Pandora: Documentation en: Configuration
Pandora FMS has three essential components essential to configure correctly for good functioning, which are the web console, the server and the database.
Even if you already have a Pandora FMS installed and running, if you have installed it through the appliance software, consider adjusting and revising the configuration for a much more optimal operation.
You may get more information about Pandora FMS optimization in this section. In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.
- 1 Server
- 1.1 Configuration File Elements
- 1.1.1 servername
- 1.1.2 incomingdir
- 1.1.3 log_file
- 1.1.4 snmp_logfile
- 1.1.5 errorlog_file
- 1.1.6 daemon
- 1.1.7 dbengine
- 1.1.8 dbname
- 1.1.9 dbuser
- 1.1.10 dbpass
- 1.1.11 dbhost
- 1.1.12 dbport
- 1.1.13 verbosity
- 1.1.14 master
- 1.1.15 snmpconsole
- 1.1.16 snmpconsole_threads
- 1.1.17 translate_variable_bindings
- 1.1.18 translate_enterprise_strings
- 1.1.19 snmp_ignore_authfailure
- 1.1.20 snmp_pdu_address
- 1.1.21 snmp_trapd
- 1.1.22 snmp_forward_trap
- 1.1.23 snmp_forward_ip
- 1.1.24 snmp_forward_version
- 1.1.25 snmp_forward_secName
- 1.1.26 snmp_forward_engineid
- 1.1.27 snmp_forward_authProtocol
- 1.1.28 snmp_forward_authPassword
- 1.1.29 snmp_forward_privProtocol
- 1.1.30 snmp_forward_privPassword
- 1.1.31 snmp_forward_secLevel
- 1.1.32 snmp_forward_community
- 1.1.33 networkserver
- 1.1.34 dataserver
- 1.1.35 reconserver
- 1.1.36 pluginserver
- 1.1.37 plugin_exec
- 1.1.38 predictionserver
- 1.1.39 wmiserver
- 1.1.40 network_timeout
- 1.1.41 server_keepalive
- 1.1.42 thread_log
- 1.1.43 server_threshold
- 1.1.44 network_threads
- 1.1.45 icmp_checks
- 1.1.46 icmp_packets
- 1.1.47 tcp_checks
- 1.1.48 tcp_timeout
- 1.1.49 snmp_checks
- 1.1.50 snmp_timeout
- 1.1.51 snmp_proc_deadresponse
- 1.1.52 plugin_threads
- 1.1.53 plugin_timeout
- 1.1.54 wmi_timeout
- 1.1.55 wmi_threads
- 1.1.56 recon_threads
- 1.1.57 dataserver_threads
- 1.1.58 mta_address
- 1.1.59 mta_port
- 1.1.60 mta_user
- 1.1.61 mta_pass
- 1.1.62 mta_auth
- 1.1.63 mta_from
- 1.1.64 mta_encryption
- 1.1.65 mail_in_separate
- 1.1.66 xprobe2
- 1.1.67 nmap
- 1.1.68 fping
- 1.1.69 nmap_timing_template
- 1.1.70 recon_timing_template
- 1.1.71 snmpget
- 1.1.72 braa
- 1.1.73 braa_retries
- 1.1.74 fsnmp
- 1.1.75 autocreate_group
- 1.1.76 autocreate_group_force
- 1.1.77 autocreate
- 1.1.78 max_log_size
- 1.1.79 max_log_generation
- 1.1.80 max_queue_files
- 1.1.81 use_xml_timestamp
- 1.1.82 auto_restart
- 1.1.83 restart
- 1.1.84 restart_delay
- 1.1.85 activate_gis
- 1.1.86 location_error
- 1.1.87 recon_reverse_geolocation_file
- 1.1.88 recon_location_scatter_radius
- 1.1.89 self_monitoring
- 1.1.90 self_monitoring_interval
- 1.1.91 update_parent
- 1.1.92 google_maps_description
- 1.1.93 openstreetmaps_description
- 1.1.94 webserver
- 1.1.95 web_threads
- 1.1.96 web_timeout
- 1.1.97 web_engine
- 1.1.98 inventoryserver
- 1.1.99 inventory_threads
- 1.1.100 exportserver
- 1.1.101 export_threads
- 1.1.102 eventserver
- 1.1.103 event_window
- 1.1.104 event_inhibit_alerts
- 1.1.105 icmpserver
- 1.1.106 icmp_threads
- 1.1.107 snmpserver
- 1.1.108 snmp_threads
- 1.1.109 transactionalserver
- 1.1.110 transactional_threads
- 1.1.111 transactional_threshold
- 1.1.112 prediction_threads
- 1.1.113 block_size
- 1.1.114 dataserver_lifo
- 1.1.115 policy_manager
- 1.1.116 event_replication
- 1.1.117 event_auto_validation
- 1.1.118 event_file
- 1.1.119 snmp_storm_protection
- 1.1.120 snmp_storm_timeout
- 1.1.121 text_going_down_normal
- 1.1.122 text_going_up_critical
- 1.1.123 text_going_up_warning
- 1.1.124 text_going_down_warning
- 1.1.125 text_going_unknown
- 1.1.126 event_expiry_time
- 1.1.127 event_expiry_window
- 1.1.128 claim_back_snmp_modules
- 1.1.129 async_recovery
- 1.1.130 console_api_url
- 1.1.131 console_api_pass
- 1.1.132 console_user
- 1.1.133 console_pass
- 1.1.134 encryption_passphrase
- 1.1.135 unknown_events
- 1.1.136 unknown_interval
- 1.1.137 global_alert_timeout
- 1.1.138 remote_config
- 1.1.139 remote_config_address
- 1.1.140 remote_config_port
- 1.1.141 remote_config_opts
- 1.1.142 warmup_event_interval
- 1.1.143 warmup_unknown_interval
- 1.1.144 enc_dir
- 1.1.145 dynamic_updates
- 1.1.146 dynamic_warning
- 1.1.147 dynamic_constant
- 1.1.148 unknown_updates
- 1.1.149 wuxserver
- 1.1.150 wux_host
- 1.1.151 wux_port
- 1.1.152 wux_webagent_timeout
- 1.1.153 syslogserver
- 1.1.154 syslog_file
- 1.1.155 syslog_threads
- 1.1.156 syslog_max
- 1.1.157 sync_port
- 1.1.158 sync_ca
- 1.1.159 sync_cert
- 1.1.160 sync_key
- 1.1.161 sync_retries
- 1.1.162 sync_timeout
- 1.1.163 sync_address
- 1.1.164 logstash_host
- 1.1.165 logstash_port
- 1.1.166 ha_interval
- 1.1.167 ha_monitoring_interval
- 1.1.168 provisioningserver
- 1.1.169 (>= 7.0) provisioningserver_threads
- 1.1.170 provisioning_cache_interval
- 1.1.171 ssh_launcher
- 1.1.172 rcmd_timeout
- 1.1.173 rcmd_timeout_bin
- 1.1.174 User and group
- 1.2 Environment variables
- 1.3 SNMPTRAPD configuration
- 1.4 Tentacle Configuration
- 1.5 Pandora Web Robot Daemon (PWRD)
- 1.1 Configuration File Elements
- 2 WEB Console
Pandora FMS server main configuration can be found in the file
pandora_server.conf is located at
/etc/pandora by default.
From Pandora FMS version 7.0NG.752 onwards, it is possible to make some modifications related to the Pandora FMS server using a graphical interface, without the need to access the configuration file in plain text (neither through terminal nor from the web console).
To do this, the remote configuration should be previously enabled inside the
pandora_server.conf configuration file. You should access to the servers view, and then click on the remote configuration icon enabled in the data server line.
There you may find in the first section, 'Server Features,a token next to the server to enable or disable it accordingly.
There is also a second configuration part, Optimization settings, devoted to optimization settings. In this section you will be able to modify parameters such as the timeout times or the threads dedicated to the servers.
And finally, a space reserved for other configurations: Other server settings. This section includes the possibility of indicating the group ID to which the agents that are added to the Pandora FMS environment will be assigned by default if one is not specifically indicated during its creation. Force auto-creation and enable agent auto-creation when receiving data files with an agent ID that does not exist in the system.
1.1 Configuration File Elements
It is a UNIX standard plain text file, where unused variables or comments are preceded by character
#. If you are editing from MS Windows®, make sure to use an editor that supports that format. Eventually, if you need to encrypt specific characters check the Pandora FMS Change remote config encoding parameter. All file configuration parameters are listed below.
It is the name that the server will have when it is displayed in the console. By default it is commented and uses the name of the machine for the operating system.
Changing the name once it is running could cause remote checks to stop working, since the default server would have to be reconfigured in all existing agents to use the new server, as well as deleting the old server name from the server list.
It is the incoming directory of XML data packages. It is located under
/var/spool/pandora/data_in/ by default. This allows setting up a RAM disk or a very fast hard drive here (SSD, for example) to optimize Pandora MFS.
The Pandora FMS record file (log). It is located under
/var/log/pandora/pandora_server.log by default. This is the main log file and it is very important for debugging.
/var/log/pandora/pandora_snmptrap.log by default. This is a log file from SNMP console that contains all received SNMP traps BEFORE Pandora FMS server processes them.
The Pandora FMS error registry file (log). It is located under
/var/log/pandora/pandora_server.error by default. This log file stores all non-controlled errors or non-captured output from tools executed by the server.
It shows whether or not Pandora FMS server is executed as a daemon. If the server is launched with the
–D option, it is executed as daemon.
Mysql (default value, MySQL is Pandora FMS database software).
Database name to which the server will connect. The default value is
Username used in the Pandora FMS database connection. It is
pandora by default.
Password for the connection to Pandora FMS database.
IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as that of the server, which is
TCP port where the the database engine listens (optional).
3306 is set by default if the value is commented.
It is the level of detail for server logs. Possible values range from 0 (off) to 10 (maximum level of detail). With a value of 10, the log will show all the executions that the server performs, including modules, plugins and alerts.
The use of high values is not recommended on an ongoing basis due to the large growth of log files, which can cause performance problems in the system.
Master server priority. The server with the highest value (a numerical value, positive and without decimals) that is running will be the master. Ties are resolved at random. If set to 0, this server will never become a master. See the High Availability (HA) chapter for more information.
Enabling it (value
1) indicates that the SNMP trap reception console is enabled in the configuration.
0 that it is not. The console depends on the UNIX
snmptrapd service and stops and starts it when Pandora FMS boots. Before starting Pandora FMS, verify that the
snmptrapd process has not been started in the system.
Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to
1 by default.
1, the SNMP console will attempt to translate variable
bindingswhen processing SNMP traps. Set to
1(default value), the SNMP console will attempt to translate enterprise strings when processing SNMP traps.
Snmptrapd will ignore the
authenticationFailure traps in case of it being activated,
1 (default value).
If enabled (value
1) Snmptrapd will read from the Protocol data units (PDU) address instead of the agent address. Its value is
0 by default.
Path to the
snmp_trapd binary. If set to manual, the server will not attemp to start
snmp_trapd. Its value is manual by default.
1) or disables (
0) SNMP trap forwarding to the host specified in snmp_forward_ip.
IP address of the host to which SNMP traps will be forwarded to.
Bear in mind that setting a forwarding address to Pandora FMS itself will cause a forwarding loop that will make the Monitoring Server collapse.
SNMP version to use when forwarding SNMP traps. This token can only have the following values:
Only for SNMP version 3. It defines the authentication security name. More information at snmpcmd's guide.
Only for SNMP version 3. It defines the authorized engine ID. More information at snmpcmd's manual.
Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:
More information at snmpcmd's manual.
Only for SNMP version 3. It defines the authentication password. For more information, go to snmpcmd's manual.
Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:
More information at snmpcmd's manual.
Only for SNMP version 3. It defines the privacy pass phrase. More information at snmpcmd's manual.
Only for SNMP version 3. It defines the security level. This token can only have the following values:
SNMP community to be defined (
1 enables the Pandora FMS Network Server,
0 disables it.
1 enables the Pandora FMS Data Server,
0 disables it.
The Data server is a special server that also performs other delicate tasks. If you have several Pandora FMS servers in your installation, at least one of them must have a
Network discovery server, now called Pandora FMS Discovery server: enabled
1 or disabled
Pandora FMS remote plugin server:
Shows the absolute path to the program which executes the plugins in a controlled way in time. The default value is
/usr/bin/timeout. If your base system does not have this command, use
/usr/bin/pandora_exec instead, which is included in Pandora FMS.
1 enables Pandora FMS Prediction Server,
0 disables it.
1 enables Pandora FMS WMI Server,
0 disables it.
It is the timeout -in seconds- for ICMP checks. Its value is
2 seconds by default. If you are going to perform checks on WAN networks, it is advisable to increase this value to avoid false positives taking into account that some checks may require more time.
It is the time -in seconds- before declaring the server down. Each server checks the status of the servers around it, and in case the date of last update of one of them exceeds this value, it will mark it as down. This affects, to how High Availability (HA) works, in the case of having several servers.
It is essential that if you have multiple servers, all their internal clocks are synchronized through NTP.
0 unless you are debugging your Pandora FMS Server.
1 causes server threads to periodically dump their status to disk at:
/tmp/<server name>.<server type>.<thread number>.log
[[email protected]]# cat /tmp/pandorafms.* 2017-12-05 09:44:19 pandorafms dataserver (thread 2):[CONSUMER] Waiting for data. 2017-12-05 09:44:39 pandorafms dataserver (thread 3):[PRODUCER] Queuing tasks. 2017-12-05 09:44:40 pandorafms eventserver (thread 21):[CONSUMER] Waiting for data. 2017-12-05 09:44:40 pandorafms eventserver (thread 22):[PRODUCER] Queuing tasks. 2017-12-05 09:44:14 pandorafms inventoryserver (thread 17):[CONSUMER] Waiting for data. 2017-12-05 09:44:39 pandorafms inventoryserver (thread 18):[PRODUCER] Queuing tasks. 2017-12-05 09:44:14 pandorafms networkserver (thread 4):[CONSUMER] Waiting for data. 2017-12-05 09:44:14 pandorafms networkserver (thread 5):[CONSUMER] Waiting for data. 2017-12-05 09:44:14 pandorafms networkserver (thread 6):[CONSUMER] Waiting for data. 2017-12-05 09:44:14 pandorafms networkserver (thread 7):[CONSUMER] Waiting for data. 2017-12-05 09:44:39 pandorafms networkserver (thread 8):[PRODUCER] Queuing tasks. 2017-12-05 09:44:14 pandorafms pluginserver (thread 13):[CONSUMER] Waiting for data. 2017-12-05 09:44:39 pandorafms pluginserver (thread 14):[PRODUCER] Queuing tasks. 2017-12-05 09:44:14 pandorafms predictionserver (thread 15):[CONSUMER] Waiting for data. 2017-12-05 09:44:39 pandorafms predictionserver (thread 16):[PRODUCER] Queuing tasks. 2017-12-05 09:44:39 pandorafms reconserver (thread 10):[PRODUCER] Queuing tasks. 2017-12-05 09:44:14 pandorafms reconserver (thread 9):[CONSUMER] Waiting for data. 2017-12-05 09:44:15 pandorafms webserver (thread 19):[CONSUMER] Waiting for data. 2017-12-05 09:44:40 pandorafms webserver (thread 20):[PRODUCER] Queuing tasks. 2017-12-05 09:44:14 pandorafms wmiserver (thread 11):[CONSUMER] Waiting for data. 2017-12-05 09:44:39 pandorafms wmiserver (thread 12):[PRODUCER] Queuing tasks.
The number of seconds for the main loop. Its value is '5' by default.
This is a very important value for server configuration, it defines how many times Pandora FMS will search to see whether there are pending data in the database or in the hard disk (to search XML files). 5 to 15 is a valid value in most cases. If set to 1, the CPU usage will go up a lot. You can use the value 1 for special occasions, such as when Pandora FMS has been stopped for some time and there are many XML files and network tasks to process. When set to 1, it will process the pending tasks a little faster, but when it is finished, it should be set between 5 and 15 again.
With very low values and high load, there will be an "overheating" effect that progressively increases the CPU and memory consumption of the server.
This value together with the
max_queue_files parameters are used to configure server performance.
Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires many more server resources. Having more than twenty threads requires having a machine with many independent processors or cores.
It defines the number of pings to each '
icmp_proc module. At least one of these checks has to return 1 to the module to be classified as correct. Its default value is 1. If you set '5' here and the first ping is OK, the other 4 will be skipped.
In case of networks that have limited reliability, it is recommended to key in 2 or 3. A higher number will cause the rate of checks per second to decrease significantly in the event of any network segment failure.
Do not mistake it with the
icmp_packets parameter which refers to the number of packets within the ping itself. The
icmp_checks value defines the number of pings, each with its
Defines the number of ICMP packets sent in each ping request.
1 by default.
Number of TCP retries in case the first one fails. Its default value is
Specific timeout for TCP connections. The default value is
A high number (>40) will cause the rate of checks per second to decrease significantly in the event of a network segment failure.
Number of SNMP retries in case the first one fails. The default value is
Specific expiration time for SNMP connections. Its default value is
A high number will cause the rate of checks per second to decrease significantly in the event of a network segment failure.
DOWN if it is impossible to connect with a boolean SNMP module (proc) or if it gets
NULL as a response. If set to
0, it is ignored.
Number of threads for the remote plugin server. It shows how many checks could be done simultaneously.
Timeout for checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is
5, but you may want to raise it to a higher value in case you have plugins that may take longer than that.
Expiry time of WMI checks. After this time, the module status will be displayed as unknown. Its default value is
Number of threads for the WMI server. It shows how many checks can be done simultaneously.
Number of threads for the network recon server. It shows how many checks can be done simultaneously.
Number of threads for the data server. Shows how many XML files can be processed simultaneously. As a specific rule for the dataserver, a number of threads higher than the machine's physical processors should not be used.
In the specific case of the dataserver, a value higher than 5 or 6 does not imply better performance.
Mail Server IP address (Mail Transfer Agent).
If you are using a Pandora FMS ISO installation and you want to use the Postfix server distributed in it, make sure that your Pandora FMS server is able to resolve through its DNS server the mail server in charge of your e-mail domain.
Also, make sure in this case that your mail server accepts the emails redirected from Pandora FMS server.
If not set, Pandora FMS Console configuration will be used. It is possible to have a different MTA configuration for the Pandora FMS Server and the Pandora FMS Console.
Mail server port (
25 by default)
Mail server user (if necessary for authentication).
Mail server password (if necessary for authentication).
Mail server authentication system if necessary; the supported values are:
Mail address from which messages will be sent. The default value is
SMTP connection encryption type (
1 by default. If set to
1, it delivers separate mail for each recipient.
If set to
0, the mail will be shared among all recipients.
If provided, it is used to determine the operating system of the remote systems, when a recon network task is launched. The default path is
Required for the Discovery server. The default path is
Required for the ICMP server. It is located at
/usr/sbin/fping by default.
A value that specifies how aggressive nmap should be, from
1 means slower but more reliable,
51 means faster but less reliable.
2 set by default.
It is just like the nmap_timing_template, but applied to Satellite Server and Recon Server network scans.
Required for SNMP checks. The default path is
/usr/bin/snmpget. It refers to the location of the SNMP standard client for the system. In the case of Windows, a binary is provided for this purpose.
Location of the braa binary required for the Enterprise SNMP server (default path is
Number of retries before braa hands a module over to the Network Server in case of an error.
Path to the pandorafsnmp binary, used by the Enterprise SNMP Server for SNMPv3 requests (
/usr/bin/pandorafsnmp by default).
Numeric ID of the default group for new agents, created with the data server through the datafile reception. If there is no defined group here, the agents will be created in the group containing the XML.
If set to
1, new agents will be added to the group specified by autocreate_group (the group specified by the agent will be used as fallback).
If set to
0, new agents will be added to the group specified by the agent (the group specified by autocreate_group will be used as fallback).
For example, with the following configuration a new agent would be placed in the group specified in its XML data file if possible, or the group with ID 10 if not:
autocreate_group 10 autocreate_group_force 0
Setting it to
1 will autocreate agents when data files with an agent ID that does not exist in the system are received.
Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to
pandora_server.log.old and the server generates a new one with the original name,
pandora_server.log. Default size is 65 536 Bytes.
It specifies max generation count (between
9) of Pandora FMS server log files. The default value is
Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by incomingdir. This prevents the Data Server from trying to process too many files, which would affect server performance. The default value is 5000.
Incremental modules may not work properly if this value is not high enough to hold all the XML data files.
It is enabled (
1) by default and it uses the date and time (timestamp) defined inside the XML (
.data), that is, the timestamp generated by the agent.
If disabled (
0), it will use the timestamp of the XML file, that is the server's timestamp. This could be useful to globally disable the use of dates generated by agents and just use the server's date and time as a reference for all data, because this timestamp is generated right when Pandora FMS server receives the XML.
These settings changed in Pandora FMS 747 version. In previous versions this token is disabled by default.
There is a similar feature at agent level, so that the agent data gets evaluated with the date the file was received.
Deactivated by default. If activated (value in seconds) it forces the server to restart internally every N seconds (1 day = 86400). This option is useful if degradation is noticed due to the uncontrolled failure of some thread or specific Pandora FMS server.
It is disabled by default (
0). The server will restart in the face of critical errors after a few seconds.
The default value is
60. The number of seconds the server will wait before restarting after a critical error if restart is enabled.
1) or disable (
0) server GIS features.
Margin of error in meters to consider two GIS locations as the same location.
Recon reverse geolocation file. This file must be in MaxMind GPL format (
GeoLiteCity.dat format). If this option is commented on in the configuration file, it will disable geolocation by IP when creating agents using recon and software agents. Geolocation will not be carried out either if the GIS features (activate_gis) are disabled overall.
Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. The center of the circle is found out by geolocating the IP.
The server has a self monitoring flag which creates an agent with the same name as the server, which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter
self-monitoring must be set to
Time interval for self_monitoring in seconds.
Defines whether the agent can update its parent by sending the parent name in XML, but if the parameter is not set or is 0, then the agent information will be ignored.
If this is not the case, when the server receives an XML with the
parent_name attribute, it searches for an agent with this name, and if it finds it, it updates the parent of the XML agent.
This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Google Maps API. To be able to use this feature you need internet access, and you can have performance penalties processing GIS information due to the connection speed against Google API from Pandora FMS server.
The Google Maps API is a paid service and requires credentials, you will need to obtain the KEY API and pay, otherwise the service will be suspended after a couple of days of use.
This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the OpenStreetMaps API. This service is not as accurate as Google Maps, but it is free. It also has the advantage that it can - through code modifications - be modified to connect to a local server.
If used with direct Internet connection (default), Internet access is required, and you can have performance penalties processing GIS information to the OpenStreetMaps API from Pandora FMS server due to the connection speed.
WEB check server, which can be enabled (
1) or disabled (
0). It is also known as Goliat server. It has nothing to do with the Web User Experience (WUX) monitoring server.
Number of threads assigned to the WEB test server (Goliath). It shows how many simultaneous threads are assigned to this component.
Default expiration time in seconds for web monitoring modules (Goliath).
cURL is used by default from version 747 onwards. Set this parameter to
LWP to use Library for WWW in Perl (LWP) instead of cURL for web monitoring.
1 enables the Pandora FMS Inventory Server,
0 disables it.
Number of threads assigned to the remote inventory server.
1 enables Pandora FMS Export Server,
0 disables it.
Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.
1 enables Pandora FMS Event correlation Server,
0 disables it (default value is
Event window: It is the time window (in seconds) where the event server will look for events. For example, if set to '3600', the event server will check events generated within the last hour. If you have rules where the time window is longer, you will have to modify this value. A very large value will cause the system to degrade and require more resources (CPU, RAM) to operate.
If set to
1, an alert will not be executed (unless it is recovered) if the last event it generated is in 'in progress' status.
0 by default.
1) or disables (
0) the Enterprise ICMP server.
The ICMP Enterprise server uses the fping binary binary to perform ICMP requests in bulk. If this component is not enabled, the network server will run the checks, but with a much worse performance.
Number of threads for the ICMP Enteprise server (default value is
Pandora FMS snmp server enabled (
1) or disabled (
The SNMP Enterprise server uses the braa binary to execute SNMP queries in block. If this component is not enabled, the network server will run the checks.
Number of threads for Enteprise SNMP server (default value is
Pandora FMS transactional server enabled (
1) or disabled (
1 by default. The presence of this parameter is a mere transaction, its modification will not alter the operation of the transactional server.
Maximum number of seconds that a Transactional server transaction may take.
Number of threads for the prediction server.
Block size for block producer / consumer servers, which is the number of modules per block (the default value is
15). This affects to how requests are processed by SNMP Enterprise and ICMP Enterprise servers.
If enabled (
1), XML data files will be processed in a stack instead of a queue, and stale data (i.e., data with a timestamp older than its module's current timestamp) will not trigger events or alerts. Disabled (
0) by default.
Incremental modules will lose resolution if XML data files pile up, since newer data will be processed first, causing older data to be discarded.
If active (
1), the server listens to the policy queue. By default its value is
In case of being active (
1) the process of event replication to Metaconsole is performed. This process will not be activated if it is not correctly configured in the console. By default its value is
In case of being active (
1) new created events autovalidate previous events of the same module. Its value is
1 by default.
This configuration option allows to specify a text file in which the events generated by Pandora FMS in CSV format will be written. Enabling this option adds a Pandora FMS performance penalty.
There is no rotation mechanism for this file, you will have to take it into account since it can grow considerably.
Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.
Time interval for snmp_storm_protection in seconds.
E.g. to prevent a single source from sending more than 1000 traps per 10 minutes:
snmp_storm_protection 1000 snmp_storm_timeout 600
Text for the event that is generated when a module goes into normal status. It supports the
Text to be displayed in module events going into critical status. It supports the
Text to be displayed in module events going from 'normal' into warning status. It supports the
Text to be displayed in module events going from 'critical' into warning status. It supports the
Text to be displayed in module events going into unknown status. It supports the
Events older that the specified time (in seconds) will be auto-validated. Set it to
0 to disable this feature.
For example, to automatically validate events 10 hours after they were generated, just use the command:
This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be higher than event_expiry_time.
The default value is the equivalent of one day:
If set to
1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (
pandora_db) is run.
If set to
1, asynchronous modules that do not receive data for twice their interval will become normal. Set to
0 to disable.
Console's api direction. Usually, the direction of the server and the console ending with the route
Password of the console's API. This password can be found in the general section of the setup and can be left empty.
Console user with permissions to execute API-required actions, like getting a module graph image to add it to an alert email, among others.
For security reasons, it is recommended to use an exclusive user for the API. Such user should not have permission for interactive access to the console, and use of the API should be restricted to only a set of well-known IPs.
Password of the API user for the Console.
An encryption phrase used to generate the key for the encrypted password. It is commented by default.
If active (
1), events for
unknown module status will be enabled. The value set by default is
Time interval (as a multiple of the module interval) before a module becomes unknown. It equals twice the module's interval by default.
Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to
0, Pandora FMS Server ignores it and alert execution will not be interrupted.
This parameter controls whether it is possible to configure the server remotely from the console in the server view. It works by Tentacle in a similar way to the remote configuration of the software agents..
IP address of the machine where remote configuration files will be sent. It is
localhost by default.
Tentacle port for remote configuration. It is 41121 by default.
Allows to give additional parameters to the Tentacle client for advanced configurations. They should appear between quotation marks (e.g.
"-v -r 5").
In seconds, it specifies the time it will take until status change events are generated again and runs alerts after a server restart.
In seconds, it specifies how long it takes for modules to go into unknown status after a server restart.
The number of times dynamic thresholds will be recalculated per dynamic interval.
Percentage relative to the length of the critical interval used to calculate dynamic
warning thresholds. The lower the value, the closer the
warning thresholds will be.
Percentage relative to the module's average used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.
0 by default. If set to
1, unknown modules will be periodically updated, instead of only once when they become unknown. Alerts associated to unknown modules will be periodically evaluated too.
It enables Web User Experience Analysis (WUX) server. It requires configuration of
It indicates the IP address / FQDN of the server hosting the Pandora Web Robot Daemon service (PWRD).
It indicates the port of the Pandora Web Robot Daemon service (PWRD). Its default value is
Maximum time to connect to a destination web address and Selenium server. It is commented by default, with the value
1 enables Pandora FMS Syslog Server,
0 disables it.
Full path to syslog's output file. For example:
Number of threads for the Syslog Server.
Maximum number of lines read by the Syslog Server on each run.
Communication port of the Sync server. It is commented by default, with the value
CA certificate path to sign certificates to configure SSl communication of the Sync server. It is commented by default, with path
Server certificate path for configuring SSl communication of the Sync server. It is commented by default, with path
Private key path of the server certificate for configuring SSl communication of the Sync server. It is commented by default, with the path
Number of attempts to make the connection with the Sync server. It is commented by default, with the value
Maximum connection time with the Sync server. It is commented by default, with the value
Address of the Tentacle server for the Sync server.
Outdated from version 749 NG. Name or IP of the machine with Logstash installed.
Outdated from version 749 NG. Port of the machine with Logstash installed.
Execution interval in seconds of Pandora FMS HA Database tool. It is commented by default, with the value
Monitoring interval, set in seconds, of the Pandora FMS HA database tool. It is commented by default, with the value
1 enables Pandora FMS Provisioning Server (Metaconsole),
0 disables it.
1.1.169 (>= 7.0) provisioningserver_threads
Number of threads for Provisioning Server (Metaconsole).
Provisioning Server (Metaconsole) cache refresh interval in seconds (500 by default). The cache contains all the configured Pandora FMS nodes.
It indicates the absolute path to the script ssh_launcher.sh that executes remote execution modules. The default path of the script is:
In seconds, maximum time for the execution of remote execution modules.
10 by default.
This timeout only works to indicate the time that Pandora FMS server will wait to obtain data. The connections will be closed, but the termination of the execution of the command in the remote machine is not assured (this has to be controlled with the command itself).
It indicates the absolute path to the timeout executable for the remote execution modules. It only has effect with the use of Sólo tiene efecto con el uso de
ssh_launcher, connections through plink from Windows to Linux and connections to Windows® systems.
- In Pandora FMS on Windows® the default executable path is:
- In Pandora FMS on Linux the default executable path is:
1.1.174 User and group
From Pandora FMS version 7, it is possible to define in customized installations both the token "user" and the token "group" to indicate which user and group will make the modifications in the console files, such as those related to policies or mass operations or with the
.conf of the agents located at
1.2 Environment variables
Pandora FMS' server supports more options than what the configuration file offers. In some particular cases, environmental variables are necessary because the configuration is done on the machine itself. To do this, the server startup script loads the variables of a file in bash format which is
/etc/pandora/pandora_server.env by default.
The variables that can be configured are the following:
This variable is required to customize the product name displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.
This variable is required to customize the author of the product displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.
1.2.3 Example of an environment variable file
#!/bin/bash PANDORA_RB_PRODUCT_NAME="Custom product" PANDORA_RB_COPYRIGHT_NOTICE="Custom copyright"
1.3 SNMPTRAPD configuration
The SNMP Console of Pandora FMS uses snmptrapd to receive SNMP traps. Snmptrapd is a standard tool, present on almost all UNIX systems, to receive traps and write a logfile. Pandora FMS configures snmptrapd to write a custom logfile and reads it every x seconds, executing alerts if defined.
Previously, snmptrapd accepted traps by default, without explicitly configuring anything. From version 5.3 onwards, the configuration for access control is more restrictive and it does not allow to receive traps from anyone by default.
If snmptrapd runs without a custom configuration, traps are not received and Pandora FMS cannot show them in the console, because the system rejects them.
You are probably required to configure your snmptrapd using the file
/etc/snmp/snmptrapd.conf. If it does not exist, please check
/var/log/pandora/pandora_snmp.log file for warnings or errors.
snmptrapd.conf could be something similar to this:
authCommunity log public
If does not work on your Linux distribution, please check your snmptrapd version syntax to enable trap reception in your snmptrapd daemon with the command:
1.4 Tentacle Configuration
Yo may get more information about Tentacle protocol in this section.
By default, Pandora FMS software agents send data packages to the server through Tentacle protocol (Port
41121/tcp assigned by IANA). The agent could also be reconfigured to send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. If you want them to send data packages using Tentacle protocol, configure a Tentacle server where this data is intended to be received. By default hen a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.
If it is necessary to adjust some parameters of Tentacle server configuration, it can be done by modifying the script that launches the Tentacle Server daemon directly, which is at:
Furthermore, there is a list of the different options for Tentacle Server configuration:
- The path to the entry directory of data. The default path is
- The Tentacle daemon. The default command is
- The path to the Tentacle binary. The default path is
- User from which the Tentacle daemon will be launched. The default value is
- Direction to listen to data packages. If you set 0.0.0.0., it listens to all of them. The default value is to listen in all directions. This is true when its IP is
- The listening port for package reception. It is
41121(official port assigned by IANA) by default.
- Additional options for executing the Tentacle server. You can set up Tentacle to use authentication with certificates and/or symmetric password.
- Maximum number of simultaneous connections. The default value is
- Maximum file size allowed by the server in bytes. The default value is
1.5 Pandora Web Robot Daemon (PWRD)
Pandora Web Robot Daemon is a service from Enterprise version that provides the necessary tools to automate web browsing sessions. It is part of the WUX feature. It is available in the module library.
- Firefox browser binary version 46.
- Pre-built profile for recording and running web browsing sessions.
- Session Automation Server.
- Web browsing session recorder (
For more information related to PWRD, please follow this link.
2 WEB Console
Pandora FMS web console has a configuration file which is created and configured automatically while it is being installed. Its location is: /consolepath/include/config. php. For example in CentOS systems:
2.1 Configuration File config.php
The configuration options in the file are included in the header, and these are:
- Type of database used. It is MySQL by default.
- Database name to connect to. The default value is
- Username for the connection to Pandora FMS database. The default value is
- Password for the connection to Pandora FMS database.
- IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as the server, which is
- Directory where the Pandora FMS web console is located. This is usually
- Base directory for Pandora FMS. This is usually
- The full URL is set with the string value, the value is the URL inside Pandora FMS Server if you use an inverse proxy e.g.
2.1.1 Apache server redirection
If you only have one Pandora FMS in your Apache server, then it is possible that you could benefit by automatically redirecting
/pandora_console when users connect with the
/ URL of their server. To do this, create the following file
index.html and put it in the web server root directory (
<html> <head> <meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php"> </head> </html>
2.2 Apache Configuration
Pandora FMS has a series of folders with some files that complete its functionality. To avoid accessing these files, some folders in the console have a
.htaccess file that restricts access to them. For this to be effective in the Apache configuration, it is necessary to allow these permissions to be overwritten using
htaccess, for which the token
AllowOverride must be set to