Pandora: Documentation en: Discovery

From Pandora FMS Wiki
Jump to: navigation, search

Go back to Pandora FMS documentation index


Contents

1 What is Pandora FMS Discovery?

Info.png

Available for Pandora FMS 732 versions or higher.

 


Discovery provides a set of tools to simplify monitoring through wizards. You may get more information through our video tutorial "Introduction to Pandora FMS Discovery"

Task list
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
Discovery Applications
It allows to monitor MySQL®, Oracle® or VMware® environments from a new management console.
Discovery Cloud
Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services® (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Computer®.
Console Tasks
It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
Discovery Host&Devices
It includes the tools needed to discover or import devices and equipment to your network.

Discovery1.png

2 Discovery Task list

Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at Console Tasks and Server Tasks levels.

DISC Task list 1.JPG

2.1 Console tasks

Console Tasks.jpeg

This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:

  • User: It is the user who created the task.
  • Task: Description of the programmed task
  • Scheduled: It specifies how often the task will be executed.
  • Next Execution: It specifies the next task execution.
  • Last Execution: It indicates when the task was last executed.
  • Group: The group to which the task belongs.
  • Operations: It shows the actions that can be performed on the task, such as editing and deleting.

2.1.1 Edit Console tasks

This button allows creating or editing a task:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom reports:
      • Save custom report to disk.
      • Save custom XML report to disk.
      • Send custom report (from template) by email.
      • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.

2.1.1.1 Parameters of different tasks


Backup Pandora FMS database
Path where the information backup will be stored, Save to disk in path.
Execute custom script
Name of the script to be executed, Custom script.
“Save custom report to disk” and “Save custom XML report to disk”
Name of the report to be created, Report pending to be created; path where the created report will be stored, Save to disk in path.
"Send custom report (from template) by email" and "Send custom report by email"
Reports to be sent by email:
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Send to email addresses: Email addresses to which the report will be sent.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

2.2 Server tasks

This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:

  • Force: Option that will allow forcing the task execution.
  • Task name: Name assigned to the task.
  • Server name: Server that will execute the task.
  • Interval: Time interval during which the task will be performed.
  • Network: Network where the checks will be made.
  • Status: Status of the scheduled task.
  • Task type: Type of the task that has been generated.
  • Progress: Progress of the task in case of being executed.
  • Updated at: It indicates when the task was last executed.
  • Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.

2.2.1 Operations

The edition of the server recognition tasks allows to adjust the following parameters:

  • Interval: The task execution interval can be set, either manually or defined.
  • Task name: Task Name.
  • Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
  • Network: Network on which the checks are to be carried out.
  • Group: Group to which it belongs.
  • Comment: Comments to add.

3 Discovery Applications

Menu db2 discovery.png

Now, it is possible to monitor applications remotely using Discovery Applications.

3.1 Discovery Applications: DB2

Info.png

Version NG 747 or higher.

 


To monitor the DB2 relational database engine from IBM, the IBM official client is used, to be more specific ibm_data_server_driver_package_linuxx64_v11.5.tar.gz; however, this package is included within ISO appliance installation. Once the package has been downloaded, follow these instructions to decompress and install it:

tar -zxvf ibm_data_server_driver_package_linuxx64_v11.5.tar.gz

Move the file to the directory where you want to install it (e.g. /opt/dsdriver).

mv PATH/ibm_data_server_driver_package_linuxx64_v11.5 /opt/dsdriver/
cd /opt/dsdriver
bash installDSDriver
export DB2_HOME=/opt/dsdriver
export DB2LIB=/opt/dsdriver/lib
cd /usr/lib64
ln -s /opt/dsdriver/lib/* ./


In the file /etc/pandora/pandora_server.env, set this variables:

#!/bin/bash
VERSION=12.2
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/dsdriver/lib

export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
export DB2_HOME=/opt/dsdriver
export DB2LIB=/opt/dsdriver/lib
Version db2.png

Template warning.png

The version may be 11.1 or 12.2, depending on the system installed.

 


3.1.1 Features

Conf2 db2 discovery 1.png
  • Predefined module, Get database summary:
OR9bC6dZIf.png
  • Predefined module, Check transactional log utilization:
Chrome mAl1yniQE5.png
  • Predefined module, Number of connections:

Chrome UM71cIq8Bk.png

  • Predefined module, DB size:
DEQpfVh7fy.png
  • Predefined module, Retrieve cache statistics:
L7sXBJr4wR.png
  • Module through custom queries:
Chrome wYULn1VsyH.png

To perform this custom monitoring, follow the steps of the wizard to configure the DB2 task.

Conf1 db2 discovery.png

In the first step, define the following parameters:

  • Task name: Name of the task.
  • Discovery server: Server that will execute the DB2 monitoring task.
  • Group: Group the created agents will belong to.
  • DB2 target strings: Section where the target strings of your task will be defined. You may add as many target IPs as you want separating them by commas or by lines. You may use # to comment the desired lines.
  • User: DB2 user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval.

Conf2 db2 discovery.png

This will be indicated in the second part of the task setup:

  • Target agent: Agent that will receive the information from the DB2 monitoring. In case of defining several target strings, you may indicate several names in this field separated by commas.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Get database summary: It returns a summary of the database status.
  • Check transactional log utilization: It shows the percentage of the total space of the record that is in use.
  • Get number of connections: It returns the number of connections.
  • Check DB size: It returns the size of the database.
  • Retrieve cache statistics: It returns the cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: It allows you to define custom queries.

The example

SELECT count(*) FROM SYSIBMADM.SNAPLOCKWAIT 

it returns information about the screenshots of the database agents working on behalf of the requests that are waiting to get locks. Following the query format:

SELECT * FROM <schema_name>.<table_name>

for this kind of database you may obtain all kinds of modules.

Conf2 db2 discovery 2.png

Once done with the previous steps, you will get a general view similar to this one:

Chrome 0qtstUpxJC.png

3.2 Discovery Applications: MySQL

Info.png

Version NG 733 or superior.

 


The following parameters must be defined for the task:

DISCMySQL1.JPG
  • Task name: Name of the task that will perform MySQL monitoring.
  • Discovery Server: Server that will perform the execution of the specified task.
  • MySQL server IP: IP of the server where the MySQL environment to be monitored is.
  • MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
  • Interval: Time interval in which monitoring will be executed.
  • User: MySQL user with which to login.
  • Password: MySQL user password specified above.

Template warning.png

It must be a user with enough permissions on the database to execute the queries.

 


Once done with the configuration, specify the modules:

DISCMySQL2.JPG
  • Target agent: Agent on which the modules resulting from monitoring will be created.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Scan databases: It will scan the databases.
  • Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
  • Check engine uptime: It will check the time that MySQL engine is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Retrieve InnoDB statistics: It returns InnoDB statistics.
  • Retrieve cache statistics: It returns cache statistics.
  • Custom queries: It allows defining custom statements.

3.3 Discovery Applications: Oracle

Info.png

Version NG 733 or higher.

 


DISC Oracle1.JPG


Oracle monitoring will allow to define the following parameters:

  • Task name: Task Name
  • Discovery server: Server that will run the Oracle monitoring task.
  • Group: Group it belongs to.
  • Oracle target strings: Where the target strings of the task will be defined.
  • User: Oracle user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval

Once the previous values are configured, proceed to complete the following task modules:

  • Target agent: Agent that will receive Oracle monitoring information.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Check engine uptime: It will check the time that Oracle is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Calculate fragmentation ratio: It calculates the fragmentation rate.
  • Monitor tablespaces: It monitors tablespaces.
  • Retrieve cache statistics: It returns cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: It allows to define customized queries.

3.3.1 Installing Oracle packages

This package is included within ISO appliance installation, for installations done other way, the process will be the following:

  • Install oracle instant client from the Oracle page:
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  • Required packages:
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
  • Prepare the boot environment of pandora_server:

Template warning.png

In the pandora_server path, you need to create a file called pandora_server.env with the following information and execute ./pandora_server.env

 


# Set Oracle environment for pandora_server
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
#!/bin/bash
VERSION=11.1
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV
  • Restart pandora_server
/etc/init.d/pandora_server restart

Template warning.png

If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used.

 


3.4 Discovery Applications: SAP

Info.png

Versión NG 741 o superior.

 


The system will guide you along each step to configure SAP, according to your needs. More information can be found in the video tutorial «SAP Monitoring with Pandora FMS Discovery». You may define the same task to monitor systems with similar configurations.

Template warning.png

If you need to monitor different configurations, create a task for each configuration.

 


Discoverysap2.png

Template warning.png

To be able to use SAP in Discovery, configure an specific license number for this plugin, which is not included in the Pandora FMS Enterprise license. You must configure this license in Setup -> Enterprise.

 


Select from the list the information about the SAP system you wish to retrieve as shown below:

Discoverysap3.png

Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.

Template warning.png

If you install Pandora FMS from packages, or your system is previous to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually according to section SAP Discovery connector manual installation.

 


3.4.1 Custom SAP

Info.png

NG 747 version or higher.

 


Apart from the Available modules in Pandora FMS, you can add a lot of additional Modules through the Custom module definitions section.

Discovery-Application-sap r3 task sap r3 details-custom module definitions.png

Each line you add must use the following format, using the semicolon as a field separator:

<module name>;<module_type>;<sap check definition>

An example to get to know the SAP system information:

SAP info;generic_data_string;-m 120

You can add as many custom modules as you need, then continue with the process in the same way as described in the previous section.

3.4.2 SAP Discovery connector manual installation

If your Pandora FMS version was installed before NG 741 version, download the connector and configure it manually.

# Discovery SAP 
java /usr/bin/java

# Discovery SAP utils
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP
  • In the directory indicated, with the configuration token sap_utils decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:
Deset_SAP_Plugin.jar
dev_jco_rfc.trc
libsapjco3.so
sapjco3.dll
sapjco3.jar
  • Restart the pandora_server
/etc/init.d/pandora_server restart

3.4.3 SAP View

It allows you to see the general state of the SAP servers:

Discoverysap4.png

This view will display a panel with the available SAP modules of the selected SAP agent. You may select the refresh time and the interval to show in the graphs.

3.4.4 SAP specific view

The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:

Discoverysap5.png

The agent view will provide an overview of the status of the SAP modules for the current agent:

Discoverysap6.png

3.5 Discovery Applications: VMware

Info.png

Version NG 732 or superior.

 


Discoveryapplications2.png

The following must be specified:

  • A name to identify the task.
  • A Discovery server where to run it.
  • IP address, V-Center IP.
  • Name of the datacenter, which can be retributed from the admin screen of the VMWare installation.
  • User and password with reading permissions; only for this wizard you may enable password encryption.
  • Monitoring lapse, Interval.
  • A group to which the agents generated by the VMware task will be associated.

Info.png

It must be taken into account that if Pandora FMS server has the autocreate_group token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.

 


Template warning.png

In case of manual installation or update from a Pandora FMS prior to 732, it will be necessary to install SDK for VMWare's proper working.

 


Once the basic configuration is completed, specify the following:

Discoveryapplications3.png
  • Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
  • Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
  • Event mode: Only for VCenter. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
  • Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
  • Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode.

For more information, visit this section.

3.6 Discovery Applications: MS SQL


This new Pandora FMS integration allows monitoring Microsoft SQL server databases. For that, ODBC must be installed in the system where Pandora FMS server is running.


Info.png

From version 753 onwards, ODBC is preinstalled in Pandora FMS ISO Appliance. This feature of Pandora FMS is a work in progress.

 


3.6.1 How to install Microsoft ODBC

  • In CentOS 6:
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17
  • In CentOS 7:
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17
  • In CentOS 8:
curl https://packages.microsoft.com/config/rhel/8/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17

Check the configuration file from Pandora FMS server.

/etc/pandora/pandora_server.conf

Once you go to the configuration file, look for the following token:

mssql_driver IDENTIFYING STRING

The <IDENTIFYING STRING> parameter can be found in /etc/odbcinst.ini, which will be created when installing ODBC.

This is the default string:

ODBC Driver 17 for SQL Server

3.6.2 Configure a Discovery Applications MS SQL task

To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery -> Applications -> Microsoft SQL Server).

Once you choose the Microsoft SQL Server task, you may define the instances in the following way:

IP\Instance

If you wish so, define a port like this:

IP:Port\Instance
Mssql1.png

This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.

Mssql3.png

If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.

4 Discovery Cloud

Discovery Cloud allows you to monitor Amazon Web Services®, Google Cloud Platform® and Microsoft Azure® accounts in a single tool.

Azure66.JPG

Account management, both from AWS and Microsoft Azure, will be made through the Credential Store located in Profiles -> Manage agent groups -> Credential Store.

Credential store.png

4.1 Discovery Cloud: Amazon Web Services (AWS)

Template warning.png

This section is under construction.

 


To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.


4.1.1 AWS. Credential validation

Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as imported_aws_account.

AWSCredentials1.JPG

You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down. Then in the section Credential store from Profiles > Manage agent groups store all previously created Amazon Web Services® accounts.

AWS4.png
AWS5.png


Query accounts in Amazon AWS must be created with the following permissions:

Awsgrants.png
  • Billing (read)
  • CloudWatch (list,read)
  • Cost Explorer Service (Full access)
  • EC2 (full read, limited: list)


Summary of the policy in JSON:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "ec2:DescribeInstances",
               "ec2:DescribeVolumesModifications",
               "ec2:GetHostReservationPurchasePreview",
               "ec2:DescribeSnapshots",
               "aws-portal:ViewUsage",
               "ec2:DescribePlacementGroups",
               "ec2:GetConsoleScreenshot",
               "ec2:DescribeHostReservationOfferings",
               "ec2:DescribeInternetGateways",
               "ec2:GetLaunchTemplateData",
               "ec2:DescribeVolumeStatus",
               "ec2:DescribeScheduledInstanceAvailability",
               "ec2:DescribeSpotDatafeedSubscription",
               "ec2:DescribeVolumes",
               "ec2:DescribeFpgaImageAttribute",
               "ec2:DescribeExportTasks",
               "ec2:DescribeAccountAttributes",
               "aws-portal:ViewBilling",
               "ec2:DescribeNetworkInterfacePermissions",
               "ec2:DescribeReservedInstances",
               "ec2:DescribeKeyPairs",
               "ec2:DescribeNetworkAcls",
               "ec2:DescribeRouteTables",
               "ec2:DescribeReservedInstancesListings",
               "ec2:DescribeEgressOnlyInternetGateways",
               "ec2:DescribeSpotFleetRequestHistory",
               "ec2:DescribeLaunchTemplates",
               "ec2:DescribeVpcClassicLinkDnsSupport",
               "ec2:DescribeVpnConnections",
               "ec2:DescribeSnapshotAttribute",
               "ec2:DescribeVpcPeeringConnections",
               "ec2:DescribeReservedInstancesOfferings",
               "ec2:DescribeIdFormat",
               "ec2:DescribeVpcEndpointServiceConfigurations",
               "ec2:DescribePrefixLists",
               "cloudwatch:GetMetricStatistics",
               "ec2:GetReservedInstancesExchangeQuote",
               "ec2:DescribeVolumeAttribute",
               "ec2:DescribeInstanceCreditSpecifications",
               "ec2:DescribeVpcClassicLink",
               "ec2:DescribeImportSnapshotTasks",
               "ec2:DescribeVpcEndpointServicePermissions",
               "ec2:GetPasswordData",
               "ec2:DescribeScheduledInstances",
               "ec2:DescribeImageAttribute",
               "ec2:DescribeVpcEndpoints",
               "ec2:DescribeReservedInstancesModifications",
               "ec2:DescribeElasticGpus",
               "ec2:DescribeSubnets",
               "ec2:DescribeVpnGateways",
               "ec2:DescribeMovingAddresses",
               "ec2:DescribeAddresses",
               "ec2:DescribeInstanceAttribute",
               "ec2:DescribeRegions",
               "ec2:DescribeFlowLogs",
               "ec2:DescribeDhcpOptions",
               "ec2:DescribeVpcEndpointServices",
               "ce:GetCostAndUsage",
               "ec2:DescribeSpotInstanceRequests",
               "cloudwatch:ListMetrics",
               "ec2:DescribeVpcAttribute",
               "ec2:GetConsoleOutput",
               "ec2:DescribeSpotPriceHistory",
               "ce:GetReservationUtilization",
               "ec2:DescribeNetworkInterfaces",
               "ec2:DescribeAvailabilityZones",
               "ec2:DescribeNetworkInterfaceAttribute",
               "ce:GetDimensionValues",
               "ec2:DescribeVpcEndpointConnections",
               "ec2:DescribeInstanceStatus",
               "ec2:DescribeHostReservations",
               "ec2:DescribeIamInstanceProfileAssociations",
               "ec2:DescribeTags",
               "ec2:DescribeLaunchTemplateVersions",
               "ec2:DescribeBundleTasks",
               "ec2:DescribeIdentityIdFormat",
               "ec2:DescribeImportImageTasks",
               "ec2:DescribeClassicLinkInstances",
               "ec2:DescribeNatGateways",
               "ec2:DescribeCustomerGateways",
               "ec2:DescribeVpcEndpointConnectionNotifications",
               "ec2:DescribeSecurityGroups",
               "ec2:DescribeSpotFleetRequests",
               "ec2:DescribeHosts",
               "ec2:DescribeImages",
               "ec2:DescribeFpgaImages",
               "ec2:DescribeSpotFleetInstances",
               "ec2:DescribeSecurityGroupReferences",
               "ec2:DescribeVpcs",
               "ec2:DescribeConversionTasks",
               "ec2:DescribeStaleSecurityGroups",
               "ce:GetTags"
           ],
           "Resource": "*"
       }
   ]
}


Assign the policy to a new user.

Awsgrants2.png


Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.

Info.png

Enterprise version.
If you do not have pandora-cm-api in the installation, you may get it from the following link: Pandora Cloud Monitoring API

 



4.1.2 Discovery Cloud. AWS

AWS6.png

Once the credentials are validated, go to the menu Discovery Cloud > Amazon Web Services. For each account added to the Credential store the environment EC2 stored in that account may be monitored.

4.1.3 Discovery Cloud AWS EC2

Within EC2 monitoring you can find:

  • Expense monitoring.
  • Summary of resources registered in AWS.EC2.
  • Specific instance monitoring.
  • Volume and elastic IP address monitoring.
Cloud3.png

To start the monitoring process, a series of basic data is requested, such as name, the Discovery Server that will execute it, group and interval.

4.1.3.1 Discovery Cloud AWS EC2

Template warning.png

Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/

 


Expense monitoring provides a separate monitoring interval to avoid extra charges.

Cloud4.png

Both the overall cost and the independent cost per region can be monitored.

4.1.3.2 Discovery Cloud AWS.EC2 Summary

The Discovery task can be configured to collect general information on the stock status in all regions. To enable it, the Scan and general monitoring option must be activated.

Cloud5.png

Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).


4.1.3.3 Discovery Cloud AWS.EC2 Specific Instance Monitoring

Specific instances can be monitored to obtain readings of:

  • CPUUtilization: Average CPU usage
  • DiskReadBytes: Reading bytes (disk)
  • DiskWriteBytes: Writing bytes (disk)
  • DiskReadOps: Read operations (disk)
  • DiskWriteOps: Writing operations (disk)
  • NetworkPacketsIn: Input packets (network)
  • NetworkPacketsOut: Output packets (network)

The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted. The update_parent token must be configured to 1 in Pandora FMS server configuration to keep the parent-child relationships updated.

Navigation must be carried out through the browser by selecting the instances that need to be monitored:

Cloud6.png

4.1.3.4 Discovery Cloud AWS.EC2 Extras

In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances. Two extra modules will appear in the region agents:

  • Total reserved volume (GB)
  • Total registered volumes (number)

You can also choose to activate the Elastic IP addresses token. The number of elastic IPs registered in the AWS.EC2 account will be reported.

Cloud7.png

Once the wizard is completed, the progress of the execution in Discovery Task list can be seen:

Tasklist1.png

4.1.4 Discovery Cloud. AWS.RDS

The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.

Template warning.png

Integration with AWS RDS only supports Oracle, MySQL and Mariadb.

 


AWS8.JPG

Once satisfied with the previous parameters, you may monitor different RDS instances, both the source of data as well as the availability, in addition to all metrics that could be usually monitored through a database (under RDS).

4.1.5 Discovery Cloud. Overview

Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.

In the AWS view, the account from which you wish to display the information can be selected:

AWS9.JPG

It includes:

  • Current expenses
  • Previous expenses
  • Expense evolution chart (6 months)
  • Reserve / instance evolution chart (1 month)
  • Map of regions with the number of instances per region.

Awsview.png

4.2 Discovery Cloud: Microsoft Azure


To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.

4.2.1 How to register a user to use the Azure API

Azure.png

  • Go to App registrations> New registration:

Azure2.png


  • Enter the data.

Azure3.png


  • Write down the values Application (client) ID client_id and Directory (tenant) ID directory:

Azure4.png

  • Next, access certificates & secrets and create a new one:

Azure5.png

Template warning.png

Write down the key that is shown, it is the application_secret.

 


4.2.2 Assigning permissions

Assign a role to the account that will operate (app). To that effect, access home' and subscription.

Azure6.png


Within the subscription, select Access control (IAM).

Azure7.png

Add a new role assignment and once there, select the reader role for the created app.

Azure8.png

It is important to save the changes by pressing "save".


From that moment onwards, you can connect to the service and make requests through pandora-cm-api.

4.2.2.1 Examples

The status of Azure can be checked from Pandora FMS as follows:

  • Preload the environment.
  • Run . load_env.sh
  • pandora-cm-api --product Azure --get availability


If the environment is operational, the system should return a response of 1.

An example of the contents of the load_env.sh script would be the following:

  • Azure
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"

export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

4.2.3 Configure a task in Pandora FMS

Pandora FMS allows managing several Microsoft Azure® accounts.

You can add as many accounts as needed through the Manage Accounts option next to the Account drop-down.

This will allow access to the Credential store section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure® accounts to be registered.

To configure a new task, follow these steps:

  • Add a new password to the credential store.

Azure9.png


  • Access Discovery> Cloud> Azure and validate the Azure account.


Azure10.png


Azure11.png


Azure12.png


  • From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.

AzureX3.PNG

  • Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.

AzureX4.PNG

  • The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure®. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.

AzureX5.PNG


4.3 Discovery Cloud: Google Cloud Platform (GCP)

Info.png

This feature is available from Pandora FMS version 750.

 


To monitor an infrastructure in Google Cloud Platform® follow the following instructions step by step.

Template warning.png

If you have a version prior to 750, before upgrading you must decrypt the database and re-encrypt the database after upgrading.

 


Template warning.png

If you come from a previous version and you have already done the upgrade to pandora 750 you should decrypt the database partially using usr/share/pandora_server/utils/pandora_encrypt_db -d -m and then you can encrypt it again with usr/share/pandora_server/utils/pandora_encrypt_db -d.

 


4.3.1 Google Cloud Platform (GCP) credential validation

To access the Google Cloud console you have to register the JSON key. Follow the steps below:

  • Access the security settings in GCP IAM. The login account to register will be a service account with the following privileges:
Permisogcp2.png


  • Access in Pandora FMS to Credential Store located in Profiles -> Manage agent groups -> Credential Store and click on the "Add key".
  • In the Product dropdown select Google and add the JSON key from the GCP account.
Jsonapikey.PNG

Info.png

The user field will be filled in automatically.

 


Access Discovery > Cloud > Google Cloud Platform and validate the GCP account by defining a Discovery GCP task.

Azure10.png
Credenciales.PNG
Validacion.PNG

4.3.2 Configuring the task in Pandora FMS

Taskgcp.PNG
  • Task name: Define a name to the task.
  • Discovery server: Select the server that will perform the monitoring.
  • Group: Assign a group.
  • Interval: Indicate the frequency with which the task will be executed.

Once the task data is defined, select the regions of your GCP account that will be monitored. Each region will allow you to select the desired instances.

Instanciasgcp.PNG

Template warning.png

When selecting a zone, automatically new instances detected within that zone will be monitored.

 


Template warning.png

When selecting an instance, it will explicitly be monitored, even if its zone is not monitored.

 


The last step will be to select the metrics to obtain from the agents that Pandora FMS will create for each instance it finds in Google Cloud Platform®. Once this section is configured, you can launch the task and Pandora FMS will automatically create the agents based on the instances requested in the previous steps.

Metricasgcp.PNG

As in Azure or AWS, there will be a generic agent called Google or GCP in which all the modules related to google monitoring will appear.

Some of the metrics it collects from the instances are the following:

Click to zoom in

Info.png

Those instances that disappear from an area that is constantly monitored will appear in critical or removed status and all other modules in unknown. In case the whole instance goes to unknown you can use the auto-disable mode.

 


You may also query a map from the GCP tasklist.

Click to zoom in

5 Discovery Console Tasks

Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:

ConsoleTasks.JPG

6 Discovery Host&Devices

800

6.1 NetScan

With the NetScan tool, you may find devices in a network and apply different monitoring rules.

3oaKq2yukE.png

When creating a tsk, the grout it will belong to must be set beforehand and you must select in the recognition, between loading a file in CSV format with the specific devices to check (Use CSV file definition:) or the Network:.


Template warning.png

The intervals selected as manuals must be manually launched. Discovery will not launch any manual task automatically.

 



The feature section has several options in a single screen, (the following example is divided with didactical purposes):

Network Scan Features 1.png


  • Known hardware auto discovery: It dinamically applies the templates that were previously added to the Private Enterprise Number section. To learn more, go to the following link.
  • Module templates: Try to apply the modules from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
  • Check results: The user must validate the results selecting which agents will be created from those found through the discovery task.
  • Apply autoconfiguration rules: It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following link.

Info.png

Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.

 


Info.png

Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.

 



  • SNMP enabled: To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
    • SNMP version: Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
    • SNMP communities: Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.

Network Scan Features 2.png

  • WMI enabled: You may enable WMI scanning. Just select the previously loaded credentials from the credential store.

Info.png

The different credentials provided against the detected targets that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.

 


  • OS detection: Detect the target's operating system.
  • Name resolution: Solve the target's name.
  • Parent detection: By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  • Parent recursion: It improves parent detection, adding recursion to the process.
  • VLAN enabled: It detects the VLAN to which the different devices are connected.

Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:

800

Once the task is finished, if you access from Review, you will see a summary of the devices found that respond to ping or fping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:

  • Disabled: There is already an agent or module being monitored in the environoment and it will not be created nor modified.
  • Enabled: It is a new non-monitored element, or within the obtained metrics there is a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in devices in this status or add any of the new enabled metrics.

HK8XAXtv92.png

Info.png

Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.

 


6.2 Automatic agent deployment

Info.png

Enterprise versionVersion NG 737 or higher.

 


For more information, check out the video tutorial "Discovering devices and loading agents with Pandora FMS: Discovery Host&Devices".

Depl1.png

Template warning.png

Server version must be EL7 for agent automatic deployment to work.

 


Template warning.png

Before using this feature, check you have the winexe command installed in your computer and properly working. This command is provided with Pandora FMS Enterprise server. In needs dependencies zlib.i686 and glibc.i686 to work.

En Windows environments, it is recommended to carry out the installation as admin user. Before starting the service, define an admin account for its use.

 



The steps to deploy agents from the console are:

  • Register the versions of the software agents to be deployed in the agent repository: You will need the installators in the agents to be deployed. You may also use custom agents.

+ Register the credentials to be used to connect the targets in the credential manager: Specify the credentials with which the accesses to found or specified targets will be tested.

  • Check that your environment is ready for deployment.
    • Define deployment targets.
    • Define public access URL.
    • Register installators to deploy the software.
No deployment targets have been defined yet.

These objectives will be defined according to the instructions of the following sections

No public URL has been defined yet.

The previous message provides a link (public_url) that leads to configure the public URL of Pandora FMS server.

No installer has been added to the agent repository.

The previous message offers a link ('here') that leads to configure the Software Agent installers for each different environment.

Template warning.png

This system does not perform PUSH operations. All deployments are sent by offering the software and ordering the target to install it.

 


6.2.1 Target Search

Deployment targets

Use any of the methods described below to define new targets:

Explore, add or load targets.Check the following sections


6.2.1.1 Scan one or more networks in pursuit of targets.

By pressing scan targets, a pop-up with the following fields will be displayed:

Depl2.png


Firstly indicate:

  • Network/mask: The network or networks (separated by commas) to scan.
  • Scan from: The Discovery server that will perform the scan.
  • Credentials to try with: The credentials used to try to connect to the discovered targets.
  • Desired agent version: The software agent version registered as "desired" for the discovered targets.
  • Target server IP: The IP of the target server where these software agents will point when they are installed (it corresponds to the server_ip field in the agent configuration file).


When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.

Depl info3.png


A new entry will appear in the task list:

Depl2b.png


Info.png

Discovery tasks related to agent deployment are volatile tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.

 



As possible targets are found, they will appear in the deployment center:

Depl3.png


Info.png

The discovered targets added to this list are all found devices whose operating system matches Windows or Linux/Unix based systems, regardless of whether valid credentials were found or not.

 


6.2.1.2 Define a target manually.
Depl5.png

You may manually register the target by defining:

IP
IP address or addresses to be deployed.
OS
This version only allows Windows and those operating systems based on Linux / Unix compatible with the tar.gz agent installer.
Architecture
Processor architecture, x86 (32-bit) or x64 (64-bit).
Credentials
Used to try to connect to the target.
Desired agent version
The agent version you wish to deploy.
Desired agent version
The IP address of the server where that agent will point once installed (it corresponds to the field server_ip of the software agent configuration).
6.2.1.3 Upload a CSV file with target information

If you wish to mass register targets, upload a CSV file with the following format:


IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
  • IP: IP address of the computer where the agent will be installed.
  • Operating system: AIX, BSD, HP-UX, Linux, Solaris, Windows are supported.
  • Architecture: x64 or x86.
  • Target agent version: Numeric ID of the agent registered in the Software Agent Repository.
  • Credentials Identifier: "Identifier" field of the key created in the Credentials Store.
  • Target server IP: IP address of the server where deployed software agent will point to.


Depl6.png

The system will create the targets based on what is defined in the CSV.

6.2.2 Deploy the software

Template warning.png

You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.

 


When you have possible targets on the list, launch agent deployment:

Depl4.png


Select the IPs of the targets from the list (only valid targets will appear) and press deploy.

A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.

You can confirm that the agent has been successfully installed from the list of targets of the deployment center:

Depl7.png


The name of the target also becomes a link to the corresponding Pandora FMS agent.


Failure example: The user not only entered the IP of the target, but also its netmask (THE IP IS ENOUGH). When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:

Depl err1.png

6.3 Import a list of your devices in CSV

A list of devices can be imported to represent them as agents using the agent import wizard through CSV.

Info.png

This feature only creates agents in Pandora FMS for its remote monitoring.

 



Hostdevices2.png

Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".

Hostdevices3.png

6.4 Custom NetScan

It allows the execution of custom scripts for the execution of network recognition tasks.

DISC NetScan Custom 1.JPG

Specify:

  • Task name: Name of the recognition task.
  • Comment: Allows adding comments.
  • Discovery server: Server that will execute the task.
  • Group: Group it belongs to.
  • Interval: Execution interval.


Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.

6.5 Net scan scripts

This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.

DISC Net scan scripts.JPG

Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.

The parameters that can be defined are the following:

DISC Net scan scripts 2.JPG

  • Name: Script name.
  • Script fullpath: Path where the script is located.
  • Description: Script description. You can define descriptions of the different fields, as well as default values for them.
  • Hide value: In case you wish to hide the value of a field.
  • Help: Help fields.


Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.