Difference between pages "Pandora: Documentation en: Configuration Agents" and "Pandora: Documentation en: Discovery"

From Pandora FMS Wiki
(Difference between pages)
Jump to: navigation, search
(module_plugin)
 
(NetScan)
 
Line 1: Line 1:
= Pandora FMS Software Agents =
 
  
== What is a software Agent? ==
+
=What is Pandora FMS Discovery?=
  
As its name indicates, they are small pieces of software that are installed in the operating systems and remain running in them to extract monitoring information and send it to the Pandora FMS server regularly.
+
{{Tip|Available for Pandora FMS 732 versions or higher.}}
  
They use the commands and tools of the operating system in which they are installed to obtain the information. They conform the data in a file in XML format and send them to the Pandora FMS data server, which processes and stores them in the database.
+
Discovery provides a set of tools to simplify monitoring through wizards.
  
Each of the individual checks is called ''Module''.
+
The following tools are included:
  
== Introduction to the Agent Configuration ==
+
;Task list: Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
 +
;Discovery Applications: It allows to monitor MySQL, Oracle or VMware environments from a new management console.
 +
;Discovery Cloud: Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
 +
;Console Tasks: It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
 +
;Discovery Host&Devices: It includes the tools needed to discover or import devices and equipment to your network.
  
The operation of the software agent is determined by its configuration file, called ''pandora_agent.conf'', located in the installation directory on Windows systems, and ''/etc'' on Linux systems.
+
<center>
 +
[[File:discovery1.png]]
 +
</center>
  
The configuration file contains all the operating parameters and modules of that agent.
+
=Discovery Task list=
  
== General Agent Parameters ==
+
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
  
The Configuration of the General Agent Parameters is defined in this section. Some of them are common for all systems and others are intended specifically for Windows or Unix machines. The general parameters are:
+
<center>
 +
[[File:DISC_Task_list_1.JPG]]
 +
</center>
  
 +
==Console tasks==
  
{{warning|The first time the server receives data from an agent is going to save all of the information into the database. For the following received data it will only update (depending on learning mode status enabled/disabled) the following fields from XML file: '''version''', '''date''', '''OS version''', and the following parameters from the configuration file: '''gis_exec''', '''latitude''', '''longitude''', '''altitude''' '''parent_agent_name''', '''timezone_offset''', '''address''' and '''custom_field'''.}}
+
This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:  
  
===server_ip===
+
* User: It is the user who created the task.
 +
* Task: Description of the programmed task
 +
* Scheduled: It specifies how often the task will be executed.
 +
* Next Execution: It specifies the next task execution.
 +
* Last Execution: It indicates when the task was last executed.
 +
* Group: The group to which the task belongs.
 +
* Operations: It shows the actions that can be performed on the task, such as editing and deleting.
  
The IP address or the name of the Pandora FMS Server Host where all data will be stored.
+
===Edit Console tasks===
  
===server_path===
+
This button allows access to the creation section, where the desired task can also be edited according to the following parameters:
  
The server path is the comprehensive file path where the server stores all the data sent by the agents. The default path is ''/var/spool/pandora/data_in''.
+
* Task: The task that will be executed among the following:
 +
** Backup Pandora FMS database.
 +
** Execute custom script.
 +
** Save custom report to disk.
 +
** Save custom XML report to disk.
 +
** Send custom report (from template) by email.  
 +
** Send custom report by email.
  
===temporal===
+
* Scheduled: It is used to specify how often the task will be executed.
 +
* Next execution: It shows the date of the next execution, being able to modify it if necessary.
 +
* Group: Group to which the task belongs.
 +
* Parameters: They are the specific parameters of each task.
  
The path where the agent stores the data files before they are sent to the server and deleted locally.
+
==== Parameters of different tasks ====
 +
<br>
 +
;Backup Pandora FMS database:
 +
* Description: Backup description.
 +
* Save to disk in path: Path where the backup will be stored.<br><br>
 +
;Execute custom script:
 +
* Custom script: The script to be executed will be indicated.<br><br>
 +
;“Save custom report to disk” and “Save custom XML report to disk”:
 +
* Report pending to be created: The report to be created.
 +
* Save to disk in path: Path where the created report will be stored.<br><br>
 +
;Send custom report (from template) by email:
 +
* Template pending to be created: Custom template to be created.
 +
* Agents: Agents from which the information that will be reflected in the report will be obtained.
 +
* Report per agent: If you wish to generate separate reports for each report.
 +
* Report name: Name that you wish to give the report.
 +
* Send to email addresses: Email addresses to which the report will be sent.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.<br><br>
 +
;Send custom report by email:
 +
* Report pending to be created: Report to be generated.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.
 +
* Report Type: Type of report that will be sent.
  
===description===
+
==Server tasks==
  
Sends the description of the agent in XML and Pandora FMS imports this description when it creates the Agent.
+
This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:
  
===group===
+
* Force: Option that will allow forcing the task execution.
 +
* Task name: Name assigned to the task.
 +
* Server name: Server that will execute the task.
 +
* Interval: Time interval during which the task will be performed.
 +
* Network: Network where the checks will be made.
 +
* Status: Status of the scheduled task.
 +
* Task type: Type of the task that has been generated.
 +
* Progress: Progress of the task in case of being executed.
 +
* Updated at: It indicates when the task was last executed.
 +
* Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.
  
If there is a group with the name specified in this parameter, the agent will be created within this group unless the server forces the creation of all agents in a given group.
+
===Operations===
  
===temporal_min_size===
+
The edition of the server recognition tasks allows to adjust the following parameters:
  
If the free space (in MB) of the partition in which the temporary directory is located is lower than this value, it won't continue generating data packets. This prevents the disk from being full if for any reason connection to the server is lost for an extended period of time.
+
* Interval: The task execution interval can be set, either manually or defined.
 +
* Task name: Task Name.
 +
* Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
 +
* Network: Network on which the checks are to be carried out.
 +
* Group: Group to which it belongs.  
 +
* Comment: Comments to add.
  
===logfile===
+
=Discovery Applications=
  
The path to the Pandora FMS agent events record file.
+
Now, it is possible to monitor applications remotely using ''Discovery Applications''.
  
===interval===
 
  
It is the agent sampling time,  in seconds. Each time this interval is completed, the agent will collect information and send it to the Pandora FMS server.
+
<center>
 +
[[File:discoverysap1.png]]
 +
</center>
  
===disable_logfile===
+
==Discovery Applications: MySQL==
  
This parameter disables log writing in pandora_agent.log. Only for Windows.
+
From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.
  
===debug===
+
For that purpose, it will be necessary to define the following parameters:
  
If it is active (1), the agent data files are stored and renamed in the temporary directory and are not deleted after being sent to the server, being able to open XML files and analyze their content.
+
* Task name: Name of the task that will perform MySQL monitoring.
 +
* Discovery Server: Server that will perform the execution of the specified task.
 +
* Group: Group to which it belongs.
 +
* MySQL server IP: IP of the server where the MySQL environment to be monitored is.
 +
* MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
 +
* User: MySQL user with which to login. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
 +
* Password: MySQL user password specified above.
 +
* Interval: Time interval in which monitoring will be executed.  
  
===agent_name===
+
<center>
 +
[[File:DISCMySQL1.JPG]]
 +
</center>
  
It allows setting a custom name. If it is not enabled, the agent name will be the hostname of the machine.
+
Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.  
  
===(>=5.1SP2) agent_name_cmd===
+
The options to be displayed are the following:
  
Defines the agent name using an external command. If agent_name_cmd is set, agent_name is ignored. The command must return the agent name by STDOUT. If you return more than one line, only the first line will be used.
+
* Target agent: Agent on which the modules resulting from monitoring will be created.  
 +
* Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.  
 +
* Scan databases: It will scan the databases.
 +
* Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
 +
* Check engine uptime: It will check the time that MySQL engine is operational.
 +
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 +
* Analyze connections: It analyzes connections.
 +
* Retrieve InnoDB statistics: It returns InnoDB statistics.
 +
* Retrieve cache statistics: It returns cache statistics.
 +
* Custom queries: It allows defining custom statements.  
  
===(>=7.0) agent_alias_cmd===
+
<center>
 +
[[File:DISCMySQL2.JPG]]
 +
</center>
  
Defines the agent alias using an external command. If agent_alias_cmd is defined, agent_alias is ignored. The command must return the agent name by STDOUT. If you return more than one line, only the first line will be used.
+
==Discovery Applications: Oracle==
  
===address===
+
From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.
  
This is the IP address of the software agent. It could be an IP address with the format X.X.X.X or a domain name such as 'localhost' or 'auto'. If it's an IP address or a domain name, it will be added to the addresses of the agent and established as a main address. If the value is 'auto', it will obtain the IP address from the host and added to the agent as in the previous case.
+
Oracle monitoring will allow to define the following parameters:
  
===encoding===
+
* Task name: Task Name
 +
* Discovery server: Server that will run the Oracle monitoring task.
 +
* Group: Group it belongs to.
 +
* Oracle target strings: Where the target strings of the task will be defined.
 +
* User: Oracle user that will access to perform the monitoring.
 +
* Password: Password of the previously defined user.
 +
* Interval: Execution interval
  
Installs the kind of codification of the local system, such as ISO-8859-15 or UTF-8.
+
<center>
 +
[[File:DISC_Oracle1.JPG]]
 +
</center>
  
===server_port===
+
Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:
  
This parameter allows to identify the remote port of the server that is waiting. By default it's 41121 for Tentacle.
+
* Target agent: Agent that will receive Oracle monitoring information.
 +
* Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 +
* Check engine uptime: It will check the time that Oracle is operational.
 +
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 +
* Analyze connections: It analyzes connections.
 +
* Calculate fragmentation ratio: It calculates the fragmentation rate.
 +
* Monitor tablespaces: It monitors tablespaces. 
 +
* Retrieve cache statistics: It returns cache statistics.
 +
* Execute custom queries: It executes custom queries.  
 +
* Custom queries: it allows to define customized queries.
  
===transfer_mode===
+
<center>
 +
[[File:DISC Oracle2.JPG]]
 +
</center>
  
This parameter specifies the transfer mode we have to install in order send the agent data to the server. Tentacle by default.
+
=== Installing Oracle packages ===
  
=== (>= 6.0) transfer_timeout ===
+
It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS, it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:
  
It is the timeout for file transfer, if the indicated number of seconds is exceeded without completing the transfer, it will be cancelled.
+
* Install oracle instant client from the Oracle page:
 +
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  
===server_pwd===
+
* Required packages:
  
Specific for the password of Windows FTP and for the Tentacle transference mode, although the password for the latter is optional. Server password for authentication with password.
+
  oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
 +
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
 +
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
  
===server_ssl===
+
* Prepare the boot environment of pandora_server:
  
Specific for the Tentacle transfer mode. Allows to authorize ('1') or deny ('0) the SSL network  encryption.
+
{{Warning|In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env}}
  
===server_opts===
+
# Set Oracle environment for pandora_server
 +
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
 +
#!/bin/bash
 +
VERSION=11.1
 +
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
 +
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
 +
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
 +
EOF_ENV
  
Specific for the Tentacle transfer mode. Allows to give additional parameters to the Tentacle client for advanced configurations with security options.
+
* Restart pandora_server
  
Coming with the 3.2 agent version, Tentacle supports the optional use of a HTTP proxy (using CONNECT) mode to send information to the server.  In order to be able to use the output through a proxy, we use the following advanced option (example):
+
/etc/init.d/pandora_server restart
  
server_opts -y user:[email protected].inet:8080
+
{{Warning|If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used}}
  
This will force the Tentacle client to use 'proxy.inet' on port 8080 using "user" and "pass" for authentication. If you intend to use a proxy on e.g. 192.168.1.2 on port 9000 without credentials, the command would have to be:
+
== Discovery Applications: SAP ==
 +
<br>
 +
Discovery Applications has a new family member from Pandora FMS version 741 onwards. This new feature will now be included in the official ISO installation.  
 +
<br>
 +
{{Warning|If you Pandora FMS is installed from packages, or your system is prior to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually (see below).}}
  
server_opts -y 192.168.1.2:9000
+
{{Warning|In order to use SAP in Discovery, configure a specific license number for this plugin, which is not included in Pandora FMS Enterprise license. Configure this license in Setup > Enterprise.}}
  
===delayed_startup===
+
The system will guide you along each step to configure SAP, according to your needs. You may define the same task to monitor systems with similar configurations.
  
This parameter allows the Pandora FMS agent to be configured in order to start working after any specific amount of time (in minutes) after manual execution. It's deactivated by default. This option is only valid on Linux/Unix agents.
+
<center>
 +
[[File:discoverysap2.png]]
 +
</center>
  
===pandora_nice===
+
In the example above, servers sapsample.artica.lan, sap2.artica.lan and 10.0.30.33 use the same client, system and credential configuration, so they can be grouped in the same task.
  
This parameter allows to specify the priority that the Pandora FMS agent process will have within the system. It's only available for Unix / Linux agents.
+
{{Warning|If you need to monitor different configurations, create a task for each configuration.}}
  
===autotime===
+
Select from the list the information about the SAP system you wish to retrieve as shown below:
  
If it's enabled ('1') it sends a timestamp of special execution (AUTO) that makes the server use its local date / time to establish the data time, not paying attention to the time sent by the agent. This is necessary in agents which have a wrong time or a different hour from the server for any reason.
+
<center>
 +
[[File:discoverysap3.png]]
 +
</center>
  
===cron_mode===
+
Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.
  
With this parameter, it's possible to make the agents using the Linux crontab functions to execute itself in a predetermined interval instead of using the agents internal system to execute itself at a certain time. It's deactivated by default.
 
  
===remote_config===
+
=== SAP Discovery connector manual installation ===
  
(Pandora FMS Enterprise only)
+
If your Pandora FMS version was installed before the NG741 version, download the connector and configure it manually.
  
Enables (1) or disables (0) remote agent configuration. Operation is only allowed with Tentacle transfer mode.
+
First, install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.  
  
===xml_buffer===
+
Then you need to download the remote connector/plugin for Linux from SAP, download it from [https://pandorafms.com/library/sap-r3-monitoring-agent/ our library].  
If enabled (1), the agent will save in its temporary directory the XML files that it could not send to the server in case of a connectivity problem. They will be sent when communications are restored.
 
  
===timezone_offset===
+
Configure your pandora_server.conf too, and set the following parameters:
  
The agent can now install its timezone offset with the server. This allows the server to make a scrolling of the time collected by the agent, so that it matches the local time of the server.
+
# Discovery SAP
 +
java /usr/bin/java
 +
 +
# Discovery SAP utils
 +
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP
  
# Timezone offset: Difference with the server timezone
+
In the directory indicated, with the configuration token ''sap_utils'' decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:
timezone_offset 3
 
  
It is calculated by subtracting the agent's timezone from the server's timezone. For example, if the server's timezone is UTC+1 and the agent's timezone is UTC-5, the timezone offset should be 6 = 1 - (-5).
+
Deset_SAP_Plugin.jar
 +
dev_jco_rfc.trc
 +
libsapjco3.so
 +
sapjco3.dll
 +
sapjco3.jar
  
===parent_agent_name===
+
Once the configuration file is modified, restart the Pandora FMS server.
  
Indicates the parent of the software agent. It must be the name of an existing agent in Pandora FMS.
+
=== SAP View ===
 +
<br>
 +
You can see the general state of the SAP system servers in the SAP View.  
  
=== agent_threads <threads> ===
+
<center>
 +
[[File:discoverysap4.png]]
 +
</center>
  
Number of threads the agent is going to launch to execute modules simultaneously.By default, the modules are executed one after the other without launching any additional thread. This is only available in Linux/Unix agents.
+
This view will display a panel with the available SAP modules of the selected SAP agent.  
  
# Number of threads to execute modules in parallel
+
You may select the refresh time and the interval to show in the graphs.
agent_threads 4
+
<br>
 +
<br>
  
===include <filename> ===
+
=== SAP agent view ===
 +
<br>
 +
The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:
  
This file can contain additional modules and collections alongside the ones found in the main configuration file. This token is optional.
+
<center>
 +
[[File:discoverysap5.png]]
 +
</center>
  
===broker_agent <name>===
+
The agent view will provide an overview of the status of the SAP modules for the current agent:
  
Enables broker agent functionality. To activate it, you only need to uncomment the parameter and indicate the name that will be assigned to the broker agent:
+
<center>
 +
[[File:discoverysap6.png]]
 +
</center>
  
broker_agent Name_broker
+
<br>
  
===pandora_user <user>===
+
{{Warning|Java must be installed within the server for SAP integration to work.}}
  
This parameter is optional and allows the agent to be executed with a specified system user. This user has to have permissions to execute the agent and all associated resources.
+
== Discovery Applications: VMware ==
  
===(>= 5.X) custom_id===
+
{{Warning|In case of manual installation or update from a '''Pandora FMS''' version prior to '''732''', it is necessary to install '''SDK''' for VMWare to work properly.}}
  
Custom ID of the agent for external applications.
+
From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.  
  
===(>= 5.X) url_address===
 
  
Custom URL to open it from the agent in the console.
+
<center>
 +
[[File:discoveryapplications2.png]]
 +
</center>
  
===(>= 5.X) custom_fieldX_name===
 
  
Name of an agent custom field which already exists on the system. If doesn't exist, it will be ignored.
+
The following must be specified:
  
Example:
+
* A name to identify the task.
 +
* A Discovery server where to run it.
 +
* A group to which the agents generated by the VMware task will be associated.
  
custom_field1_name Model
+
{{Tip|It must be taken into account that if the Pandora FMS server has the '' autocreate_group '' token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.}}
  
===(>= 5.X) custom_fieldX_value===
 
  
Value for the custom field X defined in the previous parameter.
+
The data required to monitor VMware are:
  
Example:
+
* V-Center IP
 +
* The name of the datacenter (it can be seen through VMware installation management screen).
 +
* User with read permissions.
 +
* User password.
 +
* Monitoring interval.
  
custom_field1_value C1700
+
Password encryption can be enabled by pressing the button '''encrypt passwords'''. This only applies to the wizard in progress.
  
=== (> 5.1 Unix agent only) macro<macro> <value> ===
 
  
Defines a local execution macro that can be used in the definition of a module. These macros are used in the meta console system and local module components system to "abstract" the difficulty of using a module by directly editing the code, presenting  a local interface that allows to "fill in" values to a less advanced user. These values are used below, using a macros system, relatively similar to the macros system of the local plugins.
+
On the next page, VMware monitoring details can be specified:
  
Example:
+
<center>
 +
[[File:discoveryapplications3.png]]
 +
</center>
  
<pre>
+
* Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
module_begin
+
* Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
module_name FreeDisk_opt
+
* Event mode: '''Only for VCenter'''. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
module_type generic_data
+
* Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
module_exec df -kh _field1_ | tail -1 |  awk '{ print $5}' | tr -d "%"
+
* Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Virtual_environment_monitoring#Entity_renaming this section].
module_macro_field1_ /opt
+
<br>
module_end
+
<br>
</pre>
+
<br>
 +
<br>
  
=== (>= 6.0SP5) group_password <password> ===
+
==Discovery Applications: MS SQL==
 +
<br>
 +
This new Pandora FMS integration allows monitoring Microsoft SQL server databases.
  
Password for the agent group. Leave it commented if the group is not password protected.
+
Microsoft <b>ODBC</b> must be installed in the system where Pandora FMS server is running.  
 +
<br>
 +
<br>
 +
{{Tip|From version 745 onwards, ODBC is preinstalled in Pandora FMS ISO.}}
  
=== (>= 7.0) ehorus_conf <path> ===
+
=== How to install Microsoft ODBC ===
  
Absolute path to a valid [https://ehorus.com/ eHorus] agent configuration file. The agent will create a custom field named ''eHorusID'' that contains the eHorus agent's identifying key.
+
* In <b>CentOS 6</b>:
  
=== (>= 7.0OUM713) transfer_mode_user <user> ===
+
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 +
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 +
ACCEPT_EULA=Y yum install -y msodbcsql17
  
User of files copied in the local transfer mode. In console folders, this user must have reading and writing permissions for the remote configuration to work properly. By default it is  ''apache''.
+
* In <b>CentOS 7</b>:
  
== Secondary Server ==
+
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
We can define a secondary server to which the data will be sent in two possible situations depending on the configuration:
+
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 +
ACCEPT_EULA=Y yum install -y msodbcsql17
  
* '''on_error''': Send data to the secondary server only in cases it could not send them to the primary one.
+
Once the ODBC is installed, it might be necessary to set which driver Pandora FMS should use. To that end, check Pandora FMS server configuration file.  
* '''always''': Always send data to the secondary server, no matter if it's able to contact the main server or not.
 
  
Configuration example:
+
/etc/pandora/pandora_server.conf
  
secondary_server_ip    192.168.1.123
+
Once you go to the configuration file, look for the following token:
secondary_server_path  /var/spool/pandora/data_in
 
secondary_mode          on_error
 
secondary_transfer_mode tentacle
 
secondary_server_port  41121
 
  
== UDP Server ==
+
mssql_driver IDENTIFYING STRING
  
The Pandora FMS Agent can be configured to listen to remote commands. This server listens to a UDP port spcified by the user and allows orders to be received from a remote system - usually from Pandora FMS' console through the execution of alerts on the server.
+
The <b>IDENTIFYING STRING</b> parameter can be found in <b>/etc/odbcinst.ini</b> which will be created when installing ODBC.
  
There are several options to configure the UDP remote server. The default file is ''pandora_agent.conf''
+
This is the default string:
  
* '''udp_server''': To activate the UDP server, set it on '1'. This is deactivated by default.
+
ODBC Driver 17 for SQL Server
* '''udp_server_port''': Port where it listens.
 
* '''udp_server_auth_address''': Authorized IP address to send orders. Several Addresses can be set separated by commas. If it is configured with 0.0.0.0, UDP Server will accept orders from all addresses.
 
* '''process_<name>_start <command>''': Command which is going to start a process defined by the user.
 
* '''process_<name>_stop <command>''': Command which is going to stop the process.
 
* '''service_<name> 1''': Allows the service <name> to be started or stopped remotely from the UDP server.
 
  
Configuration Example:
+
=== Configure a Discovery Applications MS SQL task ===
  
udp_server 1
+
To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery > Applications > Microsoft SQL Server).  
udp_server_port 4321
 
udp_server_auth_address 192.168.1.23
 
process_firefox_start firefox
 
process_firefox_stop killall firefox
 
service_messenger 1
 
  
The server accepts the following commands:
+
Once you choose the Microsoft SQL Server task, you may define the instances in the following way:  
  
  * '''<START|STOP> SERVICE <name of the service>''': Starting or stopping a service.
+
  IP\Instance
* '''<START|STOP> PROCESS <name of the process>''': Starting or stopping a process.
 
* '''REFRESH AGENT <name of the agent>''': Forces one execution of the agent and refreshes data.
 
  
In 5.0 version, Unix agent only implements REFRESH AGENT command.
+
If you wish so, define a port like this:
  
For example:
+
IP:Port\Instance
  
STOP SERVICE messenger
+
<center>
START PROCESS firefox
+
[[File:mssql1.png]]
REFRESH AGENT 007
+
</center>
  
There is a script on the server at ''/util/udp_client.pl'' which is used by the Pandora FMS Server as a command of an alert to start processes or services. It has this syntax:
 
  
./udp_client.pl <address> <port> <command>
+
This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.  
  
E.g. to restart an agent:
+
<center>
 +
[[File:mssql3.png]]
 +
</center>
  
./udp_client.pl 192.168.50.30 41122 "REFRESH AGENT"
+
If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.
  
For more information, please go to the Alert Configuration section.
+
=Discovery Cloud=
  
== Modules definition ==
+
Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts as well as Microsoft Azure's, concentrating information management in a single tool. 
  
The local execution modules are defined in the configuration file pandora_agent. conf. Below we explain all the parameters that can be accepted.
+
<center>
 +
[[File:azure66.JPG]]
 +
</center>
  
The general syntax is the following:
+
Account management, both from AWS and Microsoft Azure, will be made through the <b>Credential Store</b> located in Profiles -> Manage agent groups -> Credential Store.
  
module_begin
+
<center>
module_name <Module Name>
+
[[File:credential_store.png]]
module_type generic_data
+
</center>
module_exec <local command to execute>
 
module_end
 
  
There are different kinds of modules,; in this example we have only used the common and mandatory lines for most of them.
+
==Discovery Cloud: Amazon Web Services (AWS)==
  
=== Common elements of all modules  ===
+
{{Warning|This section is under construction.}}
  
{{warning|Module fields (except module data, description and extended info) are only stored on module creation and will never be updated if the module is already created. }}
+
To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.
  
==== module_begin ====
 
Defines the beginning of the module (compulsory).
 
  
==== module_name <name> ====
+
=== AWS. Credential validation ===
  
Name of the module (compulsory). This name CANNOT be duplicated.
 
  
==== module_type ====
+
Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".
  
Type of data the module will return. It is compulsory to choose one of these. The available types are:
+
<center>
 +
[[File:AWSCredentials1.JPG]]
 +
</center>
  
* '''Numerical''' (generic_data). Simple numerical data, in floating points or wholes.  
+
You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.
  
* '''Incremental''' (generic_data_inc). Numeric data equal to the difference between the current value and the previous one divided by the elapsed time in seconds. When this difference is negative, the value is reset, which means that when the difference becomes positive again, the previous value will be taken as long as the increment returns to a positive value.
+
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.  
  
* '''Absolute incremental''' (generic_data_inc_abs). Numeric data equal to the difference between the current value and the previous one, with no division made, so the value is the total difference or increment, and not the increment per second. When this difference is negative, the value is reset, this means that at the time when the difference is again a positive value, the base value used to make this calculation is the last one from which the incremental value is positive.
+
<center>
 +
[[File:AWS4.png]]
 +
</center>
  
* '''Alphanumeric''' (generic_data_string). Collects alphanumeric text strings.
+
<center>
 +
[[File:AWS5.png]]
 +
</center>
  
* '''Booleans''' (generic_proc). For values that can only be correct/affirmative (1) or incorrect/negative (0). Useful to check if a computer is alive, or a process/service is running. A negative value (0) has the critical status preassigned, while any higher value is considered correct.
+
Query accounts in Amazon AWS must be created with the following permissions:
  
* '''Asynchronous Alphanumeric''' (async_string). For asynchronous text strings. Asynchronous monitoring depends on events or changes that may or may not occur, so these types of modules are never in unknown status.
+
<center>
 +
[[File:awsgrants.png]]
 +
</center>
  
* '''Asynchronous Boolean''' (async_proc). Similar to 'generic_proc' but asynchronous.
+
* Billing (read)
 +
* CloudWatch (list,read)
 +
* Cost Explorer Service (Full access)
 +
* EC2 (full read, limited: list)
  
* '''Asynchronous Numerical''' (async_data). Similar to 'generic_data' but asynchronous.
 
  
==== module_min <value> ====
+
Summary of the policy in JSON:
  
Minimum value that the module must return to be accepted. Otherwise it will be discarded and will not be displayed on the console.
+
{
 +
    "Version": "2012-10-17",
 +
    "Statement": [
 +
        {
 +
            "Sid": "VisualEditor0",
 +
            "Effect": "Allow",
 +
            "Action": [
 +
                "ec2:DescribeInstances",
 +
                "ec2:DescribeVolumesModifications",
 +
                "ec2:GetHostReservationPurchasePreview",
 +
                "ec2:DescribeSnapshots",
 +
                "aws-portal:ViewUsage",
 +
                "ec2:DescribePlacementGroups",
 +
                "ec2:GetConsoleScreenshot",
 +
                "ec2:DescribeHostReservationOfferings",
 +
                "ec2:DescribeInternetGateways",
 +
                "ec2:GetLaunchTemplateData",
 +
                "ec2:DescribeVolumeStatus",
 +
                "ec2:DescribeScheduledInstanceAvailability",
 +
                "ec2:DescribeSpotDatafeedSubscription",
 +
                "ec2:DescribeVolumes",
 +
                "ec2:DescribeFpgaImageAttribute",
 +
                "ec2:DescribeExportTasks",
 +
                "ec2:DescribeAccountAttributes",
 +
                "aws-portal:ViewBilling",
 +
                "ec2:DescribeNetworkInterfacePermissions",
 +
                "ec2:DescribeReservedInstances",
 +
                "ec2:DescribeKeyPairs",
 +
                "ec2:DescribeNetworkAcls",
 +
                "ec2:DescribeRouteTables",
 +
                "ec2:DescribeReservedInstancesListings",
 +
                "ec2:DescribeEgressOnlyInternetGateways",
 +
                "ec2:DescribeSpotFleetRequestHistory",
 +
                "ec2:DescribeLaunchTemplates",
 +
                "ec2:DescribeVpcClassicLinkDnsSupport",
 +
                "ec2:DescribeVpnConnections",
 +
                "ec2:DescribeSnapshotAttribute",
 +
                "ec2:DescribeVpcPeeringConnections",
 +
                "ec2:DescribeReservedInstancesOfferings",
 +
                "ec2:DescribeIdFormat",
 +
                "ec2:DescribeVpcEndpointServiceConfigurations",
 +
                "ec2:DescribePrefixLists",
 +
                "cloudwatch:GetMetricStatistics",
 +
                "ec2:GetReservedInstancesExchangeQuote",
 +
                "ec2:DescribeVolumeAttribute",
 +
                "ec2:DescribeInstanceCreditSpecifications",
 +
                "ec2:DescribeVpcClassicLink",
 +
                "ec2:DescribeImportSnapshotTasks",
 +
                "ec2:DescribeVpcEndpointServicePermissions",
 +
                "ec2:GetPasswordData",
 +
                "ec2:DescribeScheduledInstances",
 +
                "ec2:DescribeImageAttribute",
 +
                "ec2:DescribeVpcEndpoints",
 +
                "ec2:DescribeReservedInstancesModifications",
 +
                "ec2:DescribeElasticGpus",
 +
                "ec2:DescribeSubnets",
 +
                "ec2:DescribeVpnGateways",
 +
                "ec2:DescribeMovingAddresses",
 +
                "ec2:DescribeAddresses",
 +
                "ec2:DescribeInstanceAttribute",
 +
                "ec2:DescribeRegions",
 +
                "ec2:DescribeFlowLogs",
 +
                "ec2:DescribeDhcpOptions",
 +
                "ec2:DescribeVpcEndpointServices",
 +
                "ce:GetCostAndUsage",
 +
                "ec2:DescribeSpotInstanceRequests",
 +
                "cloudwatch:ListMetrics",
 +
                "ec2:DescribeVpcAttribute",
 +
                "ec2:GetConsoleOutput",
 +
                "ec2:DescribeSpotPriceHistory",
 +
                "ce:GetReservationUtilization",
 +
                "ec2:DescribeNetworkInterfaces",
 +
                "ec2:DescribeAvailabilityZones",
 +
                "ec2:DescribeNetworkInterfaceAttribute",
 +
                "ce:GetDimensionValues",
 +
                "ec2:DescribeVpcEndpointConnections",
 +
                "ec2:DescribeInstanceStatus",
 +
                "ec2:DescribeHostReservations",
 +
                "ec2:DescribeIamInstanceProfileAssociations",
 +
                "ec2:DescribeTags",
 +
                "ec2:DescribeLaunchTemplateVersions",
 +
                "ec2:DescribeBundleTasks",
 +
                "ec2:DescribeIdentityIdFormat",
 +
                "ec2:DescribeImportImageTasks",
 +
                "ec2:DescribeClassicLinkInstances",
 +
                "ec2:DescribeNatGateways",
 +
                "ec2:DescribeCustomerGateways",
 +
                "ec2:DescribeVpcEndpointConnectionNotifications",
 +
                "ec2:DescribeSecurityGroups",
 +
                "ec2:DescribeSpotFleetRequests",
 +
                "ec2:DescribeHosts",
 +
                "ec2:DescribeImages",
 +
                "ec2:DescribeFpgaImages",
 +
                "ec2:DescribeSpotFleetInstances",
 +
                "ec2:DescribeSecurityGroupReferences",
 +
                "ec2:DescribeVpcs",
 +
                "ec2:DescribeConversionTasks",
 +
                "ec2:DescribeStaleSecurityGroups",
 +
                "ce:GetTags"
 +
            ],
 +
            "Resource": "*"
 +
        }
 +
    ]
 +
}
  
==== module_max <value> ====
 
  
Maximum value that the module must return to be accepted. Otherwise it will be discarded and will not be displayed on the console.
+
Assign the policy to a new user.
  
==== module_min_warning <value> ====
+
<center>
 +
[[File:awsgrants2.png]]
 +
</center>
  
This is the minimum value that will make the module go into 'warning' status.
 
  
==== module_max_warning <value> ====
+
Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.
 +
<br>
 +
{{Tip|If pandora-cm-api is not available in the installation, it can be obtained from the following link: [https://pandorafms.com/library/pandora-cloud-monitoring-api/]}}
  
This is the maximum value that will make the module go into 'warning' status.
 
  
==== module_min_critical <value> ====
+
===Discovery Cloud. AWS===
  
This is the minimum value that will make the module go into 'critical' status.
+
Once the credentials have been validated, access the <i>Discovery Cloud</i> menu <i>=> Amazon Web Services</i>
  
==== module_max_critical <value> ====
+
<center>
 +
[[File:AWS6.png]]
 +
</center>
  
This is the maximum value that will make the module go into 'critical' status.  
+
In this section, Amazon EC2 and Amazon RDS are found. For each account added to the "Credential store", the EC2 environment hosted in that account can be monitored.
 +
<br>
 +
{{Tip|Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.}}
  
==== module_disabled <value> ====
+
===Discovery Cloud. AWS.EC2===
  
Indicates if the module is enabled ('0') or disabled ('1').
+
Within EC2 monitoring you can find:
  
==== module_min_ff_event <value> ====
+
* Expense monitoring.
 +
* Summary of resources registered in AWS.EC2.
 +
* Specific instance monitoring.
 +
* Volume and elastic IP address monitoring.
  
''Flip flop'' protection value for false positives. The number of status changes indicated in this value will be necessary for the module to visually modify its status in the web console.
+
To start the monitoring process, a series of basic data is requested:
  
==== (>= 6.0 SP4) module_each_ff <value> ====
+
<center>
 +
[[File:cloud3.png]]
 +
</center>
  
If enabled (1), ''flip flop'' thresholds per status will be used (module_min_ff_event_normal, module_min_ff_event_warning and module_min_ff_event_critical). Set to 0 to disable.
+
It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.
  
==== (>= 6.0 SP4) module_min_ff_event_normal <value> ====
+
====Discovery Cloud AWS.EC2 Costs====
  
''Flip flop'' protection value for switching to normal status.
+
When clicking next, you will start configuring AWS monitoring expenses:
  
==== (>= 6.0 SP4) module_min_ff_event_warning <value> ====
+
{{warning|Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/|Amazon cost managementpricing]}}
  
''Flip flop'' protection value for switching to warning status.
+
Expense monitoring provides a separate monitoring interval to avoid extra charges.
  
==== (>= 6.0 SP4) module_min_ff_event_critical <value> ====
+
<center>
 +
[[File:cloud4.png]]
 +
</center>
  
''Flip flop'' protection value for switching to critical status.
+
Both the overall cost and the independent cost per region can be monitored.
  
==== (>= 6.0 SP4) module_ff_timeout <seconds> ====
+
====Discovery Cloud AWS.EC2 Summary====
  
Resets the ''flip flop'' threshold counter after the given number of seconds. This implies that the number of status changes determined in ''module_min_ff_event'' must occur at an interval ''module_ff_timeout'' seconds before the state changes in the console's visual level.
+
The Discovery task can be configured to collect general information on the stock status in all regions.
  
==== module_description <text> ====
+
To enable it, the ''Scan and general monitoring'' option must be activated.
  
Free text with information about the module.
+
<center>
 +
[[File:cloud5.png]]
 +
</center>
  
==== module_interval <factor> ====
+
Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).
  
This interval is calculated as a multiplier for the agent interval. If the agent has e.g. an interval 300 (5 minutes) but you want a module which is going to get processed every 15 minutes only;  so you should add this line: module_interval 3. This module will be processed every 300sec x 3 = 900sec (15 minutes).
 
  
==== module_timeout <secs> ====
 
  
In seconds, maximum time allowed for the execution of the module. If this time is exceeded before the end of its execution, it will be interrupted.
+
==== Discovery Cloud AWS.EC2 Specific Instance Monitoring ====
  
==== module_postprocess <factor> ====
+
Specific instances can be monitored to obtain readings of:
  
Numerical value by which the data returned by the module will be multiplied. It is useful for unit conversions.
+
* CPUUtilization: Average CPU usage
 +
* DiskReadBytes: Reading bytes (disk)
 +
* DiskWriteBytes: Writing bytes (disk)
 +
* DiskReadOps: Read operations (disk)
 +
* DiskWriteOps: Writing operations (disk)
 +
* NetworkPacketsIn: Input packets (network)
 +
* NetworkPacketsOut: Output packets (network)
  
==== module_save <variable name> ====
+
The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted.
  
Stores the value returned by the module in a variable with the name indicated in this parameter. This value can be used later in other modules.
+
It must be verified that the ''update_parent'' token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.
  
For example:
+
Navigation must be carried out through the browser by selecting the instances that need to be monitored:
  
module_begin
+
<center>
module_name echo_1
+
[[File:cloud6.png]]
module_type generic_data
+
</center>
module_exec echo 41121
 
module_save ECHO_1
 
module_end
 
  
It will store the value"41121" in the "ECHO_1" variable.
+
====Discovery Cloud AWS.EC2 Extras====
  
module_begin
+
In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.
module_name echo_2
 
module_type generic_data
 
module_exec echo $ECHO_1
 
module_end
 
  
This second module will show the contents of the variable "$ECHO_1", it being "41121".
+
Two extra modules will appear in the region agents:
  
In Windows agents the module would have to be formed with %var% instead of $var.
+
* Total reserved volume (GB)
Following the example:
+
* Total registered volumes (number)
  
module_begin
 
module_name echo_2
 
module_type generic_data
 
module_exec echo %ECHO_1%
 
module_end
 
  
==== module_crontab <minute> <hour> <day> <month> <day of the week> ====
+
You can also choose to activate the ''Elastic IP addresses'' token. The number of elastic IPs registered in the AWS.EC2 account will be reported.
  
From version 3.2, it's possible to schedule modules in the order they'll be executed on a specific date.
+
<center>
To do this, you're required to define the '''module_crontab'''', using a similar format to that of the crontab file: (http://es.wikipedia.org/wiki/Cron_(Unix)#Sintaxis)
+
[[File:cloud7.png]]
 +
</center>
  
module_crontab <minute> <hour> <day> <month> <day of the week>
 
  
Being:
+
Once the wizard is completed, the progress of the execution in ''Discovery Task list'' can be seen:
  
* Minute 0-59
+
<center>
* Hour 0-23
+
[[File:tasklist1.png]]
* Day of the month 1-31
+
</center>
* Month 1-12
 
* Day of the week  0-6 (0 is Sunday)
 
  
It's also possible to specify intervals using the '''-''' character as a divider.
+
===Discovery Cloud. AWS.RDS ===
  
In order for one module to be executed e.g. every Monday between 12 and 15, we could use the following configuration:
+
AWS RDS allows you to monitor relational databases provided by Amazon Web Services.  
  
module_begin
+
The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.  
module_name crontab_test
 
module_type generic_data
 
module_exec script.sh
 
module_crontab * 12-15 * * 1
 
module_end
 
  
The module will be executed once during the interval. If we want it to be executed while the interval is on, we could use the '''module_cron_interval 0''' option in the following way:
+
<center>
 +
[[File:AWS8.JPG]]
 +
</center>
  
module_begin
+
Through Pandora FMS, different RDS instances can be monitored by filling in the parameters included in the menu shown at the top.
module_name crontab_test2
 
module_type generic_data
 
module_exec script.sh
 
module_crontab * 12-15 * * 1
 
module_cron_interval 0
 
module_end
 
  
To execute a command every hour, in an hour and 10 minutes:
+
AWS RDS integration with Pandora FMS allows to monitor both the data source and their availablity.
  
module_begin
+
In addition, the database running under RDS can be monitored retrieving all the metrics that could be monitored in a database as usual.
module_name crontab_test3
 
module_type generic_data
 
module_exec script.sh
 
module_crontab 10 * * * *
 
module_cron_interval 0
 
module_end
 
  
==== module_condition <operation> <command> ====
+
{{Warning|Integration with AWS RDS only supports <b>Oracle</b>, <b>MySQL</b> and <b>Mariadb</b>.}}
  
From version 3.2, it's possible to define commands that will be executed if the module returns some specific values. It's necessary to specify one of the following options:
+
===Discovery Cloud. Overview===
  
* '''>''' [value]: Executes the command if the module value is higher than the given one.
+
Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.  
  
* '''<''' [valor]: Executes the command if the module value is lower than the given one.
+
In the AWS view, the account from which you wish to display the information can be selected:
  
* '''=''' [valor]: Executes the command if the module value is equal to the given one.
+
<center>
 +
[[File:AWS9.JPG]]
 +
</center>
  
* '''!=''' [valor]: Executes the command if the module value is different to the given one.
+
It includes:
  
* '''=~''' [regular expression]: Executes the command if the module value coincides with the given regular expression.
+
* Current expenses
 +
* Previous expenses
 +
* Expense evolution chart (6 months)
 +
* Reserve / instance evolution chart (1 month)
 +
* Map of regions with the number of instances per region.
  
* '''('''valor, valor''')''': Executes the command if the module value is ranged between the given values.
+
<center>
 +
[[File:awsview.png]]
 +
</center>
  
Multiple conditions can be specified for a single module. In the following case, the ''script_1.sh'' will be executed if the value returned by the module is between 1 and 3, and ''script_2.sh'' will be executed if the value of the module is greater than 5.5, so in this case, being 2.5 the value returned in the ''module_exec'' line , only the first condition ''script_1.sh'' will be executed:
+
==Discovery Cloud: Microsoft Azure==
 +
<br>
 +
To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.
 +
<br>
 +
===How to register a user to use the Azure API===
  
module_begin
+
* Go to https://portal.azure.com/#home
module_name condition_test
+
* Open the "Azure Active Directory" service
module_type generic_data
 
module_exec echo 2.5
 
module_condition (1, 3) script_1.sh
 
module_condition > 5.5 script_2.sh
 
module_end
 
  
Examples of possible real cases:
+
<center>
 +
[[File:azure.png]]
 +
</center>
  
module_begin
+
* Go to 'App registrations'> 'New registration'
module_name MyProcess
 
module_type generic_data
 
module_exec tasklist | grep MyProcess | wc -l
 
module_condition > 2 taskkill /IM MyProcess* /F
 
module_end
 
  
module_begin
+
<center>
module_name PandoraLogSize
+
[[File:azure2.png]]
module_type generic_data
+
</center>
module_exec ls -la "c:\Archivos de programa\pandora_agent\pandora_agent.log" | gawk "{ print $5 }"
 
module_condition > 10000 del "c:\Archivos de programa\pandora_agent\pandora_agent.log"
 
module_end
 
  
module_begin
 
module_name Service_Spooler
 
module_type generic_proc
 
module_service Spooler
 
module_condition = 0 net start Spooler
 
module_end
 
  
*'''NOTE''': On Windows platforms, it's recommended to use '''cmd.exe /c''' to execute the command to ensure it's executed properly. For example:
+
* Enter the data.
  
module_begin
+
<center>
module_name condition_test
+
[[File:azure3.png]]
module_type generic_data
+
</center>
module_exec echo 5
 
module_condition (2, 8) cmd.exe /c script.bat
 
module_end
 
  
==== module_precondition <operation> <command> ====
 
  
If the precondition is true, the module is going to run. It's necessary to specify one of the following options:
+
* Write down the data "client_id" and "directory".
  
* '''>''' [value]: Executes the command if the module value is higher than the given one.
+
<center>
 +
[[File:azure4.png]]
 +
</center>
  
* '''<''' [value]: Executes the command if the module value is lower than the given one.
+
* Next, access 'certificates & secrets' and create a new one:  
  
* '''=''' [value]: Executes the command if the module value is equal to the given one.
+
<center>
 +
[[File:azure5.png]]
 +
</center>
  
* '''!=''' [value]: Executes the command if the module value is different to the given one.
+
{{Warning|Write down the key that is shown, it is the application_secret.}}
  
* '''=~''' [regular expression]: Executes the command if the module value coincides with the given regular expression.
+
===Assigning permissions===
  
* '''('''value, value''')''': Executes the command if the module value is ranged between the given values.
+
Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.  
 
+
<center>
In the following example, the module ''monitoring_variable.bat'' will only be executed  if the result of the execution indicated in the precondition is between 2 and 8. In this case, the execution result indicated in the ''module_precondition'' line is 5, a value between 2 and 8, so ''monitoring_variable.bat'' will be executed correctly:
+
[[File:azure6.png]]
 +
</center>
  
module_begin
 
module_name Precondition_test1
 
module_type generic_data
 
module_precondition (2, 8) echo 5
 
module_exec monitoring_variable.bat
 
module_end
 
  
Like postconditions, it's also possible to use several preconditions. The module is only going to be executed if all preconditions are met:
+
Within the subscription, select "Access control (IAM)".
  
module_begin
 
module_name Precondition_test2
 
module_type generic_data
 
module_precondition (2, 8) echo 5
 
module_precondition < 3 echo 5
 
module_exec monitoring_variable.bat
 
module_end
 
 
*'''NOTE''': On Windows platforms, it's recommended to use '''cmd.exe /c''' to execute the command to ensure it's proper execution. For example:
 
 
module_begin
 
module_name Precondition_test3
 
module_type generic_data
 
module_precondition (2, 8) cmd.exe /c script.bat
 
module_exec monitoring_variable.bat
 
module_end
 
 
==== (>= 5.x) module_unit <value> ====
 
 
Units shown next to the value obtained by the module.
 
 
Example:
 
 
module_unit %
 
 
==== (>= 5.x) module_group <value> ====
 
 
This is the name of the module group.
 
 
Example:
 
 
module_group Networking
 
 
==== (>= 5.x) module_custom_id <value> ====
 
 
This is a custom identifier for the module.
 
 
Example:
 
 
module_custom_id host101
 
 
==== (>= 5.x) module_str_warning <value> ====
 
 
This is a regular expression to define the 'warning' status in the string types modules.
 
 
Example:
 
 
module_str_warning .*NOTICE.*
 
 
==== (>= 5.x) module_str_critical <value> ====
 
 
This is a regular expression to define the 'critical' status in the string type modules.
 
 
Example:
 
 
module_str_critical .*CRITICAL.*
 
 
==== (>= 5.x) module_warning_instructions <value> ====
 
 
These are the instructions to the operator if the module changes to 'warning' status.
 
 
Example:
 
 
module_warning_instructions Increase incident priority
 
 
==== (>= 5.x) module_critical_instructions <value> ====
 
 
These are the instructions to the operator if the modules changes to 'critical' status.
 
 
Example:
 
 
module_critical_instructions Call to sys department
 
 
==== (>= 5.x) module_unknown_instructions <value> ====
 
 
These are the instructions to the operator if the module changes to 'unknown' status.
 
 
Example:
 
 
module_unknown_instructions Open incident
 
 
==== (>= 5.x) module_tags <value> ====
 
 
These are the tags which will be assigned to the module separated by commas.
 
 
Example:
 
 
module_tags tag1,tag2,tag3
 
 
==== (>= 5.x) module_warning_inverse <value> ====
 
 
Allows activating (1) the inverse interval for the warning threshold.
 
 
Example:
 
 
module_critical_inverse 0
 
 
==== (>= 5.x) module_critical_inverse <value> ====
 
 
Allows activating (1) the inverse interval for the critical threshold.
 
 
Example:
 
 
module_critical_inverse 1
 
 
==== (>= 5.x) module_native_encoding <value> ====
 
(Win32 only)
 
 
This configuration token only affects executed modules by command line, that is, there is a module_exec in the module configuration.
 
 
Windows manages three encodings for its processes: the command line encoding (OEM), the system encoding (ANSI) and UTF-16. Both encodings are agree on basic characters, but they are different on less common characters, like written accent. With this token, the Pandora's agent transforms the output to the encoding specified in the configuration file (pandora_agent.conf).
 
 
module_native_encoding has four acceptable values:
 
* module_native_encoding OEM: to command line encoding
 
* module_native_encoding ANSI: to system encoding
 
* module_native_encoding UTFLE: to UTF-16 little-endian
 
* module_native_encoding UTFBE: to UTF-16 big-endian
 
 
If module_native_encoding does not appear, no re-encoding will be done.
 
 
==== (>= 5.x) module_quiet <value> ====
 
 
If enabled (1) the module will be in silent mode: it will not generate events or trigger alerts, nor will it store data history.
 
 
Example:
 
 
module_quiet 1
 
 
==== (>= 5.x) module_ff_interval <value> ====
 
 
This is the ''flip flop'' execution threshold of the module (in seconds).
 
 
Example:
 
 
module_ff_interval 2
 
 
==== (>= 5.x) module_macro<macro> <value> ====
 
 
Only applicable to local components from the console. It has no utility in the configuration file.
 
 
==== (>= 5.1 SP4) module_alert_template <template_name> ====
 
 
This macro assigns to the module the alert template that corresponds to the name introduced as parameter(see [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Alerts#Alert_Templates Alert templates])
 
 
Example:
 
 
<module>
 
<name><![CDATA[CPU usage]]></name>
 
<type>generic_data</type>
 
<module_interval>1</module_interval>
 
<min_critical>91</min_critical>
 
<max_critical>100</max_critical>
 
<min_warning>70</min_warning>
 
<max_warning>90</max_warning>
 
<alert_template><![CDATA[Critical condition]]></alert_template>
 
<data><![CDATA[92]]></data>
 
</module>
 
 
==== module_end ====
 
 
Defines the end of the module (compulsory).
 
 
=== Specific guidelines to obtain information ===
 
 
Furthermore, there are the specific guidelines that could be specified for each module in order to '''obtain information'''. Only one kind of them can be used in each module.
 
 
==== module_exec <command> ====
 
 
General command execution line. The desired run must be specified to obtain the information in a single line.
 
 
 
{{Warning|If execution returns a return code different from '0', it will be interpreted as "execution error" and the information will be discarded.}}
 
 
For a Windows agent there are more guidelines for obtaining data, which are described below.
 
 
==== module_service <service> ====
 
 
Checks if a specific service is being executed on the machine. Remember to use the  «" "» characters if the name of the service contains blanks.
 
 
module_begin
 
module_name Service_Dhcp
 
module_type generic_proc
 
module_service Dhcp
 
module_description Service DHCP Client
 
module_end
 
 
The service is identified with the short name of the service (service name), such as it appears in the Windows services manager.
 
 
<center>
 
<center>
[[image:Service_name_id.png]]
+
[[File:azure7.png]]
 
</center>
 
</center>
  
'' Asynchronous Mode ''
+
Add a new role assignment and once there, select the "reader" role for the created app.  
 
 
Pandora FMS usually executes a test battery (each of it defined by a module) every X seconds (300 seg. = 5 min. by default). If a service is down just after an execution of Pandora, it's going to take 300 additional seconds to find out the service went down. The difference on asynchronous mode is that modules immediatly notify Pandora FMS about the fail or shutdown of this service. This is called ''asynchronous'' operation mode. It would be sufficient to add the following command to the guideline to use it:
 
 
 
module_async yes
 
 
 
This feature is not supported on broker agents.
 
 
 
{{Warning|
 
In Windows Home Edition versions, this asynchronous functionality is not supported and, only in those versions, the Pandora agent makes a periodic query to know if the service is running or not. This can be quite resource-intensive so it is recommended to use the synchronous version if a large number of services are being monitored.}}
 
 
 
'' Service Watchdog  ''
 
 
 
There is a watchdog mode for the services, so the agent is able to restart them if they stop. In this case, the restarted service doesn't require any parameter, because Windows already knows how to do it. In such cases, the configuration is a lot easier:
 
 
 
module_begin
 
module_name ServiceSched
 
module_type generic_proc
 
module_service Schedule
 
module_description Service Task scheduler
 
module_async yes
 
module_watchdog yes
 
module_end
 
 
 
'''Unix'''
 
 
 
In Unix,  it works the same as in Windows, the only difference is that for Unix, process and service is the same concept, for example to see if the bash process is active in the system, just run:
 
 
 
module_begin
 
module_name Service_bash
 
module_type generic_proc
 
module_service /bin/bash
 
module_description Process bash running
 
module_end
 
 
 
Watchdog mode and asynchronous detection are not possible in the Unix agent.
 
 
 
==== module_proc <process> ====
 
 
 
Checks if an specific name of process is working in this machine. If the name of the process has blanks ''' do not use «" " '''»; please consider that the name of the process should have the .exe extension. The module is going to return the number of processes executed with this name.
 
 
 
This is an example of the monitoring of the process 'cmd.exe':
 
 
 
module_begin
 
module_name CMDProcess
 
module_type generic_proc
 
module_proc cmd.exe
 
module_description Process Command line
 
module_end
 
 
 
'''UNIX'''
 
 
 
Under UNIX, this module works just like in Windows. It doesn't support asynchronous and/or watchdog mode.
 
 
 
'' Asynchronous mode ''
 
 
 
In a similar way to the services, monitoring processes can be critical in some cases. The Windows agent supports '''asynchronous''' checking for the ''module_proc.'' module now. In this case, the agent '''immediately''' reports it if the process changes its status without  waiting for the agent's execution interval to be reached again. In this way, you're able to get informed about the failure of critical processes almost  instantly. This is an example of asynchronous monitoring of the processes:
 
 
 
module_begin
 
module_name Notepad
 
module_type generic_proc
 
module_proc notepad.exe
 
module_description Notepad
 
module_async yes
 
module_end
 
 
 
The difference is located in the configuration token 'module_async yes'. This feature is not supported on broker agents.
 
 
 
''Processes Watchdog ''
 
 
 
A Watchdog is a system that allows to act immediately if an agent is down, usually raising the process that went down. The Pandora FMS Windows Agent could act as a watchdog when a process is down.
 
 
 
Since executing a process would require some parameters, there are some additional configuration options for these kind of modules. It is important to keep in mind that the ''watchdog'' mode only works if the module type is set to ''asynchronous''. This is an example of configuration of 'module_proc' with 'watchdog' enabled:
 
 
 
module_begin
 
module_name Notepad
 
module_type generic_proc
 
module_proc notepad.exe
 
module_description Notepad
 
module_async yes
 
module_watchdog yes
 
module_start_command c:\windows\notepad.exe
 
module_startdelay 3000
 
module_retrydelay 2000
 
module_retries 5
 
module_end
 
 
 
This is the definition of additional parameters for 'module_proc' with watchdog enabled:
 
 
 
* '''module_retries''': Number of consecutive attempts that the module will try to raise the process before deactivating the watchdog. If the limit is reached, the watchdog mechanism for this module will be deactivated and will never attempt to launch the process again until the agent is restarted. Unlimited by default.
 
 
 
* '''module_startdelay''': Number of milliseconds the module is going to wait before starting the process for the first time.
 
 
 
* '''module_retrydelay''':  Number of milliseconds that the module will wait before trying to launch the process in each retry.
 
 
 
*'''module_user_session''': it vontrols in which session you want the process to be launched. If set to 'no', the process will start in the services session and therefore remain in the background (default setting). Otherwise, if set to 'yes', the process will be launched in the user's session and will be visible from the PC desktop.
 
 
 
{{Warning|For versions prior to Windows Vista, the ''module_user_session'' token can be configured in a general way by enabling  the checkbox "Interactive access with desktop" in the Pandora FMS service properties, as shown in the following screenshot:
 
  
 
<center>
 
<center>
[[image:Service_interactive.png]]
+
[[File:azure8.png]]
</center> }}
+
</center>
  
It's also necessary to understand that Pandora FMS is executed under the "SYSTEM" account if started as a service.  The executed process will do it under that user and with that environment, so that if you want to execute any particular process that requires to be used with a certain user, you will have to include in a script (.bat or similar) the previous processes to initialize the environment, environment variables, etc, and execute that script as a watchdog action.
+
It is important to save the changes by pressing "save".
  
==== module_cpuproc <process> ====
 
  
''(UNIX only)''
+
From that moment onwards, you can connect to the service and make requests through pandora-cm-api.
  
Returns the CPU usage of a specific process.
+
====Examples====
  
module_begin
+
The status of Azure can be checked from Pandora FMS as follows:
module_name myserver_cpu
 
module_type generic_data
 
module_cpuproc myserver
 
module_description Process Command line
 
module_end
 
  
==== module_memproc <process>  ====
+
* Preload the environment.
 +
* Run . load_env.sh
 +
* pandora-cm-api --product Azure --get availability
  
''(Unix only)''
 
  
Returns the memory used by a specific process.
+
If the environment is operational, the system should return a response of 1.  
 
 
module_begin
 
module_name myserver_mem
 
module_type generic_data
 
module_memproc myserver
 
module_description Process Command line
 
module_end
 
 
 
==== module_freedisk <unit_letter:>|<volume> ====
 
 
 
This module works under UNIX and Windows. It checks for the free space in the disk unit (don't forget «":"» after the '''unit_letter''' in Windows) or the UNIX volume e.g. '/var'.
 
  
 +
An example of the contents of the load_env.sh script would be the following:
 +
<br>
 +
* Azure
  
 
<pre>
 
<pre>
module_begin
+
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
module_name freedisk
 
module_type generic_data
 
module_freedisk C:
 
module_end
 
</pre>
 
 
 
<pre>
 
module_begin
 
module_name disk_var
 
module_type generic_data
 
module_freedisk /var
 
module_end
 
</pre>
 
  
==== module_freepercentdisk <unit_letter:>|<volume> ====
+
export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
  
This module returns the free disk percentage under a Windows unit: (don't forget the ":") or on a Unix system, the volume, like '/var'.
+
export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"
  
<pre>
+
export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
module_begin
 
module_name freepercentdisk
 
module_type generic_data
 
module_freepercentdisk C:
 
module_end
 
 
</pre>
 
</pre>
  
module_begin
+
=== Configure a task in Pandora FMS ===
module_name disk_var
 
module_type generic_data
 
module_freepercentdisk /var
 
module_end
 
  
==== module_occupiedpercentdisk <unit_letter:>|<volume> ====
 
  
(Unix only)
+
Pandora FMS allows managing several Microsoft Azure accounts.
  
This module returns the occupied disk percentage in a UNIX volume e.g. '/var'.
+
You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.
  
module_begin
+
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.
module_name disk_var
 
module_type generic_data
 
module_occupiedpercentdisk /var
 
module_end
 
  
==== module_cpuusage <cpu id> ====
+
To configure a new task, follow these steps:
  
This works under UNIX and Windows. It returns the CPU usage in a CPU number. If there is only one CPU, please leave it blank or use 'all'.  
+
* Add a new password to the "credential store".
  
It's also possible to obtain the average use of all CPU in multiprocessor systems this way:
+
<center>
 +
[[File:azure9.png]]
 +
</center>
  
module_begin
 
module_name SystemCPU
 
module_type generic_data
 
module_cpuusage all
 
module_description Average CPU use in systme
 
module_end
 
  
To check the CPU usage in CPU #1:
 
  
module_begin
+
* Access 'Discovery> Cloud> Azure' and validate the Azure account.
module_name SystemCPU_1
 
module_type generic_data
 
module_cpuusage 1
 
module_description Average CPU use in system for CPU #1
 
module_end
 
  
==== module_freememory ====
 
  
Supported in Windows and UNIX. It returns the free memory of the whole system:
+
<center>
 +
[[File:azure10.png]]
 +
</center>
  
module_begin
 
module_name FreeMemory
 
module_type generic_data
 
module_freememory
 
module_description Non-used memory on system
 
module_end
 
  
==== module_freepercentmemory ====
+
<center>
 +
[[File:azure11.png]]
 +
</center>
  
Supported under UNIX and Windows. This module returns the free memory percentage on one system:
 
  
module_begin
+
<center>
module_name freepercentmemory
+
[[File:azure12.png]]
module_type generic_data
+
</center>
module_freepercentmemory
 
module_end
 
  
==== module_tcpcheck ====
 
  
(Windows only)
+
* From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.
  
This module tries to connect with an IP and a specified port. It returns '1' if successful and '0' if not. It's also recommended to specify a timeout:
+
<center>
 
+
[[File:AzureX3.PNG]]
module_begin
+
</center>
module_name tcpcheck
 
module_type generic_proc
 
module_tcpcheck www.artica.es
 
module_port 80
 
module_timeout 5
 
module_end
 
 
 
==== module_regexp ====
 
 
 
(Windows only)
 
 
 
This module monitors a record file (log) looking for coincidences using regular expressions, ruling out the already existing lines when starting the monitoring. The data returned by the module depend on the module type:
 
 
 
* '''generic_data_string''', '''async_string''': Returns all the lines which fit the regular expression.
 
* '''generic_data''': Returns the number of lines which fit with the regular expression.
 
* '''generic_proc''': Returns '1' if there is a coincidence and '0' if not.
 
* '''module_noseekeof''': With this configuration token active, with a '0' default value in each module execution and independently from any modification of the target file, the module will restart its check process without searching for the file's EOF flag. It will always extract from the XML output all lines that correspond to our search patterns.
 
 
 
module_begin
 
module_name regexp
 
module_type generic_data_string
 
module_regexp C:\WINDOWS\my.log
 
module_pattern ^\[error\].*
 
module_noseekeof 1
 
module_end
 
 
 
To obtain more information about the syntax of regular expressions in general, please visit [http://www.regular-expressions.info/reference.html].
 
 
 
==== module_wmiquery ====
 
 
 
(Windows only)
 
 
 
The WMI modules allow to locally execute any WMI query without the use of an external tool. It's configured through two parameters:
 
 
 
* '''module_wmiquery''': Used WQL query. As a result, several lines could be obtained which will be inserted as several data.
 
 
 
* '''module_wmicolumn''': Name of the column which is going to be used as a data source.
 
 
 
For example, we could obtain a list of the installed services:
 
 
 
module_begin
 
module_name Services
 
module_type generic_data_string
 
module_wmiquery Select Name from Win32_Service
 
module_wmicolumn Name
 
module_end
 
 
 
Or the current CPU load:
 
  
module_begin
+
* Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.  
module_name CPU_speed
 
module_type generic_data
 
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
 
module_wmicolumn LoadPercentage
 
module_end
 
 
 
==== module_perfcounter ====
 
 
 
(Win32 only)
 
 
 
Obtains data from the performance counter ([http://msdn.microsoft.com/en-us/library/aa373083(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/aa373083(v=vs.85).aspx Performance Counters (Documentación en ingles] Performance Counters Documentation) through the PDH interface (the library '' pdh.dll'' should be installed in the system. PDH.DLL is a Windows library. If you have not installed it yet, you have to install the Windows performance analysis tool (which is usually installed by default).
 
 
 
module_begin
 
module_name perfcounter
 
module_type generic_data
 
module_perfcounter \Memory\Pages/sec
 
module_end
 
 
 
The Windows performance monitor is a powerful tool with hundreds of parameters that can be used for monitoring. In addition, each manufacturer incorporates its own counters.
 
 
 
Performance counters can be observed using the Performance tool:
 
  
 
<center>
 
<center>
[[image:Perfcounter_screen1.png|center|450px]]
+
[[File:AzureX4.PNG]]
 
</center>
 
</center>
  
New performance counters can be added using the system tool. Its configuration has a management structure with elements and sub-elements. In this case ''Processor, % of processor time'' and ''_Total'':
+
* The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.  
  
 
<center>
 
<center>
[[image:Perfcounter_screen2.png]]
+
[[File:AzureX5.PNG]]
 
</center>
 
</center>
  
The configuration of the module for this particular check would be as follows:
+
<br>
  
module_begin
+
=Discovery Console Tasks=
module_name Processor_Time
 
module_type generic_data_inc
 
module_perfcounter \Procesador(_Total)\% de tiempo de procesador
 
module_end
 
  
By default the raw value of the counter is shown, to get the cooked value add the '''module_cooked 1''' parameter:
+
Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:  
  
module_begin
+
* Task: The task that will be executed among the following:
module_name Disk_E/S_Seg
+
** Backup Pandora FMS database.
module_type generic_data
+
** Execute custom script.
module_cooked 1
+
** Save custom report to disk.
module_perfcounter \DiscoFísico(_Total)\E/S divididas por seg.
+
** Save custom XML report to disk.
module_end
+
** Send custom report (from template) by email.  
 +
** Send custom report by email.
  
Most of the returned data arejust counters, so you should use 'generic_data_inc' as data type. It's also able to return values in very high data scales (several millions), so you could reduce these values using the module post process with values like '0.000001' or similar.
+
* Scheduled: It is used to specify how often the task will be executed.
 +
* Next execution: It shows the date of the next execution, being able to modify it if necessary.  
 +
* Group: Group to which the task belongs.  
 +
* Parameters: They are the specific parameters of each task.  
  
==== module_inventory DEPRECATED ====
+
<center>
 +
[[File:ConsoleTasks.JPG]]
 +
</center>
  
{{Warning|Currently this functionality has been replaced by inventory from agent plugins on both Windows and Linux/Unix systems.}}
+
==== Parameters of different tasks ====
 +
<br>
 +
;Backup Pandora FMS database:
 +
* Description: Backup description.
 +
* Save to disk in path: path where the backup will be stored.<br><br>
 +
;Execute custom script:
 +
* Custom script: The script to be executed will be indicated.<br><br>
 +
;“Save custom report to disk” and “Save custom XML report to disk”:
 +
* Report pending to be created: The report to be created.
 +
* Save to disk in path: Path where the created report will be stored.<br><br>
 +
;Send custom report (from template) by email:
 +
* Template pending to be created: Custom template to be created.
 +
* Agents: Agents from which the information that will be reflected in the report  will be obtained.
 +
* Report per agent: If you wish to generate separate reports for each report.
 +
* Report name: Name that you want to give the report.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message which will be sent together with the reports.<br><br>
 +
;Send custom report by email:
 +
* Report pending to be created: Report to be generated.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.
 +
* Report Type: Type of report that will be sent.
  
''(Win32 only. In linux/unix is implemented as agent plugin)''
+
=Discovery Host&Devices=
  
Using predefined WMI queries and log searches, this module gathers information about the different aspects of a machine, about software and hardware.
+
The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.
  
The module can get different parameters to mark the kind of information it gets. Here is the parameter list and the kind of information that they give:
+
Therefore, it features the following tools:  
  
* '''CPU''': Gets information about the system's CPUs (processor name, clock frequency and description).
+
* Net Scan.
* '''CDROM''': Gets information about the CD-ROM (name, description and unit letter).  
+
* Import CSV.
* '''Video''': Gets information about video cards (description, RAM and processor).
+
* Custom NetScan.
* '''HDs''': Gets information about the hard disks (model, size and name in the system).
+
* Manage NetScan scripts.
* '''NICs''': Gets information about the network interface controllers (description, MAC address and IP address).
 
* '''Patches''': Gets information about the installed patches (identifier, description and comments).
 
* '''Software''': Gets information about MSI packages installed (name and version).
 
* '''RAM''': Gets information about RAM modules (tag, capacity and name).
 
* '''Services''': Gets information about the installed services. The short name shown in the first column is the name of the service that Pandora FMS probably uses to monitor services.
 
  
Additional Module Parameters:
 
  
* '''module_interval''': This module has an additional line to specify the interval ''in days'', where one can obtain the information for the module.
+
<center>
 
+
[[File:DISCHost&Devices.JPG|800]]
This is an example to use this module:
+
</center>
 
 
module_begin
 
module_name Inventory
 
module_interval 7
 
module_type generic_data_string
 
module_inventory RAM Patches Software Services
 
module_description Inventory
 
module_end
 
  
==== module_logevent ====
+
==NetScan==
  
(Windows only)
+
With the NetScan tool, you may find devices in a network and apply different monitoring rules.
  
Allows obtaining information from the Windows event log based on the indicated patterns, providing the possibility to filter according to the source and event type.
+
First, define the name of the task, the Discovery server that will run it, the group the discovered agents will be assigned to and the scanning interval.
  
The general format of this module is as follows:
+
In addition, you will have two options when performing the scanning task. You may indicate the networks to be discovered in the field designed to that end in ''Red'' or you may enable the token ''Use CSV file'', that will allow to load a csv file containing the specific devices or network to check throughout the recon task. If the csv file is selected, the Network option will not be enabled.
 
 
module_begin
 
module_name MyEvent
 
module_type async_string
 
module_logevent
 
module_source <logName>
 
module_eventtype <event_type/level>
 
module_eventcode <event_id>
 
module_application <source>
 
module_pattern <text substring to match>
 
module_description
 
module_end
 
 
 
To avoid showing ducplicated information, only those events which occurred since the last time the agent was executed will be considered.
 
 
 
'module_logevent' accepts the following parameters (all of them are case-sensitive):
 
 
 
* '''module_source''': Event source (System, Application, Security). This field is compulsory.
 
* '''module_eventtype''': Event type (failure, information). This is an optional field.
 
* '''module_pattern''': Pattern to search (substring). It's an optional field.
 
* '''module_eventcode''': It's a numeric ID of the event, e.g. 5112. It's an optional field.
 
* '''module_application''': Application source of the event. Be careful not to mistake it by 'module_source' which shows the name, source or log file where the events are looked for.
 
 
 
For example, to show all events of an error type system we should define the following module:
 
 
 
module_begin
 
module_name log_events
 
module_type generic_data_string
 
module_description System errors
 
module_logevent
 
module_source System
 
module_eventtype error
 
module_end
 
 
 
To show all events which contain the word 'PandoraAgent':
 
 
 
module_begin
 
module_name log_events_pandora
 
module_type async_string
 
module_description PandoraAgent related events
 
module_logevent
 
module_source System
 
module_pattern PandoraAgent
 
module_end
 
 
 
Another example: Filtering the event showed on the snapshot:
 
  
 
<center>
 
<center>
[[Image:Event sample.png|center|450px]]
+
[[File:3oaKq2yukE.png]]
 
</center>
 
</center>
  
module_begin
+
{{Warning|The intervals selected as manuals must be manually launched. '''Discovery will not launch any manual task automatically.'''}}
module_name MyEvent
 
module_type async_string
 
module_source Application
 
module_eventtype Information
 
module_eventcode 6000
 
module_application Winlogon
 
module_pattern unavailable to handle
 
module_description
 
module_end
 
 
 
==== module_logchannel ====
 
 
 
( Windows only,  from 7.0OUM715 on)
 
 
 
Type of module that allows you to obtain information about Windows logging channels. Although ''module_logevent'' only has access to Windows Logs, this type of module allows you to extract data from other log files that are configured as channels. In this way, it is possible to obtain the logs included in the  services and application logs.
 
 
 
The general format of this module is as follows:
 
 
 
module_begin
 
module_name MyEvent
 
module_type async_string
 
module_logchannel
 
module_source <logChannel>
 
module_eventtype <event_type/level>
 
module_eventcode <event_id>
 
module_pattern <text substring to match>
 
module_description <description>
 
module_end
 
 
 
To avoid displaying repeated information, only those events that have occurred since the start of the agent are taken into account.
 
 
 
module_logchannel accepts the following parameters (all case-sensitive):
 
 
 
* '''module_source''': Event channel. With the command '''wevtutil. exe enum-logs'' a list of all the local log channels of the machine is obtained. Required field.
 
* '''module_eventtype''': Event type (failure, information). Optional field
 
* '''module_pattern''': Pattern to search (substring). Optional field.
 
* '''module_eventcode''': Numeric ID of the event, e.g. 5112.Optional field.
 
 
 
For example, we would define the following module to show all the events of the channel ''Microsoft-Windows-TaskScheduler/Operational'', ''information'' type, with code' '201'' and with log text ''code 0'':
 
  
module_begin
 
module_name New logs
 
module_type async_string
 
module_logchannel
 
module_description Successfully completed tasks
 
module_source Microsoft-Windows-TaskScheduler/Operational
 
module_eventtype information
 
module_eventcode 201
 
module_pattern code 0
 
module_end
 
  
With this module configuration, the Pandora FMS agent would collect the following log:
+
In the features section, you may indicate the following options:
  
 
<center>
 
<center>
[[Image:Logchannel example.png|center|700px]]
+
[[File:Wvia6RtpOr2.png|800]]
 
</center>
 
</center>
<br>
 
  
==== module_plugin ====
 
  
A parameter to define the data which is obtained at the exit of a plugin agent. It's a special case , since '''it  doesn't require any other delimiter''' like 'module_begin', 'module_type', nor will it need the module type.  
+
* '''Known hardware auto discovery''': It dinamically applies the templates that were previously added to the ''Private Enterprise Number'' section. To learn more, go to the following [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Templates_and_components#Private_Enterprise_Number| link.]
 +
* '''Module templates''': Try to apply the modules from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
 +
* '''Check results''': The user must validate the results selecting which agents will be created from those found through the discovery task.
 +
* '''Apply autoconfiguration rules''': It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following [https://wiki.pandorafms.com/index.php?title==Pandora:Documentation_en:Configuration_Agents| link.]
  
It just requires this format:
+
{{Tip|Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.}}
  
module_plugin plugin_filename parámetro_1 parámetro_2 parámetro_3
+
{{Tip|Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.}}
  
However, it can be used between the usual module labels to add additional options such as conditions or interval:
 
  
module_begin
+
* '''SNMP activated''': To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
module_plugin plugin_filename parameter_1 parameter_2 parameter_3
+
** '''SNMP version''': Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
module_interval 2
+
** '''SNMP communities''': Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
module_condition (0, 1) script.sh
 
module_end
 
  
The parameters to be used will be different for each plugin, so it will be necessary to refer to your particular documentation. We will describe the operation of one of the plugins that comes by default with the Agent, the grep_log plugin to search for matches in a file:
+
* '''WMI enabled''': You may enable WMI scanning. Just select the previously loaded credentials from the [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store| credential store.]
  
module_plugin grep_log /var/log/syslog Syslog ssh
+
{{Tip|The different credentials provided against the detected targets that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.}}
  
In this example, the name of the plugin is 'grep_log' and it's going to search for the regular expression 'ssh' in the file '/var/log/syslog' which will be kept in a module called 'Syslog'.
+
* '''SO detection''': Detect the target's operating system.
  
Another example intended to be solely used on Windows-based systems (and only on versions 3.1 or later):
+
* '''Name resolution''': Solve the target's name.
  
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent.vbs"
+
* '''Parent detection''': By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  
==== module_ping <host> ====
+
* '''Parent recursion''': It improves parent detection, adding recursion to the process.
  
(Only for Windows versions 4.0.1 or newer)
+
* '''VLAN enabled''': It detects the VLAN to which the different devices are connected.
  
This module pings the preset host and returns '1' if it's up and '0' if not. It's a wrapper for ''ping.exe''.
+
Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:
  
Is supports the following configuration parameters:
+
<center>
 +
[[File:AFgAv40l9Y.png|800]]
 +
</center>
  
* '''module_ping_count x''': Number of 'ECHO_REQUEST' packets to be sent ('1' by default).
+
Once the task is finished, if you access from Review, you will see a summary of the devices found that respond to ping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:
* '''module_ping_timeout x''': Timeout in milliseconds to wait for each reply ('1000' by default).
+
* '''Disabled''': There is already an agent or module being monitored in the environoment and it will not be created nor modified.
* '''module_advanced_options''': Advanced options for ''ping.exe''.
+
* '''Enabled''': It is a new non-monitored element, or within the obtained metrics there is a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in devices in this status or add any of the new enabled metrics.
  
Example:
+
<center>
 
+
[[File:HK8XAXtv92.png]]
module_begin
+
</center>
module_name Ping
 
module_type generic_proc
 
module_ping 192.168.1.1
 
module_ping_count 2
 
module_ping_timeout 500
 
module_end
 
 
 
==== module_snmpget ====
 
  
(From version 4.0.1 onwards, Windows only)
+
{{Tip|Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.}}
  
This module performs an SNMP get query and returns the requested value. It's a wrapper for ''snmpget.exe''.
+
== Automatic agent deployment ==
  
It supports the following configuration parameters:
+
{{Warning|Please confirm '''winexe''' command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install '''zlib.i686''' and '''glibc.i686''' to get winexe working.}}
  
* '''module_snmpversion [1,2c,3]''': SNMP version (1 by default).
+
{{Warning|In <b>Windows</b> environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.}}
* '''module_snmp_community <community>''': SNMP community (''public'' by default).
 
* '''module_snmp_agent <host>''': Target SNMP agent.
 
* '''module_snmp_oid <oid>''': Target OID.
 
* '''module_advanced_options''': Advanced options for ''snmpget.exe''.
 
  
Example:
 
  
module_begin
+
From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the '''deployment center'''.
module_name SNMP get
 
module_type generic_data
 
module_snmpget
 
module_snmpversion 1
 
module_snmp_community public
 
module_snmp_agent 192.168.1.1
 
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.148
 
module_end
 
  
== Examples ==
+
{{Warning|Server version must be EL7 for agent automatic deployment to work.}}
  
Example of a Windows module, checking if 'EventLog' works. Example:
+
[[File:Depl1.png]]
 
<pre>
 
module_begin
 
module_name ServicioReg
 
module_type generic_proc
 
module_service Eventlog
 
module_description Eventlog service availability
 
module_end
 
</pre>
 
  
An example for a UNIX module would be:
 
 
<pre>
 
module_begin
 
module_name cpu_user
 
module_type generic_data
 
module_exec vmstat | tail -1 | awk '{ print $14 }'
 
module_min 0
 
module_max 100
 
module_description User CPU
 
module_end
 
Tipos de agentes software
 
</pre>
 
  
== Specific Configuration by Technologies ==
+
The steps to deploy agents from the console are:
  
With Pandora FMS it's possible to monitor any system. This could either be done with an installed Software agent on the system, which collects data straight from the system to be monitored, or by using a 'Satellite Agent' which consists of an agent which is executed in a server and monitors some parameters of systems which have adjacents through SNMP or user-defined commands.
+
'''Register the versions of the software agents to be deployed in the agent repository.'''
  
The software agents could be Windows or UNIX agents. The agents could be installed using any of the agents described in the following lines. To use a satellite agent, it's enough to install a software agent and define the configured modules to collect data from an external system through, e.g. the ''snmpget'' tool or ''ping''.
+
The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.
  
=== UNIX / Linux Agents ===
+
For more information about the use of the '''agent repository''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Software_agent_repository this link]
  
UNIX has several command line tools that allow data to be received through commands. The Unix agents are based in this premise. There are two kinds of UNIX agents:
 
  
* ShellScript: With a defined shellscript for each kind of SO based on bash, ksh or csh. In the classical UNIX Systems (Solaris, AIX, HPUX), all functionalities are not implemented yet - but under Linux or MAC they are.
+
'''Register the credentials to be used to connect the targets in the credential manager.'''
  
* Perl: There is a unique multi-platform agent based on Perl 5.8 that works alike in all Unix systems. You're required to have a Perl 5.8 system or higher installed for proper functioning.
+
Specify the credentials with which the accesses to found or specified targets will be tested.
  
The shellscript agents have been designed to work in even the oldest UNIX versions: HPUX11.0, AIX 4.1, Solaris 6 ... They work, but are feature limited e.g. not having the Tentacle client and having to use the FTP or SSH system to upload the monitoring data to its server.
+
For more information about the use of the '''Credential Store''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store this link]
  
==== Pandora FMS UNIX Agents Configuration ====
 
  
There is hardly any difference between AIX, Solaris and GNU / Linux. We are going to describe some of their most important parameters and paths.  
+
'''Check that your environment is ready for deployment.'''
  
After starting the installer, the agents main directory or 'home' directory is '/usr/share/pandora_agent/' where the Pandora FMS agent is installed. In the system where this isn't possible for reasons of e.g. a strict system policy, we recommend creating a link to this path from the real installation path, e.g. '/opt/pandora' -> '/usr/share/pandora_agent'.
+
When visiting the deployment center for the first time, the following notices will be shown:
  
The other important folders are:
+
[[File:depl_info1.png]]
  
* ''/var/spool/pandora/data_out'': Folder where the collected data from the agents is kept.
+
This message points out that objectives for deployment have not been defined yet.
  
* ''/etc/pandora/pandora_agent.conf'': Main agent configuration folder. The definition of where the data is collected is defined by the used command.
 
  
* ''/usr/local/bin/pandora_agent'': The current Pandora FMS agent. This file is a shellscript which collects the configuration data in the 'pandora_agent.conf' files and sends the data packages to the Pandora Server. It usually has a link to '/usr/bin/pandora_agent'.
+
[[File:Depl_info2.png]]
  
* ''/usr/local/bin/tentacle_client'': The agent which adds the Tentacle client for being able to send the data files to the server. This is a client written in Perl 5.8. It usually has a link to '/usr/bin/tentacle_client'.
+
These messages indicate:
  
* ''/etc/init.d/pandora_agent_daemon'': Script for starting and stopping. This daemon calls up 'pandora_agent' and gives two options (start / stop). On the AIX systems, the daemon's name is '''/etc/rc.pandora_agent_daemon'''.  
+
The first message indicates that the ''public_url'' public access URL must be configured so that the targets can get connected to the console and be configured.
  
* ''/var/log/pandora/pandora_agent.log'': Text file where the activity of the Pandora FMS agent is kept if the agent is executed in depuration mode.
+
{{Warning|This system does not perform PUSH operations. All deployments are sent by ''offering'' the software and ordering the target to install it.}}
  
* ''/etc/pandora/plugins'': Directory which keeps the agent's plugins. It's a link to ''/usr/share/pandora_agent/plugins''.
 
  
==== Initial Execution of a UNIX Agent ====
+
The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.
  
When you start the Pandora FMS agent, this should copy the data file to the Pandora FMS server through the dispatch system which is specified in the configuration file of ''/etc/pandora/pandora_agent.conf''. It's recommended to configure the dispatch system (Tentacle, SSH, FTP) before that.
 
  
To start the agent, execute:
 
  
/etc/init.d/pandora_agent_daemon start
 
  
For IPSO systems the agent will be launched with a priority of '-10', so it turns into the process with the lowest priority in the system CPU. It will be executed when other processes with a higher priority are waiting in the CPU system queue. The IPSO agent has a special parameter (''harmless_mode '') for a special management of the CPU process on systems ''Checkpoint/NOKIA''. This is a very special case.
+
==== Target Search ====
  
In BSD systems the highest priority is '+20' and the lowest '-20'.
+
'''Search or point out the targets in the deployment center.'''
  
To stop the agent, just execute:
+
Use any of the methods described below to register new targets.
  
/etc/init.d/pandora_agent_daemon stop
+
You may use any of the following options to define targets:
  
==== Advanced Configuration for the UNIX Agent ====
+
[[File:Depl_action_buttons.png]]
  
The real power of Pandora FMS is on the agent's capacity to start processing the user defined scripts. This could be used to collect specific data or to make an operation which returns any desired value, because it's the aim of the agent plugin structure. For more information, please check the Annex on creating Agent Plugins.
 
  
==== Examples of Implementation for UNIX Agents ====
 
  
Example #1: Calculate the number of displays on the Apache Web server main page (it could degrade the running of huge records):
+
===== Scan one or more networks in pursuit of targets. =====
  
module_begin
+
By pressing the scan targets button, a pop-up with the following fields will be displayed:
module_name WEB_Hits
 
module_type generic_data_inc
 
module_exec cat /var/log/apache/access.log | grep "index" | wc -l
 
module_end
 
  
Example #2: Checks if the process of the (named) DNS is working or not:
+
[[File:Depl2.png]]
  
module_begin
 
module_name DNS_Daemon
 
module_type generic_proc
 
module_exec ps -Af | grep named | grep -v "grep" | wc -l
 
module_end
 
  
==== Altering the way UNIX Agents obtain system information ====
+
Firstly indicate:
  
This is valid for UNIX Perl agents only (version 3.2 or higher).
+
* The network or networks (separated by commas) to scan.
 +
* The Discovery server that will perform the scan.
 +
* The credentials used to try to connect to the discovered targets.
 +
* The software agent version registered as "desired" for the discovered targets.
 +
* The IP of the target server where these software agents will point when they are installed (it corresponds to the "server_ip" field in the agent configuration file).
  
There are some modules which work like "blackboxes". They are performing operations the user doesn't have to know about. These modules are:
 
  
* module_procmem
+
When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.
* module_freedisk
 
* module_freepercentdisk
 
* module_cpuproc
 
* module_proc
 
* module_procmem
 
* module_cpuusage
 
* module_freememory
 
* module_freepercentmemory
 
  
Modules like e.g. 'module_cpuusage' return a percentage of the current system CPU usage, but the user doesn't need to use a command. On windows and on UNIX systems, Pandora 'already knows' what to do.
+
[[File:Depl_info3.png]]
  
Pandora UNIX Agents have predefined commands to do that. The below mentioned commands are executed in different ways depending on the OS:
 
  
linux => 'vmstat 1 2 | tail -1 | awk \'{ print $13 }\'',
+
A new entry will appear in the task list:
solaris => 'vmstat 1 2 | tail -1 | awk \'{ print $21 }\'',
 
hpux => 'vmstat 1 2 | tail -1 | awk \'{ print $16 }\''
 
  
It could happen that your system is slightly different from the tested system and the command is not valid. You're able to use your own command with a simple 'module_exec' or redefine internal pandora commands to do that. You need to edit some lines of Pandora FMS Unix Agent code for that, but don't worry - it's Perl code and it's very basic editing.
+
[[File:Depl2b.png]]
  
The Pandora agent is usually located in '/usr/bin/pandora_agent'. Please edit with vi or nano (they are common text editors for the console), and search for "Commands to retrieve" text. You should see something like this:
 
  
# Commands to retrieve total memory information in kB
+
{{Tip|Discovery tasks related to agent deployment are '''volatile''' tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.}}
use constant TOTALMEMORY_CMDS => {
 
linux => 'cat /proc/meminfo  | grep MemTotal: | awk \'{ print $2 }\'',
 
solaris => 'MEM=`prtconf | grep Memory | awk \'{print $3}\'` bash -c \'echo $(( 1024 * $MEM ))\'',
 
hpux => 'swapinfo -t | grep memory | awk \'{print $2}\''
 
};
 
  
This is the piece of code which defines how pandora gets information from the system to get the total memory. AIX is not defined because we don't have the information on how to get this information in an AIX system yet.
 
  
# Commands to retrieve partition information in kB
 
use constant PART_CMDS => {
 
# total, available, mount point
 
linux => 'df -P | awk \'NR > 1 {print $2, $4, $6}\'',
 
solaris => 'df -k | awk \'NR > 1 {print $2, $4, $6}\'',
 
hpux => 'df -P | awk \'NR > 1 {print $2, $4, $6}\'',
 
aix => 'df -kP | awk \'NR > 1 {print $2, $4, $6}\''
 
};
 
  
These are the commands to get disk information in KB (total, free and mount point). To change any of the predefined values to get the information, just edit the command but be careful with it:
+
As possible targets are found, they will appear in the deployment center:
  
# Check that lines end with ";"
+
[[File:Depl3.png]]
# Check that commands are between ' ' symbols.
 
# Check that any ' symbol you use ends on the \ symbol, e.g.:
 
  
df -P | awk 'NR > 1 {print $2, $4, $6}'
 
  
Will be
+
{{Tip|The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not.}}
  
df -P | awk \'NR > 1 {print $2, $4, $6}\'
+
===== Define a target manually. =====
  
It's the same used above, so see how it's written in the code.
+
You may manually register the target by defining:
  
=== Pandora FMS Windows Agents ===
+
* IP.
 +
* OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
 +
* Architecture.
 +
* Credentials used to try to connect to the target.
 +
* The agent version you wish to deploy.
 +
* The IP address of the server where that agent will point once installed (it corresponds to the field ''server_ip '' of the software agent configuration).
  
==== Check Windows agent is working ====
+
[[File:Depl5.png]]
  
The exit of the Pandora FMS Windows agent can be checked in the file ''C:\archivos de programa\pandora_agent\pandora_agent.log''. It's a plain text file that contains information about the agent's execution flow.
+
===== Upload a CSV file with target information. =====
  
To check if Tentacle or SSH are working well, you can use the command ''tentacle_client'' or the parameter '--test-ssh' on the binary. The first command will return an error, because neither the address nor the file to send is specified, but it checks if the Tentacle client ''tentacle-client'' is in the system. The second one will force Pandora FMS to connect using SSH internally and copy a file called ''ssh.test''. Remember that you're required to configure SSH properly, to generate the required keys and to import them onto the server if you want to use it.
+
If you wish to mass register targets, upload a CSV file with the following format:
  
==== Checking of Pandora FMS Agent service ====
 
  
The Pandora FMS 3.0 version has been carefully checked and "debugged" in order to avoid all kinds of memory ''leaks'', ''handles'' of processes, files or TCP/IP ports. It's very stable and has been tested on all Windows platforms where it has to operate. Nevertheless, it could happen that the service crashes a few times on some systems. We have tried to give some solutions to those users which require a restarted system or a supplementary control of the agent for it.
+
IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
  
There are two ways of having more control over the agent. The first one is to force the restart of the agent every X days through the Windows internal programmer for tasks through the AT command.
 
  
''' Restart with AT '''
+
[[File:Depl6.png]]
  
'' In English ''
+
The system will create the objectives based on what is defined in the CSV.
  
To schedule a restart on Mondays and Fridays:
+
==== Deploy the software ====
  
at 00:00 /every:Monday,Friday "c:\program files\pandora_agent\scripts\restart_pandora_agent.bat"
+
{{Warning|You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.}}
  
'' In Spanish ''
+
When you have possible targets on the list, launch agent deployment:
  
For example, to schedule an every day restart:
+
[[File:Depl4.png]]
  
at 00:00 /every:L,M,Mi,J,V,S,D "c:\archivos de programa\pandora_agent\scripts\restart_pandora_agent.bat"
 
  
To see a list of the scheduled tasks, just execute the following command in the command line:
+
Select the IPs of the targets from the list (only valid targets will appear) and press ''deploy''.
  
at
+
A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.
  
This will give you the scheduled tasks.
+
You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:
  
''' Automatic control of the service in case of crashes'''
+
[[File:Depl7.png]]
  
Windows provides an additional way of controlled restart of the service if this crashes for any reason. This allows you to tell the Windows service to restart automatically in case of a crash. You have to go to the Windows services dashboard and to the Pandora FMS agent and click on 'Properties' for it. On the 'Recovery' slide, you're required to change the default values into this:
 
  
<center>
+
The name of the target also becomes a link to the corresponding Pandora FMS agent.
[[image:Service_control_restart.png]]
 
</center>
 
  
This causes an automatic restart if the service crashes - but only once a day. If it happens to crash more than once a day, it won't get restarted again. The reason for this configuration is avoidance of a possible system overload due to a forced execution that downs too much of the other services, which is caused by a problem within the system. Pandora FMS should never be down. In any case, you can adjust these parameters if a Pandora FMS service crash should be controlled by the system and to make sure that you'll always have the agent running this way.
 
  
==== Configuration of Pandora FMS Windows Agent ====
+
Failure example: The user not only entered the IP of the target, but also its netmask ('''THE IP IS ENOUGH''').
  
The whole installation is done through the file ''pandora_agent.conf''. This file is a list of pairs of keys and values which have been described before. Here is an example of this file:
+
When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:
  
 +
[[File:Depl_err1.png]]
  
<pre>
+
==Import a list of your devices in CSV==
# General Parameters
 
# ==================
 
 
server_ip mypandoraserver.host.com
 
server_path /var/spool/pandora/data_in
 
temporal "c:\windows\temp"
 
interval 300
 
agent_name myagent_name
 
 
# Module Definition
 
# =================
 
 
# Counting OpenedConnections (please check language string)
 
module_begin
 
module_name OpenNetConnections
 
module_type generic_data
 
module_exec netstat -na | grep ESTAB | wc -l | tr -d " "
 
module_description Conexiones abiertas (interval 2)
 
module_interval 2
 
module_end
 
 
# Is Eventlog service running ?
 
module_begin
 
module_name ServicioReg
 
module_type generic_proc
 
module_service Eventlog
 
module_description Servicio Registro de sucesos
 
module_end
 
 
# Is lsass.exe process alive ?
 
module_begin
 
module_name Proc_lsass
 
module_type generic_proc
 
module_proc lsass.exe
 
module_description LSASS.exe process.
 
module_end
 
 
# Received packets.
 
# Please notice that "Paquetes recibidos" string must be replaced by
 
# the correct string in your Windows system language.
 
module_begin
 
module_name ReceivedPackets
 
module_type generic_data
 
module_exec netstat -s | grep  "Paquetes recibidos  " |  tr -d " " | cut -f 2 -d "=" | tr -d "\n"
 
module_description Conexiones abiertas (interval 2)
 
module_end
 
 
# Free space on disk
 
module_begin
 
module_name FreeDiskC
 
module_type generic_data
 
module_freepercentdisk C:
 
module_description Free space on drive C:
 
module_end
 
  
module_begin
+
A list of devices can be imported to represent them as agents using the agent import wizard through CSV.
module_name FreeMemory
 
module_type generic_data
 
module_freepercentmemory
 
module_description Amount of free memory.
 
module_end
 
</pre>
 
  
==== Extending the agents functionality with VBS code ====
+
{{Tip|This feature only creates agents in Pandora FMS for its remote monitoring.}}
  
Starting with the 3.1 version, Windows agents started to have plugins like the Unix agents, but don't forget they also have the possibility of executing the external scripts, based on VBScript as simple modules. Take a look at the VBS code which obtains the CPU total use of a system:
 
 
strComputer = "."
 
Set objWMIService = GetObject("winmgmts:" _
 
    & "{impersonationLevel=impersonate}!\\" _
 
    & strComputer & "\root\cimv2")
 
 
    Set object1 = objWMIService.Get( _
 
    "Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
 
    N1 = object1.PercentProcessorTime
 
    D1 = object1.TimeStamp_Sys100NS
 
    Wscript.Sleep(1000)
 
    set object2 = objWMIService.Get( _
 
    "Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
 
    N2 = object2.PercentProcessorTime
 
    D2 = object2.TimeStamp_Sys100NS
 
 
    ' CounterType - PERF_100NSEC_TIMER_INV
 
    ' Formula - (1- ((N2 - N1) / (D2 - D1))) x 100
 
    PercentProcessorTime = (1 - ((N2 - N1)/(D2-D1)))*100
 
 
    Wscript.Echo PercentProcessorTime
 
 
We keep it in a file called "CPUTotal.vbs" which is located at ''c:\program files\pandora_agent\util''.
 
 
Now we're going to create the new module type of 'module_exec' with this content:
 
 
cscript.exe /NoLogo c:\program_filespandora_agent\util\CPUTotal.vbs
 
 
We already have a new module that returns the CPU total use, obtained through the external script in VB. There are plenty of things that can be obtained through VBScript. Microsoft has an excellent online documentation about VBS that you can check in MSDN:
 
[http://msdn.microsoft.com/en-us/library/aa394582(VS.85).aspx].
 
 
==== Running the Pandora FMS Agent under a different user than SYSTEM ====
 
 
You can setup the Windows agent to run under a different user. You're required to configure the startup service with a different user and provide this user with special privileges to do that. That user is required to be included in the 'Administrators' group.
 
 
In the WMI console, all users from the group 'Administrators' have ALL permissions enabled.
 
 
This is an example of a user and it's WMI settings for the ROOT environment. Branches will inherit the root permissions by default:
 
  
 
<center>
 
<center>
[[image:Service_image001.png]]
+
[[File:hostdevices2.png]]
 
</center>
 
</center>
 +
 +
Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".
  
 
<center>
 
<center>
[[image:Service_image002.png]]
+
[[File:hostdevices3.png]]
 
</center>
 
</center>
  
You can look up some Microsoft links related to this issue on : [http://support.microsoft.com/kb/325353/en] [http://msdn.microsoft.com/en-us/library/ms188690.aspx]
+
==Custom NetScan==
 
 
=== Auto-upgrading Software Agents ===
 
We can provide a way to 'auto-upgrade' the software agents using that mechanism and a very special tool. It works in the following way:
 
{{Tip|Pandora_update tool requires Perl's Digest:MD5 module. It is included by default from Perl 5.14, but for earlier versions it has to be manually installed.}}
 
1. Agents receive new binaries e.g. in the file collection's incoming directory:
 
 
 
c:\program files\pandora_agent\collections\fc_1\pandoraAgent.exe
 
 
 
2. The agent utilizes a special module to execute the pandora_update tool. This tool receives a single parameter, the FileCollection handle (or short name). In this scenario, it's ''fc_1''. It checks for a file called 'pandoraagent.exe' (or 'pandora_agent' under UNIX), looks at the size and contents of both files (by using a HASH), the running 'pandora_agent' and the binary provided in the file collection. If they are different, 'pandora_update' stops the agent, replaces the binary and restarts the agent again, using the new binary.
 
 
 
3. Furthermore, 'Pandora_update' writes the update event to a small log to be able to recover the next execution and warns the user about the agent's updating process by means of an 'async_string' module.
 
 
 
This means that the used modules could be configured to have a high interval to perform the update process.
 
 
 
'''UNIX Standard Installation'''
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec nohup /etc/pandora/plugins/pandora_update fc_1 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
'''UNIX Custon Installation'''
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec nohup /var/opt/PandoraFMS/etc/pandora/plugins/pandora_update fc_1 /var/opt/PandoraFMS 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
NOTE: The second parameter of the 'pandora_update' command is the installation path of Pandora FMS. This parameter is only required if Pandora FMS is installed in a path different from the default path.
 
 
 
'''Windows'''
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec pandora_update.exe fc_1
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
NOTE: If it has the agent in a non "standard" path under UNIX, you're required to modify some of the 'pandora_update' utility values, specifically the following lines:
 
 
 
 
 
# Setup your particular paths / process settings here
 
# [SETUP BEGIN] 12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)
 
# Location of binaries
 
 
 
# UNIX
 
my $running_binary = "/usr/bin/pandora_agent";
 
my $updated_binary = "/etc/pandora/collections/$fc_path/pandora_agent";
 
 
# UNIX style
 
 
my $start_pandora = "/etc/init.d/pandora_agent_daemon start";
 
my $stop_pandora = "/etc/init.d/pandora_agent_daemon stop";
 
 
 
Please change the paths to the ones which fit with your system manually.
 
 
 
=== Process to Auto Upgrade Agents from versions previous to 3.2  ===
 
 
 
The first thing is to get the executables from the Pandora FMS agent and the 'pandora_update' tool ('pandoraAgent.exe' and 'pandora_update.exe' under Windows and 'pandora_agent' and 'pandora_update' under UNIX).
 
 
 
Many of the steps that we are giving here means the following things:
 
 
 
1. You have a way to copy files to the systems which you want to update. This is a feature which the Pandora FMS 3.2 version provides (File Collection) but just now, you want to migrate to the 3.2 version, because this feature is missing there. It's assumed that you have alternative mechanisms.
 
 
 
2. The agent's configuration and remote management is activated and working. This will be useful. It's recommended to create several directories and configure a new module in your Pandora FMS agent configuration.
 
 
 
'''Windows Platforms'''
 
 
 
We should copy 'pandora_update' to one directory of the system path or to the directory '/util' of our Pandora (in Windows).
 
 
 
Supposing that we have Pandora FMS installed in:
 
 
 
C:\Archivos de programa\pandora_agent
 
 
 
We have to copy 'pandora_update.exe' in the directory:
 
 
 
C:\Archivos de programa\pandora_agent\util
 
 
 
Then we create two directories:
 
 
 
C:\Archivos de programa\pandora_agent\collections
 
C:\Archivos de programa\pandora_agent\collections\fc_1
 
 
 
And after this, we should copy the new agent's binary to the last directory which we have created:
 
 
 
C:\Archivos de programa\pandora_agent\collections\fc_1\PandoraAgent.exe
 
 
 
We create one module in the agent as the one that follows:
 
 
 
module_begin
 
module_name Pandora_Update
 
module_type async_string
 
module_interval 20
 
module_exec pandora_update.exe fc_1
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
This special module that uses the 'pandora_update' executable, executes a special tool ('pandora_update') which compares the current executable with the one that already exists in the directory '/collections/xxxx', where 'xxxx' is a parameter that is passed on to the module. This location is the one specified with the file collections. After using the 3.2 version, the distribution of the new *.exe of the agents will be done through file collections and this identifier will be necessary to 'locate' in which file collection our executable is located.
 
 
 
'''UNIX Platforms'''
 
 
 
Similar to the Windows platforms, we have to copy the executable of the UNIX agent and the 'pandora_update' feature. If it has a non-standard installation and possesses customized paths, you should have to pay lot of attention to the previous paragraph where it's described which files should be modified.
 
 
 
You have to copy ''pandora_update'' into your agent's plugins / folder:
 
 
 
/etc/pandora/plugins/pandora_update
 
 
 
Now create directory 'collection/fc_1' in the base directory of your '/etc/pandora':
 
  
/etc/pandora/collections/
+
It allows the execution of custom scripts for the execution of network recognition tasks.
/etc/pandora/collections/fc_1
 
  
The call to 'pandora_update' will be done on its system paths to the plugins. In this case, the default path is '/etc/pandora/plugins/pandora_update'.
+
Create a recognition task specifying:
  
The module for the UNIX case will be the following:
+
* Task name: Name of the recognition task.
 
+
* Comment: Allows adding comments.  
module_begin
+
* Discovery server: Server that will execute the task.  
module_name Pandora_Update
+
* Group: Group it belongs to.  
module_type async_string
+
* Interval: Execution interval.  
module_interval 20
 
module_exec nohup /etc/pandora/plugins/pandora_update fc_1 2> /dev/null && tail -1 nohup.out 2> /dev/null
 
module_description Module to check new version of pandora agent and update itself
 
module_end
 
 
 
'''NOTE''': It's recommended to check if both 'pandora_update' and 'pandora_agent' have suitable permissions and owners, executing permissions and the same user which owns the 'pandora_agent' executable.
 
 
 
== Pandora FMS Drone Agents ==
 
 
 
=== What is a Drone Agent ? ===
 
 
 
The Pandora FMS Drone Agent is a running mode of Pandora FMS Software Agent. This running mode only works on Windows and Linux machines. It was developed to deal with complicated environments with restricted access to the machines. The Drone Agent has two main features:
 
 
 
* '''Proxy mode'''
 
* '''Broker mode'''
 
 
 
Running in this mode, the Drone Agent can report data and utilize all features of the standard Pandora FMS Software Agent.
 
 
 
 
 
The picture below shows an architecture of Pandora FMS using Drone Agents:
 
  
 
<center>
 
<center>
[[image:Architecture_il1.png‎|500px]]
+
[[File:DISC_NetScan_Custom_1.JPG]]
 
</center>
 
</center>
  
==== Proxy Mode ====
+
Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.
 
 
Proxy Mode is very useful for networks which have restrictions in their communications. The agent running this mode enabled a Tentacle Proxy Server to allow agents to communicate with the Pandora FMS Server through itself.
 
 
 
The new Tentacle version supports proxy usage (HTTP/Connect mode), so that agents can contact with the server using an intermediate standard proxy directly. You also can use a new tool called 'Tentacle Proxy Server' is used to centralize all communication between Pandora FMS and the agents, allowing the file management and remote configuration for policy based-monitoring. You can see [http://www.openideas.info/wiki/index.php?title=Tentacle more about the Tentacle Proxy Server here].
 
 
 
 
 
You'll get all functionalities of a proxy but managed by Pandora FMS Software Agent with this feature. This mode has two '''requirements''' 1. The agent '''cannot be run by the root'''. 2. If you want to use the proxy mode with Unix agent then '''it must be installed with a user without root privileges''' (the same user will execute the agent in proxy mode later).
 
 
 
All parameters to configure the Tentacle Proxy Server are available trough its agent configuration file:
 
 
 
'''server_ip'''
 
 
 
It's the IP address or the name of Pandora FMS server host. '''Be careful with the enabled Proxy Mode. This parameter cannot take values like 127.0.0.1, locahost, 0.0.0.0 or related'''.
 
 
 
'''proxy_mode'''
 
 
 
Proxy mode status. If the 'proxy_mode' is set to '1', the proxy feature of the drone agent is activated. If the proxy_mode is set to '0', the proxy feature is off. This feature is disabled by default.
 
 
 
'''proxy_max_connection'''
 
 
 
Number of max. simultaneous connections of the proxy. 10 connections are allowed by default.
 
 
 
'''proxy_timeout'''
 
 
 
Timeout for the proxied server. Default value is '1 second'.
 
 
 
===== Usage Examples =====
 
 
 
'''I only have one connection to the Pandora FMS Server'''
 
 
 
This situation is not a problem for the Pandora FMS Drone Agent. To configure the proxy mode, just set 'server_ip' to the Pandora FMS IP and the 'proxy_mode' parameter to '1'. You can configure some parameters like the number of connections and timeout if needed. You'll have the agent and the Tentacle Proxy Server up and running on the machine which can connect with Pandora FMS Server with this configuration.
 
 
 
To configure the other agent, just set the 'server_ip' parameter to the IP address of the Drone Agent with proxy mode enabled. That's all you have to do. The agents are going to use the drone agent to connect to the Pandora FMS Server.
 
 
 
'''I'm required to setup a double proxied connection'''
 
 
 
You're able to connect a Drone Agent to another. It's very easy.
 
 
 
To perform the double proxy, just configure the Drone Agent which can connect to Pandora FMS Server to set the 'server_ip' to the Pandora FMS IP address. 'proxy_mode' must be set to '1' and the other parameters if you need.
 
 
 
To configure the second Drone Agent, just set the 'server_ip' to the one of the first Drone Agent and enable the proxy mode by setting 'proxy_mode' to '1'.
 
 
 
With this configuration, an agent connected to the second Drone Agent can send data to Pandora FMS Server through the two proxies.
 
 
 
==== Broker Mode ====
 
 
 
The Broker Mode is designed to "recreate" different agents (as an entity) from a single software agent installed on a server. Broker agents execute different setups, like if it has different personalities or different agents installed on the same server with different configurations. Each configuration file is independent and can have it's own plugins, inventory modules, etc. It can be remotely managed as any other agent of course. This is perfect to monitor servers / Comm devices nearby and useful when you're unable to reach a router but can install an agent in a nearby host. You can monitor ten routers from a single agent and have eleven agents in your Pandora FMS console (10 routers + 1 host) for example.
 
 
 
It's important to know that the ''broker_agent'' token will be ignored in the configuration of an agent which is set like a broker agent.
 
 
 
The main features of "broker mode" are:
 
 
 
* Send local data with another agent name. Useful to monitoring different instances of a software applicationn as independent agents.
 
 
 
* Send data from remote devices / checks executed from a single host and have it under Pandora FMS like they were different independent agents.
 
 
 
===== Examples =====
 
 
 
'''Send data to server with different agent names, using different configurations'''
 
 
 
Modify your pandora_agent.conf with following lines:
 
 
 
broker_agent router_1
 
broker_agent router_2
 
broker_agent router_3
 
 
 
On the next execution or restart you will have three new files: 'router_1.conf', 'router_2.conf' and 'router_3.conf'. They are an exact copy from origial "pandora_agent.conf" file, except the attribute of 'agent_name' which will be selected from the 'broker_agent' call.
 
 
 
You now have four agents with different configuration files. You can now add different modules in each configuration file, e.g. edit 'router_1.conf' and add:
 
 
 
'''Sample of remote check'''
 
 
 
Please add the following line to the remote configuration file 'pandora_agent.conf':
 
 
 
broker_agent server_1
 
 
 
A new file called 'server_1.conf' will be created and we'll edit it for the purpose of adding specific modules for this broker agent:
 
 
 
module_begin
 
module_name Check SSH Status
 
module_type generic_proc
 
module_tcpcheck 192.168.1.1
 
module_port 22
 
module_timeout 5
 
module_end
 
  
This configuration can be interesting when making checks against another remote machine. Even if it has an agent installed Pandora, is unattainable by the server.
+
==Net scan scripts==
  
'''This feature is available from version 4.0 onward.'''
+
This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.  
 
 
== Agent / Module Autocreation from XML File / Learning Mode ==
 
 
 
Pandora FMS supports the automatic creation of agents and/or modules if you receive the information coming from an XML (data server). This happens automatically, unless you completely disable this behavior by disabling the server ''autocreate'' parameter. The 'creation' only happens the first time agent data arrives on the server. That means you can '''create the information''' but you cannot '''update''' the agent or module information each time you're getting a new XML - with a few exceptions as you can see below.
 
  
 
<center>
 
<center>
[[File:Learning mode.png]]
+
[[File:DISC_Net_scan_scripts.JPG]]
 
</center>
 
</center>
  
This behavior can be avoided in specific agents by disabling the ''learning mode'' of the agent. By disabling this feature, the agent will not create new modules when the XML arrives with the new module. The information won't update the agent configuration parameters.
+
Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.  
 
 
 
 
'''Autodisable mode:''' From version 6.1 onward agents have this third mode available. In terms of creating agents and modules it behaves exactly the same as an agent in learning mode: when the first XML reaches it, the first agent is created and, on each report, if there are new modules they can also be added automatically. Nevertheless, when all modules from an agent that are in ''autodisable'' mode are also marked as unknown, the agent is automatically disabled. In any case, if the agent reports again, it gets enabled again on its own.
 
 
 
=== Loaded Data from the XML in the Creation of an Agent ===
 
 
 
Stored Data for an agent is the following:
 
 
 
''' In 4.x version: '''
 
  
* Agent name.
+
The parameters that can be defined are the following:
* IP address.
 
* Agent description.
 
* Agent's parent.
 
* Timezone offset.
 
* Group.
 
* Operating system.
 
* Agent interval.
 
* Agent version
 
  
''' In 5.x version '''
+
* Name: Script name.  
 
+
* Script fullpath: Path where the script is located.  
It's the same as in 4.x version, plus the following:
+
* Description: Script description. You can define descriptions of the different fields, as well as default values for them.  
 
+
* Hide value: In case you wish to hide the value of a field.  
* Custom fields.
+
* Help: Help fields.  
* Custom ID.
 
* URL address.
 
 
 
''' In 6.1 version '''
 
 
 
* Agent mode: (Learning -''default''-, No-learn, Autodisable).
 
 
 
=== Data modified in the Agent when receiving XML (Learning Mode enabled) ===
 
 
 
* Agent's IP address
 
* Agent's parent (if defined in server setup, for v4.x parents it's always updated)
 
* OS Version.
 
* Agent's version.
 
* Timezone.
 
* Custom fields.
 
 
 
 
 
{{tip|The GIS data are always updated. It doesn't matter at all if the learning mode is enabled or not.}}
 
 
 
By enabling the learning mode the new modules which get received through the XML file are going to be created under Pandora FMS.
 
 
 
=== Data added to the Module on Creation Time ===
 
 
 
The first time you get data coming from an XML for a module, the read data from the XML and inserted in the system are the following:
 
 
 
''' In 4.x version '''
 
 
 
* Name.
 
* Type.
 
* Description.
 
* Max Min value filter.
 
* Post process.
 
* Module interval.
 
* Min / Max Critical.
 
* Min / Max Warning.
 
* Disabled module.
 
 
 
''' In 5.x version'''
 
 
 
The same as in 4.x plus the following:
 
 
 
* Units.
 
* Module group.
 
* Custom ID.
 
* Str. Warning / Critical.
 
* Critical instructions.
 
* Warning instructions.
 
* Unknown instructions.
 
* Tags.
 
* Critical inversion mode.
 
* Warning inversion mode.
 
* Quiet mode.
 
* Min. FF Threshold.
 
* Alert template (from SP4)
 
 
 
 
 
''' In 6.x version'''
 
 
 
* Crontab
 
 
 
=== Loaded Data when Module already exists ===
 
 
 
If the data server processes an XML containing information for a pre-existent module, part of its information will be overwritten / updated. The description and extended information (see next epigraph) are updated.
 
 
 
Note: GIS data are always updated unless you have the GIS update disabled for that agent (this is configured in agent's GIS setup).
 
 
 
== Extended Module Information ==
 
 
 
This epigraph is for advanced and development environments. You're able to send custom XML data (using your own application or altering the Pandora agent's source code). This XML file has two 'custom' tags named 'rack_number' and 'severity':
 
 
 
<pre>
 
 
 
<module>
 
    <name><![CDATA[battery_level]]></name>
 
    <description><![CDATA[The actually device battery level]]></description>
 
    <type><![CDATA[generic_data]]></type>
 
    <data><![CDATA[61]]></data>
 
    <rack_number>2</rack_number>
 
    <severity>MAJOR</severity>
 
  </module>
 
</pre>
 
 
 
The module is going to be shown like on the picture below.
 
  
 
<center>
 
<center>
[[File:Extended module xml.png|800px]]
+
[[File:DISC_Net_scan_scripts_2.JPG]]
 
</center>
 
</center>
  
{{Tip|These fields don't store history values. They're only going to store the last received value from the XML data.}}
+
Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.
 
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 
 
 
[[Category:Pandora FMS]]
 
[[Category:Documentation]]
 

Latest revision as of 12:48, 22 May 2020

Contents

1 What is Pandora FMS Discovery?

Info.png

Available for Pandora FMS 732 versions or higher.

 


Discovery provides a set of tools to simplify monitoring through wizards.

The following tools are included:

Task list
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
Discovery Applications
It allows to monitor MySQL, Oracle or VMware environments from a new management console.
Discovery Cloud
Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
Console Tasks
It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
Discovery Host&Devices
It includes the tools needed to discover or import devices and equipment to your network.

Discovery1.png

2 Discovery Task list

Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.

DISC Task list 1.JPG

2.1 Console tasks

This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:

  • User: It is the user who created the task.
  • Task: Description of the programmed task
  • Scheduled: It specifies how often the task will be executed.
  • Next Execution: It specifies the next task execution.
  • Last Execution: It indicates when the task was last executed.
  • Group: The group to which the task belongs.
  • Operations: It shows the actions that can be performed on the task, such as editing and deleting.

2.1.1 Edit Console tasks

This button allows access to the creation section, where the desired task can also be edited according to the following parameters:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom report to disk.
    • Save custom XML report to disk.
    • Send custom report (from template) by email.
    • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
  • Group: Group to which the task belongs.
  • Parameters: They are the specific parameters of each task.

2.1.1.1 Parameters of different tasks


Backup Pandora FMS database
  • Description: Backup description.
  • Save to disk in path: Path where the backup will be stored.

Execute custom script
  • Custom script: The script to be executed will be indicated.

“Save custom report to disk” and “Save custom XML report to disk”
  • Report pending to be created: The report to be created.
  • Save to disk in path: Path where the created report will be stored.

Send custom report (from template) by email
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Report name: Name that you wish to give the report.
  • Send to email addresses: Email addresses to which the report will be sent.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.

Send custom report by email
  • Report pending to be created: Report to be generated.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

2.2 Server tasks

This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:

  • Force: Option that will allow forcing the task execution.
  • Task name: Name assigned to the task.
  • Server name: Server that will execute the task.
  • Interval: Time interval during which the task will be performed.
  • Network: Network where the checks will be made.
  • Status: Status of the scheduled task.
  • Task type: Type of the task that has been generated.
  • Progress: Progress of the task in case of being executed.
  • Updated at: It indicates when the task was last executed.
  • Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.

2.2.1 Operations

The edition of the server recognition tasks allows to adjust the following parameters:

  • Interval: The task execution interval can be set, either manually or defined.
  • Task name: Task Name.
  • Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
  • Network: Network on which the checks are to be carried out.
  • Group: Group to which it belongs.
  • Comment: Comments to add.

3 Discovery Applications

Now, it is possible to monitor applications remotely using Discovery Applications.


Discoverysap1.png

3.1 Discovery Applications: MySQL

From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.

For that purpose, it will be necessary to define the following parameters:

  • Task name: Name of the task that will perform MySQL monitoring.
  • Discovery Server: Server that will perform the execution of the specified task.
  • Group: Group to which it belongs.
  • MySQL server IP: IP of the server where the MySQL environment to be monitored is.
  • MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
  • User: MySQL user with which to login. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
  • Password: MySQL user password specified above.
  • Interval: Time interval in which monitoring will be executed.

DISCMySQL1.JPG

Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.

The options to be displayed are the following:

  • Target agent: Agent on which the modules resulting from monitoring will be created.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Scan databases: It will scan the databases.
  • Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
  • Check engine uptime: It will check the time that MySQL engine is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Retrieve InnoDB statistics: It returns InnoDB statistics.
  • Retrieve cache statistics: It returns cache statistics.
  • Custom queries: It allows defining custom statements.

DISCMySQL2.JPG

3.2 Discovery Applications: Oracle

From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.

Oracle monitoring will allow to define the following parameters:

  • Task name: Task Name
  • Discovery server: Server that will run the Oracle monitoring task.
  • Group: Group it belongs to.
  • Oracle target strings: Where the target strings of the task will be defined.
  • User: Oracle user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval

DISC Oracle1.JPG

Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:

  • Target agent: Agent that will receive Oracle monitoring information.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Check engine uptime: It will check the time that Oracle is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Calculate fragmentation ratio: It calculates the fragmentation rate.
  • Monitor tablespaces: It monitors tablespaces.
  • Retrieve cache statistics: It returns cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: it allows to define customized queries.

DISC Oracle2.JPG

3.2.1 Installing Oracle packages

It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS, it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:

  • Install oracle instant client from the Oracle page:
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  • Required packages:
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
  • Prepare the boot environment of pandora_server:

Template warning.png

In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env

 


# Set Oracle environment for pandora_server
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
#!/bin/bash
VERSION=11.1
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV
  • Restart pandora_server
/etc/init.d/pandora_server restart

Template warning.png

If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used

 


3.3 Discovery Applications: SAP


Discovery Applications has a new family member from Pandora FMS version 741 onwards. This new feature will now be included in the official ISO installation.

Template warning.png

If you Pandora FMS is installed from packages, or your system is prior to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually (see below).

 


Template warning.png

In order to use SAP in Discovery, configure a specific license number for this plugin, which is not included in Pandora FMS Enterprise license. Configure this license in Setup > Enterprise.

 


The system will guide you along each step to configure SAP, according to your needs. You may define the same task to monitor systems with similar configurations.

Discoverysap2.png

In the example above, servers sapsample.artica.lan, sap2.artica.lan and 10.0.30.33 use the same client, system and credential configuration, so they can be grouped in the same task.

Template warning.png

If you need to monitor different configurations, create a task for each configuration.

 


Select from the list the information about the SAP system you wish to retrieve as shown below:

Discoverysap3.png

Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.


3.3.1 SAP Discovery connector manual installation

If your Pandora FMS version was installed before the NG741 version, download the connector and configure it manually.

First, install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.

Then you need to download the remote connector/plugin for Linux from SAP, download it from our library.

Configure your pandora_server.conf too, and set the following parameters:

# Discovery SAP 
java /usr/bin/java

# Discovery SAP utils
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP

In the directory indicated, with the configuration token sap_utils decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:

Deset_SAP_Plugin.jar
dev_jco_rfc.trc
libsapjco3.so
sapjco3.dll
sapjco3.jar

Once the configuration file is modified, restart the Pandora FMS server.

3.3.2 SAP View


You can see the general state of the SAP system servers in the SAP View.

Discoverysap4.png

This view will display a panel with the available SAP modules of the selected SAP agent.

You may select the refresh time and the interval to show in the graphs.

3.3.3 SAP agent view


The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:

Discoverysap5.png

The agent view will provide an overview of the status of the SAP modules for the current agent:

Discoverysap6.png


Template warning.png

Java must be installed within the server for SAP integration to work.

 


3.4 Discovery Applications: VMware

Template warning.png

In case of manual installation or update from a Pandora FMS version prior to 732, it is necessary to install SDK for VMWare to work properly.

 


From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.


Discoveryapplications2.png


The following must be specified:

  • A name to identify the task.
  • A Discovery server where to run it.
  • A group to which the agents generated by the VMware task will be associated.

Info.png

It must be taken into account that if the Pandora FMS server has the autocreate_group token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.

 



The data required to monitor VMware are:

  • V-Center IP
  • The name of the datacenter (it can be seen through VMware installation management screen).
  • User with read permissions.
  • User password.
  • Monitoring interval.

Password encryption can be enabled by pressing the button encrypt passwords. This only applies to the wizard in progress.


On the next page, VMware monitoring details can be specified:

Discoveryapplications3.png

  • Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
  • Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
  • Event mode: Only for VCenter. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
  • Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
  • Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit this section.





3.5 Discovery Applications: MS SQL


This new Pandora FMS integration allows monitoring Microsoft SQL server databases.

Microsoft ODBC must be installed in the system where Pandora FMS server is running.

Info.png

From version 745 onwards, ODBC is preinstalled in Pandora FMS ISO.

 


3.5.1 How to install Microsoft ODBC

  • In CentOS 6:
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17
  • In CentOS 7:
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17

Once the ODBC is installed, it might be necessary to set which driver Pandora FMS should use. To that end, check Pandora FMS server configuration file.

/etc/pandora/pandora_server.conf

Once you go to the configuration file, look for the following token:

mssql_driver IDENTIFYING STRING

The IDENTIFYING STRING parameter can be found in /etc/odbcinst.ini which will be created when installing ODBC.

This is the default string:

ODBC Driver 17 for SQL Server

3.5.2 Configure a Discovery Applications MS SQL task

To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery > Applications > Microsoft SQL Server).

Once you choose the Microsoft SQL Server task, you may define the instances in the following way:

IP\Instance

If you wish so, define a port like this:

IP:Port\Instance

Mssql1.png


This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.

Mssql3.png

If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.

4 Discovery Cloud

Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts as well as Microsoft Azure's, concentrating information management in a single tool.

Azure66.JPG

Account management, both from AWS and Microsoft Azure, will be made through the Credential Store located in Profiles -> Manage agent groups -> Credential Store.

Credential store.png

4.1 Discovery Cloud: Amazon Web Services (AWS)

Template warning.png

This section is under construction.

 


To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.


4.1.1 AWS. Credential validation

Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".

AWSCredentials1.JPG

You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.

This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.

AWS4.png

AWS5.png

Query accounts in Amazon AWS must be created with the following permissions:

Awsgrants.png

  • Billing (read)
  • CloudWatch (list,read)
  • Cost Explorer Service (Full access)
  • EC2 (full read, limited: list)


Summary of the policy in JSON:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "ec2:DescribeInstances",
               "ec2:DescribeVolumesModifications",
               "ec2:GetHostReservationPurchasePreview",
               "ec2:DescribeSnapshots",
               "aws-portal:ViewUsage",
               "ec2:DescribePlacementGroups",
               "ec2:GetConsoleScreenshot",
               "ec2:DescribeHostReservationOfferings",
               "ec2:DescribeInternetGateways",
               "ec2:GetLaunchTemplateData",
               "ec2:DescribeVolumeStatus",
               "ec2:DescribeScheduledInstanceAvailability",
               "ec2:DescribeSpotDatafeedSubscription",
               "ec2:DescribeVolumes",
               "ec2:DescribeFpgaImageAttribute",
               "ec2:DescribeExportTasks",
               "ec2:DescribeAccountAttributes",
               "aws-portal:ViewBilling",
               "ec2:DescribeNetworkInterfacePermissions",
               "ec2:DescribeReservedInstances",
               "ec2:DescribeKeyPairs",
               "ec2:DescribeNetworkAcls",
               "ec2:DescribeRouteTables",
               "ec2:DescribeReservedInstancesListings",
               "ec2:DescribeEgressOnlyInternetGateways",
               "ec2:DescribeSpotFleetRequestHistory",
               "ec2:DescribeLaunchTemplates",
               "ec2:DescribeVpcClassicLinkDnsSupport",
               "ec2:DescribeVpnConnections",
               "ec2:DescribeSnapshotAttribute",
               "ec2:DescribeVpcPeeringConnections",
               "ec2:DescribeReservedInstancesOfferings",
               "ec2:DescribeIdFormat",
               "ec2:DescribeVpcEndpointServiceConfigurations",
               "ec2:DescribePrefixLists",
               "cloudwatch:GetMetricStatistics",
               "ec2:GetReservedInstancesExchangeQuote",
               "ec2:DescribeVolumeAttribute",
               "ec2:DescribeInstanceCreditSpecifications",
               "ec2:DescribeVpcClassicLink",
               "ec2:DescribeImportSnapshotTasks",
               "ec2:DescribeVpcEndpointServicePermissions",
               "ec2:GetPasswordData",
               "ec2:DescribeScheduledInstances",
               "ec2:DescribeImageAttribute",
               "ec2:DescribeVpcEndpoints",
               "ec2:DescribeReservedInstancesModifications",
               "ec2:DescribeElasticGpus",
               "ec2:DescribeSubnets",
               "ec2:DescribeVpnGateways",
               "ec2:DescribeMovingAddresses",
               "ec2:DescribeAddresses",
               "ec2:DescribeInstanceAttribute",
               "ec2:DescribeRegions",
               "ec2:DescribeFlowLogs",
               "ec2:DescribeDhcpOptions",
               "ec2:DescribeVpcEndpointServices",
               "ce:GetCostAndUsage",
               "ec2:DescribeSpotInstanceRequests",
               "cloudwatch:ListMetrics",
               "ec2:DescribeVpcAttribute",
               "ec2:GetConsoleOutput",
               "ec2:DescribeSpotPriceHistory",
               "ce:GetReservationUtilization",
               "ec2:DescribeNetworkInterfaces",
               "ec2:DescribeAvailabilityZones",
               "ec2:DescribeNetworkInterfaceAttribute",
               "ce:GetDimensionValues",
               "ec2:DescribeVpcEndpointConnections",
               "ec2:DescribeInstanceStatus",
               "ec2:DescribeHostReservations",
               "ec2:DescribeIamInstanceProfileAssociations",
               "ec2:DescribeTags",
               "ec2:DescribeLaunchTemplateVersions",
               "ec2:DescribeBundleTasks",
               "ec2:DescribeIdentityIdFormat",
               "ec2:DescribeImportImageTasks",
               "ec2:DescribeClassicLinkInstances",
               "ec2:DescribeNatGateways",
               "ec2:DescribeCustomerGateways",
               "ec2:DescribeVpcEndpointConnectionNotifications",
               "ec2:DescribeSecurityGroups",
               "ec2:DescribeSpotFleetRequests",
               "ec2:DescribeHosts",
               "ec2:DescribeImages",
               "ec2:DescribeFpgaImages",
               "ec2:DescribeSpotFleetInstances",
               "ec2:DescribeSecurityGroupReferences",
               "ec2:DescribeVpcs",
               "ec2:DescribeConversionTasks",
               "ec2:DescribeStaleSecurityGroups",
               "ce:GetTags"
           ],
           "Resource": "*"
       }
   ]
}


Assign the policy to a new user.

Awsgrants2.png


Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.

Info.png

If pandora-cm-api is not available in the installation, it can be obtained from the following link: [1]

 



4.1.2 Discovery Cloud. AWS

Once the credentials have been validated, access the Discovery Cloud menu => Amazon Web Services

AWS6.png

In this section, Amazon EC2 and Amazon RDS are found. For each account added to the "Credential store", the EC2 environment hosted in that account can be monitored.

Info.png

Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.

 


4.1.3 Discovery Cloud. AWS.EC2

Within EC2 monitoring you can find:

  • Expense monitoring.
  • Summary of resources registered in AWS.EC2.
  • Specific instance monitoring.
  • Volume and elastic IP address monitoring.

To start the monitoring process, a series of basic data is requested:

Cloud3.png

It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.

4.1.3.1 Discovery Cloud AWS.EC2 Costs

When clicking next, you will start configuring AWS monitoring expenses:

Template warning.png

Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/

 


Expense monitoring provides a separate monitoring interval to avoid extra charges.

Cloud4.png

Both the overall cost and the independent cost per region can be monitored.

4.1.3.2 Discovery Cloud AWS.EC2 Summary

The Discovery task can be configured to collect general information on the stock status in all regions.

To enable it, the Scan and general monitoring option must be activated.

Cloud5.png

Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).


4.1.3.3 Discovery Cloud AWS.EC2 Specific Instance Monitoring

Specific instances can be monitored to obtain readings of:

  • CPUUtilization: Average CPU usage
  • DiskReadBytes: Reading bytes (disk)
  • DiskWriteBytes: Writing bytes (disk)
  • DiskReadOps: Read operations (disk)
  • DiskWriteOps: Writing operations (disk)
  • NetworkPacketsIn: Input packets (network)
  • NetworkPacketsOut: Output packets (network)

The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted.

It must be verified that the update_parent token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.

Navigation must be carried out through the browser by selecting the instances that need to be monitored:

Cloud6.png

4.1.3.4 Discovery Cloud AWS.EC2 Extras

In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.

Two extra modules will appear in the region agents:

  • Total reserved volume (GB)
  • Total registered volumes (number)


You can also choose to activate the Elastic IP addresses token. The number of elastic IPs registered in the AWS.EC2 account will be reported.

Cloud7.png


Once the wizard is completed, the progress of the execution in Discovery Task list can be seen:

Tasklist1.png

4.1.4 Discovery Cloud. AWS.RDS

AWS RDS allows you to monitor relational databases provided by Amazon Web Services.

The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.

AWS8.JPG

Through Pandora FMS, different RDS instances can be monitored by filling in the parameters included in the menu shown at the top.

AWS RDS integration with Pandora FMS allows to monitor both the data source and their availablity.

In addition, the database running under RDS can be monitored retrieving all the metrics that could be monitored in a database as usual.

Template warning.png

Integration with AWS RDS only supports Oracle, MySQL and Mariadb.

 


4.1.5 Discovery Cloud. Overview

Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.

In the AWS view, the account from which you wish to display the information can be selected:

AWS9.JPG

It includes:

  • Current expenses
  • Previous expenses
  • Expense evolution chart (6 months)
  • Reserve / instance evolution chart (1 month)
  • Map of regions with the number of instances per region.

Awsview.png

4.2 Discovery Cloud: Microsoft Azure


To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.

4.2.1 How to register a user to use the Azure API

Azure.png

  • Go to 'App registrations'> 'New registration'

Azure2.png


  • Enter the data.

Azure3.png


  • Write down the data "client_id" and "directory".

Azure4.png

  • Next, access 'certificates & secrets' and create a new one:

Azure5.png

Template warning.png

Write down the key that is shown, it is the application_secret.

 


4.2.2 Assigning permissions

Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.

Azure6.png


Within the subscription, select "Access control (IAM)".

Azure7.png

Add a new role assignment and once there, select the "reader" role for the created app.

Azure8.png

It is important to save the changes by pressing "save".


From that moment onwards, you can connect to the service and make requests through pandora-cm-api.

4.2.2.1 Examples

The status of Azure can be checked from Pandora FMS as follows:

  • Preload the environment.
  • Run . load_env.sh
  • pandora-cm-api --product Azure --get availability


If the environment is operational, the system should return a response of 1.

An example of the contents of the load_env.sh script would be the following:

  • Azure
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"

export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

4.2.3 Configure a task in Pandora FMS

Pandora FMS allows managing several Microsoft Azure accounts.

You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.

This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.

To configure a new task, follow these steps:

  • Add a new password to the "credential store".

Azure9.png


  • Access 'Discovery> Cloud> Azure' and validate the Azure account.


Azure10.png


Azure11.png


Azure12.png


  • From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.

AzureX3.PNG

  • Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.

AzureX4.PNG

  • The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.

AzureX5.PNG


5 Discovery Console Tasks

Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom report to disk.
    • Save custom XML report to disk.
    • Send custom report (from template) by email.
    • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
  • Group: Group to which the task belongs.
  • Parameters: They are the specific parameters of each task.

ConsoleTasks.JPG

5.1 Parameters of different tasks


Backup Pandora FMS database
  • Description: Backup description.
  • Save to disk in path: path where the backup will be stored.

Execute custom script
  • Custom script: The script to be executed will be indicated.

“Save custom report to disk” and “Save custom XML report to disk”
  • Report pending to be created: The report to be created.
  • Save to disk in path: Path where the created report will be stored.

Send custom report (from template) by email
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Report name: Name that you want to give the report.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message which will be sent together with the reports.

Send custom report by email
  • Report pending to be created: Report to be generated.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

6 Discovery Host&Devices

The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.

Therefore, it features the following tools:

  • Net Scan.
  • Import CSV.
  • Custom NetScan.
  • Manage NetScan scripts.


800

6.1 NetScan

With the NetScan tool, you may find devices in a network and apply different monitoring rules.

First, define the name of the task, the Discovery server that will run it, the group the discovered agents will be assigned to and the scanning interval.

In addition, you will have two options when performing the scanning task. You may indicate the networks to be discovered in the field designed to that end in Red or you may enable the token Use CSV file, that will allow to load a csv file containing the specific devices or network to check throughout the recon task. If the csv file is selected, the Network option will not be enabled.

3oaKq2yukE.png

Template warning.png

The intervals selected as manuals must be manually launched. Discovery will not launch any manual task automatically.

 



In the features section, you may indicate the following options:

800


  • Known hardware auto discovery: It dinamically applies the templates that were previously added to the Private Enterprise Number section. To learn more, go to the following link.
  • Module templates: Try to apply the modules from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
  • Check results: The user must validate the results selecting which agents will be created from those found through the discovery task.
  • Apply autoconfiguration rules: It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following link.

Info.png

Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.

 


Info.png

Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.

 



  • SNMP activated: To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
    • SNMP version: Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
    • SNMP communities: Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
  • WMI enabled: You may enable WMI scanning. Just select the previously loaded credentials from the credential store.

Info.png

The different credentials provided against the detected targets that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.

 


  • SO detection: Detect the target's operating system.
  • Name resolution: Solve the target's name.
  • Parent detection: By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  • Parent recursion: It improves parent detection, adding recursion to the process.
  • VLAN enabled: It detects the VLAN to which the different devices are connected.

Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:

800

Once the task is finished, if you access from Review, you will see a summary of the devices found that respond to ping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:

  • Disabled: There is already an agent or module being monitored in the environoment and it will not be created nor modified.
  • Enabled: It is a new non-monitored element, or within the obtained metrics there is a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in devices in this status or add any of the new enabled metrics.

HK8XAXtv92.png

Info.png

Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.

 


6.2 Automatic agent deployment

Template warning.png

Please confirm winexe command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install zlib.i686 and glibc.i686 to get winexe working.

 


Template warning.png

In Windows environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.

 



From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the deployment center.

Template warning.png

Server version must be EL7 for agent automatic deployment to work.

 


Depl1.png


The steps to deploy agents from the console are:

Register the versions of the software agents to be deployed in the agent repository.

The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.

For more information about the use of the agent repository, visit this link


Register the credentials to be used to connect the targets in the credential manager.

Specify the credentials with which the accesses to found or specified targets will be tested.

For more information about the use of the Credential Store, visit this link


Check that your environment is ready for deployment.

When visiting the deployment center for the first time, the following notices will be shown:

Depl info1.png

This message points out that objectives for deployment have not been defined yet.


Depl info2.png

These messages indicate:

The first message indicates that the public_url public access URL must be configured so that the targets can get connected to the console and be configured.

Template warning.png

This system does not perform PUSH operations. All deployments are sent by offering the software and ordering the target to install it.

 



The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.



6.2.1 Target Search

Search or point out the targets in the deployment center.

Use any of the methods described below to register new targets.

You may use any of the following options to define targets:

Depl action buttons.png


6.2.1.1 Scan one or more networks in pursuit of targets.

By pressing the scan targets button, a pop-up with the following fields will be displayed:

Depl2.png


Firstly indicate:

  • The network or networks (separated by commas) to scan.
  • The Discovery server that will perform the scan.
  • The credentials used to try to connect to the discovered targets.
  • The software agent version registered as "desired" for the discovered targets.
  • The IP of the target server where these software agents will point when they are installed (it corresponds to the "server_ip" field in the agent configuration file).


When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.

Depl info3.png


A new entry will appear in the task list:

Depl2b.png


Info.png

Discovery tasks related to agent deployment are volatile tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.

 



As possible targets are found, they will appear in the deployment center:

Depl3.png


Info.png

The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not.

 


6.2.1.2 Define a target manually.

You may manually register the target by defining:

  • IP.
  • OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
  • Architecture.
  • Credentials used to try to connect to the target.
  • The agent version you wish to deploy.
  • The IP address of the server where that agent will point once installed (it corresponds to the field server_ip of the software agent configuration).

Depl5.png

6.2.1.3 Upload a CSV file with target information.

If you wish to mass register targets, upload a CSV file with the following format:


IP; OS; Architecture; Target agent version; Credential identifier; Target server ip


Depl6.png

The system will create the objectives based on what is defined in the CSV.

6.2.2 Deploy the software

Template warning.png

You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.

 


When you have possible targets on the list, launch agent deployment:

Depl4.png


Select the IPs of the targets from the list (only valid targets will appear) and press deploy.

A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.

You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:

Depl7.png


The name of the target also becomes a link to the corresponding Pandora FMS agent.


Failure example: The user not only entered the IP of the target, but also its netmask (THE IP IS ENOUGH).

When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:

Depl err1.png

6.3 Import a list of your devices in CSV

A list of devices can be imported to represent them as agents using the agent import wizard through CSV.

Info.png

This feature only creates agents in Pandora FMS for its remote monitoring.

 



Hostdevices2.png

Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".

Hostdevices3.png

6.4 Custom NetScan

It allows the execution of custom scripts for the execution of network recognition tasks.

Create a recognition task specifying:

  • Task name: Name of the recognition task.
  • Comment: Allows adding comments.
  • Discovery server: Server that will execute the task.
  • Group: Group it belongs to.
  • Interval: Execution interval.

DISC NetScan Custom 1.JPG

Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.

6.5 Net scan scripts

This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.

DISC Net scan scripts.JPG

Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.

The parameters that can be defined are the following:

  • Name: Script name.
  • Script fullpath: Path where the script is located.
  • Description: Script description. You can define descriptions of the different fields, as well as default values for them.
  • Hide value: In case you wish to hide the value of a field.
  • Help: Help fields.

DISC Net scan scripts 2.JPG

Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.