{{warning|Configuration file encoding. It's very important and has to have the same value which is set in the '''encoding''' configuration parameter. If the encoding is set properly, the reception of data with improper encoding characters is going to be avoided.}}
 
 
 
Now we're going to deal with all the general parameters for the Software Agent and the monitoring modules - which are the ones defining how and what is locally monitored with the Software Agent.
 
 
 
=== General Agent Parameters ===
 
 
 
The Configuration of the General Agent Parameters is defined in this section. Some of them are common for all systems and others are intended specifically for Windows or Unix machines. The general parameters are:
 
 
 
 
 
{{warning|The first time the server receives data from an agent is going to save all of the information into the database. For the following received data it will only update (depending on learning mode status enabled/disabled) the following fields from XML file: '''version''', '''date''', '''OS version''', and the following parameters from the configuration file: '''gis_exec''', '''latitude''', '''longitude''', '''altitude''' '''parent_agent_name''', '''timezone_offset''', '''address''' and '''custom_field'''.}}
 
 
 
====server_ip====
 
 
 
The IP address or the name of the Pandora FMS Server Host where all data will be stored. The server has to be prepared to collect the data either by SSH (listening on port 22), Tentacle (port 41121), FTP (port 21), SMB or NFS.
 
 
 
====server_path====
 
 
 
The server path is the comprehensive file path where the server stores all the data which was sent by the agent. The default path is '/var/spool/pandora/data_in'.
 
 
 
====temporal====
 
 
 
This is the complete path of the folder where the agent stores the local data before sending it to the server.
 
 
 
Remember! Data packages are deleted by default once the agent tries to contact with the Pandora FMS Server. Whether the connection was successful or not is not taken into account (although this function could be changed, as we see later).
 
 
 
This is done to prevent an overload on the hard drive of the host system where the agent runs. The location of the local file changes, depending on the architecture of the host system. Under UNIX systems it's usually at '/var/spool/pandora/data_out', and under Windows systems it's 'C:\program files\pandora_agent\temp'. The Windows installer is going to create this directory depending on where it decides to install Pandora FMS by default.
 
 
 
And under Windows systems, the Windows installer is going to create this directory by default, depending on where it decides to install Pandora FMS.
 
 
 
====description====
 
 
 
Sends the description of the agent in XML and Pandora FMS imports this description when it creates the Agent.
 
 
 
====group====
 
 
 
Sends the name of the group we want the agent to own, and that is only used in the moment the agent is created. The Pandora FMS Server will automatically use this group to put the agent in the selected group.
 
 
 
====temporal_min_size====
 
 
 
If the free space (in MB) of the partition in which the temporary directory is located is lower than this value, it would continue generating data packages. It avoids the disk becoming full if the connection with the server is lost during an extended interval under any circumstances.
 
 
 
====logfile====
 
 
 
The path to the Pandora FMS agent events record file. The file could be used to check the system and to investigate other things.
 
 
 
====interval====
 
 
 
This is the time interval (in seconds) in which the agent is going to collect data from the host system and send the data packages to the server. The range of recommended values constitutes from 300 (5 minutes) to 600 (10 minutes). This value could be bigger, but it's important to consider the impact of a higher value in the database. The execution is not recommended if it's configured to be below 30-60 seconds.
 
 
 
====disable_logfile====
 
 
 
This parameter disables log writing in pandora_agent.log. Only for Windows.
 
 
 
====debug====
 
 
 
This parameter is used to check the creation of data in the files, so the data content of the files could be checked. No data is destroyed when the process has been completed, so the data of the files will be at the temporary directory. The activity is registered in the registry file. The registry file is 'pandora_agent.log' (see logfile above).
 
 
 
Before Pandora 6.0, an agent in debug mode did not report to server.
 
 
 
====agent_name====
 
 
 
This is an alternative name for the host. This parameter is optional. This has not been declared but obtained directly from the system. The parameter could be used to overwrite the host name for another one in case of a conflict.
 
 
 
====(>=5.1SP2) agent_name_cmd====
 
 
 
If you want to define agent name using external command, set this parameter. This is optional. When this parameter is set, 'agent_name' is ignored. External command should return agent name string to STDOUT. If that returns several rows, the string in the first row is used as the agent name.
 
 
 
====(>=7.0) agent_alias_cmd====
 
 
 
If you want to define agent alias using external command, set this parameter. This is optional. When this parameter is set, 'agent_alias' is ignored. External command should return agent alias string to STDOUT. If that returns several rows, the string in the first row is used as the agent alias.
 
 
 
====address====
 
 
 
This is the IP address of the software agent. It could be an IP address with the format X.X.X.X or a domain name such as 'localhost' or 'auto'. If it's an IP address or a domain name, it will be added to the addresses of the agent and established as a main address. If the value is 'auto', it will obtain the IP address from the host and added to the agent as in the previous case.
 
 
 
====encoding====
 
 
 
Installs the kind of codification of the local system, such as ISO-8859-15 or UTF-8. This option is available for the UNIX and Windows agents from Pandora FMS 2.0.
 
 
 
====server_port====
 
 
 
This parameter allows to identify the remote port of the server that is waiting. By default it's 41121 for Tentacle. In case Tentacle is not used or that the server is configured to use another port, this is the place where it should be changed.
 
 
 
====transfer_mode====
 
  
This parameter specifies the transfer mode we have to install in order send the agent data to the server. The available modes are  '''SSH''' (using SCP), Tentacle, FTP o local. The local mode is only for systems where the agent is executed in the same machine that the server, because it is basically an copy between directories. The local mode is available only for GNU/Linux agents.
+
By default it is activated(1) and uses the date and time (timestamp) defined '''inside the XML''' (.data), that is, the timestamp generated by the agent.  
  
==== (>= 6.0) transfer_timeout ====
+
If it is deactivated (0), it will use the timestamp of the XML file, that is '''the timestamp of the server'''. This is useful to deactivate '''globally''' the use of the dates generated by the agents and to use the date and hour of the server as a reference for all the data, because this timestamp is generated in the moment that the Pandora's server receives the XML.  
 
 
This parameter specifies timeout in seconds for file transfer programs execution. The default value is '30' if not defined.
 
 
 
====server_pwd====
 
 
 
Specific for the password of Windows FTP  and for the Tentacle transference mode, although the password at the last one is optional. Server password for authentication with password.
 
 
   
 
   
====server_ssl====
+
{{warning|This operation changed in the Pandora FMS 747 version. In previous versions this token is deactivated by default.}}
 +
{{Tip|There is a similar functionality at agent level, so that the agent data is evaluated with the date of reception of the file.}}
  
Specific for the Tentacle transfer mode. Allows to authorize ('1') or deny ('0) the connections which encrypt through SSL.
+
===auto_restart===
  
====server_opts====
+
Deactivated by default (0). In face of a critical error, the server will be restarted a few seconds later.
  
Specific for the Tentacle transfer mode. Allows to give additional parameters to the Tentacle client for advanced configurations. For example: server_opts -v -r 5
+
===restart===
  
Coming with the 3.2 agent version, tentacle supports the optional use of a HTTP proxy (using CONNECT) mode to send information to the server. This is implemented using an advanced option like this:
+
The default value is '0'. The server will restart on critical errors after a few seconds.
  
server_opts -y user:[email protected]:8080
+
===restart_delay===
  
This will force the tentacle client to use 'proxy.inet' on port 8080 using "user" and "pass" for authentication. If you intend to use a proxy on e.g. 192.168.1.2 on port 9000 without credentials, the command would have to be:
+
The default value is '60'. The number of seconds the server will wait before restarting after a critical error if '''restart''' is enabled.
  
server_opts -y 192.168.1.2:9000
+
=== activate_gis ===
  
====delayed_startup====
+
Enable (1) or disable (0) server GIS features.
  
This parameter allows the Pandora FMS agent to be configured in order to start working after any specific amount of time (in minutes) after manual execution. Useful for systems with a lot of load packages. It's deactivated by default, which means the Pandora FMS agent is going to start working from the moment it is executed manually. This option is only valid for UNIX agents.
+
=== location_error ===
  
====pandora_nice====
+
Margin of error in meters to consider two GIS locations as the same location.
  
This parameter allows the priority the Pandora FMS agent process will have within the system to be specified. It's only available for Unix / Linux agents.
+
=== recon_reverse_geolocation_file ===
  
====autotime====
+
Recon reverse geolocation file. This file must be in MaxMind GPL format (GeoLiteCity.dat format). If this option is commented on in the configuration file, it will disable geolocation by IP when creating agents using recon and software agents. Geolocation will not be carried out either if the GIS functionalities (''activate_gis'') are disabled overall.
  
If it's enabled ('1') it sends a timestamp of special execution (AUTO) that makes the server use its local date / hour to establish the data hour, not paying attention to the hour sent by the agent. This is necessary in agents which have a wrong hour or a different hour from the server for any reason.
+
=== recon_location_scatter_radius ===
  
====cron_mode====
+
Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. The center of the circle is found out by geolocating the IP.
  
With this parameter, it's possible to make the agents using the Linux crontab functions to execute itself in a predetermined interval instead of using the agents internal system to execute itself at a certain time. It's deactivated by default and it's -not- recommended to use it unless it's an absolute necessity.
+
===self_monitoring===
  
====remote_config====
+
The server has a self monitoring flag which creates an agent with the same name as the server, which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter ''self_monitoring'' must be set to '1'.
  
This parameter controls the possibility to configure the agent remotely from the console. '1': The remote configuration is allowed. '0': The remote configuration is not allowed. It's deactivated by default.
+
=== self_monitoring_interval ===
  
====xml_buffer====
+
Time interval for self_monitoring in seconds.
  
The default value is '0'. If set to '1', the agent is going to save any XML data files which couldn't be sent and retries later.
+
===update_parent===
  
if you are in a secured environment under UNIX and want to enable the XML buffer, you should consider changing the temporal directory, since anyone has the right to write into '/tmp'.
+
Defines whether the agent can update its parent by sending the parent name in XML, but if the parameter is not set or is 0, then the agent information will be ignored. If this is not the case, when the server receives an XML with the parent_name attribute, it searches for an agent with this name, and if it finds it, it updates the parent of the XML agent.
  
''An example of the general parameters from a UNIX configuration would be:
+
=== google_maps_description ===
  
server_ip      192.168.1.1
+
This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Google Maps API. To be able to use this feature you need internet access, and you can have performance penalties processing GIS information due to the connection speed against Google API from Pandora FMS server.
server_path    /var/spool/pandora/data_in
 
temporal        /var/spool/pandora/data_out
 
logfile        /var/log/pandora/pandora_agent.log
 
interval        300
 
debug          0
 
agent_name      box01
 
server_port    41121
 
transfer_mode  tentacle
 
remote_config  1
 
  
''An example of the general parameters from a Windows configuration would be :''
+
{{Warning|The Google Maps API is a paid service and requires credentials, you will need to obtain the KEY API and pay, otherwise the service will be suspended after a couple of days of use.}}
  
server_ip      192.168.1.1
+
=== openstreetmaps_description ===
server_path    /var/spool/pandora/data_in
 
temporal        c:\archivos de programa\pandora_agent\temp
 
interval        300
 
debug          0
 
agent_name      box01
 
server_port    41121
 
transfer_mode  tentacle
 
remote_config  1
 
  
====timezone_offset====
+
This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Open Street Maps API.  This service is not as accurate as Google Maps, but it is free. It also has the advantage that it can - through code modifications - be modified to connect to a local server.
  
The agent can set its timezone offset with the server now. It's very useful to have agents with a different timezone synchronized on the same time with a server in another timezone. Agents will send the shifted timezone to the server.
+
{{Tip|If used with direct Internet connection (default), Internet access is required, and you can have performance penalties processing GIS information to the OpenStreetMaps API from Pandora FMS server due to the connection speed.}}
  
# Timezone offset: Difference with the server timezone
+
=== webserver ===
timezone_offset 3
 
  
It is calculated by subtracting the agent's timezone from the server's timezone. For example, if the server's timezone is UTC+1 and the agent's timezone is UTC-5, the timezone offset should be 6 = 1 - (-5).
+
(Pandora FMS Enterprise only)
  
====parent_agent_name====
+
WEB check server, which can be enabled (1) or disabled (0). It is also known as Goliath Server. It has nothing to do with the Web User Experience (WUX) monitoring server.
  
If the server allows it, it's also now possible to update the parent of an agent by sending the name of the parent agent in XML.
+
===web_threads===
  
parent_agent_name parent_name
+
(Pandora FMS Enterprise only)
  
==== agent_threads <threads> ====
+
Number of threads assigned to the WEB test server (Goliath). It shows how many simultaneous threads are assigned to this component.
  
Number of threads the agent is going to launch to execute modules simultaneously. by default there is a single thread, to execute one module, and later the other, and go on until all of them are finished. This is only available in Unix agents.
+
===web_timeout===
  
====include <filename> ====
+
(Pandora FMS Enterprise only)
  
This is the alternative configuration file path. This file can contain additional modules and collections alongside the ones found in the main configuration file. This token is optional. In matters related to perl agents, it allows for filename wildcards.
+
Default expiration time in seconds for web monitoring modules (Goliath).
  
====broker_agent <name>====
+
===web_engine===
  
It manages configuration and data collection from an agent as if they were be multiples of the same. A new configuration file is created for each broker agent added in the main configuration file with the name we have assigned to it. This token will be used only in the broker agent and not in the new agents created by it. These new agents will start reporting after the next execution. This token is optional.
+
(Pandora FMS Enterprise only)
  
====pandora_user <user>====
+
cURL is used by default from version 747 onwards. Set this parameter to "LWP" to use LWP instead of cURL for web monitoring.
  
This parameter is optional and allows the agent to be executed with the specified system user. This user has to have permissions to execute the agent and all associated resources.
+
=== inventoryserver ===
  
As we can see, most of the parameters from a Windows and a UNIX agent are the same.
+
(Pandora FMS Enterprise only)
  
====(>= 5.X) custom_id====
+
'1' enables the Pandora FMS Inventory Server, '0' disables it.
  
Custom ID of the agent for external applications.
+
===inventory_threads===
  
====(>= 5.X) url_address====
+
(Pandora FMS Enterprise only)
  
Custom URL to open it from the agent in the console.
+
Number of threads assigned to the remote inventory server.
  
====(>= 5.X) custom_fieldX_name====
+
=== exportserver ===  
  
Name of an agent custom field which already exists on the system. If doesn't exist, it will be ignored.
+
(Pandora FMS Enterprise only)
  
Example:
+
'1' enables Pandora FMS Export Server, '0' disables it.
  
custom_field1_name Model
+
===export_threads===
  
====(>= 5.X) custom_fieldX_value====
+
(Pandora FMS Enterprise only)
  
Value for the custom field X defined in the previous parameter.
+
Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.
  
Example:
+
=== eventserver ===
  
custom_field1_value C1700
+
(Pandora FMS Enterprise only)
  
==== (> 5.1 Unix agent only) macro<macro> <value> ====
+
'1' enables Pandora FMS Event correlation Server, '0' disables it (default value is '1').
  
It defines a local execution macro which can be used in the module definition. These kind of macros are used mostly in the metaconsole system, and in the local module component system to "abstract" the difficulty of use a local module, to not have to edit the source module definition. With these, a new field will appear in the GUI. The local execution macros have similar names to the local plugin macros: _field1_, _field2_....
+
===event_window ===
  
Example:
+
(Pandora FMS Enterprise only)
  
<pre>
+
Event window: It is the time window (in seconds) where the event server will look for events. For example, if set to '3600', the event server will check events generated within the last hour. If you have rules where the time window is longer, you will have to modify this value. A very large value will cause the system to degrade and require more resources (CPU, RAM) to operate.
module_begin
 
module_name FreeDisk_opt
 
module_type generic_data
 
module_exec df -kh _field1_ | tail -1 |  awk '{ print $5}' | tr -d "%"
 
module_macro_field1_ /opt
 
module_end
 
</pre>
 
  
==== (>= 6.0SP5) group_password <password> ====
+
=== (>= 7.0) event_inhibit_alerts ===
  
Password for the agent group. Leave commented if the group is not password protected.
+
If set to 1, an alert will not be executed (unless it is recovered) if the last event it generated is in 'in progress' status. 0 by default.
  
==== (>= 7.0) ehorus_conf <path> ====
+
=== icmpserver ===  
  
Absolute path to a valid [https://ehorus.com/ eHorus] agent configuration file. The agent will create a custom field named ''eHorusID'' that contains the eHorus agent's identifying key.
+
(Pandora FMS Enterprise only)
  
 +
Enables (1) or disables (0) the Enterprise ICMP server.
  
Sample:
+
{{Tip|The ICMP Enterprise server uses the ''fping'' binary to perform ICMP requests in bulk. If this component is not enabled, the ''network server'' will run the checks, but with a much worse performance.}}
  
ehorus_conf /etc/ehorus/ehorus_agent.conf (linux)
+
===icmp_threads===
ehorus_conf /usr/local/ehorus_agent/ehorus_agent.conf (mac)
 
ehorus_conf "c:\program files\ehorus_agent\ehorus_agent.conf" (windows)
 
  
==== (>= 7.0OUM13) transfer_mode_user <usuario> ====
+
(Pandora FMS Enterprise only)
  
Usuario de los ficheros copiados en el modo de transferencia local. En las carpetas de la consola este usuario debe tener permisos de lectura y escritura para que funcione correctamente la configuración remota. Por defecto es ''apache''.
+
Number of threads for the ICMP Enteprise server (default value is '3').
  
=== Secondary Server ===
+
=== snmpserver ===  
  
A special kind of general configuration parameter is the definition of a secondary server. This allows the definition of a server to send data to, in a complementary way to the standard definition of a server. The secondary server mode works in two different ways:
+
(Pandora FMS Enterprise only)
  
* '''on_error''': Send data to the secondary server only in cases it could not send them to the primary one.
+
Pandora FMS snmp server enabled (1) or disabled (0).
* '''always''': Always send data to the secondary server, no matter if it's able to contact the main server or not.
 
  
Configuration example:
+
{{Tip|The SNMP Enterprise server uses the ''braa'' binary to execute SNMP queries in block. If this component is not enabled, the ''network server'' will run the checks.}}
  
secondary_server_ip    192.168.1.123
+
===snmp_threads===
secondary_server_path  /var/spool/pandora/data_in
 
secondary_mode          on_error
 
secondary_transfer_mode tentacle
 
secondary_server_port  41121
 
  
=== UDP Server ===
+
(Pandora FMS Enterprise only)
  
The Pandora FMS Agent (both, Unix and Windows) allows the agent to be configured for listening to remote commands. This server listens on a user specified UDP port and allows orders to be received from a remote system - ideally from Pandora FMS through the execution of alerts on the server.
+
Number of threads for Enteprise SNMP server (default value is '3').
  
There are several options to configure the UDP remote server. The default file is ''pandora_agent.conf''
+
===transactionalserver===
  
* '''udp_server''': To activate the UDP server, set it on '1'. This is deactivated by default.
+
(Pandora FMS Enterprise only)
* '''udp_server_port''': Port where it listens.
 
* '''udp_server_auth_address''': Authorized IP address to send orders. Several Addresses can be set separated by commas. If it is configured with 0.0.0.0, UDP Server will accept orders from all addresses. Nevertheless, for security reasons, please restrict the access to this agent from known IPs.
 
* '''process_<name>_start <command>''': Command which is going to start a user-defined process.
 
* '''process_<name>_stop <command>''': Command which is going to stop the process.
 
* '''service_<name> 1''': Allows the service <name> to be started or stopped remotely from the UDP server.
 
  
Configuration Example:
+
Pandora FMS transactional server enabled (1) or disabled (0).
  
udp_server 1
+
===transactional_threads===
udp_server_port 4321
 
udp_server_auth_address 192.168.1.23
 
process_firefox_start firefox
 
process_firefox_stop killall firefox
 
service_messenger 1
 
  
The server accepts the following commands:
+
Set to 1 by default. The presence of this parameter is a mere transaction, its modification will not alter the operation of the transactional server.
  
* '''<START|STOP> SERVICE <name of the service>''': Starting or stopping a service.
+
===transactional_threshold===
* '''<START|STOP> PROCESS <name of the process>''': Starting or stopping a process.
 
* '''REFRESH AGENT <name of the agent>''': Forces one execution of the agent and refreshes data.
 
  
In 5.0 version, Unix agent only implements REFRESH AGENT command.
+
Maximum number of seconds that a transactional server transaction may take.
  
For example:
+
===prediction_threads===
  
STOP SERVICE messenger
+
Number of threads for the prediction server.
START PROCESS firefox
 
REFRESH AGENT 007
 
  
There is a script on the server at ''/util/udp_client.pl''which is used by the Pandora FMS Server as a command of an alert to start process or services. It has this syntax:
+
===block_size===
  
./udp_client.pl <address> <port> <command>
+
(Pandora FMS Enterprise only)
  
To e.g. restart an agent:
+
Block size for block producer / consumer servers, which is the number of modules per block (the default value is 15). This affects to how requests are processed by SNMP Enterprise and ICMP Enterprise servers.
  
./udp_client.pl 192.168.50.30 41122 "REFRESH AGENT"
+
===dataserver_lifo===
  
For more information, please go to the Alert Configuration section.
+
If enabled (1), XML data files will be processed in a stack instead of a queue, and stale data (i.e., data with a timestamp older than its module's current timestamp) will not trigger events or alerts. Disabled (0) by default.
  
=== Modules definition ===
+
{{warning|Incremental modules will lose resolution if XML data files pile up, since newer data will be processed first, causing older data to be discarded.}}
  
Each piece of information which is collected has to be perfectly defined in each module, using the most precise syntax. You can implement as many values as necessary in order to be collected, adding, at the end of the general parameters as many modules as the number of values to compile. Each module is composed of several directives. The list which appears below is a descriptive list of all available modules and signals for UNIX agents (almost all of them can also apply to the Windows agent).
+
===policy_manager===
  
The general syntax is the following:
+
If active (1), the server listens to the policy queue. By default its value is 1.
  
module_begin
+
===event_replication===
module_name NombreDelMódulo
 
module_type generic_data
 
.
 
.
 
.
 
module_description Ejecución del comando
 
module_interval Número
 
module_end
 
  
There are different kinds of modules, with different ''sub-options'', but all modules have a structure similar to this. The parameters ''module_interval'' and ''module_description'' are optional and the rest of them completely compulsory. First, we're going to see the common elements.
+
In case of being active (1) the process of event replication to Metaconsole is performed. This process will not be activated if it is not correctly configured in the console. By default its value is 0.
  
==== Common elements of all modules  ====
+
===event_auto_validation===
  
{{warning|Module fields (except module data, description and extended info) are only stored on module creation and will never be updated if the module is already created. This behavior is identical to the agent's enabled learning mode.}}
+
In case of being active (1) new created events autovalidate previous events of the same module. Its value is 1 by default.
  
===== '''module_begin''' =====
+
=== event_file ===
Defines the beginning of the module (compulsory).
 
 
 
===== module_name <name> =====
 
 
 
Name of the module. This is the module ID. Please pick a name without blanks and not too long. There is no specific limitation (max. 250 characters), but a short name would be easier to work with. This name '' CANNOT be duplicated ''' with a similar name in the same agent. This name could be duplicated with other modules in other agents. Just like in other chapters, Pandora FMS is case-sensitive.
 
 
 
===== module_type =====
 
 
 
The data type that the module is going to use. There are several data types for agents:
 
 
 
* '''Numerical''' (generic_data). Simple numerical data, in floating points or wholes. If the values are in the floating point type, they are going to be cut to their whole value.
 
 
 
* '''Incremental''' (generic_data_inc). Numeric data equal to the difference between the current value and the previous one divided by the elapsed time in seconds. When this difference is negative, the value is reset.
 
 
 
* '''Absolute incremental''' (generic_data_inc_abs). Numeric data equal to the difference between the current value and the previous one, with no division made, so the value is the total difference or increment, and not the increment per second. When this difference is negative, the value is reset, this means that at the time when the difference is again a positive value, the base value used to make this calculation is the last one from which the incremental value is positive.
 
  
* '''Alphanumeric''' (generic_data_string). Collect alphanumeric text strings.
+
This configuration option allows to specify a text file in which the events generated by Pandora FMS in CSV format will be written. Enabling this option adds a Pandora FMS performance penalty.
 
 
* '''Monitors''' (generic_proc). Useful to evaluate the state of a process or service. This type of data is called 'monitor', because it assigns a '0' to a 'false' state and any value higher than '1' to a 'true' state.
 
 
 
* '''Asynchronous Alphanumeric''' (async_string). Collects alphanumeric text strings which could enter any moment without a fixed periodicity. The rest of the parameters (generic) work synchronously, which means they expect the data entry every XX time, and if they don't arrive then it's said they are in an unknown state (unknown). The asynchronous modules are unable to adopt this state.
 
 
 
* '''Asynchronous Monitor''' (async_proc). Similar to 'generic_proc' but asynchronous (compulsory).
 
 
 
* '''Asynchronous Numerical''' (async_data). Similar to 'generic_data' but asynchronous (compulsory).
 
 
 
===== module_min <value> =====
 
 
 
This is the minimum valid value to generated data within this module. If the module has not been defined in the web console yet, this value would be taken from this directory. This command is not compulsory. This value does not eliminate the defined value within the agent. If the module does not exist in the dashboard, then it's going to get created automatically when the learning mode is in use.
 
 
 
===== module_max <value> =====
 
 
 
This is the maximum valid value for generated data in this module. If the module has not been defined in the web console yet, this value could be taken from this directory. This guideline is not compulsory and it's not supported by the Windows agent. It doesn't eliminate the defined value within the agent. If the module does not exist in the dashboard, it will be created automatically when the learning mode is in use.
 
 
 
===== module_min_warning <value> =====
 
 
 
This is the minimum value which will make the module state go to the 'warning' status. This guideline is not compulsory. If the module doesn't exist in the dashboard, then it's going to get created automatically when the learning mode is in use.
 
 
 
===== module_max_warning <value> =====
 
 
 
This is the maximum value which will make the module go to 'warning' status. This guideline is not compulsory. It uses a <= (less than) operator.
 
 
 
===== module_min_critical <value> =====
 
 
 
This is the minimum value which will make the module state go to 'critical' status. This guideline is not compulsory. This uses a > operator, not a >= operator.
 
 
 
===== module_max_critical <value> =====
 
 
 
This is the maximum value which will make the module state go to 'critical' status. This guideline is not compulsory. This uses a <= operator.
 
 
 
===== module_disabled <value> =====
 
 
 
Indicates if the module is enabled ('0') or disabled ('1'). This guideline is not compulsory. If the module does not exist in the dashboard, it's going to get created automatically when the learning mode is in use.
 
 
 
===== module_min_ff_event <value> =====
 
 
 
This is the interval between new status changes which are filtered to avoid continuous changes of module state. This guideline is not compulsory. If the module doesn't exist in the dashboard, it's going to be created automatically when the learning mode is in use.
 
 
 
===== (>= 6.0 SP4) module_each_ff <value> =====
 
 
 
If enabled (1), per status flip flop thresholds are used instead of module_min_ff_event (module_min_ff_event_normal, module_min_ff_event_warning and module_min_ff_event_critical). Set to 0 to disable.
 
 
 
===== (>= 6.0 SP4) module_min_ff_event_normal <value> =====
 
 
 
Per status flip flop thresholds. See ''module_min_ff_event'' and ''module_each_ff''.
 
 
 
===== (>= 6.0 SP4) module_min_ff_event_warning <value> =====
 
 
 
Per status flip flop thresholds. See ''module_min_ff_event'' and ''module_each_ff''.
 
 
 
===== (>= 6.0 SP4) module_min_ff_event_critical <value> =====
 
 
 
Per status flip flop thresholds. See ''module_min_ff_event'' and ''module_each_ff''.
 
 
 
===== (>= 6.0 SP4) module_ff_timeout <seconds> =====
 
 
 
Reset the flip flop threshold counter after the given number of seconds. This means ''module_min_ff_event'' status changes must be triggered within ''module_ff_timeout'' seconds before the status is actually changed.
 
 
 
===== module_description <text> =====
 
 
 
This guideline will be employed to add a comment to the module. This guideline is not compulsory and it doesn't overwrite the value defined by the agent. If the module doesn't exist in the dashboard, it's going to get created automatically when the learning mode is in use.
 
 
 
===== module_interval <factor> =====
 
 
 
Since Pandora 1.2 introduced this new type, it's possible for each module to fix its own interval. This interval is calculated as a multiplier for the agent interval. If the agent has e.g. an interval 300 (5 minutes) and you want a module which is going to get processed every 15 minutes only, you should add this line: module_interval 3. This module will be processed every 300sec x 3 = 900sec (15 minutes).
 
 
 
===== module_timeout <secs> =====
 
 
 
''(Windows only)''
 
 
 
In the 3.1 version, Pandora FMS supports specifying the total of seconds in each module independently. The agent is going to wait for the execution of the module, so if it takes more than XX seconds, it's going to abort the execution of the module (to avoid becoming 'dead' in the implementation of a module). In version 3.1, it's supported on Windows only - but in future versions, it's also going to get implemented into the UNIX agents.
 
 
 
===== module_postprocess <factor> =====
 
 
 
Same as in the definition of post processing of a module that is done from the console, a numeric value of floating comma could be defined here which is going to send this value to Pandora FMS in order to use it to multiply the received (raw) by the agent. If you e.g. want to multiply the value that the agent returns by 1024, just put "1024" in here. If you want to divide it by 1024, then just put 1/1024 here - which is 0,000976563.
 
 
 
===== module_save <variable name> =====
 
 
 
From version 3.2, it's possible to save the modules return value in an environment mode variable, so it could be used in other modules later. It's important to consider the values are updated after the modules are executed in the same order in which they were defined.
 
  
 
For example:
 
For example:
  
  module_begin
+
  event_file /var/log/pandora/pandora_events.txt
module_name echo_1
 
module_type generic_data
 
module_exec echo 41121
 
module_save ECHO_1
 
module_end
 
  
module_begin
+
{{Warning|There is no rotation mechanism for this file, you will have to take it into account since it can grow considerably.}}
module_name echo_2
 
module_type generic_data
 
module_exec echo $ECHO_1
 
module_end
 
  
In Windows agents the module would have to be formed with %var% instead of $var.
+
=== snmp_storm_protection ===
Following the example
 
  
module_begin
+
Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.
module_name echo_2
 
module_type generic_data
 
module_exec echo %ECHO_1%
 
module_end
 
  
===== module_crontab <minute> <hour> <day> <month> <day of the week> =====
+
=== snmp_storm_timeout ===  
  
From version 3.2, it's possible to schedule modules in the order they'll be executed on a specific date.
+
Time interval for snmp_storm_protection in seconds.
To do this, you're required to define the '''module_crontab'''', using a similar format to that of the crontab file: (http://es.wikipedia.org/wiki/Cron_(Unix)#Sintaxis)
 
  
module_crontab <minute> <hour> <day> <month> <day of the week>
+
e.g. to prevent a single source from sending more than 1000 traps per 10 minutes:
  
Being:
+
snmp_storm_protection 1000
 +
snmp_storm_timeout 600
  
* Minute 0-59
+
=== text_going_down_normal ===
* Hour 0-23
 
* Day of the month 1-31
 
* Month 1-12
 
* Day of the week  0-6 (0 is Sunday)
 
  
It's also possible to specify intervals using the '''-''' character as a divider.
+
Text for the event that is generated when a module goes into normal status. It supports the _module_ and _data_ macros.
  
In order for one module to be executed e.g. every Monday between 12 and 15, we could use the following configuration:
+
=== text_going_up_critical ===
  
module_begin
+
Text to be displayed in module events going into critical status. It supports the _module_ and _data_ macros.
module_name crontab_test
 
module_type generic_data
 
module_exec script.sh
 
module_crontab * 12-15 * * 1
 
module_end
 
  
The module will be executed once during the interval. If we want it to be executed while the interval is on, we could use the '''module_cron_interval 0''' option in the following way:
+
=== text_going_up_warning ===
  
module_begin
+
Text to be displayed in module events going from 'normal' into 'warning' status. It supports the _module_ and _data_ macros.
module_name crontab_test2
 
module_type generic_data
 
module_exec script.sh
 
module_crontab * 12-15 * * 1
 
module_cron_interval 0
 
module_end
 
  
To execute a command every hour, in an hour and 10 minutes:
+
=== text_going_down_warning ===
  
module_begin
+
Text to be displayed in module events going from 'critical' into 'warning' status. It supports the _module_ and _data_ macros.
module_name crontab_test3
 
module_type generic_data
 
module_exec script.sh
 
module_crontab 10 * * * *
 
module_cron_interval 0
 
module_end
 
  
===== module_condition <operation> <command> =====
+
=== text_going_unknown ===
  
From version 3.2, it's possible to define commands that will be executed if the module returns some specific values. It's necessary to specify one of the following options:
+
Text to be displayed in module events going into 'unknown' status. It supports the _module_ and _data_ macros.
  
* '''>''' [value]: Executes the command if the module value is higher than the given one.
+
=== event_expiry_time ===
  
* '''<''' [valor]: Executes the command if the module value is lower than the given one.  
+
Events older that the specified time (in seconds) will be auto-validated. Set it to '0' to disable this feature.
  
* '''=''' [valor]: Executes the command if the module value is equal to the given one.
+
For example, to automatically validate events 10 hours after they were generated, just use the command:
  
* '''!=''' [valor]: Executes the command if the module value is different to the given one.
+
event_expiry_time 36000
  
* '''=~''' [regular expression]: Executes the command if the module value coincides with the given regular expression.
+
=== event_expiry_window ===
  
* '''('''valor, valor''')''': Executes the command if the module value is ranged between the given values.
+
This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be higher than event_expiry_time.
  
It's possible to specify multiple conditions for the same module. For example:
+
The default value is the equivalent of one day:
  
  module_begin
+
  event_expiry_window 86400
module_name condition_test
 
module_type generic_data
 
module_exec echo 2.5
 
module_condition (1, 3) script_1.sh
 
module_condition > 5.5 script_2.sh
 
module_end
 
  
Examples:
+
=== claim_back_snmp_modules ===
  
module_begin
+
If set to 1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (pandora_db) is run.
module_name MyProcess
 
module_type generic_data
 
module_exec tasklist | grep MyProcess | wc -l
 
module_condition > 2 taskkill /IM MyProcess* /F
 
module_end
 
  
module_begin
+
=== async_recovery ===
module_name PandoraLogSize
 
module_type generic_data
 
module_exec ls -la "c:\Archivos de programa\pandora_agent\pandora_agent.log" | gawk "{ print $5 }"
 
module_condition > 10000 del "c:\Archivos de programa\pandora_agent\pandora_agent.log"
 
module_end
 
  
module_begin
+
If set to 1, asynchronous modules that do not receive data for twice their interval will become normal. Set to 0 to disable.
module_name Service_Spooler
 
module_type generic_proc
 
module_service Spooler
 
module_condition = 0 net start Spooler
 
module_end
 
  
*'''NOTE''': On Windows platforms, it's recommended to use '''cmd.exe /c''' to execute the command to ensure it's executed properly. For example:
+
=== console_api_url ===
  
module_begin
+
Console's api direction. Usually, the direction of the server and the console ending with the route ''/include/api.php''.
module_name condition_test
 
module_type generic_data
 
module_exec echo 5
 
module_condition (2, 8) cmd.exe /c script.bat
 
module_end
 
  
===== module_precondition <operation> <command> =====
+
=== console_api_pass ===
  
If the precondition is true, the module is going to run. It's necessary to specify one of the following options:
+
Password of the console's api. This password can be found in the general section of the setup and can be left empty.
  
* '''>''' [value]: Executes the command if the module value is higher than the given one.
+
=== console_user ===
  
* '''<''' [value]: Executes the command if the module value is lower than the given one.  
+
User of the console with permissions to execute the required actions, like getting a module graph image to put it in an alert email.
  
* '''=''' [value]: Executes the command if the module value is equal to the given one.
+
{{Tip|For security reasons, it is recommended to use an exclusive user for the API. Such user should not have permission for interactive access to the console, and use of the API should be restricted to only a set of IPs}}
  
* '''!=''' [value]: Executes the command if the module value is different to the given one.
+
=== console_pass ===
  
* '''=~''' [regular expression]: Executes the command if the module value coincides with the given regular expression.
+
Password of the previously added console user.
  
* '''('''value, value''')''': Executes the command if the module value is ranged between the given values.
+
===encryption_passphrase===
  
An example of a module using preconditions is the following:
+
An encryption phrase used to generate the key for the encrypted password. It is commented by default.
  
module_begin
+
=== unknown_events ===
module_name Precondition_test1
 
module_type generic_data
 
module_precondition (2, 8) echo 5
 
module_exec monitoring_variable.bat
 
module_end
 
  
Like postconditions, it's also possible to use several preconditions. The module is only going to be executed if all preconditions are met:
+
If active (1), events for unknown module status will be created. The value set by default is 1.
  
module_begin
+
=== unknown_interval ===
module_name Precondition_test2
 
module_type generic_data
 
module_precondition (2, 8) echo 5
 
module_precondition < 3 echo 5
 
module_exec monitoring_variable.bat
 
module_end
 
  
*'''NOTE''': On Windows platforms, it's recommended to use '''cmd.exe /c''' to execute the command to ensure it's proper execution. For example:
+
Time interval (as a multiple of the module interval) before a module becomes unknown. Twice the module's interval by default.
  
module_begin
+
=== global_alert_timeout ===
module_name Precondition_test3
 
module_type generic_data
 
module_precondition (2, 8) cmd.exe /c script.bat
 
module_exec monitoring_variable.bat
 
module_end
 
  
===== (>= 5.x) module_unit <value> =====
+
Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to 0, Pandora FMS Server ignores it and alert execution will not be interrupted.
  
This is a unit of the value retrieved by the module.
+
=== remote_config ===
  
Example:
+
(Only Pandora FMS Enterprise)
  
module_unit %
+
This parameter controls whether it is possible to configure the server remotely from the console in the server view. It works by Tentacle in a similar way to the remote configuration of the agents.
  
===== (>= 5.x) module_group <value> =====
+
=== remote_config_address ===
  
This is the name of the module group. If the group doesn't exist, the module will be created without getting assigned.
+
IP address of the machine where remote configuration files will be sent. It is localhost by default.
  
Example:
+
=== remote_config_port ===
  
module_group Networking
+
Tentacle port for remote configuration. It is 41121 by default.
  
===== (>= 5.x) module_custom_id <value> =====
+
=== remote_config_opts ===
  
This is a custom identifier for the module.
+
Allows to give additional parameters to the Tentacle client for advanced configurations. They should appear between quotation marks (e.g. "-v-r 5").
  
Example:
+
=== warmup_event_interval ===
  
module_custom_id host101
+
In seconds, it specifies the time it will take until status change events are generated again and runs alerts after a server restart.
  
===== (>= 5.x) module_str_warning <value> =====
+
=== warmup_unknown_interval ===
  
This is a regular expression to define the 'warning' status in the string types modules.
+
In seconds, it specifies how long it takes for modules to go into unknown status after a server restart.
  
Example:
+
=== enc_dir ===
  
module_str_warning .*NOTICE.*
+
Path to a directory containing additional [http://search.cpan.org/~msergeant/XML-Parser-2.36/Parser.pm#ENCODINGS .enc]  files for the XML parser. These files will be automatically loaded by the Data Server at startup.
  
===== (>= 5.x) module_str_critical <value> =====
+
=== (>= 7.0) dynamic_updates ===
  
This is a regular expression to define the 'critical' status in the string type modules.
+
The number of times dynamic thresholds will be recalculated per dynamic interval.
  
Example:
+
=== (>= 7.0) dynamic_warning ===
  
module_str_critical .*CRITICAL.*
+
Percentage relative to the length of the critical interval used to calculate dynamic warning thresholds. The lower the value, the closer the critical and warning thresholds will be.
  
===== (>= 5.x) module_warning_instructions <value> =====
+
=== (>= 7.0) dynamic_constant ===
  
These are the instructions to the operator if the module changes to 'warning' status.
+
Percentage relative to the module's average used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.
  
Example:
+
===(>= 7.0) unknown_updates===
  
module_warning_instructions Increase incident priority
+
Set to 0 by default. If set to 1, unknown modules will be periodically updated, instead of only once when they become unknown. Alerts associated to unknown modules will be periodically evaluated too.
  
===== (>= 5.x) module_critical_instructions <value> =====
+
{{Warning|Setting unknown_updates to 1 may affect server performance.}}
  
These are the instructions to the operator if the modules changes to 'critical' status.
 
  
Example:
+
=== (>= 7.0) wuxserver ===
  
module_critical_instructions Call to sys department
+
(Pandora FMS Enterprise only)
  
===== (>= 5.x) module_unknown_instructions <value> =====
+
Enables Web User Experience Analysis (WUX) server. Requires configuration of wux_host and wux_port
  
These are the instructions to the operator if the module changes to 'unknown' status.
+
===(>= 7.0) wux_host===
  
Example:
+
(Pandora FMS Enterprise only)
  
module_unknown_instructions Open incident
+
It indicates the IP address / FQDN of the server hosting the Pandora Web Robot Daemon service (PWRD)
  
===== (>= 5.x) module_tags <value> =====
+
===(>= 7.0) wux_port===
  
These are the tags which will be assigned to the module separated by commas. It will only be assigned to tags which exist in the system.
+
(Pandora FMS Enterprise only)
  
Example:
+
It indicates the port of the Pandora Web Robot Daemon service (PWRD). Its default value is 4444.
  
module_tags tag1,tag2,tag3
+
===(>= 7.0) wux_webagent_timeout===
  
===== (>= 5.x) module_warning_inverse <value> =====
+
Maximum time to connect to a destination web address and Selenium server. It is commented by default, with the value 15.
  
This is a flag (0/1) which will inverse the 'warning' threshold of the defined value when activated.
+
===(>= 7.0) syslogserver===
  
Furthermore, if you use a negative value for the interval, e.g. the 'warning' status for values under '-50', you need set the 'min_warning' to '-50' and set this parameter.
+
(Pandora FMS Enterprise only)
  
Example:
+
'1' enables the Pandora FMS Syslog Server, '0' disables it.
  
module_critical_inverse 0
+
===(>= 7.0) syslog_file===
  
===== (>= 5.x) module_critical_inverse <value> =====
+
(Pandora FMS Enterprise only)
  
This is a flag (0/1) which will inverse the 'critical' threshold of the defined value when activated.
+
Full path to syslog's output file. For example:
 +
syslog_file /var/log/messages
  
Furthermore, if you use a negative value for the interval, e.g. the critical state for values under '-75', you're required to set the 'min_critical' to '-75' and set this parameter.
+
===(>= 7.0) syslog_threads===
  
Example:
+
(Pandora FMS Enterprise only)
  
module_critical_inverse 1
+
Number of threads for the Syslog Server.
  
===== (>= 5.x) module_native_encoding <value> =====
+
===(>= 7.0) syslog_max===
(Win32 only)
 
  
This configuration token only affects executed modules by command line, that is, there is a module_exec in the module configuration.
+
(Pandora FMS Enterprise only)
  
Windows manages three encodings for its processes: the command line encoding (OEM), the system encoding (ANSI) and UTF-16. Both encodings are agree on basic characters, but they are different on less common characters, like written accent. With this token, the Pandora's agent transforms the output to the encoding specified in the configuration file (pandora_agent.conf).
+
Maximum number of lines read by the Syslog Server on each run.
  
module_native_encoding has four acceptable values:
+
===sync_port ===
* module_native_encoding OEM: to command line encoding
+
Communication port of the sync server. It is commented by default, with the value 41121.
* module_native_encoding ANSI: to system encoding
 
* module_native_encoding UTFLE: to UTF-16 little-endian
 
* module_native_encoding UTFBE: to UTF-16 big-endian
 
  
If module_native_encoding does not appear, no re-encoding will be done.
+
=== sync_ca ===
  
===== (>= 5.x) module_quiet <value> =====
+
CA certificate path to sign certificates to configure SSl communication of the sync server. It is commented by default, with path ''/home/cacert.pem''.
  
This is a flag (0/1) which will turn the module into quiet mode when activated. It won't generate events or alerts anymore, and won't store historic data, so the reports such as SLA won't be affected.
+
=== sync_cert ===
  
Example:
+
Server certificate path for configuring SSl communication of the sync server. It is commented by default, with path ''/home/tentaclecert.pem''.
  
module_quiet 1
+
=== sync_key ===
  
===== (>= 5.x) module_ff_interval <value> =====
+
Private key path of the server certificate for configuring SSl communication of the sync server. It is commented by default, with path ''/home/tentaclekeypem''.
  
This is the flip flop execution threshold of the module (in seconds).
+
=== sync_retries ===
  
Example:
+
Number of attempts to make the connection. It is commented by default, with the value 3.
  
module_ff_interval 2
+
===sync_timeout ===
  
===== (>= 5.x) module_macro<macro> <value> =====
+
Maximum connection time. It is commented by default, with the value 10.
  
This is a macro generated by the console in conjunction with the components macro system. Setting this parameter from the configuration file is futile, because it's intended for modules created with local components only.
+
===sync_address===
 +
Address of the Tentacle server.
  
Example:
+
===(>= 7.0) logstash_host===
  
module_macro_field1_ 8080
+
(Pandora FMS Enterprise only)
  
 +
Name or IP of the machine with logstash installed
  
===== (>= 5.1 SP4) module_alert_template <template_name> =====
+
===(>= 7.0) logstash_port===
  
This macro assigns to the module the alert template that corresponds to the name introduced as parameter(see [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Alerts#Alert_Templates Alert templates])
+
(Pandora FMS Enterprise only)
 
 
Example:
 
 
 
<module>
 
<name><![CDATA[CPU usage]]></name>
 
<type>generic_data</type>
 
<module_interval>1</module_interval>
 
<min_critical>91</min_critical>
 
<max_critical>100</max_critical>
 
<min_warning>70</min_warning>
 
<max_warning>90</max_warning>
 
<alert_template><![CDATA[Critical condition]]></alert_template>
 
<data><![CDATA[92]]></data>
 
</module>
 
 
 
===== module_end =====
 
 
 
Defines the end of the module (compulsory).
 
 
 
==== Specific guidelines to obtain information ====
 
 
 
Furthermore, there are the specific guidelines that could be specified for each module in order to obtain information. Only one kind of them can be used in each module.
 
 
 
===== module_exec <command> =====
 
 
 
This is the general way to gather information by executing a command. Both for the UNIX and for the Windows agent. There is only one guideline to obtain data the generic way, executing only one command (it's able to use pipes to re-address the execution to another command). This guideline executes a command and keeps the return value. This method is also available under the agents for Windows; it's the general purpose method for both agents.
 
 
 
 
 
{{Warning|If execution returns a return code different from '0', it will be interpreted as "execution error" and the information will be discarded.}}
 
 
 
In some cases where you're sure your command is ok, even if returning code is !=0, you can pipe the execution to another "dump" command to clean the return code, e.g.:
 
 
 
top -n 1
 
 
 
Will give you error code 1 (check which echo $?). To "clean" that error code, just use this command:
 
 
top -n 1 | grep ""
 
 
 
There are the following, additional guidelines for the agents to obtain data:
 
 
 
===== module_service <service> =====
 
 
 
Checks if a specific service is being executed on the machine. Remember to use the  «" "» characters if the name of the service contains blanks.
 
 
 
module_begin
 
module_name Service_Dhcp
 
module_type generic_proc
 
module_service Dhcp
 
module_description Service DHCP Client
 
module_end
 
 
 
The service is identified with the short name of the service (service name), such as it appears in the Windows services manager. There is one other identifier, called "display name", longer and usually more descriptive, but this is not the one used by Pandora FMS to identify the process. Neither it is the process related to the server. In this snapshot, we can see the short name (service name) of the service monitored in the previous example. It is important to stress that '''there is a difference in the use of the "capital and the small letters''' (case sensitivity).
 
 
<center>
 
[[image:Service_name_id.png]]
 
</center>
 
 
 
'''UNIX'''
 
 
 
Under Unix, it works like under Windows, but under UNIX, 'service' and 'process' is considered the same concept. For example, to see if the process named ''bash'' is running, the module definition would be:
 
 
 
module_begin
 
module_name Service_bash
 
module_type generic_proc
 
module_service /bin/bash
 
module_description Process bash running
 
module_end
 
 
 
'service watchdog' and 'service asynchronous detection' aren't possible under UNIX agents.
 
 
 
'' Asynchronous Way ''
 
 
 
Pandora FMS usually executes a test battery (each of it defined by a module) every X seconds (300 seg. = 5 min. by default). If a service is down just after an execution of Pandora, it's going to take additional 300 seconds to recognize the service went down. The difference on asynchronous mode is that modules immediatly notify Pandora FMS about the fail or shutdown of this service. This is called ''asynchronous'' operation mode. It would be sufficient to add the following command to the guideline to use it:
 
 
 
module_async yes
 
 
 
This feature is not supported on broker agents.
 
 
 
'' Watchdog of services ''
 
 
 
There is a watchdog mode for the services, so the agent is able to restart them if they stop. In this case, the restarted service doesn't require any parameter, because Windows already knows how to do it. In such cases, the configuration is a lot easier:
 
 
 
module_begin
 
module_name ServiceSched
 
module_type generic_proc
 
module_service Schedule
 
module_description Service Task scheduler
 
module_async yes
 
module_watchdog yes
 
module_end
 
 
 
===== module_proc <process> =====
 
 
 
Checks if an specific name of process is working in this machine. If the name of the process has blanks ''' no use «" " '''», please consider that the name of the process should have the .exe extension. The module is going to return the number of processes executed with this name. Same as in the other cases, it's important to know that the name of the process has to be exactly the same as the one shown by the Windows Task Manager, including blanks, capital letters / small letters; e.g. ''cmd.exe'' is not the same as ''CMD.exe'' (case sensitivity).
 
 
 
This is an example of the monitoring of the process 'cmd.exe':
 
 
 
module_begin
 
module_name CMDProcess
 
module_type generic_proc
 
module_proc cmd.exe
 
module_description Process Command line
 
module_end
 
 
 
'''UNIX'''
 
 
 
Under UNIX, this module works like 'module_service'. It doesn't support asynchronous and / or watchdog mode.
 
 
 
'' Asynchronous mode ''
 
 
 
In a similar way to the services, monitoring processes can be critical in some cases. The Windows agent supports ''asynchronous checking for the ''module_proc.'' module now. In this case, the agent '''immediately''' reports it if the process changes its state without waiting for the agent ''to execute'' the verification as it's configured in the agent interval again. In this way, you're able to get informed about the failure of critical processes almost in the moment they happen. This is an example of asynchronous monitoring of the processes:
 
 
 
module_begin
 
module_name Notepad
 
module_type generic_proc
 
module_proc notepad.exe
 
module_description Notepad
 
module_async yes
 
module_end
 
 
 
The difference is located in the configuration token 'module_async yes'. This feature is not supported on broker agents.
 
 
 
''Processes Watchdog ''
 
 
 
A Watchdog is a system which allows to act immediately if an agent is down, usually picking up the process which went down. The Pandora FMS Windows Agent could act as a watchdog when a process is down. This is called watchdog mode for the process.
 
 
 
 
 
Executing a process would require some parameters, so here are some additional configuration options for these kinds of modules. It is important to keep in mind that the ''watchdog'' mode only works if the module type is set to ''asynchronous''. This is an example of configuration of 'module_proc' with 'watchdog' enabled:
 
 
 
module_begin
 
module_name Notepad
 
module_type generic_proc
 
module_proc notepad.exe
 
module_description Notepad
 
module_async yes
 
module_watchdog yes
 
module_start_command c:\windows\notepad.exe
 
module_startdelay 3000
 
module_retrydelay 2000
 
module_retries 5
 
module_end
 
 
 
This is the definition of additional parameters for 'module_proc' with watchdog enabled:
 
 
 
* '''module_retries''': Number of consecutive attempts for the module will try to start the process before deactivating the watchdog. If the limit is reached, the watchdog device for this module will be deactivated. It's never going to try and start the process, even if it's recovered by the user (at least until the agent gets rebooted). There is no limit for the number of retries for the watchdog by default.
 
  
* '''module_startdelay''': Number of milliseconds the module is going to wait before starting the process for the first time. If the process takes lot of time at starting, it would be a good idea to order the agent to wait by using this parameter until it starts checking for if the process has been started or not. In this example, it has been set to wait for 3 seconds.
+
Port of the machine with logstash installed
  
* '''module_retrydelay''': Similar to the previous one but for subsequent falls / reattempts, after having detected a fall. When Pandora detects a fall, it relaunches the process, waits for the preset number of milliseconds and checks if the process is already up again.
+
===ha_interval===
  
It's important to keep in mind that Pandora FMS is executed as a service. If you want to utilize the watchdog functionality to execute processes which allow interaction with the desktop, you should check the box 'Interactive access with desktop' under the Pandora FMS service functionalities as shown in this snapshot:
+
Execution interval in seconds of Pandora FMS HA Database tool. It is commented by default, with the value 30.
  
<center>
+
===ha_monitoring_interval===
[[image:Service_interactive.png]]
 
</center>
 
  
It's also necessary to understand that Pandora FMS is executed under the count of "SYSTEM" if started as a service. The executed process is going to run with the user and environment of the one who started it, so if it wants to e.g. execute a specific process which requires the environment and rights of a specific user, one should include the previous processes for starting the environment (environment variables, etc.) and execute this script as a watchdog action in a script (.bat or similar).
+
Monitoring interval, set in seconds, of the Pandora FMS HA database tool. It is commented by default, with the value 60.
  
===== module_cpuproc <process> =====
+
===(>= 7.0) provisioningserver===
  
''(UNIX only)''
+
(Pandora FMS Metaconsole only)
  
Returns the CPU usage of a specific process.
+
'1' enables Pandora FMS Provisioning Server, '0' disables it.
  
module_begin
+
===(>= 7.0) provisioningserver_threads===
module_name myserver_cpu
 
module_type generic_data
 
module_cpuproc myserver
 
module_description Process Command line
 
module_end
 
  
===== module_memproc <process>  =====
+
(Pandora FMS Metaconsole only)
  
''(Unix only)''
+
Number of threads for Pandora FMS Provisioning Server.
  
Returns the memory used by a specific process.
+
===(>= 7.0) provisioning_cache_interval===
  
module_begin
+
(Pandora FMS Metaconsole only)
module_name myserver_mem
 
module_type generic_data
 
module_memproc myserver
 
module_description Process Command line
 
module_end
 
  
===== module_freedisk <unit_letter:>|<volume> =====
+
Provisioning Server cache refresh interval in seconds (500 by default). The cache contains all the configured Pandora FMS nodes.
  
This module works under UNIX and Windows. It checks for the free space in the disk unit (don't forget «":"» after the '''unit_letter''') or the UNIX volume e.g. '/var'.
+
=== (>= 7.0 743) ssh_launcher ===
  
===== module_freepercentdisk <unit_letter:>|<volume> =====
+
It indicates the absolute path to the script <b>ssh_launcher.sh</b> that executes remote execution modules. The default path of the script is:
  
This module returns the free disk percentage under a Windows unit: (don't forget the ":") or on a Unix system, the volume, like '/var'.
+
/usr/share/pandora_server/util/ssh_launcher.sh
  
<pre>
+
<br>
module_begin
 
module_name freepercentdisk
 
module_type generic_data
 
module_freepercentdisk C:
 
module_end
 
</pre>
 
  
module_begin
+
{{Tip|Only for <b>el6</b> in Linux systems.}}
module_name disk_var
 
module_type generic_data
 
module_freepercentdisk /var
 
module_end
 
  
===== module_occupiedpercentdisk <unit_letter:>|<volume> =====
+
=== (>= 7.0 743) rcmd_timeout ===
  
(Unix only)
+
In seconds, maximum time for the execution of remote execution modules. 10 by default.
  
This module returns the occupied disk percentage in a UNIX volume e.g. '/var'.
+
<br>
  
module_begin
+
{{Warning|This timeout only works to indicate the time that Pandora FMS server will wait to obtain data. The connections will be closed, but the termination of the execution of the command in the remote machine is not assured (this has to be controlled with the command itself).}}
module_name disk_var
 
module_type generic_data
 
module_occupiedpercentdisk /var
 
module_end
 
  
===== module_cpuusage <cpu id> =====
+
=== (>= 7.0 743) rcmd_timeout_bin ===
  
This works under UNIX and Windows. It returns the CPU usage in a CPU number. If there is only one CPU, please leave it blank or use 'all'. It's also possible to obtain the average use of all CPU in multiprocessor systems in this way:
+
It indicates the absolute path to the timeout executable for the remote execution modules. It only has effect with the use of Sólo tiene efecto con el uso de <b>ssh_launcher</b>, connections through <b>plink</b> from Windows to Linux and connections to Windows systems.
  
module_begin
+
*In Pandora FMS on <b>Windows</b> the default executable path is:
module_name SystemCPU
 
module_type generic_data
 
module_cpuusage all
 
module_description Average CPU use in systme
 
module_end
 
 
 
To check the CPU usage in CPU #1:
 
 
 
module_begin
 
module_name SystemCPU_1
 
module_type generic_data
 
module_cpuusage 1
 
module_description Average CPU use in system for CPU #1
 
module_end
 
 
 
===== module_freememory =====
 
 
 
Supported under Windows and UNIX. It returns the free memory of the whole system:
 
 
 
module_begin
 
module_name FreeMemory
 
module_type generic_data
 
module_freememory
 
module_description Non-used memory on system
 
module_end
 
 
 
===== module_freepercentmemory =====
 
 
 
Supported under UNIX and Windows. This module returns the free memory percentage on one system:
 
 
 
module_begin
 
module_name freepercentmemory
 
module_type generic_data
 
module_freepercentmemory
 
module_end
 
 
 
===== module_tcpcheck =====
 
 
 
(Windows only)
 
 
 
This module tries to connect with an IP and a specified port. It returns '1' if successful and '0' if not. It's also recommended to specify a timeout:
 
 
 
module_begin
 
module_name tcpcheck
 
module_type generic_proc
 
module_tcpcheck www.artica.es
 
module_port 80
 
module_timeout 5
 
module_end
 
 
 
===== module_regexp =====
 
 
 
(Windows only)
 
 
 
This module monitors a record file (log) looking for coincidences using regular expressions, ruling out the already existing lines when starting the monitoring. The data returned by the module depend on the module type:
 
 
 
* '''generic_data_string''', '''async_string''': Returns all the lines which fit the regular expression.
 
* '''generic_data''': Returns the number of lines which fit with the regular expression.
 
* '''generic_proc''': Returns '1' if there is a coincidence and '0' if not.
 
* '''module_noseekeof''': With this configuration token active, with a '0' default value in each module execution and independently from any modification of the target file, the module will restart its check process without searching for the file's EOF flag. It will always extract from the XML output all lines that correspond to our search patterns.
 
 
 
module_begin
 
module_name regexp
 
module_type generic_data_string
 
module_regexp C:\WINDOWS\my.log
 
module_pattern ^\[error\].*
 
module_noseekeof 1
 
module_end
 
 
 
To obtain more information about the syntax of regular expressions in general, please visit [http://www.regular-expressions.info/reference.html].
 
 
 
===== module_wmiquery =====
 
 
 
(Windows only)
 
 
 
The WMI modules allow to locally execute any WMI query without the use of an external tool. It's configured through two parameters:
 
 
 
* '''module_wmiquery''': Used WQL query. As a result, several lines could be obtained which will be placed as several data.
 
 
 
* '''module_wmicolumn''': Name of the column which is going to be used as a data source.
 
 
 
For example, we could obtain a list of the installed services:
 
 
 
module_begin
 
module_name Services
 
module_type generic_data_string
 
module_wmiquery Select Name from Win32_Service
 
module_wmicolumn Name
 
module_end
 
 
 
Or the current CPU load:
 
 
 
module_begin
 
module_name CPU_speed
 
module_type generic_data
 
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
 
module_wmicolumn LoadPercentage
 
module_end
 
 
 
===== module_perfcounter =====
 
 
 
(Win32 only)
 
 
 
Obtains data from the performance counter ([http://msdn.microsoft.com/en-us/library/aa373083(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/aa373083(v=vs.85).aspx Performance Counters (Documentación en ingles] Performance Counters Documentation) through the PDH interface (the library '' pdh.dll'' should be installed in the system. PDH.DLL is a Windows library. If you have not installed it yet, you have to install the Windows performance analysis tool (which is usually installed by default).
 
 
 
module_begin
 
module_name perfcounter
 
module_type generic_data
 
module_perfcounter \Memory\Pages/sec
 
module_end
 
 
 
The Windows performance monitor is a powerful tool which has hundreds of parameters that could be used for monitoring. Each manufacturer also adds their own monitors, so this is a powerful, versatile and easy to use tool to monitor the system parameters and also the devices which run on it.
 
 
 
The syntax of the perfcounter elements depends on the language. In a e.g. German version, Windows is going to have specific identification strings and in an English version, Windows will have other ones. This makes it difficult to use on systems with heterogeneous languages.
 
 
 
To explore the different values which could be used, you can use the the Windows tool "Performance" to see which strings of performance you're able to monitor.
 
 
 
You can see the Windows performance monitor on this snapshot:
 
 
 
<center>
 
[[image:Perfcounter_screen1.png|center|450px]]
 
</center>
 
 
 
On this snapshot you can see how the interface shows things if we want to add a new monitoring element.
 
 
 
We can view several parameters of the ''Procesador'' (in Spanish in the original version) which has different sub elements, of which we have selected ''% of processor time'' and in several sub elements here. We're interested in total ''_Total'' in this case.
 
 
 
<center>
 
[[image:Perfcounter_screen2.png]]
 
</center>
 
 
 
Surfing with the SO tool in this way, we could get different elements of the system performance. For this specific example, the module would be:
 
 
 
module_begin
 
module_name Processor_Time
 
module_type generic_data_inc
 
module_perfcounter \Procesador(_Total)\% de tiempo de procesador
 
module_end
 
 
 
By default the raw value of the counter is shown, to get the cooked value add the '''module_cooked 1''' parameter:
 
 
 
module_begin
 
module_name Disk_E/S_Seg
 
module_type generic_data
 
module_cooked 1
 
module_perfcounter \DiscoFísico(_Total)\E/S divididas por seg.
 
module_end
 
 
 
Most of the returned data that are counters, so you should use 'generic_data_inc' as data type. It's also able to return values in very high data scales
 
(several millions), so you could reduce these values using the module post process with values like '0.000001' or similar.
 
 
 
===== module_inventory =====
 
 
 
''It's implemented as an agent plugin under Linux / Unix''
 
 
 
Using predefined WMI consults and queries on the registry. This module obtains information about the different aspects of a machine ... from software to hardware.
 
 
 
The module can get different parameters to mark the kind of information it gets. Here is the parameter list and the kind of information that it gives:
 
 
 
* '''CPU''': Gets information about the system CPUs (processor name, watch frequency and description).
 
* '''CDROM''': Gets information about the CD-ROM (name, description and unity letter).
 
* '''Video''': Gets information about video cards (description, RAM and processor).
 
* '''HDs''': Gets information about the hard disks (model, size and name in the system).
 
* '''NICs''': Gets information about the network interface controllers(description, MAC address and IP address).
 
* '''Patches''': Gets information about the installed patches (identifier, description and comments).
 
* '''Software''': Gets information about MSI packages installed (name and version).
 
* '''RAM''': Gets information about RAM modules (tag, capacity and name).
 
* '''Services''': Gets information about the installed services. The short name shown in the first column is the name of the service that Pandora FMS probably uses to monitor services.
 
 
 
Additional Module Parameters:
 
 
 
* '''module_interval''': This module has an additional line to specify the interval ''in days'', where one can obtain the information for the module.
 
 
 
This is an example to use this module:
 
 
 
module_begin
 
module_name Inventory
 
module_interval 7
 
module_type generic_data_string
 
module_inventory RAM Patches Software Services
 
module_description Inventory
 
module_end
 
 
 
===== module_logevent =====
 
 
 
(Windows only)
 
 
 
This new module allows information to be obtained from the Windows event log file. It returns the elements which fit to a given pattern, also allowing to filter by source and event type. The module implemented in version 2.0 has been improved, using the Win32 native API now to have access to the events from the file, instead of using the WMI subsystem (much slower). This method is quicker and works on systems with many elements. The new implementation also allows much more field filtering compared to the previous version. The standard format of the module is the following:
 
 
 
module_begin
 
module_name MyEvent
 
module_type async_string
 
module_logevent
 
module_source <logName>
 
module_eventtype <event_type/level>
 
module_eventcode <event_id>
 
module_application <source>
 
module_pattern <text substring to match>
 
module_description
 
module_end
 
 
 
To avoid repeating what has already been shown, we only consider those events which occurred since the last time the agent was executed, as with other modules (e.g. 'regexp').
 
 
 
'module_logevent' accepts the following parameters (all of them case sensitive):
 
 
 
* '''module_source''': Event source (System, Application, Security). This field is compulsory.
 
* '''module_eventtype''': Event type (failure, information). This is an optional field.
 
* '''module_pattern''': Pattern to search (substring). It's an optional field.
 
* '''module_eventcode''': It's a numeric ID of the event, e.g. 5112. It's an optional field.
 
* '''module_application''': Application source of the event. Be careful not to confuse it with 'module_source' which shows the name, source or log file where the events are looked for.
 
 
 
For showing all events of an error type system we e.g. should define the following module:
 
 
 
module_begin
 
module_name log_events
 
module_type generic_data_string
 
module_description System errors
 
module_logevent
 
module_source System
 
module_eventtype error
 
module_end
 
 
 
To show all events which contain the word 'PandoraAgent':
 
 
 
module_begin
 
module_name log_events_pandora
 
module_type async_string
 
module_description PandoraAgent related events
 
module_logevent
 
module_source System
 
module_pattern PandoraAgent
 
module_end
 
 
 
Another example: Filtering the event showed on the snapshot:
 
 
 
<center>
 
[[Image:Event sample.png|center|450px]]
 
</center>
 
 
 
module_begin
 
module_name MyEvent
 
module_type async_string
 
module_source Application
 
module_eventtype Information
 
module_eventcode 6000
 
module_application Winlogon
 
module_pattern unavailable to handle
 
module_description
 
module_end
 
 
 
It's very important to understand that Pandora FMS '''is not a system to collect logs'''. This tool is intended to be used to select ''critical'' or ''important'' events for monitoring which collects all events without classifying them from a common source (as the 'system' could be one). Doing so will only cause problems in a way that e.g. the database can collapse and the system will work very badly. It's extremely important to understand that the event collection which comes with Pandora should always be used with taking this into account and not to abuse Pandora FMS as a generic event collector.
 
 
 
===== module_plugin =====
 
 
 
A parameter to define the data which is obtained at the exit of a plugin agent. It's a special case of a module which builds all its XML on its own. It also doesn't require any other delimiter like 'module_begin', 'module_type', etc. It requires this format:
 
 
 
module_plugin plugin_filename parámetro_1 parámetro_2 parámetro_3
 
 
 
In order to configure additional parameters for the plugin, please use the standard syntax:
 
 
 
module_begin
 
module_plugin plugin_filename parameter_1 parameter_2 parameter_3
 
module_interval 2
 
module_condition (0, 1) script.sh
 
module_end
 
 
 
Each plugin has its own syntax. We are going to describe the regular expressions plugin which comes with the agent by default.
 
 
 
module_plugin grep_log /var/log/syslog Syslog ssh
 
 
 
In this example, the name of the plugin is 'grep_log'. It's going to search for the regular expression 'ssh' in the file '/var/log/syslog' which will be kept in a module called 'Syslog'.
 
 
 
Another example intended to be solely used on Windows-based systems (and only on versions 3.1 or later):
 
 
 
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent.vbs"
 
 
 
''' File collection and plugins '''
 
 
 
When you use file collections, you need to know where the file collection stores the files. File collections use a "handle" or short name which is generated when you first create the collection. It has to have a name similar to "fc_2". Here are some examples of 'module_plugin' usage using file collections:
 
 
 
UNIX:
 
 
 
module_plugin /etc/pandora/collections/fc_1/always_1.sh
 
 
 
Windows:
 
 
 
module_plugin cscript //B "%ProgramFiles%\pandora_agent\collections\fc_2\df_percent.vbs"
 
 
 
It's very important to know the plugin execution output could return more than one module, because it returns a full XML structure. This is e.g. the plugin output of the '/util/df.vbs' plugin in windows:
 
 
 
<module>
 
    <name><![CDATA[C:]]></name>
 
    <description><![CDATA[Drive C: free space in MB]]></description>
 
    <data><![CDATA[2361]]></data>
 
</module>
 
<module>
 
    <name><![CDATA[D:]]></name>
 
    <description><![CDATA[Drive D: free space in MB]]></description>
 
    <data><![CDATA[32020]]></data>
 
</module>
 
<module>
 
    <name><![CDATA[Z:]]></name>
 
    <description><![CDATA[Drive Z: free space in MB]]></description>
 
    <data><![CDATA[10168]]></data>
 
</module>
 
 
 
===== module_ping <host> =====
 
 
 
(Only for Windows versions 4.0.1 or newer)
 
 
 
This module pings the preset host and returns '1' if it's up and '0' if not. It's a wrapper for ''ping.exe''.
 
 
 
Is supports the following configuration parameters:
 
 
 
* '''module_ping_count x''': Number of 'ECHO_REQUEST' packets to be sent ('1' by default).
 
* '''module_ping_timeout x''': Timeout in milliseconds to wait for each reply ('1000' by default).
 
* '''module_advanced_options''': Advanced options for ''ping.exe''.
 
 
 
Example:
 
 
 
module_begin
 
module_name Ping
 
module_type generic_proc
 
module_ping 192.168.1.1
 
module_ping_count 2
 
module_ping_timeout 500
 
module_end
 
 
 
===== module_snmpget =====
 
 
 
(From version 4.0.1 onwards, Windows only)
 
 
 
This module performs an SNMP get query and returns the requested value. It's a wrapper for ''snmpget.exe''.
 
 
 
It supports the following configuration parameters:
 
 
 
* '''module_snmpversion [1,2c,3]''': SNMP version (1 by default).
 
* '''module_snmp_community <community>''': SNMP community (''public'' by default).
 
* '''module_snmp_agent <host>''': Target SNMP agent.
 
* '''module_snmp_oid <oid>''': Target OID.
 
* '''module_advanced_options''': Advanced options for ''snmpget.exe''.
 
 
 
Example:
 
 
 
module_begin
 
module_name SNMP get
 
module_type generic_data
 
module_snmpget
 
module_snmpversion 1
 
module_snmp_community public
 
module_snmp_agent 192.168.1.1
 
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.148
 
module_end
 
 
 
=== Examples ===
 
 
 
Example of a Windows module, checking if 'EventLog' works. Example:
 
 
   
 
   
<pre>
+
C:\PandoraFMS\Pandora_Server\bin\pandora_exec.exe
module_begin
 
module_name ServicioReg
 
module_type generic_proc
 
module_service Eventlog
 
module_description Eventlog service availability
 
module_end
 
</pre>
 
  
An example for a UNIX module would be:
+
*In Pandora FMS on <b>Linux</b> the default executable path is:  
  
<pre>
+
/usr/bin/timeout
module_begin
 
module_name cpu_user
 
module_type generic_data
 
module_exec vmstat | tail -1 | awk '{ print $14 }'
 
module_min 0
 
module_max 100
 
module_description User CPU
 
module_end
 
Tipos de agentes software
 
</pre>
 
  
=== Specific Configuration by Technologies ===
+
== Environment variables ==
  
With Pandora FMS it's possible to monitor any system. This could either be done with an installed Software agent on the system, which collects data straight from the system to be monitored, or by using a 'Satellite Agent' which consists of an agent which is executed in a server and monitors some parameters of systems which have adjacents through SNMP or user-defined commands.
+
Pandora FMS' server supports more options than what the configuration file offers. In some particular cases, environmental variables are necessary because the configuration is done on the machine itself. To do this, the server startup script loads the variables of a file in ''bash'' format which is ''/etc/pandora/pandora/pandora_server.env'' by default.
  
The software agents could be Windows or UNIX agents. The agents could be installed using any of the agents described in the following lines. To use a satellite agent, it's enough to install a software agent and define the configured modules to collect data from an external system through, e.g. the ''snmpget'' tool or ''ping''.
+
The variables that can be configured are the following:
  
==== UNIX / Linux Agents ====
+
===PANDORA_RB_PRODUCT_NAME===
  
UNIX has several command line tools that allow data to be received through commands. The Unix agents are based in this premise. There are two kinds of UNIX agents:
+
This variable is required to customize the product name displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.
  
* ShellScript: With a defined shellscript for each kind of SO based on bash, ksh or csh. In the classical UNIX Systems (Solaris, AIX, HPUX), all functionalities are not implemented yet - but under Linux or MAC they are.
+
===PANDORA_RB_COPYRIGHT_NOTICE===
  
* Perl: There is a unique multi-platform agent based on Perl 5.8 that works alike in all Unix systems. You're required to have a Perl 5.8 system or higher installed for proper functioning.
+
This variable is required to customize the author of the product displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.
  
The shellscript agents have been designed to work in even the oldest UNIX versions: HPUX11.0, AIX 4.1, Solaris 6 ... They work, but are feature limited e.g. not having the Tentacle client and having to use the FTP or SSH system to upload the monitoring data to its server.
+
===Example of an environment variable file===
  
===== Pandora FMS UNIX Agents Configuration =====
+
#!/bin/bash
 +
PANDORA_RB_PRODUCT_NAME="Custom product"
 +
PANDORA_RB_COPYRIGHT_NOTICE="Custom copyright"
  
There is hardly any difference between AIX, Solaris and GNU / Linux. We are going to describe some of their most important parameters and paths.
+
== SNMPTRAPD configuration ==
  
After starting the installer, the agents main directory or 'home' directory is '/usr/share/pandora_agent/' where the Pandora FMS agent is installed. In the system where this isn't possible for reasons of e.g. a strict system policy, we recommend creating a link to this path from the real installation path, e.g. '/opt/pandora' -> '/usr/share/pandora_agent'.
+
The SNMP Console of Pandora FMS uses snmptrapd to receive SNMP traps. Snmptrapd is a standard tool, present on almost all UNIX systems, to receive traps and write a logfile. Pandora FMS configures snmptrapd to write a custom logfile and reads it every x seconds, executing alerts if defined.
  
The other important folders are:
+
Previously, snmptrapd accepted traps by default, without explicitly configuring anything. From version 5.3 onwards, the configuration for access control is more restrictive and it does not allow to receive traps from anyone by default.
  
* ''/var/spool/pandora/data_out'': Folder where the collected data from the agents is kept.
+
If snmptrapd runs without a custom configuration, traps are not received and Pandora FMS cannot show them in the console, because the system rejects them.
  
* ''/etc/pandora/pandora_agent.conf'': Main agent configuration folder. The definition of where the data is collected is defined by the used command.
+
You are probably required to configure your snmptrapd using the file ''/etc/snmp/snmptrapd.conf''. If it does not exist, please check ''/var/log/pandora/pandora_snmp.log'' file for warnings or errors.
  
* ''/usr/local/bin/pandora_agent'': The current Pandora FMS agent. This file is a shellscript which collects the configuration data in the 'pandora_agent.conf' files and sends the data packages to the Pandora Server. It usually has a link to '/usr/bin/pandora_agent'.
+
A basic snmptrapd.conf could be something similar to this:
  
* ''/usr/local/bin/tentacle_client'': The agent which adds the Tentacle client for being able to send the data files to the server. This is a client written in Perl 5.8. It usually has a link to '/usr/bin/tentacle_client'.
+
authCommunity log public
  
* ''/etc/init.d/pandora_agent_daemon'': Script for starting and stopping. This daemon calls up 'pandora_agent' and gives two options (start / stop). On the AIX systems, the daemon's name is '''/etc/rc.pandora_agent_daemon'''.
+
If does not work on your Linux distribution, please check your version syntax to enable trap reception in your snmptrapd daemon with the command:
  
* ''/var/log/pandora/pandora_agent.log'': Text file where the activity of the Pandora FMS agent is kept if the agent is executed in depuration mode.
+
man snmptrapd.conf
  
* ''/etc/pandora/plugins'': Directory which keeps the agent's plugins. It's a link to ''/usr/share/pandora_agent/plugins''.
+
== Tentacle Configuration ==
  
===== Initial Execution of a UNIX Agent =====
+
By default, Pandora FMS software agents send data packages to the server through Tentacle protocol (Port 41121/TCP assigned by IANA [http://www.iana.org/assignments/port-numbers]). The agent could also be reconfigured to send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. If you want them to send data packages using Tentacle protocol, configure a Tentacle server where this data is intended to be received. When a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.
  
When you start the Pandora FMS agent, this should copy the data file to the Pandora FMS server through the dispatch system which is specified in the configuration file of ''/etc/pandora/pandora_agent.conf''. It's recommended to configure the dispatch system (Tentacle, SSH, FTP) before that.
+
If it is necessary to adjust some parameters of Tentacle server configuration, it can be done by modifying the script that launches the Tentacle Server daemon directly, which is at:
  
To start the agent, execute:
+
/etc/init.d/tentacle_serverd
  
/etc/init.d/pandora_agent_daemon start
+
Furthermore, there is a list of the different options for Tentacle Server configuration:
  
For IPSO systems the agent will be launched with a priority of '-10', so it turns into the process with the lowest priority in the system CPU. It will be executed when other processes with a higher priority are waiting in the CPU system queue. The IPSO agent has a special parameter (''harmless_mode '') for a special management of the CPU process on systems ''Checkpoint/NOKIA''. This is a very special case.
+
'''PANDORA_SERVER_PATH'''
  
In BSD systems the highest priority is '+20' and the lowest '-20'.
+
The path to the entry directory of data. The default path is ''/var/spool/pandora/data_in''
  
To stop the agent, just execute:
+
'''TENTACLE_DAEMON'''
  
/etc/init.d/pandora_agent_daemon stop
+
The Tentacle daemon. The default command is 'tentacle_server'.
  
===== Advanced Configuration for the UNIX Agent =====
+
'''TENTACLE_PATH'''
  
The real power of Pandora FMS is on the agent's capacity to start processing the user defined scripts. This could be used to collect specific data or to make an operation which returns any desired value, because it's the aim of the agent plugin structure. For more information, please check the Annex on creating Agent Plugins.
+
The path to the Tentacle binary. The default path is '/usr/bin'.
  
===== Examples of Implementation for UNIX Agents =====
+
'''TENTACLE_USER'''
  
Example #1: Calculate the number of displays on the Apache Web server main page (it could degrade the running of huge records):
+
User from which the Tentacle daemon will be launched. The default value is ''pandora''.
  
module_begin
+
'''TENTACLE_ADDR'''
module_name WEB_Hits
 
module_type generic_data_inc
 
module_exec cat /var/log/apache/access.log | grep "index" | wc -l
 
module_end
 
  
Example #2: Checks if the process of the (named) DNS is working or not:
+
Direction to listen to data packages. If you set 0.0.0.0., it listens to all of them. The default value is to listen in all directions. This is true when its IP is 0.0.0.0.
  
module_begin
+
'''TENTACLE_PORT'''
module_name DNS_Daemon
 
module_type generic_proc
 
module_exec ps -Af | grep named | grep -v "grep" | wc -l
 
module_end
 
  
===== Altering the way UNIX Agents obtain system information =====
+
The listening port for package reception. It is 41121 (official port assigned by IANA) by default.
  
This is valid for UNIX Perl agents only (version 3.2 or higher).
+
'''TENTACLE_EXT_OPTS'''
  
There are some modules which work like "blackboxes". They are performing operations the user doesn't have to know about. These modules are:
+
Additional options for executing the Tentacle server. You can set up Tentacle to use authentication with certs (x509) and/or symmetric password in both sides here.
  
* module_procmem
+
'''MAX_CONECTIONS'''
* module_freedisk
 
* module_freepercentdisk
 
* module_cpuproc
 
* module_proc
 
* module_procmem
 
* module_cpuusage
 
* module_freememory
 
* module_freepercentmemory
 
  
Modules like e.g. 'module_cpuusage' return a percentage of the current system CPU usage, but the user doesn't need to use a command. On windows and on UNIX systems, Pandora 'already knows' what to do.
+
Maximum number of simultaneous connections. The default value is ''10''.
  
Pandora UNIX Agents have predefined commands to do that. The below mentioned commands are executed in different ways depending on the OS:
+
'''MAX_SIZE'''
  
linux => 'vmstat 1 2 | tail -1 | awk \'{ print $13 }\'',
+
Maximum file size allowed by the server in bytes. The default value is ''2000000''.
solaris => 'vmstat 1 2 | tail -1 | awk \'{ print $21 }\'',
 
hpux => 'vmstat 1 2 | tail -1 | awk \'{ print $16 }\''
 
  
It could happen that your system is slightly different from the tested system and the command is not valid. You're able to use your own command with a simple 'module_exec' or redefine internal pandora commands to do that. You need to edit some lines of Pandora FMS Unix Agent code for that, but don't worry - it's Perl code and it's very basic editing.
+
== Tentacle secure configuration ==
  
The Pandora agent is usually located in '/usr/bin/pandora_agent'. Please edit with vi or nano (they are common text editors for the console), and search for "Commands to retrieve" text. You should see something like this:
+
Both the server and the agents can use a secure configuration with SSL and/or password using Tentacle. The communication can be established tentacle_client -> tentacle_server, or tentacle_client -> tentacle_proxy -> tentacle_server.
  
# Commands to retrieve total memory information in kB
+
{{Warning|To use tentacle secure improvements, please, verify package perl(IO::Socket::SSL) is available in your system.}}
use constant TOTALMEMORY_CMDS => {
 
linux => 'cat /proc/meminfo  | grep MemTotal: | awk \'{ print $2 }\'',
 
solaris => 'MEM=`prtconf | grep Memory | awk \'{print $3}\'` bash -c \'echo $(( 1024 * $MEM ))\'',
 
hpux => 'swapinfo -t | grep memory | awk \'{print $2}\''
 
};
 
  
This is the piece of code which defines how pandora gets information from the system to get the total memory. AIX is not defined because we don't have the information on how to get this information in an AIX system yet.
 
  
# Commands to retrieve partition information in kB
+
The most common actions are:
use constant PART_CMDS => {
 
# total, available, mount point
 
linux => 'df -P | awk \'NR > 1 {print $2, $4, $6}\'',
 
solaris => 'df -k | awk \'NR > 1 {print $2, $4, $6}\'',
 
hpux => 'df -P | awk \'NR > 1 {print $2, $4, $6}\'',
 
aix => 'df -kP | awk \'NR > 1 {print $2, $4, $6}\''
 
};
 
  
These are the commands to get disk information in KB (total, free and mount point). To change any of the predefined values to get the information, just edit the command but be careful with it:
+
'''Simple file transfer with password authentication:'''
  
# Check that lines end with ";"
+
Extra parameters in the tentacle server setup
# Check that commands are between ' ' symbols.
 
# Check that any ' symbol you use ends on the \ symbol, e.g.:
 
  
  df -P | awk 'NR > 1 {print $2, $4, $6}'
+
  -x password
  
Will be
+
Extra parameters in the client side (TENTACLE_EXT_OPTS)
  
df -P | awk \'NR > 1 {print $2, $4, $6}\'
+
  -x password
  
It's the same used above, so see how it's written in the code.
+
'''Secure file transfer without client certificate:'''
  
==== Pandora FMS Windows Agents ====
+
Extra parameters in the tentacle server setup
  
===== Check Windows agent is working =====
+
  -e cert.pem -k key.pem
  
The exit of the Pandora FMS Windows agent can be checked in the file ''C:\archivos de programa\pandora_agent\pandora_agent.log''. It's a plain text file that contains information about the agent's execution flow.
+
'''Secure file transfer with client certificate:'''
  
To check if Tentacle or SSH are working well, you can use the command ''tentacle_client'' or the parameter '--test-ssh' on the binary. The first command will return an error, because neither the address nor the file to send is specified, but it checks if the Tentacle client ''tentacle-client'' is in the system. The second one will force Pandora FMS to connect using SSH internally and copy a file called ''ssh.test''. Remember that you're required to configure SSH properly, to generate the required keys and to import them onto the server if you want to use it.
+
Extra parameters in the tentacle server setup
  
===== Checking of Pandora FMS Agent service =====
+
  -e cert.pem -k key.pem -f cacert.pem
  
The Pandora FMS 3.0 version has been carefully checked and "debugged" in order to avoid all kinds of memory ''leaks'', ''handles'' of processes, files or TCP/IP ports. It's very stable and has been tested on all Windows platforms where it has to operate. Nevertheless, it could happen that the service crashes a few times on some systems. We have tried to give some solutions to those users which require a restarted system or a supplementary control of the agent for it.
+
Extra parameters in the client side (TENTACLE_EXT_OPTS)
  
There are two ways of having more control over the agent. The first one is to force the restart of the agent every X days through the Windows internal programmer for tasks through the AT command.
+
  -e cert.pem -k key.pem
  
''' Restart with AT '''
+
'''Secure file transfer with client certificate and additional password authentication:'''
  
'' In English ''
+
Extra parameters in the Tentacle Server setup
  
To schedule a restart on Mondays and Fridays:
+
  -x password -e cert.pem -k key.pem -f cacert.pem
  
at 00:00 /every:Monday,Friday "c:\program files\pandora_agent\scripts\restart_pandora_agent.bat"
+
Extra parameters on the client side (TENTACLE_EXT_OPTS)
  
'' In Spanish ''
+
  -x password -e cert.pem -k key.pem
  
For example, to schedule an every day restart:
 
  
at 00:00 /every:L,M,Mi,J,V,S,D "c:\archivos de programa\pandora_agent\scripts\restart_pandora_agent.bat"
+
=== Secure configuration, practical case ===
  
To see a list of the scheduled tasks, just execute the following command in the command line:
+
Here we will explain how to configure the agents and the Tentacle server for a secure connection, using Tentacle proxy as well.
  
at
+
Firstly, it is recommended to carry out the previous testing manually from the shell terminal to make sure that the configuration, parameters and certificates are correct.
  
This will give you the scheduled tasks.
+
'''Manual testing:'''
  
''' Automatic control of the service in case of crashes'''
+
1. Start tentacle_server manually:
 +
  sudo -u ''user'' tentacle_server -x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem -s /tmp -v
  
Windows provides an additional way of controlled restart of the service if this crashes for any reason. This allows you to tell the Windows service to restart automatically in case of a crash. You have to go to the Windows services dashboard and to the Pandora FMS agent and click on 'Properties' for it. On the 'Recovery' slide, you're required to change the default values into this:
+
2. Start proxy manually (only if a Tentacle proxy will be used, if not, skip this step):
 +
  sudo -u ''user'' tentacle_server -b ''ip_server'' -g 41124
  
<center>
+
3. Launch tentacle_client manually:
[[image:Service_control_restart.png]]
+
  sudo -u ''user'' tentacle_client -a ''ip_proxy/ip_server'' -x password -e tentaclecert.pem -k tentaclekey.pem -v /bin/ls (or any file)
</center>
 
  
This causes an automatic restart if the service crashes - but only once a day. If it happens to crash more than once a day, it won't get restarted again. The reason for this configuration is avoidance of a possible system overload due to a forced execution that downs too much of the other services, which is caused by a problem within the system. Pandora FMS should never be down. In any case, you can adjust these parameters if a Pandora FMS service crash should be controlled by the system and to make sure that you'll always have the agent running this way.
 
  
===== Configuration of Pandora FMS Windows Agent =====
+
{{Warning|It is necessary to '''ALWAYS''' specify the absolute path where the certificates are stored, for example ''/home/tentaclecert.pem''}}
  
The whole installation is done through the file ''pandora_agent.conf''. This file is a list of pairs of keys and values which have been described before. Here is an example of this file:
+
Once you check that the file has been successfully sent, you can proceed to permanently configure tentacle_server and the clients.
  
 +
To configure tentacle_server with the secure certificate options, edit the starting script of the '''tentacle_serverd''' service, commonly on ''/etc/init.d/tentacle_serverd'', the same for the intermediate proxy.
 +
To configure the agents to use the secure tentacle communication, edit the configuration files of the '''pandora_agent.conf''' agent, commonly on ''/etc/pandora/pandora_agent.conf''.
  
<pre>
+
'''Permanent configuration:'''
# General Parameters
 
# ==================
 
 
server_ip mypandoraserver.host.com
 
server_path /var/spool/pandora/data_in
 
temporal "c:\windows\temp"
 
interval 300
 
agent_name myagent_name
 
 
# Module Definition
 
# =================
 
 
# Counting OpenedConnections (please check language string)
 
module_begin
 
module_name OpenNetConnections
 
module_type generic_data
 
module_exec netstat -na | grep ESTAB | wc -l | tr -d " "
 
module_description Conexiones abiertas (interval 2)
 
module_interval 2
 
module_end
 
 
# Is Eventlog service running ?
 
module_begin
 
module_name ServicioReg
 
module_type generic_proc
 
module_service Eventlog
 
module_description Servicio Registro de sucesos
 
module_end
 
 
# Is lsass.exe process alive ?
 
module_begin
 
module_name Proc_lsass
 
module_type generic_proc
 
module_proc lsass.exe
 
module_description LSASS.exe process.
 
module_end
 
 
# Received packets.
 
# Please notice that "Paquetes recibidos" string must be replaced by
 
# the correct string in your Windows system language.
 
module_begin
 
module_name ReceivedPackets
 
module_type generic_data
 
module_exec netstat -s | grep  "Paquetes recibidos  " |  tr -d " " | cut -f 2 -d "=" | tr -d "\n"
 
module_description Conexiones abiertas (interval 2)
 
module_end
 
 
# Free space on disk
 
module_begin
 
module_name FreeDiskC
 
module_type generic_data
 
module_freepercentdisk C:
 
module_description Free space on drive C:
 
module_end
 
  
module_begin
+
1. Start the server with SSL. Modify the ''/etc/init.d/tentacle_serverd'' script. Search the line TENTACLE_EXT_OPTS, and add "-x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem". It should look like this:
module_name FreeMemory
+
  TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"
module_type generic_data
 
module_freepercentmemory
 
module_description Amount of free memory.
 
module_end
 
</pre>
 
  
===== Extending the agents functionality with VBS code =====
+
2. Start the proxy. Modify the ''/etc/init.d/tentacle_serverd'' script on the system that will act as a proxy. Same as in the previous step, search for the line TENTACLE_EXT_OPTS, and add "-b ''ip_server'' -g 41121". Like this:
 +
  TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -b 192.168.70.208 -g 41121"
  
Starting with the 3.1 version, Windows agents started to have plugins like the Unix agents, but don't forget they also have the possibility of executing the external scripts, based on VBScript as simple modules. Take a look at the VBS code which obtains the CPU total use of a system:
+
3. Launch the agent with the related options. Modify the pandora_agent.conf file, search the token server_opts and add "-x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem". Do not forget to set the token ''server_ip'' with the ip of the proxy instead of the main server if you use it. It should look like this:
 +
  server_opts -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem
  
strComputer = "."
 
Set objWMIService = GetObject("winmgmts:" _
 
    & "{impersonationLevel=impersonate}!\\" _
 
    & strComputer & "\root\cimv2")
 
 
    Set object1 = objWMIService.Get( _
 
    "Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
 
    N1 = object1.PercentProcessorTime
 
    D1 = object1.TimeStamp_Sys100NS
 
    Wscript.Sleep(1000)
 
    set object2 = objWMIService.Get( _
 
    "Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
 
    N2 = object2.PercentProcessorTime
 
    D2 = object2.TimeStamp_Sys100NS
 
 
    ' CounterType - PERF_100NSEC_TIMER_INV
 
    ' Formula - (1- ((N2 - N1) / (D2 - D1))) x 100
 
    PercentProcessorTime = (1 - ((N2 - N1)/(D2-D1)))*100
 
 
    Wscript.Echo PercentProcessorTime
 
  
We keep it in a file called "CPUTotal.vbs" which is located at ''c:\program files\pandora_agent\util''.
+
{{Tip|If you do not want to use any of these options, like for example the password, just do not set it on the configuration.}}
  
Now we're going to create the new module type of 'module_exec' with this content:
+
== Tentacle data compression (>=7.0SP725) ==
  
cscript.exe /NoLogo c:\program_filespandora_agent\util\CPUTotal.vbs
+
On-the-wire data compression can be enabled from the Tentacle client with the ''-z'' command line option, decreasing the size of transferred data at the expense of CPU load.
  
We already have a new module that returns the CPU total use, obtained through the external script in VB. There are plenty of things that can be obtained through VBScript. Microsoft has an excellent online documentation about VBS that you can check in MSDN:
+
=== Pandora FMS Agent ===
[http://msdn.microsoft.com/en-us/library/aa394582(VS.85).aspx].
 
  
===== Running the Pandora FMS Agent under a different user than SYSTEM =====
+
Edit the ''/etc/pandora/pandora_agent.conf'' file and add ''-z'' to ''server_opts''. E.g.:
  
You can setup the Windows agent to run under a different user. You're required to configure the startup service with a different user and provide this user with special privileges to do that. That user is required to be included in the 'Administrators' group.
+
server_opts -z
  
In the WMI console, all users from the group 'Administrators' have ALL permissions enabled.
+
=== Satellite server ===
  
This is an example of a user and it's WMI settings for the ROOT environment. Branches will inherit the root permissions by default:
+
Edit the ''/etc/pandora/satellite_server.conf'' file and add ''-z'' to ''server_opts''. E.g.:
  
<center>
+
server_opts -z
[[image:Service_image001.png]]
 
</center>
 
  
<center>
+
==Pandora Web Robot Daemon (PWRD)==
[[image:Service_image002.png]]
 
</center>
 
  
You can look up some Microsoft links related to this issue on : [http://support.microsoft.com/kb/325353/en] [http://msdn.microsoft.com/en-us/library/ms188690.aspx]
+
Pandora Web Robot Daemon is a service from Enterprise version that provides the necessary tools to automate web browsing sessions. It is part of the WUX feature. It is available in the [https://library.pandorafms.com module library].
  
==== Auto-upgrading Software Agents ====
+
It contains:
 +
* Firefox browser binary version 46
 +
* Pre-built profile for recording and running web browsing sessions
 +
* Session Automation Server
 +
* Web browsing session recorder (. xpi)
  
Pandora FMS 3.2 has a new feature called "File collection". File collections are described in a few chapters below, they are a 'centralized file distribution system' to copy files (binary, scripts and data) from the console to the agents running the Pandora FMS software agent.
+
For more information related to PWRD, please follow this [[Pandora:Documentation_en:User_Monitorization|link.]]
  
We can provide a way to 'auto-upgrade' the software agents using that mechanism and a very special tool. It works in the following way:
+
= WEB Console =
  
1. Agents receive new binaries e.g. in the file collection's incoming directory:
+
Pandora FMS web console has a configuration file which is created and configured automatically while it is being installed. Its location is: /consolepath/include/config. php.  
 +
For example in CentOS systems:  
  
  c:\program files\pandora_agent\collections\fc_1\pandoraAgent.exe
+
  /var/www/html/pandora_console/include/config.php
  
2. The agent utilizes a special module to execute the pandora_update tool. This tool receives a single parameter, the FileCollection handle (or short name). In this scenario, it's ''fc_1''. It checks for a file called 'pandoraagent.exe' (or 'pandora_agent' under UNIX), looks at the size and contents of both files (by using a HASH), the running 'pandora_agent' and the binary provided in the file collection. If they are different, 'pandora_update' stops the agent, replaces the binary and restarts the agent again, using the new binary.
+
== Configuration File config.php ==
  
3. Furthermore, 'Pandora_update' writes the update event to a small log to be able to recover the next execution and warns the user about the agent's updating process by means of an 'async_string' module.
+
The configuration options in the file are included in the header, and these are:
  
This means that the used modules could be configured to have a high interval to perform the update process.
+
'''$config["dbtype"]'''
  
'''UNIX Standard Installation'''
+
Type of database used. It is MySQL by default.
  
module_begin
+
'''$config["dbname"]'''
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec nohup /etc/pandora/plugins/pandora_update fc_1 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
  
'''UNIX Custon Installation'''
+
Database name to connect to. The default value is 'pandora'.
  
module_begin
+
'''$config["dbuser"]'''
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec nohup /var/opt/PandoraFMS/etc/pandora/plugins/pandora_update fc_1 /var/opt/PandoraFMS 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
  
NOTE: The second parameter of the 'pandora_update' command is the installation path of Pandora FMS. This parameter is only required if Pandora FMS is installed in a path different from the default path.
+
Username for the connection to Pandora FMS database. The default value is 'pandora'.
  
'''Windows'''
+
'''$config["dbpass"]'''
 +
Password for the connection to Pandora FMS database.
  
module_begin
+
'''$config["dbhost"]'''
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec pandora_update.exe fc_1
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
  
NOTE: If it has the agent in a non "standard" path under UNIX, you're required to modify some of the 'pandora_update' utility values, specifically the following lines:
+
IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as the server, which is 'localhost'.
  
 +
'''$config["homedir"]'''
  
# Setup your particular paths / process settings here
+
Directory where the Pandora FMS web console is located. This is usually '/var/www/pandora_console' or '/srv/www/htdocs/pandora_console'.
# [SETUP BEGIN] 12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)
 
# Location of binaries
 
 
 
# UNIX
 
my $running_binary = "/usr/bin/pandora_agent";
 
my $updated_binary = "/etc/pandora/collections/$fc_path/pandora_agent";
 
 
# UNIX style
 
 
my $start_pandora = "/etc/init.d/pandora_agent_daemon start";
 
my $stop_pandora = "/etc/init.d/pandora_agent_daemon stop";
 
  
Please change the paths to the ones which fit with your system manually.
+
'''$config["homeurl"]'''
  
==== Process to Auto Upgrade Agents from versions previous to 3.2  ====
+
Base directory for Pandora FMS. This is usually '/pandora_console'.
  
The first thing is to get the executables from the Pandora FMS agent and the 'pandora_update' tool ('pandoraAgent.exe' and 'pandora_update.exe' under Windows and 'pandora_agent' and 'pandora_update' under UNIX).
+
'''$config["public_url"]'''
 
 
Many of the steps that we are giving here means the following things:
 
 
 
1. You have a way to copy files to the systems which you want to update. This is a feature which the Pandora FMS 3.2 version provides (File Collection) but just now, you want to migrate to the 3.2 version, because this feature is missing there. It's assumed that you have alternative mechanisms.
 
 
 
2. The agent's configuration and remote management is activated and working. This will be useful. It's recommended to create several directories and configure a new module in your Pandora FMS agent configuration.
 
 
 
'''Windows Platforms'''
 
 
 
We should copy 'pandora_update' to one directory of the system path or to the directory '/util' of our Pandora (in Windows).
 
 
 
Supposing that we have Pandora FMS installed in:
 
 
 
C:\Archivos de programa\pandora_agent
 
 
 
We have to copy 'pandora_update.exe' in the directory:
 
 
 
C:\Archivos de programa\pandora_agent\util
 
  
Then we create two directories:
+
The full URL is set with the string value, the value is the URL inside Pandora FMS Server if you use an inverse proxy e.g. 'mod_proxy' from Apache.
  
  C:\Archivos de programa\pandora_agent\collections
+
=== Redirection to '/pandora_console' from / ===
C:\Archivos de programa\pandora_agent\collections\fc_1
 
  
And after this, we should copy the new agent's binary to the last directory which we have created:
+
If you only have one Pandora FMS in your Apache server, then it is possible that you could benefit by automatically redirecting '/pandora_console' when users connect with the URL of their server. To do this, create the following file ''index.html'' and put it in the web server root directory ('/var/www' or '/srv/www/htdocs'):
 
 
C:\Archivos de programa\pandora_agent\collections\fc_1\PandoraAgent.exe
 
 
 
We create one module in the agent as the one that follows:
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec pandora_update.exe fc_1
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
This special module that uses the 'pandora_update' executable, executes a special tool ('pandora_update') which compares the current executable with the one that already exists in the directory '/collections/xxxx', where 'xxxx' is a parameter that is passed on to the module. This location is the one specified with the file collections. After using the 3.2 version, the distribution of the new *.exe of the agents will be done through file collections and this identifier will be necessary to 'locate' in which file collection our executable is located.
 
 
 
'''UNIX Platforms'''
 
 
 
Similar to the Windows platforms, we have to copy the executable of the UNIX agent and the 'pandora_update' feature. If it has a non-standard installation and possesses customized paths, you should have to pay lot of attention to the previous paragraph where it's described which files should be modified.
 
 
 
You have to copy ''pandora_update'' into your agent's plugins / folder:
 
 
 
/etc/pandora/plugins/pandora_update
 
 
 
Now create directory 'collection/fc_1' in the base directory of your '/etc/pandora':
 
 
 
/etc/pandora/collections/
 
/etc/pandora/collections/fc_1
 
 
 
The call to 'pandora_update' will be done on its system paths to the plugins. In this case, the default path is '/etc/pandora/plugins/pandora_update'.
 
 
 
The module for the UNIX case will be the following:
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec nohup /etc/pandora/plugins/pandora_update fc_1 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
'''NOTE''': It's recommended to check if both 'pandora_update' and 'pandora_agent' have suitable permissions and owners, executing permissions and the same user which owns the 'pandora_agent' executable.
 
 
 
=== Pandora FMS Drone Agents ===
 
 
 
==== What is a Drone Agent ? ====
 
 
 
The Pandora FMS Drone Agent is a running mode of Pandora FMS Software Agent. This running mode only works on Windows and Linux machines. It was developed to deal with complicated environments with restricted access to the machines. The Drone Agent has two main features:
 
 
 
* '''Proxy mode'''
 
* '''Broker mode'''
 
 
 
Running in this mode, the Drone Agent can report data and utilize all features of the standard Pandora FMS Software Agent.
 
 
 
 
 
The picture below shows an architecture of Pandora FMS using Drone Agents:
 
 
 
<center>
 
[[image:Architecture_il1.png‎|500px]]
 
</center>
 
 
 
===== Proxy Mode =====
 
 
 
Proxy Mode is very useful for networks which have restrictions in their communications. The agent running this mode enabled a Tentacle Proxy Server to allow agents to communicate with the Pandora FMS Server through itself.
 
 
 
The new Tentacle version supports proxy usage (HTTP/Connect mode), so that agents can contact with the server using an intermediate standard proxy directly. You also can use a new tool called 'Tentacle Proxy Server' is used to centralize all communication between Pandora FMS and the agents, allowing the file management and remote configuration for policy based-monitoring. You can see [http://www.openideas.info/wiki/index.php?title=Tentacle more about the Tentacle Proxy Server here].
 
 
 
 
 
You'll get all functionalities of a proxy but managed by Pandora FMS Software Agent with this feature. This mode has two '''requirements''' 1. The agent '''cannot be run by the root'''. 2. If you want to use the proxy mode with Unix agent then '''it must be installed with a user without root privileges''' (the same user will execute the agent in proxy mode later).
 
 
 
All parameters to configure the Tentacle Proxy Server are available trough its agent configuration file:
 
 
 
'''server_ip'''
 
 
 
It's the IP address or the name of Pandora FMS server host. '''Be careful with the enabled Proxy Mode. This parameter cannot take values like 127.0.0.1, locahost, 0.0.0.0 or related'''.
 
 
 
'''proxy_mode'''
 
 
 
Proxy mode status. If the 'proxy_mode' is set to '1', the proxy feature of the drone agent is activated. If the proxy_mode is set to '0', the proxy feature is off. This feature is disabled by default.
 
 
 
'''proxy_max_connection'''
 
 
 
Number of max. simultaneous connections of the proxy. 10 connections are allowed by default.
 
 
 
'''proxy_timeout'''
 
 
 
Timeout for the proxied server. Default value is '1 second'.
 
 
 
====== Usage Examples ======
 
 
 
'''I only have one connection to the Pandora FMS Server'''
 
 
 
This situation is not a problem for the Pandora FMS Drone Agent. To configure the proxy mode, just set 'server_ip' to the Pandora FMS IP and the 'proxy_mode' parameter to '1'. You can configure some parameters like the number of connections and timeout if needed. You'll have the agent and the Tentacle Proxy Server up and running on the machine which can connect with Pandora FMS Server with this configuration.
 
 
 
To configure the other agent, just set the 'server_ip' parameter to the IP address of the Drone Agent with proxy mode enabled. That's all you have to do. The agents are going to use the drone agent to connect to the Pandora FMS Server.
 
 
 
'''I'm required to setup a double proxied connection'''
 
 
 
You're able to connect a Drone Agent to another. It's very easy.
 
 
 
To perform the double proxy, just configure the Drone Agent which can connect to Pandora FMS Server to set the 'server_ip' to the Pandora FMS IP address. 'proxy_mode' must be set to '1' and the other parameters if you need.
 
 
 
To configure the second Drone Agent, just set the 'server_ip' to the one of the first Drone Agent and enable the proxy mode by setting 'proxy_mode' to '1'.
 
 
 
With this configuration, an agent connected to the second Drone Agent can send data to Pandora FMS Server through the two proxies.
 
 
 
===== Broker Mode =====
 
 
 
The Broker Mode is designed to "recreate" different agents (as an entity) from a single software agent installed on a server. Broker agents execute different setups, like if it has different personalities or different agents installed on the same server with different configurations. Each configuration file is independent and can have it's own plugins, inventory modules, etc. It can be remotely managed as any other agent of course. This is perfect to monitor servers / Comm devices nearby and useful when you're unable to reach a router but can install an agent in a nearby host. You can monitor ten routers from a single agent and have eleven agents in your Pandora FMS console (10 routers + 1 host) for example.
 
 
 
It's important to know that the ''broker_agent'' token will be ignored in the configuration of an agent which is set like a broker agent.
 
 
 
The main features of "broker mode" are:
 
 
 
* Send local data with another agent name. Useful to monitoring different instances of a software applicationn as independent agents.
 
 
 
* Send data from remote devices / checks executed from a single host and have it under Pandora FMS like they were different independent agents.
 
 
 
====== Examples ======
 
 
 
'''Send data to server with different agent names, using different configurations'''
 
 
 
Modify your pandora_agent.conf with following lines:
 
 
 
broker_agent router_1
 
broker_agent router_2
 
broker_agent router_3
 
 
 
On the next execution or restart you will have three new files: 'router_1.conf', 'router_2.conf' and 'router_3.conf'. They are an exact copy from origial "pandora_agent.conf" file, except the attribute of 'agent_name' which will be selected from the 'broker_agent' call.
 
 
 
You now have four agents with different configuration files. You can now add different modules in each configuration file, e.g. edit 'router_1.conf' and add:
 
 
 
'''Sample of remote check'''
 
 
 
Please add the following line to the remote configuration file 'pandora_agent.conf':
 
 
 
broker_agent server_1
 
 
 
A new file called 'server_1.conf' will be created and we'll edit it for the purpose of adding specific modules for this broker agent:
 
 
 
module_begin
 
module_name Check SSH Status
 
module_type generic_proc
 
module_tcpcheck 192.168.1.1
 
module_port 22
 
module_timeout 5
 
module_end
 
 
 
This configuration can be interesting when making checks against another remote machine. Even if it has an agent installed Pandora, is unattainable by the server.
 
 
 
'''This feature is available from version 4.0 onward.'''
 
 
 
=== Agent / Module Autocreation from XML File / Learning Mode ===
 
 
 
Pandora FMS supports the automatic creation of agents and/or modules if you receive the information coming from an XML (data server). This happens automatically, unless you completely disable this behavior by disabling the server ''autocreate'' parameter. The 'creation' only happens the first time agent data arrives on the server. That means you can '''create the information''' but you cannot '''update''' the agent or module information each time you're getting a new XML - with a few exceptions as you can see below.
 
 
 
<center>
 
[[File:Learning mode.png]]
 
</center>
 
 
 
This behavior can be avoided in specific agents by disabling the ''learning mode'' of the agent. By disabling this feature, the agent will not create new modules when the XML arrives with the new module. The information won't update the agent configuration parameters.
 
 
 
 
 
'''Autodisable mode:''' From version 6.1 onward agents have this third mode available. In terms of creating agents and modules it behaves exactly the same as an agent in learning mode: when the first XML reaches it, the first agent is created and, on each report, if there are new modules they can also be added automatically. Nevertheless, when all modules from an agent that are in ''autodisable'' mode are also marked as unknown, the agent is automatically disabled. In any case, if the agent reports again, it gets enabled again on its own.
 
 
 
==== Loaded Data from the XML in the Creation of an Agent ====
 
 
 
Stored Data for an agent is the following:
 
 
 
''' In 4.x version: '''
 
 
 
* Agent name.
 
* IP address.
 
* Agent description.
 
* Agent's parent.
 
* Timezone offset.
 
* Group.
 
* Operating system.
 
* Agent interval.
 
* Agent version
 
 
 
''' In 5.x version '''
 
 
 
It's the same as in 4.x version, plus the following:
 
 
 
* Custom fields.
 
* Custom ID.
 
* URL address.
 
 
 
''' In 6.1 version '''
 
 
 
* Agent mode: (Learning -''default''-, No-learn, Autodisable).
 
 
 
==== Data modified in the Agent when receiving XML (Learning Mode enabled) ====
 
 
 
* Agent's IP address
 
* Agent's parent (if defined in server setup, for v4.x parents it's always updated)
 
* OS Version.
 
* Agent's version.
 
* Timezone.
 
* Custom fields.
 
 
 
 
 
{{tip|The GIS data are always updated. It doesn't matter at all if the learning mode is enabled or not.}}
 
 
 
By enabling the learning mode the new modules which get received through the XML file are going to be created under Pandora FMS.
 
 
 
==== Data added to the Module on Creation Time ====
 
 
 
The first time you get data coming from an XML for a module, the read data from the XML and inserted in the system are the following:
 
 
 
''' In 4.x version '''
 
 
 
* Name.
 
* Type.
 
* Description.
 
* Max Min value filter.
 
* Post process.
 
* Module interval.
 
* Min / Max Critical.
 
* Min / Max Warning.
 
* Disabled module.
 
 
 
''' In 5.x version'''
 
 
 
The same as in 4.x plus the following:
 
 
 
* Units.
 
* Module group.
 
* Custom ID.
 
* Str. Warning / Critical.
 
* Critical instructions.
 
* Warning instructions.
 
* Unknown instructions.
 
* Tags.
 
* Critical inversion mode.
 
* Warning inversion mode.
 
* Quiet mode.
 
* Min. FF Threshold.
 
* Alert template (from SP4)
 
 
 
 
 
''' In 6.x version'''
 
 
 
* Crontab
 
 
 
==== Loaded Data when Module already exists ====
 
 
 
If the data server processes an XML containing information for a pre-existent module, part of its information will be overwritten / updated. The description and extended information (see next epigraph) are updated.
 
 
 
Note: GIS data are always updated unless you have the GIS update disabled for that agent (this is configured in agent's GIS setup).
 
 
 
=== Extended Module Information ===
 
 
 
This epigraph is for advanced and development environments. You're able to send custom XML data (using your own application or altering the Pandora agent's source code). This XML file has two 'custom' tags named 'rack_number' and 'severity':
 
  
 +
In case users connect with the URL / of their server, you can create the following file ''index.html'' and put it in the web server's root directory:
 
<pre>
 
<pre>
 
+
<html>
<module>
+
<head>
    <name><![CDATA[battery_level]]></name>
+
<meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
    <description><![CDATA[The actually device battery level]]></description>
+
</head>
    <type><![CDATA[generic_data]]></type>
+
</html>
    <data><![CDATA[61]]></data>
 
    <rack_number>2</rack_number>
 
    <severity>MAJOR</severity>
 
  </module>
 
 
</pre>
 
</pre>
  
The module is going to be shown like on the picture below.
+
== Apache Configuration ==
 
 
<center>
 
[[File:Extended module xml.png|800px]]
 
</center>
 
  
{{Tip|These fields don't store history values. They're only going to store the last received value from the XML data.}}
+
Pandora FMS has a series of folders with some files that complete its functionality. To avoid accessing these files, some folders in the console have a ''.htaccess'' file that restricts access to them. For this to be effective in the Apache configuration, it is necessary to allow these permissions to be overwritten using ''htaccess'', for which the token ''AllowOverride'' must be set to ''All''.
  
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
+
[[Pandora:Documentation_en|Go back to Pandora FMS Documentation Index]]
  
 
[[Category:Pandora FMS]]
 
[[Category:Pandora FMS]]
 
[[Category:Documentation]]
 
[[Category:Documentation]]

Latest revision as of 07:48, 4 September 2020

Go back Pandora FMS documentation index

Pandora FMS has three essential components that it is fundamental to configure correctly for a good functioning, which are the web console, the server and the database.

Info.png

Even if you already have a Pandora FMS installed and running, if you have installed it through the appliance software, consider adjusting and revising the configuration for a much more optimal operation.

 


In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.

Contents

1 Server

The main configuration file pandora_server.conf is located at /etc/pandora/ by default.

1.1 Configuration File Elements

It is a UNIX standard plain text file, where unused variables or comments are preceded by this character (#). If you are editing from Windows, make sure to use an editor that supports that format. All the configuration parameters in the file are listed below.

1.1.1 servername

It is the name that the server will have when it is displayed in the console. By default it is commented and uses the name of the machine.

Template warning.png

Changing the name once it is running could cause remote checks to stop working, since the default server would have to be reconfigured in all existing agents to use the new server, as well as deleting the old server name from the server list.

 



1.1.2 incomingdir

It is the incoming directory of XML data packages. It is located under /var/spool/pandora/data_in/ by default. You can improve the performance of Pandora FMS by setting up a RAM disk or a very fast hard drive here.

1.1.3 log_file

The Pandora FMS record file (log). It is located under /var/log/pandora/pandora_server.log by default. This is the main logfile and it is very important for debugging.

1.1.4 snmp_logfile

Located under /var/log/pandora/pandora_snmptrap.log by default. This is a log file which contains all received SNMP traps BEFORE the Pandora FMS server processes them. It is not recommended to edit or even touch this file.

1.1.5 errorlog_file

The Pandora FMS error registry file (log). It is located under /var/log/pandora/pandora_server.error by default. This logfile stores all non-controlled errors or non-captured output from tools executed by the server. It is important for locating problems and debugging as well.

1.1.6 daemon

It shows whether or not Pandora FMS server is executed as a daemon. If the server is launched with the '–D' option, it is executed as daemon.

1.1.7 dbengine

Deprecated: always 'Mysql' (default value).

1.1.8 dbname

Database name to which the server will connect. The default value is 'pandora'.

1.1.9 dbuser

Username used in the Pandora FMS database connection. It is 'pandora' by default.

1.1.10 dbpass

Password for the connection to Pandora FMS database.

1.1.11 dbhost

IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as that of the server, which is 127.0.0.1.

1.1.12 dbport

TCP port where the the database engine listens (optional). 3306 is set by default if the value is commented.

1.1.13 verbosity

It is the level of detail for server logs. Possible values range from 0 (off) to 10 (maximum level of detail). With a value of 10, the log will show all the executions that the server performs, including modules, plugins and alerts.

Template warning.png

The use of high values is not recommended on an ongoing basis due to the large growth of log files, which can cause performance problems in the system.

 


1.1.14 master

Master server priority. The server with the highest value (a numerical value, positive and without decimals) that is running will be the master. Ties are resolved at random. If set to 0, this server will never become a master. See the High Availability (HA) chapter for more information.

1.1.15 snmpconsole

Enabling it (value 1) indicates that the SNMP traps reception console is enabled in the configuration. 0 that it is not. The console depends on the UNIX snmptrapd service and stops and starts it when Pandora FMS boots. Before starting Pandora FMS, verify that the snmptrapd process has not been started in the system.

1.1.16 snmpconsole_threads

Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to '1' by default.

1.1.17 translate_variable_bindings

(Pandora FMS Enterprise only)

If set to 1, the SNMP console will attempt to translate variable bindings when processing SNMP traps. Set to '0' by default.

1.1.18 translate_enterprise_strings

(Pandora FMS Enterprise only)

If set to 1, the SNMP console will attempt to translate enterprise strings when processing SNMP traps. Set to '1' by default.

1.1.19 snmp_ignore_authfailure

Snmptrapd will ignore the “authenticationFailure” traps in case of it being activated (1). Its value is 1 by default.

1.1.20 snmp_pdu_address

Snmptrapd will read from the pdu address instead of the agent address if activated (1). Its value is 0 by default.

1.1.21 snmp_trapd

Path to the snmp_trapd binary. If set to manual, the server will not attemp to start snmp_trapd. Its value is manual by default.

1.1.22 snmp_forward_trap

Enables ('1') or disables ('0') SNMP trap forwarding to the host specified in snmp_forward_ip.

1.1.23 snmp_forward_ip

IP address of the host to which SNMP traps will be forwarded to.

Template warning.png

Bear in mind that setting a forwarding address to Pandora FMS itself will cause a forwarding loop that will make the Monitoring Server collapse.

 


1.1.24 snmp_forward_version

SNMP version to use when forwarding SNMP traps. This token can only have the following values:

  • 1
  • 2c
  • 3

1.1.25 snmp_forward_secName

Only for SNMP version 3. It defines the authentication security name. More information at snmpcmd's man page.

1.1.26 snmp_forward_engineid

Only for SNMP version 3. It defines the authoritative (security) engine ID. More information at snmpcmd's man page.


1.1.27 snmp_forward_authProtocol

Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:

  • MD5
  • SHA

More information at snmpcmd's man page.

1.1.28 snmp_forward_authPassword

Only for SNMP version 3. It defines the authentication password. For more information, go to snmpcmd's man page.

1.1.29 snmp_forward_privProtocol

Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:

  • DES
  • AES

More information at snmpcmd's man page.

1.1.30 snmp_forward_privPassword

Only for SNMP version 3. It defines the privacy pass phrase. More information at snmpcmd's man page.

1.1.31 snmp_forward_secLevel

Only for SNMP version 3. It defines the security level. This token can only have the following values:

  • noAuthNoPriv
  • authNoPriv
  • authPriv

1.1.32 snmp_forward_community

Community to be defined

1.1.33 networkserver

(1) enables the Pandora FMS Network Server, (0) disables it.

1.1.34 dataserver

'1' enables the Pandora FMS Data Server, '0' disables it.

Template warning.png

The dataserver is a special server that also performs other delicate tasks. If you have several Pandora FMS servers in your installation, at least one of them must have a dataserver thread running.

 


1.1.35 reconserver

(1) enables the Pandora FMS Recon Server, (0) disables it.

1.1.36 pluginserver

(1) enables the Pandora FMS Plugin Server, (0) disables it.

1.1.37 plugin_exec

Shows the absolute path to the program which executes the plugins in a controlled way in time. The default path is /usr/bin/timeout. If your base system does not have this command, use /usr/bin/pandora_exec instead, which is included with Pandora FMS.

1.1.38 predictionserver

(1) enables the Pandora FMS Prediction Server, (0) disables it.

1.1.39 wmiserver

(1) enables the Pandora FMS WMI Server, (0) disables it.

1.1.40 network_timeout

It is the timeout -in seconds- for ICMP checks. Its value is 2 by default. If you are going to perform checks on WAN networks, it is advisable to increase this value to avoid false positives taking into account that some checks may require more time.

Info.png

The more timeout you have, the more time you will need to run checks in the worst-case scenario.

 


1.1.41 server_keepalive

It is the time -in seconds- before declaring the server down. Each server checks the status of the servers around it, and in case the date of last update of one of them exceeds this value, it will mark it as down. This affects, to how High Availability works, in the case of having several servers.

Info.png

It is essential that if you have multiple servers, all their internal clocks are synchronized through NTP.

 


1.1.42 (>= 7.0) thread_log

Set to '0' unless you are debugging your Pandora FMS Server. '1' causes server threads to periodically dump their status to disk at /tmp/<server name>.<server type>.<thread number>.log. For example:

[[email protected]]# cat /tmp/pandorafms.*
2017-12-05 09:44:19 pandorafms dataserver (thread 2):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms dataserver (thread 3):[PRODUCER] Queuing tasks.
2017-12-05 09:44:40 pandorafms eventserver (thread 21):[CONSUMER] Waiting for data.
2017-12-05 09:44:40 pandorafms eventserver (thread 22):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms inventoryserver (thread 17):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms inventoryserver (thread 18):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms networkserver (thread 4):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 5):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 6):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 7):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms networkserver (thread 8):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms pluginserver (thread 13):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms pluginserver (thread 14):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms predictionserver (thread 15):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms predictionserver (thread 16):[PRODUCER] Queuing tasks.
2017-12-05 09:44:39 pandorafms reconserver (thread 10):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms reconserver (thread 9):[CONSUMER] Waiting for data.
2017-12-05 09:44:15 pandorafms webserver (thread 19):[CONSUMER] Waiting for data.
2017-12-05 09:44:40 pandorafms webserver (thread 20):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms wmiserver (thread 11):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms wmiserver (thread 12):[PRODUCER] Queuing tasks.

1.1.43 server_threshold

The number of seconds for the main loop. Its value is '5' by default.

Info.png

This is a very important value for server configuration, it defines how many times Pandora FMS will search to see whether there are pending data in the database or in the hard disk (to search XML files). 5 to 15 is a valid value in most cases. If set to 1, the CPU usage will go up a lot. You can use the value 1 for special occasions, such as when Pandora FMS has been stopped for some time and there are many XML files and network tasks to process. When set to 1, it will process the pending tasks a little faster, but when it is finished, it should be set between 5 and 15 again. Otherwise, with very low values and high load, there will be an "overheating" effect that progressively increases the CPU and memory consumption of the server.

 


This value together with the server _thread and max_queue_files parameters are used to configure server performance.

1.1.44 network_threads

Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires many more server resources. Having more than twenty threads requires having a machine with many independent processors or cores.


1.1.45 icmp_checks

It defines the number of pings to each 'icmp_proc' module. At least one of these checks has to return '1' to the module to be classified as correct. Its default value is '1'. If you set '5' here and the first ping is OK, the other 4 will be skipped.

Info.png

In case of networks that have limited reliability, it is recommended to key in 2 or 3. A higher number will cause the rate of checks per second to decrease significantly in the event of any network segment failure.

 


Do not be mistaken with the "icmp_packets" parameter which refers to the number of packets within the ping itself. The "icmp_checks" value defines the number of pings, each with its icmp_packets.

1.1.46 icmp_packets

Defines the number of ICMP packets sent in each ping request. 1 by default.

1.1.47 tcp_checks

Number of TCP retries in case the first one fails. Its default value is 1.

1.1.48 tcp_timeout

Specific timeout for TCP connections. The default value is '30'.

Info.png

A high number (>40) will cause the rate of checks per second to decrease significantly in the event of a network segment failure.

 


1.1.49 snmp_checks

Number of SNMP retries in case the first one fails. The default value is '1'.

1.1.50 snmp_timeout

Specific expiration time for SNMP connections. Its default value is '3'.

Info.png

A high number will cause the rate of checks per second to decrease significantly in the event of a network segment failure.

 


1.1.51 snmp_proc_deadresponse

Returns 'DOWN' if it is impossible to connect with a boolean SNMP module (proc) or if it gets 'NULL' as a response. If set to '0', it should be ignored.

1.1.52 plugin_threads

Number of threads for the remote plugin server. It shows how many checks could be done simultaneously.

1.1.53 plugin_timeout

Timeout for checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is 5, but you may want to raise it to a higher value in case you have plugins that may take longer than that.

1.1.54 wmi_timeout

Expiry time of WMI checks. After this time, the module status will be displayed as unknown. Its default value is 10.

1.1.55 wmi_threads

Number of threads for the WMI server. It shows how many checks can be done simultaneously.

1.1.56 recon_threads

Number of threads for the network recon server. Shows how many checks can be done simultaneously.

1.1.57 dataserver_threads

Number of threads for the data server. Shows how many XML files can be processed simultaneously. As a specific rule for the dataserver, a number of threads higher than the machine's physical processors should not be used.

Info.png

In the specific case of the dataserver, a value higher than 5 or 6 does not imply better performance.

 


1.1.58 mta_address

Mail Server IP address (Mail Transfer Agent).

Template warning.png

If you are using a Pandora FMS ISO installation and you want to use the Postfix server distributed in it, make sure that your Pandora FMS server is able to resolve through its DNS server the mail server in charge of your e-mail domain.

nslookup -type=mx my.domain

Also, make sure in this case that your mail server accepts the emails redirected from Pandora FMS server.

 


Template warning.png

If not set, the MTA configuration from the Pandora FMS Console will be used. It is possible to have a different MTA configuration for the Pandora FMS Server and the Pandora FMS Console.

 


1.1.59 mta_port

Mail server port ('25' by default)

1.1.60 mta_user

Mail server user (if necessary for authentication).

1.1.61 mta_pass

Mail server password (if necessary for authentication).

1.1.62 mta_auth

Mail server authentication system (if necessary; the supported values are: 'LOGIN', 'PLAIN', 'CRAM-MD5' and 'DIGEST-MD').

1.1.63 mta_from

Mail address from which messages will be sent. The default value is [email protected].

1.1.64 (>= 7.0)mta_encryption

SMTP connection encryption type (none, ssl, starttls).

1.1.65 mail_in_separate

'1' by default. If set to '1', it delivers separate mail for each recipient. If set to '0', the mail will be shared among all recipients.

1.1.66 xprobe2

If provided, it is used to determine the operating system of the remote systems, when a recon network task is launched. The default path is /usr/bin/xprobe2.

1.1.67 nmap

Required for the recon server. The default path is /usr/bin/nmap.

1.1.68 fping

Required for the ICMP server. It is located at /usr/sbin/fping by default.

1.1.69 nmap_timing_template

A value that specifies how aggressive nmap should be, from 1 to 5. '1' means slower but more reliable, '5' means faster but less reliable. '2' set by default.

1.1.70 recon_timing_template

It is just like the nmap_timing_template, but applied to Satellite Server and Recon Server network scans.

1.1.71 snmpget

Required for SNMP checks. The default path is /usr/bin/snmpget. It refers to the location of the SNMP standard client for the system. In the case of Windows, a binary is provided for this purpose.

1.1.72 braa

(Pandora FMS Enterprise only)

Location of the braa binary required for the Enterprise SNMP server (default path is /usr/bin/braa).

1.1.73 braa_retries

(Pandora FMS Enterprise only)

Number of retries before braa hands a module over to the Network Server in case of an error.

1.1.74 (>= 7.0) fsnmp

(Pandora FMS Enterprise only)

Path to the pandorafsnmp binary, used by the Enterprise SNMP Server for SNMPv3 requests (/usr/bin/pandorafsnmp by default).

1.1.75 autocreate_group

Numeric ID of the default group for new agents, created with the data server through the datafile reception. If there is no defined group here, the agents will be created in the group containing the XML.

1.1.76 autocreate_group_force

If set to 1, new agents will be added to the group specified by autocreate_group (the group specified by the agent will be used as fallback).

If set to 0, new agents will be added to the group specified by the agent (the group specified by autocreate_group will be used as fallback).

For example, with the following configuration a new agent would be placed in the group specified in its XML data file if possible, or the group with ID 10 if not:

autocreate_group 10
autocreate_group_force 0

1.1.77 autocreate

Setting it to 1 will autocreate agents when data files with an agent ID that does not exist in the system are received.

Info.png

If you want to set up a security mechanism, you can set a group password.

 


1.1.78 max_log_size

Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to pandora_server.log.old and the server generates a new one with the original name, pandora_server.log . Default size is 65536 Bytes.

1.1.79 max_log_generation

It specifies max generation count (between 1 and 9) of Pandora FMS server log files. The default value is 1.

1.1.80 max_queue_files

Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by incomingdir. This prevents the Data Server from trying to process too many files, which would affect server performance. The default value is 5000.

Template warning.png

Incremental modules may not work properly if this value is not big enough to hold all the XML data files.

 



1.1.81 use_xml_timestamp

By default it is activated(1) and uses the date and time (timestamp) defined inside the XML (.data), that is, the timestamp generated by the agent.

If it is deactivated (0), it will use the timestamp of the XML file, that is the timestamp of the server. This is useful to deactivate globally the use of the dates generated by the agents and to use the date and hour of the server as a reference for all the data, because this timestamp is generated in the moment that the Pandora's server receives the XML.

Template warning.png

This operation changed in the Pandora FMS 747 version. In previous versions this token is deactivated by default.

 


Info.png

There is a similar functionality at agent level, so that the agent data is evaluated with the date of reception of the file.

 


1.1.82 auto_restart

Deactivated by default (0). In face of a critical error, the server will be restarted a few seconds later.

1.1.83 restart

The default value is '0'. The server will restart on critical errors after a few seconds.

1.1.84 restart_delay

The default value is '60'. The number of seconds the server will wait before restarting after a critical error if restart is enabled.

1.1.85 activate_gis

Enable (1) or disable (0) server GIS features.

1.1.86 location_error

Margin of error in meters to consider two GIS locations as the same location.

1.1.87 recon_reverse_geolocation_file

Recon reverse geolocation file. This file must be in MaxMind GPL format (GeoLiteCity.dat format). If this option is commented on in the configuration file, it will disable geolocation by IP when creating agents using recon and software agents. Geolocation will not be carried out either if the GIS functionalities (activate_gis) are disabled overall.

1.1.88 recon_location_scatter_radius

Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. The center of the circle is found out by geolocating the IP.

1.1.89 self_monitoring

The server has a self monitoring flag which creates an agent with the same name as the server, which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter self_monitoring must be set to '1'.

1.1.90 self_monitoring_interval

Time interval for self_monitoring in seconds.

1.1.91 update_parent

Defines whether the agent can update its parent by sending the parent name in XML, but if the parameter is not set or is 0, then the agent information will be ignored. If this is not the case, when the server receives an XML with the parent_name attribute, it searches for an agent with this name, and if it finds it, it updates the parent of the XML agent.

1.1.92 google_maps_description

This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Google Maps API. To be able to use this feature you need internet access, and you can have performance penalties processing GIS information due to the connection speed against Google API from Pandora FMS server.

Template warning.png

The Google Maps API is a paid service and requires credentials, you will need to obtain the KEY API and pay, otherwise the service will be suspended after a couple of days of use.

 


1.1.93 openstreetmaps_description

This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Open Street Maps API. This service is not as accurate as Google Maps, but it is free. It also has the advantage that it can - through code modifications - be modified to connect to a local server.

Info.png

If used with direct Internet connection (default), Internet access is required, and you can have performance penalties processing GIS information to the OpenStreetMaps API from Pandora FMS server due to the connection speed.

 


1.1.94 webserver

(Pandora FMS Enterprise only)

WEB check server, which can be enabled (1) or disabled (0). It is also known as Goliath Server. It has nothing to do with the Web User Experience (WUX) monitoring server.

1.1.95 web_threads

(Pandora FMS Enterprise only)

Number of threads assigned to the WEB test server (Goliath). It shows how many simultaneous threads are assigned to this component.

1.1.96 web_timeout

(Pandora FMS Enterprise only)

Default expiration time in seconds for web monitoring modules (Goliath).

1.1.97 web_engine

(Pandora FMS Enterprise only)

cURL is used by default from version 747 onwards. Set this parameter to "LWP" to use LWP instead of cURL for web monitoring.

1.1.98 inventoryserver

(Pandora FMS Enterprise only)

'1' enables the Pandora FMS Inventory Server, '0' disables it.

1.1.99 inventory_threads

(Pandora FMS Enterprise only)

Number of threads assigned to the remote inventory server.

1.1.100 exportserver

(Pandora FMS Enterprise only)

'1' enables Pandora FMS Export Server, '0' disables it.

1.1.101 export_threads

(Pandora FMS Enterprise only)

Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.

1.1.102 eventserver

(Pandora FMS Enterprise only)

'1' enables Pandora FMS Event correlation Server, '0' disables it (default value is '1').

1.1.103 event_window

(Pandora FMS Enterprise only)

Event window: It is the time window (in seconds) where the event server will look for events. For example, if set to '3600', the event server will check events generated within the last hour. If you have rules where the time window is longer, you will have to modify this value. A very large value will cause the system to degrade and require more resources (CPU, RAM) to operate.

1.1.104 (>= 7.0) event_inhibit_alerts

If set to 1, an alert will not be executed (unless it is recovered) if the last event it generated is in 'in progress' status. 0 by default.

1.1.105 icmpserver

(Pandora FMS Enterprise only)

Enables (1) or disables (0) the Enterprise ICMP server.

Info.png

The ICMP Enterprise server uses the fping binary to perform ICMP requests in bulk. If this component is not enabled, the network server will run the checks, but with a much worse performance.

 


1.1.106 icmp_threads

(Pandora FMS Enterprise only)

Number of threads for the ICMP Enteprise server (default value is '3').

1.1.107 snmpserver

(Pandora FMS Enterprise only)

Pandora FMS snmp server enabled (1) or disabled (0).

Info.png

The SNMP Enterprise server uses the braa binary to execute SNMP queries in block. If this component is not enabled, the network server will run the checks.

 


1.1.108 snmp_threads

(Pandora FMS Enterprise only)

Number of threads for Enteprise SNMP server (default value is '3').

1.1.109 transactionalserver

(Pandora FMS Enterprise only)

Pandora FMS transactional server enabled (1) or disabled (0).

1.1.110 transactional_threads

Set to 1 by default. The presence of this parameter is a mere transaction, its modification will not alter the operation of the transactional server.

1.1.111 transactional_threshold

Maximum number of seconds that a transactional server transaction may take.

1.1.112 prediction_threads

Number of threads for the prediction server.

1.1.113 block_size

(Pandora FMS Enterprise only)

Block size for block producer / consumer servers, which is the number of modules per block (the default value is 15). This affects to how requests are processed by SNMP Enterprise and ICMP Enterprise servers.

1.1.114 dataserver_lifo

If enabled (1), XML data files will be processed in a stack instead of a queue, and stale data (i.e., data with a timestamp older than its module's current timestamp) will not trigger events or alerts. Disabled (0) by default.

Template warning.png

Incremental modules will lose resolution if XML data files pile up, since newer data will be processed first, causing older data to be discarded.

 


1.1.115 policy_manager

If active (1), the server listens to the policy queue. By default its value is 1.

1.1.116 event_replication

In case of being active (1) the process of event replication to Metaconsole is performed. This process will not be activated if it is not correctly configured in the console. By default its value is 0.

1.1.117 event_auto_validation

In case of being active (1) new created events autovalidate previous events of the same module. Its value is 1 by default.

1.1.118 event_file

This configuration option allows to specify a text file in which the events generated by Pandora FMS in CSV format will be written. Enabling this option adds a Pandora FMS performance penalty.

For example:

event_file /var/log/pandora/pandora_events.txt

Template warning.png

There is no rotation mechanism for this file, you will have to take it into account since it can grow considerably.

 


1.1.119 snmp_storm_protection

Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.

1.1.120 snmp_storm_timeout

Time interval for snmp_storm_protection in seconds.

e.g. to prevent a single source from sending more than 1000 traps per 10 minutes:

snmp_storm_protection 1000
snmp_storm_timeout 600

1.1.121 text_going_down_normal

Text for the event that is generated when a module goes into normal status. It supports the _module_ and _data_ macros.

1.1.122 text_going_up_critical

Text to be displayed in module events going into critical status. It supports the _module_ and _data_ macros.

1.1.123 text_going_up_warning

Text to be displayed in module events going from 'normal' into 'warning' status. It supports the _module_ and _data_ macros.

1.1.124 text_going_down_warning

Text to be displayed in module events going from 'critical' into 'warning' status. It supports the _module_ and _data_ macros.

1.1.125 text_going_unknown

Text to be displayed in module events going into 'unknown' status. It supports the _module_ and _data_ macros.

1.1.126 event_expiry_time

Events older that the specified time (in seconds) will be auto-validated. Set it to '0' to disable this feature.

For example, to automatically validate events 10 hours after they were generated, just use the command:

event_expiry_time 36000

1.1.127 event_expiry_window

This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be higher than event_expiry_time.

The default value is the equivalent of one day:

event_expiry_window 86400

1.1.128 claim_back_snmp_modules

If set to 1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (pandora_db) is run.

1.1.129 async_recovery

If set to 1, asynchronous modules that do not receive data for twice their interval will become normal. Set to 0 to disable.

1.1.130 console_api_url

Console's api direction. Usually, the direction of the server and the console ending with the route /include/api.php.

1.1.131 console_api_pass

Password of the console's api. This password can be found in the general section of the setup and can be left empty.

1.1.132 console_user

User of the console with permissions to execute the required actions, like getting a module graph image to put it in an alert email.

Info.png

For security reasons, it is recommended to use an exclusive user for the API. Such user should not have permission for interactive access to the console, and use of the API should be restricted to only a set of IPs

 


1.1.133 console_pass

Password of the previously added console user.

1.1.134 encryption_passphrase

An encryption phrase used to generate the key for the encrypted password. It is commented by default.

1.1.135 unknown_events

If active (1), events for unknown module status will be created. The value set by default is 1.

1.1.136 unknown_interval

Time interval (as a multiple of the module interval) before a module becomes unknown. Twice the module's interval by default.

1.1.137 global_alert_timeout

Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to 0, Pandora FMS Server ignores it and alert execution will not be interrupted.

1.1.138 remote_config

(Only Pandora FMS Enterprise)

This parameter controls whether it is possible to configure the server remotely from the console in the server view. It works by Tentacle in a similar way to the remote configuration of the agents.

1.1.139 remote_config_address

IP address of the machine where remote configuration files will be sent. It is localhost by default.

1.1.140 remote_config_port

Tentacle port for remote configuration. It is 41121 by default.

1.1.141 remote_config_opts

Allows to give additional parameters to the Tentacle client for advanced configurations. They should appear between quotation marks (e.g. "-v-r 5").

1.1.142 warmup_event_interval

In seconds, it specifies the time it will take until status change events are generated again and runs alerts after a server restart.

1.1.143 warmup_unknown_interval

In seconds, it specifies how long it takes for modules to go into unknown status after a server restart.

1.1.144 enc_dir

Path to a directory containing additional .enc files for the XML parser. These files will be automatically loaded by the Data Server at startup.

1.1.145 (>= 7.0) dynamic_updates

The number of times dynamic thresholds will be recalculated per dynamic interval.

1.1.146 (>= 7.0) dynamic_warning

Percentage relative to the length of the critical interval used to calculate dynamic warning thresholds. The lower the value, the closer the critical and warning thresholds will be.

1.1.147 (>= 7.0) dynamic_constant

Percentage relative to the module's average used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.

1.1.148 (>= 7.0) unknown_updates

Set to 0 by default. If set to 1, unknown modules will be periodically updated, instead of only once when they become unknown. Alerts associated to unknown modules will be periodically evaluated too.

Template warning.png

Setting unknown_updates to 1 may affect server performance.

 



1.1.149 (>= 7.0) wuxserver

(Pandora FMS Enterprise only)

Enables Web User Experience Analysis (WUX) server. Requires configuration of wux_host and wux_port

1.1.150 (>= 7.0) wux_host

(Pandora FMS Enterprise only)

It indicates the IP address / FQDN of the server hosting the Pandora Web Robot Daemon service (PWRD)

1.1.151 (>= 7.0) wux_port

(Pandora FMS Enterprise only)

It indicates the port of the Pandora Web Robot Daemon service (PWRD). Its default value is 4444.

1.1.152 (>= 7.0) wux_webagent_timeout

Maximum time to connect to a destination web address and Selenium server. It is commented by default, with the value 15.

1.1.153 (>= 7.0) syslogserver

(Pandora FMS Enterprise only)

'1' enables the Pandora FMS Syslog Server, '0' disables it.

1.1.154 (>= 7.0) syslog_file

(Pandora FMS Enterprise only)

Full path to syslog's output file. For example:

syslog_file /var/log/messages

1.1.155 (>= 7.0) syslog_threads

(Pandora FMS Enterprise only)

Number of threads for the Syslog Server.

1.1.156 (>= 7.0) syslog_max

(Pandora FMS Enterprise only)

Maximum number of lines read by the Syslog Server on each run.

1.1.157 sync_port

Communication port of the sync server. It is commented by default, with the value 41121.

1.1.158 sync_ca

CA certificate path to sign certificates to configure SSl communication of the sync server. It is commented by default, with path /home/cacert.pem.

1.1.159 sync_cert

Server certificate path for configuring SSl communication of the sync server. It is commented by default, with path /home/tentaclecert.pem.

1.1.160 sync_key

Private key path of the server certificate for configuring SSl communication of the sync server. It is commented by default, with path /home/tentaclekeypem.

1.1.161 sync_retries

Number of attempts to make the connection. It is commented by default, with the value 3.

1.1.162 sync_timeout

Maximum connection time. It is commented by default, with the value 10.

1.1.163 sync_address

Address of the Tentacle server.

1.1.164 (>= 7.0) logstash_host

(Pandora FMS Enterprise only)

Name or IP of the machine with logstash installed

1.1.165 (>= 7.0) logstash_port

(Pandora FMS Enterprise only)

Port of the machine with logstash installed

1.1.166 ha_interval

Execution interval in seconds of Pandora FMS HA Database tool. It is commented by default, with the value 30.

1.1.167 ha_monitoring_interval

Monitoring interval, set in seconds, of the Pandora FMS HA database tool. It is commented by default, with the value 60.

1.1.168 (>= 7.0) provisioningserver

(Pandora FMS Metaconsole only)

'1' enables Pandora FMS Provisioning Server, '0' disables it.

1.1.169 (>= 7.0) provisioningserver_threads

(Pandora FMS Metaconsole only)

Number of threads for Pandora FMS Provisioning Server.

1.1.170 (>= 7.0) provisioning_cache_interval

(Pandora FMS Metaconsole only)

Provisioning Server cache refresh interval in seconds (500 by default). The cache contains all the configured Pandora FMS nodes.

1.1.171 (>= 7.0 743) ssh_launcher

It indicates the absolute path to the script ssh_launcher.sh that executes remote execution modules. The default path of the script is:

/usr/share/pandora_server/util/ssh_launcher.sh


Info.png

Only for el6 in Linux systems.

 


1.1.172 (>= 7.0 743) rcmd_timeout

In seconds, maximum time for the execution of remote execution modules. 10 by default.


Template warning.png

This timeout only works to indicate the time that Pandora FMS server will wait to obtain data. The connections will be closed, but the termination of the execution of the command in the remote machine is not assured (this has to be controlled with the command itself).

 


1.1.173 (>= 7.0 743) rcmd_timeout_bin

It indicates the absolute path to the timeout executable for the remote execution modules. It only has effect with the use of Sólo tiene efecto con el uso de ssh_launcher, connections through plink from Windows to Linux and connections to Windows systems.

  • In Pandora FMS on Windows the default executable path is:
C:\PandoraFMS\Pandora_Server\bin\pandora_exec.exe
  • In Pandora FMS on Linux the default executable path is:
/usr/bin/timeout

1.2 Environment variables

Pandora FMS' server supports more options than what the configuration file offers. In some particular cases, environmental variables are necessary because the configuration is done on the machine itself. To do this, the server startup script loads the variables of a file in bash format which is /etc/pandora/pandora/pandora_server.env by default.

The variables that can be configured are the following:

1.2.1 PANDORA_RB_PRODUCT_NAME

This variable is required to customize the product name displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.

1.2.2 PANDORA_RB_COPYRIGHT_NOTICE

This variable is required to customize the author of the product displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.

1.2.3 Example of an environment variable file

#!/bin/bash
PANDORA_RB_PRODUCT_NAME="Custom product"
PANDORA_RB_COPYRIGHT_NOTICE="Custom copyright"

1.3 SNMPTRAPD configuration

The SNMP Console of Pandora FMS uses snmptrapd to receive SNMP traps. Snmptrapd is a standard tool, present on almost all UNIX systems, to receive traps and write a logfile. Pandora FMS configures snmptrapd to write a custom logfile and reads it every x seconds, executing alerts if defined.

Previously, snmptrapd accepted traps by default, without explicitly configuring anything. From version 5.3 onwards, the configuration for access control is more restrictive and it does not allow to receive traps from anyone by default.

If snmptrapd runs without a custom configuration, traps are not received and Pandora FMS cannot show them in the console, because the system rejects them.

You are probably required to configure your snmptrapd using the file /etc/snmp/snmptrapd.conf. If it does not exist, please check /var/log/pandora/pandora_snmp.log file for warnings or errors.

A basic snmptrapd.conf could be something similar to this:

authCommunity log public

If does not work on your Linux distribution, please check your version syntax to enable trap reception in your snmptrapd daemon with the command:

man snmptrapd.conf

1.4 Tentacle Configuration

By default, Pandora FMS software agents send data packages to the server through Tentacle protocol (Port 41121/TCP assigned by IANA [1]). The agent could also be reconfigured to send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. If you want them to send data packages using Tentacle protocol, configure a Tentacle server where this data is intended to be received. When a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.

If it is necessary to adjust some parameters of Tentacle server configuration, it can be done by modifying the script that launches the Tentacle Server daemon directly, which is at:

/etc/init.d/tentacle_serverd

Furthermore, there is a list of the different options for Tentacle Server configuration:

PANDORA_SERVER_PATH

The path to the entry directory of data. The default path is /var/spool/pandora/data_in

TENTACLE_DAEMON

The Tentacle daemon. The default command is 'tentacle_server'.

TENTACLE_PATH

The path to the Tentacle binary. The default path is '/usr/bin'.

TENTACLE_USER

User from which the Tentacle daemon will be launched. The default value is pandora.

TENTACLE_ADDR

Direction to listen to data packages. If you set 0.0.0.0., it listens to all of them. The default value is to listen in all directions. This is true when its IP is 0.0.0.0.

TENTACLE_PORT

The listening port for package reception. It is 41121 (official port assigned by IANA) by default.

TENTACLE_EXT_OPTS

Additional options for executing the Tentacle server. You can set up Tentacle to use authentication with certs (x509) and/or symmetric password in both sides here.

MAX_CONECTIONS

Maximum number of simultaneous connections. The default value is 10.

MAX_SIZE

Maximum file size allowed by the server in bytes. The default value is 2000000.

1.5 Tentacle secure configuration

Both the server and the agents can use a secure configuration with SSL and/or password using Tentacle. The communication can be established tentacle_client -> tentacle_server, or tentacle_client -> tentacle_proxy -> tentacle_server.

Template warning.png

To use tentacle secure improvements, please, verify package perl(IO::Socket::SSL) is available in your system.

 



The most common actions are:

Simple file transfer with password authentication:

Extra parameters in the tentacle server setup

-x password

Extra parameters in the client side (TENTACLE_EXT_OPTS)

 -x password

Secure file transfer without client certificate:

Extra parameters in the tentacle server setup

 -e cert.pem -k key.pem

Secure file transfer with client certificate:

Extra parameters in the tentacle server setup

 -e cert.pem -k key.pem -f cacert.pem

Extra parameters in the client side (TENTACLE_EXT_OPTS)

 -e cert.pem -k key.pem 

Secure file transfer with client certificate and additional password authentication:

Extra parameters in the Tentacle Server setup

 -x password -e cert.pem -k key.pem -f cacert.pem

Extra parameters on the client side (TENTACLE_EXT_OPTS)

 -x password -e cert.pem -k key.pem


1.5.1 Secure configuration, practical case

Here we will explain how to configure the agents and the Tentacle server for a secure connection, using Tentacle proxy as well.

Firstly, it is recommended to carry out the previous testing manually from the shell terminal to make sure that the configuration, parameters and certificates are correct.

Manual testing:

1. Start tentacle_server manually:

 sudo -u user tentacle_server -x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem -s /tmp -v

2. Start proxy manually (only if a Tentacle proxy will be used, if not, skip this step):

 sudo -u user tentacle_server -b ip_server -g 41124

3. Launch tentacle_client manually:

 sudo -u user tentacle_client -a ip_proxy/ip_server -x password -e tentaclecert.pem -k tentaclekey.pem -v /bin/ls (or any file)


Template warning.png

It is necessary to ALWAYS specify the absolute path where the certificates are stored, for example /home/tentaclecert.pem

 


Once you check that the file has been successfully sent, you can proceed to permanently configure tentacle_server and the clients.

To configure tentacle_server with the secure certificate options, edit the starting script of the tentacle_serverd service, commonly on /etc/init.d/tentacle_serverd, the same for the intermediate proxy. To configure the agents to use the secure tentacle communication, edit the configuration files of the pandora_agent.conf agent, commonly on /etc/pandora/pandora_agent.conf.

Permanent configuration:

1. Start the server with SSL. Modify the /etc/init.d/tentacle_serverd script. Search the line TENTACLE_EXT_OPTS, and add "-x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem". It should look like this:

 TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"

2. Start the proxy. Modify the /etc/init.d/tentacle_serverd script on the system that will act as a proxy. Same as in the previous step, search for the line TENTACLE_EXT_OPTS, and add "-b ip_server -g 41121". Like this:

 TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -b 192.168.70.208 -g 41121"

3. Launch the agent with the related options. Modify the pandora_agent.conf file, search the token server_opts and add "-x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem". Do not forget to set the token server_ip with the ip of the proxy instead of the main server if you use it. It should look like this:

 server_opts -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem


Info.png

If you do not want to use any of these options, like for example the password, just do not set it on the configuration.

 


1.6 Tentacle data compression (>=7.0SP725)

On-the-wire data compression can be enabled from the Tentacle client with the -z command line option, decreasing the size of transferred data at the expense of CPU load.

1.6.1 Pandora FMS Agent

Edit the /etc/pandora/pandora_agent.conf file and add -z to server_opts. E.g.:

server_opts -z

1.6.2 Satellite server

Edit the /etc/pandora/satellite_server.conf file and add -z to server_opts. E.g.:

server_opts -z

1.7 Pandora Web Robot Daemon (PWRD)

Pandora Web Robot Daemon is a service from Enterprise version that provides the necessary tools to automate web browsing sessions. It is part of the WUX feature. It is available in the module library.

It contains:

  • Firefox browser binary version 46
  • Pre-built profile for recording and running web browsing sessions
  • Session Automation Server
  • Web browsing session recorder (. xpi)

For more information related to PWRD, please follow this link.

2 WEB Console

Pandora FMS web console has a configuration file which is created and configured automatically while it is being installed. Its location is: /consolepath/include/config. php. For example in CentOS systems:

/var/www/html/pandora_console/include/config.php

2.1 Configuration File config.php

The configuration options in the file are included in the header, and these are:

$config["dbtype"]

Type of database used. It is MySQL by default.

$config["dbname"]

Database name to connect to. The default value is 'pandora'.

$config["dbuser"]

Username for the connection to Pandora FMS database. The default value is 'pandora'.

$config["dbpass"] Password for the connection to Pandora FMS database.

$config["dbhost"]

IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as the server, which is 'localhost'.

$config["homedir"]

Directory where the Pandora FMS web console is located. This is usually '/var/www/pandora_console' or '/srv/www/htdocs/pandora_console'.

$config["homeurl"]

Base directory for Pandora FMS. This is usually '/pandora_console'.

$config["public_url"]

The full URL is set with the string value, the value is the URL inside Pandora FMS Server if you use an inverse proxy e.g. 'mod_proxy' from Apache.

2.1.1 Redirection to '/pandora_console' from /

If you only have one Pandora FMS in your Apache server, then it is possible that you could benefit by automatically redirecting '/pandora_console' when users connect with the URL of their server. To do this, create the following file index.html and put it in the web server root directory ('/var/www' or '/srv/www/htdocs'):

In case users connect with the URL / of their server, you can create the following file index.html and put it in the web server's root directory:

 <html>
 <head>
 <meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
 </head>
 </html>

2.2 Apache Configuration

Pandora FMS has a series of folders with some files that complete its functionality. To avoid accessing these files, some folders in the console have a .htaccess file that restricts access to them. For this to be effective in the Apache configuration, it is necessary to allow these permissions to be overwritten using htaccess, for which the token AllowOverride must be set to All.

Go back to Pandora FMS Documentation Index