Difference between revisions of "Pandora: Documentation en: Discovery"

From Pandora FMS Wiki
Jump to: navigation, search
(Automatic agent deployment)
(AWS. Credential validation: I have uploaded a new screenshot.)
 
(111 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 +
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 +
 +
 
=What is Pandora FMS Discovery?=
 
=What is Pandora FMS Discovery?=
  
 
{{Tip|Available for Pandora FMS 732 versions or higher.}}
 
{{Tip|Available for Pandora FMS 732 versions or higher.}}
  
Discovery provides a set of tools to simplify monitoring through wizards.
+
Discovery provides a set of tools to simplify monitoring through wizards. You may get more information through our video tutorial [https://www.youtube.com/watch?v=gRasqaDUkzI "Introduction to Pandora FMS Discovery"]
 
 
The following tools are included:
 
  
 
;Task list: Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
 
;Task list: Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
;Discovery Applications: It allows to monitor MySQL, Oracle or VMware environments from a new management console.
+
;Discovery Applications: It allows to monitor MySQL®, Oracle® or VMware® environments from a new management console.
;Discovery Cloud: Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
+
;Discovery Cloud: Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services® (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Computer®.
;Console Tasks: It allows you to automate console tasks within the Discovery system, from scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
+
;Console Tasks: It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
 
;Discovery Host&Devices: It includes the tools needed to discover or import devices and equipment to your network.
 
;Discovery Host&Devices: It includes the tools needed to discover or import devices and equipment to your network.
  
Line 19: Line 20:
 
=Discovery Task list=  
 
=Discovery Task list=  
  
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.  
+
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at '''Console Tasks''' and '''Server Tasks''' levels.  
  
 
<center>
 
<center>
Line 26: Line 27:
  
 
==Console tasks==
 
==Console tasks==
 +
 +
[[Image:Console_Tasks.jpeg|center|800px]]
  
 
This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:  
 
This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:  
  
* User: It is the user who created the task.  
+
* '''User''': It is the user who created the task.  
* Task: Description of the programmed task  
+
* '''Task''': Description of the programmed task  
* Scheduled: Specifies how often the task will be executed.  
+
* '''Scheduled''': It specifies how often the task will be executed.  
* Next Execution: Specifies the next execution of the task.  
+
* '''Next Execution''': It specifies the next task execution.  
* Last Execution: Indicates when the task was last executed.  
+
* '''Last Execution''': It indicates when the task was last executed.  
* Group: The group to which the task belongs.  
+
* '''Group''': The group to which the task belongs.  
* Operations: It shows the actions that can be performed on the task, edited and deleted.
+
* '''Operations''': It shows the actions that can be performed on the task, such as editing and deleting.
  
 
===Edit Console tasks===
 
===Edit Console tasks===
  
This button allows access to the creation section, where the desired task can also be edited according to the following parameters:  
+
This button allows creating or editing a task:  
 
 
* Task: The task that will be executed among the following:
 
** Backup Pandora FMS database.
 
** Execute custom script.
 
** Save custom report to disk.
 
** Save custom XML report to disk.
 
** Send custom report (from template) by email.
 
** Send custom report by email.
 
  
* Scheduled: It is used to specify how often the task will be executed.  
+
* '''Task''': The task that will be executed among the following:
* Next execution: It shows the date of the next execution, being able to modify it if necessary.
+
** '''Backup Pandora FMS database'''.
* Group: Group to which the task belongs.
+
** '''Execute custom script'''.
* Parameters: They are the specific parameters of each task.  
+
** Save custom reports:
 +
*** '''Save custom report to disk'''.
 +
*** '''Save custom XML report to disk'''.
 +
*** '''Send custom report (from template) by email'''.
 +
*** '''Send custom report by email'''.
 +
* '''Scheduled''': It is used to specify how often the task will be executed.  
 +
* '''Next execution''': It shows the date of the next execution, being able to modify it if necessary.  
  
 
==== Parameters of different tasks ====
 
==== Parameters of different tasks ====
 
<br>
 
<br>
;Backup Pandora FMS database:
+
;Backup Pandora FMS database: Path where the information backup will be stored, '''Save to disk in path'''.
* Description: Backup description.
+
;Execute custom script: Name of the script to be executed, '''Custom script'''.
* Save to disk in path: path where the backup will be stored.<br><br>
+
;“Save custom report to disk” and “Save custom XML report to disk”: Name of the report to be created, '''Report pending to be created'''; path where the created report will be stored, '''Save to disk in path'''.
;Execute custom script:  
+
;"Send custom report (from template) by email" and "Send custom report by email": Reports to be sent by email:
* Custom script: The script to be executed will be indicated.<br><br>
+
 
;“Save custom report to disk” and “Save custom XML report to disk”:  
+
* '''Template pending to be created''': Custom template to be created.  
* Report pending to be created: The report to be created.
+
* '''Agents''': Agents from which the information that will be reflected in the report will be obtained.  
* Save to disk in path: Path where the created report will be stored.<br><br>
+
* '''Report per agent''': If you wish to generate separate reports for each report.  
;Send custom report (from template) by email:
+
* '''Send to email addresses''': Email addresses to which the report will be sent.  
* Template pending to be created: Custom template to be created.  
+
* '''Subject''': Topic of the mail to be sent.  
* Agents: Agents from which the information that will be reflected in the report will be obtained.  
+
* '''Message''': Body of the message with which the reports will be sent.
* Report per agent: If you wish to generate separate reports for each report.  
+
* '''Report Type''': Type of report that will be sent.
* Report name: Name that you wish to give the report.
 
* Send to email addresses: Email addresses to which the report will be sent.  
 
* Subject: Topic of the mail to be sent.  
 
* Message: Body of the message with which the reports will be sent.<br><br>
 
;Send custom report by email:
 
* Report pending to be created: Report to be generated.
 
* Send to email addresses: Email addresses the report will be sent to.
 
* Subject: Topic of the mail to be sent.
 
* Message: Body of the message with which the reports will be sent.
 
* Report Type: Type of report that will be sent.  
 
  
 
==Server tasks==
 
==Server tasks==
Line 83: Line 74:
 
This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:  
 
This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:  
  
* Force: Option that will allow forcing the task execution.  
+
* '''Force''': Option that will allow forcing the task execution.  
* Task name: Name assigned to the task.  
+
* '''Task name''': Name assigned to the task.  
* Server name: Server that will execute the task.  
+
* '''Server name''': Server that will execute the task.  
* Interval: Time interval in which the task will be performed.  
+
* '''Interval''': Time interval during which the task will be performed.  
* Network: Network where the checks will be made.  
+
* '''Network''': Network where the checks will be made.  
* Status: Status of the scheduled task  
+
* '''Status''': Status of the scheduled task.
* Task type: Type of the task that has been generated.  
+
* '''Task type''': Type of the task that has been generated.  
* Progress: Progress of the task in case of being executed.  
+
* '''Progress''': Progress of the task in case of being executed.  
* Updated at: Indicates when the task was last executed.  
+
* '''Updated at''': It indicates when the task was last executed.  
* Operations: Actions that can be performed on the task. Visualization of the status of the task, visualization of the map of the discovered network, editing and deletion.  
+
* '''Operations''': Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.  
  
 
===Operations===
 
===Operations===
Line 98: Line 89:
 
The edition of the server recognition tasks allows to adjust the following parameters:
 
The edition of the server recognition tasks allows to adjust the following parameters:
  
* Interval: The task execution interval can be set, either manually or defined.  
+
* '''Interval''': The task execution interval can be set, either manually or defined.  
* Task name: Task Name  
+
* '''Task name''': Task Name.
* Discovery server: Server that will perform the recognition task. It is a mandatory parameter for the correct recognition operation.  
+
* '''Discovery server''': Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.  
* Network: Network on which the checks are to be carried out.  
+
* '''Network''': Network on which the checks are to be carried out.  
* Group: Group to which it belongs.  
+
* '''Group''': Group to which it belongs.  
* Comment: Comments to add.
+
* '''Comment''': Comments to add.
  
 
=Discovery Applications=
 
=Discovery Applications=
 +
 +
<center>
 +
[[File:menu_db2_discovery.png]]
 +
</center>
  
 
Now, it is possible to monitor applications remotely using ''Discovery Applications''.
 
Now, it is possible to monitor applications remotely using ''Discovery Applications''.
  
 +
==Discovery Applications: DB2==
 +
 +
{{Tip|Version NG 747 or higher.}}
 +
 +
To monitor the DB2 relational database engine from IBM, the [https://www.ibm.com/support/pages/download-initial-version-115-clients-and-drivers IBM official client] is used, to be more specific <code>ibm_data_server_driver_package_linuxx64_v11.5.tar.gz</code>; however, this package is included within [[Pandora:Documentation_en:Installing#Installation_using_ISO_or_.22Software_appliance.22|''ISO appliance'' installation]]. Once the package has been downloaded, follow these instructions to decompress and install it:
 +
 +
tar -zxvf ibm_data_server_driver_package_linuxx64_v11.5.tar.gz
 +
 +
Move the file to the directory where you want to install it (e.g. <code>/opt/dsdriver</code>).
 +
mv PATH/ibm_data_server_driver_package_linuxx64_v11.5 /opt/dsdriver/
 +
cd /opt/dsdriver
 +
bash installDSDriver
 +
export DB2_HOME=/opt/dsdriver
 +
export DB2LIB=/opt/dsdriver/lib
 +
cd /usr/lib64
 +
ln -s /opt/dsdriver/lib/* ./
 +
 +
 +
In the file <code>/etc/pandora/pandora_server.env</code>, set this variables:
 +
 +
#!/bin/bash
 +
VERSION=12.2
 +
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
 +
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
 +
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/dsdriver/lib
 +
 +
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
 +
export DB2_HOME=/opt/dsdriver
 +
export DB2LIB=/opt/dsdriver/lib
 +
 +
[[Image:version_db2.png|center|690px]]
 +
 +
{{Warning|The version may be 11.1 or 12.2, depending on the system installed.}}
 +
 +
=== Features ===
 +
 +
[[Image:Conf2_db2_discovery_1.png|center|500px]]
 +
 +
* Predefined module, ''Get database summary'':
 +
 +
[[Image:oR9bC6dZIf.png|center|500px]]
 +
 +
* Predefined module, ''Check transactional log utilization'':
 +
 +
[[Image:chrome_mAl1yniQE5.png|center|600px]]
 +
 +
* Predefined module, ''Number of connections'':
 +
 +
[[Image:chrome_UM71cIq8Bk.png|600px]]
 +
 +
* Predefined module, ''DB size'':
 +
 +
[[Image:dEQpfVh7fy.png|center|600px]]
 +
 +
* Predefined module, ''Retrieve cache statistics'':
 +
 +
[[Image:L7sXBJr4wR.png|center|800px]]
 +
 +
* Module through custom queries:
 +
 +
[[Image:chrome_wYULn1VsyH.png|center|600px]]
 +
 +
To perform this custom monitoring, follow the steps of the wizard to configure the '''DB2''' task.
 +
 +
[[File:conf1_db2_discovery.png|700px]]
 +
 +
In the first step, define the following parameters:
 +
* '''Task name''': Name of the task.
 +
* '''Discovery server''': Server that will execute the DB2 monitoring task.
 +
* '''Group''': Group the created agents will belong to.
 +
* '''DB2 target strings''': Section where the target strings of your task will be defined. You may add as many target IPs as you want separating them by commas or by lines. You may use <code>#</code> to comment the desired lines.
 +
* '''User''': DB2 user that will access to perform the monitoring.
 +
* '''Password''': Password of the previously defined user.
 +
* '''Interval''': Execution interval.
 +
 +
[[File:conf2_db2_discovery.png|700px]]
 +
 +
This will be indicated in the second part of the task setup:
 +
* '''Target agent''': Agent that will receive the information from the DB2 monitoring. In case of defining several target strings, you may indicate several names in this field separated by commas.
 +
* '''Custom module prefix''': It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 +
* '''Get database summary''': It returns a summary of the database status.
 +
* '''Check transactional log utilization''': It shows the percentage of the total space of the record that is in use.
 +
* '''Get number of connections''': It returns the number of connections.
 +
* '''Check DB size''': It returns the size of the database.
 +
* '''Retrieve cache statistics''': It returns the cache statistics.
 +
* '''Execute custom queries''': It executes custom queries.
 +
* '''Custom queries''': It allows you to define custom queries.
 +
 +
The example
 +
SELECT count(*) FROM SYSIBMADM.SNAPLOCKWAIT''
 +
it returns information about the screenshots of the database agents working on behalf of the requests that are waiting to get locks. Following the query format:
 +
SELECT * FROM <schema_name>.<table_name>
 +
for this kind of database you may obtain all kinds of modules.
 +
 +
[[Image:Conf2_db2_discovery_2.png|center|800px]]
 +
 +
Once done with the previous steps, you will get a general view similar to this one:
  
<center>
+
[[Image:chrome_0qtstUpxJC.png|center|800px]]
[[File:DISCApp.JPG]]
 
</center>
 
  
 
==Discovery Applications: MySQL==
 
==Discovery Applications: MySQL==
  
From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.
+
{{Tip|Version NG 733 or superior.}}
  
For that purpose, it will be necessary to define the following parameters:  
+
The following parameters must be defined for the task:
  
* Task name: name of the task that will perform MySQL monitoring.
+
[[Image:DISCMySQL1.JPG|center|600px]]
* Discovery Server: server that will perform the execution of the specified task.
 
* Group: Group to which it belongs.
 
* MySQL server IP: IP of the server where the MySQL environment to be monitored is.
 
* MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
 
* User: MySQL user with which it will be accessed. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
 
* Password: MySQL user password specified above.
 
* Interval: Time interval in which monitoring will be executed.  
 
  
<center>
+
* '''Task name''': Name of the task that will perform MySQL monitoring.
[[File:DISCMySQL1.JPG]]
+
* '''Discovery Server''': Server that will perform the execution of the specified task.
</center>
+
* '''MySQL server IP''': IP of the server where the MySQL environment to be monitored is.
 +
* '''MySQL server port''': Port of the specified address through which the information of MySQL monitoring will be obtained.
 +
* '''Interval''': Time interval in which monitoring will be executed.
 +
* '''User''': MySQL user with which to login.  
 +
* '''Password''': MySQL user password specified above. 
  
Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.  
+
{{Warning|It must be a user with enough permissions on the database to execute the queries.}}
  
The options to be displayed are the following:  
+
Once done with the configuration, specify the modules:  
  
* Target agent: Agent on which the modules resulting from monitoring will be created.
+
[[Image:DISCMySQL2.JPG|center|800px]]
* Custom module prefix: Defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 
* Scan databases: It will scan the databases.
 
* Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
 
* Check engine uptime: It will check the time that MySQL engine is operational.
 
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 
* Analyze connections: Analyzes connections.
 
* Retrieve InnoDB statistics: Returns InnoDB statistics.
 
* Retrieve cache statistics: Returns cache statistics.
 
* Custom queries: Allows defining custom statements.  
 
  
<center>
+
* '''Target agent''': Agent on which the modules resulting from monitoring will be created.
[[File:DISCMySQL2.JPG]]
+
* '''Custom module prefix''': It defines a custom prefix that will be concatenated with the name of the modules generated by the task.  
</center>
+
* '''Scan databases''': It will scan the databases.
 +
* '''Create agent per database''': This option will allow an agent to be created for each database found in MySQL environment.
 +
* '''Check engine uptime''': It will check the time that MySQL engine is operational.
 +
* '''Retrieve query statistics''': It allows to recover the statistics of the executed queries.
 +
* '''Analyze connections''': It analyzes connections.
 +
* '''Retrieve InnoDB statistics''': It returns InnoDB statistics.
 +
* '''Retrieve cache statistics''': It returns cache statistics.
 +
* '''Custom queries''': It allows defining custom statements.
  
 
==Discovery Applications: Oracle==
 
==Discovery Applications: Oracle==
  
From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.
+
{{Tip|Version NG 733 or higher.}}
  
Oracle monitoring will allow to define the following parameters:  
+
[[Image:DISC_Oracle1.JPG|center|800px]]
  
* Task name: Task Name
 
* Discovery server: Server that will run the Oracle monitoring task.
 
* Group: Group it belongs to.
 
* Oracle target strings: Where the target strings of the task will be defined.
 
* User: Oracle user that will access to perform the monitoring.
 
* Password: Password of the previously defined user.
 
* Interval: Execution interval
 
  
<center>
+
Oracle monitoring will allow to define the following parameters:  
[[File:DISC_Oracle1.JPG]]
 
</center>
 
  
Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:  
+
* '''Task name''': Task Name
 +
* '''Discovery server''': Server that will run the Oracle monitoring task.
 +
* '''Group''': Group it belongs to.
 +
* '''Oracle target strings''': Where the target strings of the task will be defined.  
 +
* '''User''': Oracle user that will access to perform the monitoring.
 +
* '''Password''': Password of the previously defined user.
 +
* '''Interval''': Execution interval
  
* Target agent: Agent that will receive Oracle monitoring information.
+
Once the previous values are configured, proceed to complete the following task modules:  
* Custom module prefix: Defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 
* Check engine uptime: It will check the time that Oracle is operational.
 
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 
* Analyze connections: Analyzes connections.
 
* Calculate fragmentation ratio: Calculates the fragmentation rate.
 
* Monitor tablespaces: It monitors tablespaces. 
 
* Retrieve cache statistics: Returns cache statistics.
 
* Execute custom queries: Executes custom queries.
 
* Custom queries: Allows to define customized queries.
 
  
<center>
+
* '''Target agent''': Agent that will receive Oracle monitoring information.
[[File:DISC Oracle2.JPG]]
+
* '''Custom module prefix''': It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
</center>
+
* '''Check engine uptime''': It will check the time that Oracle is operational.
 +
* '''Retrieve query statistics''': It allows to recover the statistics of the executed queries.
 +
* '''Analyze connections''': It analyzes connections.
 +
* '''Calculate fragmentation ratio''': It calculates the fragmentation rate.
 +
* '''Monitor tablespaces''': It monitors tablespaces. 
 +
* '''Retrieve cache statistics''': It returns cache statistics.
 +
* '''Execute custom queries''': It executes custom queries.
 +
* '''Custom queries''': It allows to define customized queries.
  
 
=== Installing Oracle packages ===
 
=== Installing Oracle packages ===
  
It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:  
+
This package is included within [[Pandora:Documentation_en:Installing#Installation_using_ISO_or_.22Software_appliance.22|ISO appliance]] installation, for installations done other way, the process will be the following:  
  
 
* Install oracle instant client from the Oracle page:
 
* Install oracle instant client from the Oracle page:
 
  https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
 
  https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
 +
<!-- https://web.archive.org/web/20180815015654/https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
 +
last time online
 +
-->
  
 
* Required packages:
 
* Required packages:
Line 202: Line 285:
 
* Prepare the boot environment of pandora_server:
 
* Prepare the boot environment of pandora_server:
  
{{Warning|In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env}}
+
{{Warning|In the pandora_server path, you need to create a file called pandora_server.env with the following information and execute ./pandora_server.env}}
  
 
  # Set Oracle environment for pandora_server
 
  # Set Oracle environment for pandora_server
Line 217: Line 300:
 
  /etc/init.d/pandora_server restart
 
  /etc/init.d/pandora_server restart
  
{{Warning|If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used}}
+
{{Warning|If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used.}}
 +
 
 +
== Discovery Applications: SAP ==
 +
 
 +
{{Tip|Versión NG 741 o superior.}}
 +
 
 +
The system will guide you along each step to configure SAP, according to your needs. More information can be found in the video tutorial [https://www.youtube.com/watch?v=SNd1ntTGR1E «SAP Monitoring with Pandora FMS Discovery»]. You may define the same task to monitor systems with similar configurations.
 +
 
 +
{{Warning|If you need to monitor different configurations, create a task for each configuration.}}
 +
 
 +
[[Image:discoverysap2.png|center|800px]]
 +
 
 +
{{Warning|To be able to use SAP in Discovery, configure an specific license number for this ''plugin'', which is not included in the Pandora FMS Enterprise license. You must configure this license in '''Setup''' -> '''Enterprise'''.}}
 +
 
 +
Select from the list the information about the SAP system you wish to retrieve as shown below:
 +
 
 +
[[Image:discoverysap3.png|center|800px]]
 +
 
 +
Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.
 +
 
 +
{{Warning|If you install Pandora FMS from packages, or your system is previous to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually according to section '''SAP Discovery connector manual installation'''.}}
 +
 
 +
=== Custom SAP ===
 +
 
 +
{{Tip|NG 747 version or higher.}}
 +
 
 +
Apart from the '''Available modules''' in Pandora FMS, you can add [https://pandorafms.com/library/wp-content/uploads/2017/12/sap-installation-guide-annex.pdf a lot of additional Modules] through the '''Custom module definitions''' section.
 +
 
 +
[[Image:Discovery-Application-sap_r3_task_sap_r3_details-custom_module_definitions.png|center|550px]]
 +
 
 +
Each line you add must use the following format, using the semicolon as a field separator:
 +
 
 +
<module name>''';'''[[Pandora:Documentation_en:Operations#Types_of_Modules|<module_type>]]''';'''[https://pandorafms.com/library/wp-content/uploads/2017/12/sap-installation-guide-annex.pdf <sap check definition>]
 +
 
 +
An example to get to know the SAP system information:
 +
 
 +
SAP info;generic_data_string;-m 120
 +
 
 +
You can add as many custom modules as you need, then continue with the process in the same way as described in the previous section.
 +
 
 +
=== SAP Discovery connector manual installation ===
 +
 
 +
If your Pandora FMS version was installed before NG 741 version, download the connector and configure it manually.
 +
 
 +
* Install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.
 +
* [https://pandorafms.com/library/sap-r3-monitoring-agent/ Download the connector or ''plugin'' remote for SAP Linux].
 +
* Configure the file <code>pandora_server.conf</code> and set the following parameters:
 +
 
 +
# Discovery SAP
 +
java /usr/bin/java
 +
 +
# Discovery SAP utils
 +
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP
 +
 
 +
* In the directory indicated, with the configuration token <code>sap_utils</code> decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:
 +
 
 +
Deset_SAP_Plugin.jar
 +
dev_jco_rfc.trc
 +
libsapjco3.so
 +
sapjco3.dll
 +
sapjco3.jar
 +
 
 +
* Restart the pandora_server
 +
/etc/init.d/pandora_server restart
 +
 
 +
=== SAP View ===
 +
 
 +
It allows you to see the general state of the SAP servers:
  
== Discovery Applications: VMware ==
+
[[Image:discoverysap4.png|center|800px]]
 +
 
 +
This view will display a panel with the available SAP modules of the selected SAP agent. You may select the refresh time and the interval to show in the graphs.
 +
 
 +
=== SAP specific view ===
 +
 
 +
The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:
 +
 
 +
[[Image:discoverysap5.png|center|800px]]
 +
 
 +
The agent view will provide an overview of the status of the SAP modules for the current agent:
  
From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.  
+
[[Image:discoverysap6.png|center|800px]]
  
 +
== Discovery Applications: VMware ==
  
<center>
+
{{Tip|Version NG 732 or superior.}}
[[File:discoveryapplications2.png]]
 
</center>
 
  
 +
[[Image:discoveryapplications2.png|center|500px]]
  
 
The following must be specified:
 
The following must be specified:
Line 233: Line 393:
 
* A name to identify the task.
 
* A name to identify the task.
 
* A Discovery server where to run it.
 
* A Discovery server where to run it.
 +
* IP address, '''V-Center IP'''.
 +
* Name of the ''datacenter'', which can be retributed from the admin screen of the VMWare installation.
 +
* User and password with reading permissions; only for this wizard you may enable password encryption.
 +
* Monitoring lapse, '''Interval'''.
 
* A group to which the agents generated by the VMware task will be associated.
 
* A group to which the agents generated by the VMware task will be associated.
  
{{Tip|It must be taken into account that if the Pandora FMS server has the '' autocreate_group '' token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.}}
+
{{Tip|It must be taken into account that if Pandora FMS server has the '' autocreate_group '' token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.}}
 +
 
 +
{{Warning|In case of manual installation or update from a '''Pandora FMS''' prior to '''732''', it will be necessary to install '''SDK''' for VMWare's proper working.}}
 +
 
 +
Once the basic configuration is completed, specify the following:
 +
 
 +
[[Image:discoveryapplications3.png|center|700px]]
 +
 
 +
* '''Max threads''': Choose the number of threads that the VMware monitoring script will use to speed up data collection.
 +
* '''Retry send''': The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
 +
* '''Event mode''': '''Only for VCenter'''. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
 +
* '''Virtual network monitoring''': It enables monitoring of virtual network devices which are defined in VMware.
 +
* '''Extra settings''': Any advanced settings needed to customize VMware monitoring should be included here in text mode.
 +
 
 +
For more information, visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Virtual_environment_monitoring#Entity_renaming this section].
 +
 
 +
==Discovery Applications: MS SQL==
 +
<br>
 +
This new Pandora FMS integration allows monitoring Microsoft SQL server databases. For that, [https://docs.microsoft.com/en-us/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-ver15Microsoft® <b>ODBC</b>] must be installed in the system where Pandora FMS server is running.
 +
 
 +
 
 +
{{Tip|From version 753 onwards, ODBC is preinstalled in Pandora FMS ISO Appliance. For now, we are '''still working on''' this Pandora FMS feature.'''}}
 +
 
 +
=== How to install Microsoft ODBC ===
 +
 
 +
* In <b>CentOS 7</b>:
 +
 
 +
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 +
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 +
ACCEPT_EULA=Y yum install -y msodbcsql17
 +
 
 +
* In <b>CentOS 8</b>:
 +
 
 +
curl https://packages.microsoft.com/config/rhel/8/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 +
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 +
ACCEPT_EULA=Y yum install -y msodbcsql17
  
 +
Check the configuration file from Pandora FMS server.
  
The data required to monitor VMware are:
+
/etc/pandora/pandora_server.conf
  
* V-Center IP
+
Once you go to the configuration file, look for the following token:
* The name of the datacenter (it can be seen through VMware installation management screen).
 
* User with enough permissions.
 
* User password.
 
* Monitoring interval.
 
  
Password encryption can be enabled by pressing the button '''encrypt passwords'''. This only applies to the wizard in progress.
+
mssql_driver IDENTIFYING STRING
  
 +
The <code><IDENTIFYING STRING></code> parameter can be found in <b>/etc/odbcinst.ini</b>, which will be created when installing ODBC.
  
On the next page, VMware monitoring details can be specified:
+
This is the default string:  
  
<center>
+
ODBC Driver 17 for SQL Server
[[File:discoveryapplications3.png]]
+
 
</center>
+
=== Configure a Discovery Applications MS SQL task ===
 +
 
 +
To create a monitoring task for a Microsoft SQL Server database, access through Discovery ('''Discovery''' -> '''Applications''' -> '''Microsoft SQL Server''').
 +
 
 +
Once you choose the Microsoft SQL Server task, you may define the instances in the following way:
 +
 
 +
IP\Instance
 +
 
 +
If you wish so, define a port like this:
 +
 
 +
IP:Port\Instance
 +
 
 +
[[Image:mssql1.png|center|700px]]
 +
 
 +
This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.
 +
 
 +
[[Image:mssql3.png|center|700px]]
 +
 
 +
If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.
 +
 
 +
=== Modules available by default ===
 +
 
 +
[[Image:PFMS_modules_ms_sql_server.png|center|750px]]
 +
 
 +
The user and credentials used for monitoring must have the necessary permissions on the databases to be connected in order to perform the corresponding operations.
  
* Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
+
{| class="wikitable"
* Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
+
! Nane
* Event mode: '''Only for VCenter'''. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
+
! Description
* Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
+
|-
* Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit the following link [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_es:Monitorizacion_entornos_Virtuales#VMware].
+
|<code>MSSQL&nbsp;connection</code>||Checks for MS SQL server connection.
 +
|-
 +
|<code>queries:&nbsp;delete</code>||Amount of delete queries run since the last execution.
 +
|-
 +
|<code>queries:&nbsp;insert</code>||Amount of insert queries run since the last execution.
 +
|-
 +
|<code>queries:&nbsp;update</code>||Amount of update queries run since the last execution.
 +
|-
 +
|<code>queries:&nbsp;select</code>||Amount of queries run since the last execution.
 +
|-
 +
|<code>restart&nbsp;detection</code>||Check how long the database service has been running uninterruptedly.
 +
|-
 +
|<code>session&nbsp;usage</code>||Percentage of open sessions with respect to the maximum available. Displays the current and maximum value in the Module description.
 +
|}
  
 
=Discovery Cloud=
 
=Discovery Cloud=
  
Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts, concentrating information management in a single tool.   
+
Discovery Cloud allows you to monitor Amazon Web Services®, Google Cloud Platform® and Microsoft Azure® accounts in a single tool.   
  
<center>
+
[[Image:azure66.JPG|center|600px]]
[[File:azure66.JPG]]
 
</center>
 
  
The management of every account, both from AWS and Microsoft Azure, will be made through the <b>Credential Store</b> located in Profiles -> Manage agent groups -> Credential Store.  
+
Account management, both from AWS and Microsoft Azure, will be made through the '''Credential Store''' located in '''Profiles''' -> '''Manage agent groups''' -> '''Credential Store'''.  
  
<center>
+
[[Image:credential_store.png|center|800px]]
[[File:credential_store.png]]
 
</center>
 
  
==Discovery Cloud: AWS==
+
==Discovery Cloud: Amazon Web Services (AWS)==
  
 
{{Warning|This section is under construction.}}
 
{{Warning|This section is under construction.}}
Line 285: Line 515:
  
  
Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".  
+
Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as '''imported_aws_account'''.  
  
<center>
+
[[Image:AWS-credentials01.png|center|600px]]
[[File:AWSCredentials1.JPG]]
 
</center>
 
  
You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.
+
You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down. Then in the section '''Credential store''' from '''Profiles''' > '''Manage agent groups''' store all previously created Amazon Web Services® accounts.  
  
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.  
+
[[Image:AWS4.png|center|800px]]
  
<center>
+
[[Image:AWS5.png|center|800px]]
[[File:AWS4.png]]
 
</center>
 
  
<center>
 
[[File:AWS5.png]]
 
</center>
 
  
 
Query accounts in Amazon AWS must be created with the following permissions:
 
Query accounts in Amazon AWS must be created with the following permissions:
  
<center>
+
[[Image:awsgrants.png|center|600px]]
[[File:awsgrants.png]]
 
</center>
 
  
 
* Billing (read)
 
* Billing (read)
Line 425: Line 646:
 
Assign the policy to a new user.
 
Assign the policy to a new user.
  
<center>
+
[[Image:awsgrants2.png|center|500px]]
[[File:awsgrants2.png]]
 
</center>
 
  
  
 
Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.  
 
Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.  
<br>
 
{{Tip|If pandora-cm-api is not available in the installation, it can be obtained from the following link: [https://pandorafms.com/library/pandora-cloud-monitoring-api/]}}
 
  
 +
{{Tip|[[Image:icono-modulo-enterprise.png|||Enterprise version.]] <br>If you do not have pandora-cm-api in the installation, you may get it from the following link: [https://pandorafms.com/library/pandora-cloud-monitoring-api/ Pandora Cloud Monitoring API]}}
  
 
===Discovery Cloud. AWS===
 
===Discovery Cloud. AWS===
  
Once the credentials have been validated, access the <i>Discovery Cloud</i> menu <i>=> Amazon Web Services</i>
+
[[Image:AWS6.png|center|800px]]
  
<center>
+
Once the credentials are validated, go to the menu '''Discovery Cloud''' > '''Amazon Web Services'''. For each account added to the '''Credential store''' the environment EC2 stored in that account may be monitored.
[[File:AWS6.png]]
 
</center>
 
  
In this section, Amazon EC2 and Amazon RDS are found. For each account that is added to the "Credential store" an instance of EC2 can be monitored, but as many as desired from RDS.
+
===Discovery Cloud AWS EC2===
<br>
 
{{Tip|Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.}}
 
 
 
 
 
===Discovery Cloud. AWS.EC2===
 
  
 
Within EC2 monitoring you can find:
 
Within EC2 monitoring you can find:
Line 457: Line 668:
 
* Volume and elastic IP address monitoring.
 
* Volume and elastic IP address monitoring.
  
To start the monitoring process, a series of basic data is requested:
+
[[Image:cloud3.png|center|800px]]
 
 
<center>
 
[[File:cloud3.png]]
 
</center>
 
 
 
It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.
 
  
====Discovery Cloud AWS.EC2 Costs====
+
To start the monitoring process, a series of basic data is requested, such as name, the Discovery Server that will execute it, group and interval.
  
When clicking next, you will start configuring AWS monitoring expenses:
+
====Discovery Cloud AWS EC2====
  
 
{{warning|Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/|Amazon cost managementpricing]}}
 
{{warning|Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/|Amazon cost managementpricing]}}
Line 473: Line 678:
 
Expense monitoring provides a separate monitoring interval to avoid extra charges.
 
Expense monitoring provides a separate monitoring interval to avoid extra charges.
  
<center>
+
[[Image:cloud4.png|800px]]
[[File:cloud4.png]]
 
</center>
 
  
 
Both the overall cost and the independent cost per region can be monitored.
 
Both the overall cost and the independent cost per region can be monitored.
Line 481: Line 684:
 
====Discovery Cloud AWS.EC2 Summary====
 
====Discovery Cloud AWS.EC2 Summary====
  
The Discovery task can be configured to collect general information on the stock status in all regions.
+
The Discovery task can be configured to collect general information on the stock status in all regions. To enable it, the ''Scan and general monitoring'' option must be activated.
 
 
To enable it, the ''Scan and general monitoring'' option must be activated.
 
  
<center>
+
[[Image:cloud5.png|center|800px]]
[[File:cloud5.png]]
 
</center>
 
  
 
Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).
 
Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).
Line 505: Line 704:
 
* NetworkPacketsOut: Output packets (network)
 
* NetworkPacketsOut: Output packets (network)
  
The agents that represent the specific instances will have as their parent the agent that represents the region in which they are hosted.
+
The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted. The ''update_parent'' token must be configured to 1 in Pandora FMS server configuration to keep the parent-child relationships updated.
 
 
It must be verified that the ''update_parent'' token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.
 
  
 
Navigation must be carried out through the browser by selecting the instances that need to be monitored:
 
Navigation must be carried out through the browser by selecting the instances that need to be monitored:
  
<center>
+
[[Image:cloud6.png|center|800px]]
[[File:cloud6.png]]
 
</center>
 
 
 
  
 
====Discovery Cloud AWS.EC2 Extras====
 
====Discovery Cloud AWS.EC2 Extras====
  
In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.
+
In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances. Two extra modules will appear in the region agents:
 
 
Two extra modules will appear in the region agents:
 
  
 
* Total reserved volume (GB)
 
* Total reserved volume (GB)
 
* Total registered volumes (number)
 
* Total registered volumes (number)
  
 +
You can also choose to activate the '''Elastic IP addresses''' token. The number of elastic IPs registered in the AWS.EC2 account will be reported.
 +
 +
[[Image:cloud7.png|center|800px]]
 +
 +
Once the wizard is completed, the progress of the execution in ''Discovery Task list'' can be seen:
 +
 +
[[File:tasklist1.png|center|800px]]
 +
 +
===Discovery Cloud. AWS.RDS ===
 +
 +
The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.
 +
 +
{{Warning|Integration with AWS RDS only supports '''Oracle''', '''MySQL''' and '''Mariadb'''.}}
  
You can also choose to activate the ''Elastic IP addresses'' token. The number of elastic IPs registered in the AWS.EC2 account will be reported.
+
[[Image:AWS8.JPG|center|800px]]
  
<center>
+
Once satisfied with the previous parameters, you may monitor different RDS instances, both the source of data as well as the availability, in addition to all metrics that could be usually monitored through a database (under RDS).
[[File:cloud7.png]]
 
</center>
 
  
 +
=== Discovery Cloud S3 Buckets ===
  
Once the wizard is completed, the progress of the execution in ''Discovery Task list'' can be seen:
+
The S3 Buckets service provides storage for files called '''objects''', such as enterprise applications, [https://en.wikipedia.org/wiki/Data_lake data lakes], websites, big data analytics, mobile applications, backup and restore processes, archiving operations, among many others.
  
<center>
+
With the [[Pandora:Documentation_en:Discovery#AWS._Credential_validation|registered credentials]], access the creation of a survey task and select the objects to be monitored, either one by one and/or by region.
[[File:tasklist1.png]]
 
</center>
 
  
===Discovery Cloud. AWS.RDS ===
+
[[Image:AWS81.png|center|700px]]
  
AWS RDS allows you to monitor relational databases provided by Amazon Web Services.  
+
Click on '''Next''': select monitoring by Bucket size and/or Bucket elements numbers.
  
The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.  
+
[[Image:AWS82.png|center|700px]]
  
<center>
+
Click on  '''Finish'''. Agents will be AWS global and Regions; new Modules will be:
[[File:AWS8.JPG]]
 
</center>
 
  
Through Pandora FMS, different RDS rooms can be monitored by filling in the parameters included in the menu shown at the top.  
+
bucket.size <bucket-id> (region)
 +
bucket.items <bucket-id> (region)
  
 +
{{Tip|In the case of region monitoring, a Bucket that has been discovered and monitored, '''and then deleted''', will leave all its corresponding Modules in <code>Unknown</code> status.}}
  
 
===Discovery Cloud. Overview===
 
===Discovery Cloud. Overview===
Line 580: Line 782:
 
===How to register a user to use the Azure API===
 
===How to register a user to use the Azure API===
  
* Go to https://portal.azure.com/#home
+
* Go to [https://portal.azure.com/#home Microsoft Azure®] portal.
* Open the "Azure Active Directory" service
+
* Open the '''Azure Active Directory''' service
  
 
<center>
 
<center>
Line 587: Line 789:
 
</center>
 
</center>
  
* Go to 'App registrations'> 'New registration'
+
* Go to '''App registrations'''> '''New registration''':
  
 
<center>
 
<center>
Line 601: Line 803:
  
  
* Write down the data "client_id" and "directory".
+
* Write down the values '''Application (client) ID''' <code>client_id</code> and '''Directory (tenant) ID''' <code>directory</code>:
  
 
<center>
 
<center>
Line 607: Line 809:
 
</center>
 
</center>
  
* Next, access 'certificates & secrets' and create a new one:  
+
* Next, access '''certificates & secrets''' and create a new one:  
  
 
<center>
 
<center>
Line 613: Line 815:
 
</center>
 
</center>
  
{{Warning|Write down the key that is shown, it is the application_secret.}}
+
{{Warning|Write down the key that is shown, it is the <code>application_secret</code>.}}
  
 
===Assigning permissions===
 
===Assigning permissions===
  
Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.  
+
Assign a role to the account that will operate (app). To that effect, access ''home''' and '''subscription'''.  
 
<center>
 
<center>
 
[[File:azure6.png]]
 
[[File:azure6.png]]
Line 623: Line 825:
  
  
Within the subscription, select "Access control (IAM)".
+
Within the subscription, select '''Access control (IAM)'''.
  
 
<center>
 
<center>
Line 629: Line 831:
 
</center>
 
</center>
  
Add a new role assignment and once there, select the "reader" role for the created app.  
+
Add a new role assignment and once there, select the '''reader''' role for the created app.  
  
 
<center>
 
<center>
Line 635: Line 837:
 
</center>
 
</center>
  
It is important to save the changes by pressing "save".
+
'''It is important to save the changes by pressing "save".'''
  
  
From that moment onwards, you can connect to the service and make requests through pandora-cm-api.  
+
From that moment onwards, you can connect to the service and make requests through '''pandora-cm-api'''.  
  
 
====Examples====
 
====Examples====
Line 645: Line 847:
  
 
* Preload the environment.
 
* Preload the environment.
* Run . load_env.sh  
+
* Run <code>. load_env.sh</code>
* pandora-cm-api --product Azure --get availability
+
* <code>pandora-cm-api --product Azure --get availability</code>
  
  
If the environment is operational, the system should return a response of 1.  
+
If the environment is operational, the system should return a response of <code>1</code>.  
  
 
An example of the contents of the load_env.sh script would be the following:  
 
An example of the contents of the load_env.sh script would be the following:  
Line 668: Line 870:
  
  
Pandora FMS allows managing several Microfost Azure accounts.
+
Pandora FMS allows managing several Microsoft Azure® accounts.
  
You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.
+
You can add as many accounts as needed through the '''Manage Accounts''' option next to the '''Account''' drop-down.
  
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.
+
This will allow access to the '''Credential store''' section of '''Profiles> Manage agent groups''' and it will act as the store of all previously created Microsoft Azure® accounts to be registered.
  
 
To configure a new task, follow these steps:
 
To configure a new task, follow these steps:
  
* Add a new password to the "credential store".
+
* Add a new password to the '''credential store'''.
  
 
<center>
 
<center>
Line 684: Line 886:
  
  
* Access 'Discovery> Cloud> Azure' and validate the Azure account.
+
* Access '''Discovery> Cloud> Azure''' and validate the Azure account.
  
  
Line 701: Line 903:
 
</center>
 
</center>
  
* From this point onwards, just follow the described steps.
 
  
=Discovery Console Tasks=
+
* From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.
  
Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:  
+
<center>
 +
[[File:AzureX3.PNG]]
 +
</center>
  
* Task: The task that will be executed among the following:
+
* Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.  
** Backup Pandora FMS database.
 
** Execute custom script.
 
** Save custom report to disk.  
 
** Save custom XML report to disk.
 
** Send custom report (from template) by email.
 
** Send custom report by email.
 
  
* Scheduled: It is used to specify how often the task will be executed.  
+
<center>
* Next execution: It shows the date of the next execution, being able to modify it if necessary.  
+
[[File:AzureX4.PNG]]
* Group: Group to which the task belongs.
+
</center>
* Parameters: They are the specific parameters of each task.  
+
 
 +
* The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure®. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.  
  
 
<center>
 
<center>
[[File:ConsoleTasks.JPG]]
+
[[File:AzureX5.PNG]]
 
</center>
 
</center>
  
==== Parameters of different tasks ====
 
 
<br>
 
<br>
;Backup Pandora FMS database:
 
* Description: Backup description.
 
* Save to disk in path: path in which the backup will be stored.<br><br>
 
;Execute custom script:
 
* Custom script: The script to be executed will be indicated.<br><br>
 
;“Save custom report to disk” and “Save custom XML report to disk”:
 
* Report pending to be created: The report to be created.
 
* Save to disk in path: Path where the created report will be stored.<br><br>
 
;Send custom report (from template) by email:
 
* Template pending to be created: Custom template to be created.
 
* Agents: Agents from which the information that will be reflected in the report  will be obtained.
 
* Report per agent: If you wish to generate separate reports for each report.
 
* Report name: Name that you want to give the report.
 
* Send to email addresses: Email addresses the report is going to be sent to.
 
* Subject: Topic of the mail to be sent.
 
* Message: Body of the message which will be sent together with the reports.<br><br>
 
;Send custom report by email:
 
* Report pending to be created: Report to be generated.
 
* Send to email addresses: Email addresses the report is going to be sent to.
 
* Subject: Topic of the mail to be sent.
 
* Message: Body of the message with which the reports will be sent.
 
* Report Type: Type of report that will be sent.
 
  
=Discovery Host&Devices=
+
== Discovery Cloud: Google Cloud Platform (GCP) ==
 +
 
 +
{{Tip|This feature is available from Pandora FMS version 750.}}
 +
 
 +
To monitor an infrastructure in Google Cloud Platform® follow the following instructions step by step.
 +
 
 +
{{Warning|'''If you have a version prior to 750, before upgrading you must decrypt the database''' and re-encrypt the database after upgrading.}}
 +
 
 +
{{Warning|'''If you come from a previous version and you have already done the upgrade to pandora 750''' you should decrypt the database partially using '''usr/share/pandora_server/utils/pandora_encrypt_db -d -m''' and then you can encrypt it again with '''usr/share/pandora_server/utils/pandora_encrypt_db -d'''.}}
 +
 
 +
=== Google Cloud Platform (GCP) credential validation ===
 +
 
 +
To access the Google Cloud console you have to register the JSON key. Follow the steps below:
  
The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.
+
* Access the '''security settings in GCP IAM'''. The login account to register will be a '''service account''' with the following '''privileges''':
  
Therefore, it features the following tools:  
+
[[Image:permisogcp2.png|center|550px]]
  
* Net Scan.
 
* Import CSV.
 
* Custom NetScan.
 
* Manage NetScan scripts.
 
  
 +
* Access in Pandora FMS to '''Credential Store''' located in '''Profiles''' -> '''Manage agent groups''' -> '''Credential Store''' and click on the "Add key".
  
<center>
+
* In the '''Product''' dropdown select '''Google''' and add the '''JSON key''' from the GCP account.
[[File:DISCHost&Devices.JPG|800]]
+
</center>
+
[[Image:jsonapikey.PNG|center|800px]]
  
==NetScan==
+
{{Tip|The user field will be filled in automatically.}}
  
With the NetScan tool, you can discover devices in a network and apply different monitoring rules.
+
Access '''Discovery''' > '''Cloud''' > '''Google Cloud Platform''' and validate the GCP account by defining a Discovery GCP task.
  
First, define the name of the task, the Discovery server that will run it, the network to be scanned, the group to which the discovered agents will be assigned and the scan interval.
+
[[Image:azure10.png|center|700px]]
  
<center>
+
[[Image:credenciales.PNG|center]]
[[File:hostdevices4.png]]
 
</center>
 
  
{{Warning|The intervals selected as manuals must be manually launched. '''Discovery will not launch a manual task automatically.'''}}
+
[[Image:validacion.PNG|center]]
  
 +
=== Configuring the task in Pandora FMS ===
  
In the characteristics section, you can indicate the following options:
+
[[Image:taskgcp.PNG|center]]
  
<center>
+
* '''Task name''': Define a name to the task.
[[File:hostdevices6.png|800]]
+
* '''Discovery server''': Select the server that will perform the monitoring.
</center>
+
* '''Group''': Assign a group.
 +
* '''Interval''': Indicate the frequency with which the task will be executed.
  
 +
Once the task data is defined, select the regions of your GCP account that will be monitored. Each region will allow you to select the desired instances.
  
* Apply a module template.
+
[[Image:instanciasgcp.PNG|center|600px]]
  
* Apply automatic configuration rules to the detected agents. For more information go to the following [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_es:Configuracion_Agentes#Configuraci.C3.B3n_autom.C3.A1tica_de_agentes|link.]
+
{{Warning|When selecting a zone, '''automatically''' new instances detected within that zone will be monitored.}}
  
{{Tip|Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.}}
+
{{Warning|When selecting an instance, it will '''explicitly''' be monitored, even if its zone is not monitored.}}
  
{{Tip|Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent to the targets.}}
+
The last step will be to select the metrics to obtain from the agents that Pandora FMS will create for each instance it finds in Google Cloud Platform®. Once this section is configured, you can launch the task and Pandora FMS will automatically create the agents based on the instances requested in the previous steps.
  
 +
[[Image:metricasgcp.PNG|center|650px]]
  
* Improve detection by scanning SNMP information available on discovered targets:
+
As in Azure or AWS, there will be a generic agent called Google or GCP in which all the modules related to google monitoring will appear.
** To improve the information obtained from discovered devices, enable SNMP.
 
** A comma-separated list of communities to be tested on the discovered targets will be requested.
 
** Found devices that support SNMP will report detailed information on the use of their interfaces as well as a series of useful modules by default.
 
** SNMP is supported in versions 1, 2c and 3.
 
  
* WMI scanning can be enabled. Simply add the credentials to be tested in '''auth. strings''' separated by commas, for example:
+
Some of the metrics it collects from the instances are the following:
  
Administrator%P4ssw0rd,Administrator%S3cr3t
+
[[Image:metricainstanciagcp.PNG|center|800px|Click to zoom in]]
  
{{Tip|The different credentials provided against the detected objectives that support WMI will be tested, complementing monitoring with modules that will inform about CPU, memory and disk usage.}}
+
{{Tip|Those instances that disappear from an area that '''is constantly monitored''' will appear in critical or removed status and all other modules in unknown. In case '''the whole instance goes to unknown''' you can use the auto-disable mode.}}
  
* Detect the target's operating system.
+
You may also query a map from the GCP tasklist.
  
* Solve the name of the target.
+
[[Image:mapataskgcp.PNG|center|800px|Click to zoom in]]
  
* Parent detection: Through the information collected through SNMP, the different interconnections between devices will be calculated, in order to represent their network infrastructure.
+
=Discovery Console Tasks=
  
* Parent recursion: Improves parent detection by adding recursion to the process.
+
Virtually identical to what was previously seen in [[#Edit_Console_tasks|'''Task List''']], '''Console Task''' will allow creating new tasks taking into account the following parameters:
  
* VLAN detection: Detects VLANs to which the different devices are connected.
+
[[File:ConsoleTasks.JPG|center|700px]]
  
 +
=Discovery Host&Devices=
  
Once the wizard is completed, Discovery will start executing it in each defined interval, if the interval is manual, the task should be started manually:
 
  
 
<center>
 
<center>
[[File:hostdevices7.png|800]]
+
[[File:DISCHost&Devices.JPG|800]]
 
</center>
 
</center>
  
 +
==NetScan==
  
== Automatic agent deployment ==
+
With the NetScan tool, you may find devices in a network and apply different monitoring rules.
 +
 
 +
[[Image:3oaKq2yukE.png|center|700px]]
 +
 
 +
When creating a tsk, the grout it will belong to must be set beforehand and you must select in the recognition, between loading a file in CSV format with the specific devices to check ('''Use CSV file definition:''') or the '''Network:'''.
 +
 
 +
 
 +
{{Warning|The intervals selected as manuals must be manually launched. '''Discovery will not launch any manual task automatically.'''}}
 +
 
 +
 
 +
The feature section has several options in a single screen, (the following example is divided with didactical purposes):
 +
 
 +
[[Image:Network_Scan_Features_1.png|700px]]
 +
 
 +
 
 +
* '''Known hardware auto discovery''': It dinamically applies the templates that were previously added to the ''Private Enterprise Number'' section. To learn more, go to the following [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Templates_and_components#Private_Enterprise_Number| link.]
 +
* '''Module templates''': Try to apply the modules from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
 +
* '''Check results''': The user must validate the results selecting which agents will be created from those found through the discovery task.
 +
* '''Apply autoconfiguration rules''': It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following [https://wiki.pandorafms.com/index.php?title==Pandora:Documentation_en:Configuration_Agents| link.]
 +
 
 +
{{Tip|Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.}}
 +
 
 +
{{Tip|Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.}}
 +
 
 +
 
 +
* '''SNMP enabled''': To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
 +
** '''SNMP version''': Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
 +
** '''SNMP communities''': Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
  
{{Warning|Please confirm '''winexe''' command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install '''zlib.i686''' and '''glibc.i686''' to get winexe working.}}
+
[[Image:Network_Scan_Features_2.png|700px]]
  
{{Warning|In <b>Windows</b> environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.}}
+
* '''WMI enabled''': You may enable WMI scanning. Just select the previously loaded credentials from the [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store| credential store.]
  
 +
{{Tip|The different credentials provided against the detected targets that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.}}
  
From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the '''deployment center'''.
+
* '''OS detection''': Detect the target's operating system.
  
[[File:Depl1.png]]
+
* '''Name resolution''': Solve the target's name.
  
 +
* '''Parent detection''': By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  
The steps to deploy agents from the console are:
+
* '''Parent recursion''': It improves parent detection, adding recursion to the process.
  
'''Register the versions of the software agents to be deployed in the agent repository.'''
+
* '''VLAN enabled''': It detects the VLAN to which the different devices are connected.
  
The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.
+
Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:
  
For more information about the use of the '''agent repository''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Software_agent_repository this link]
+
<center>
 +
[[File:AFgAv40l9Y.png|800]]
 +
</center>
  
 +
Once the task is finished, if you access from Review, you will see a summary of the devices found that respond to '''ping''' or '''fping''' and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:
 +
* '''Disabled''': There is already an agent or module being monitored in the environoment and it will not be created nor modified.
 +
* '''Enabled''': It is a new non-monitored element, or within the obtained metrics there is a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in devices in this status or add any of the new enabled metrics.
  
'''Register the credentials to be used to connect the targets in the credential manager.'''
+
<center>
 +
[[File:HK8XAXtv92.png]]
 +
</center>
  
Specify the credentials with which the accesses to found or specified targets will be tested.
+
{{Tip|Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.}}
  
For more information about the use of the '''Credential Store''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store this link]
+
== Automatic agent deployment ==
  
 +
{{Tip|[[Image:icono-modulo-enterprise.png|Enterprise version]]Version NG  737 or higher.}}
  
'''Check that your environment is ready for deployment.'''
+
For more information, check out the video tutorial [https://www.youtube.com/watch?v=NIhcxdSV5A0 "Discovering devices and loading agents with Pandora FMS: Discovery Host&Devices"].
  
When visiting the deployment center for the first time, the following notices will be shown:
+
[[Image:Depl1.png|center|700px]]
  
[[File:depl_info1.png]]
+
{{Warning|Server version must be EL7 for agent automatic deployment to work.}}
  
This message points out that objectives for deployment have not been defined yet.
+
{{Warning|Before using this feature, check you have the '''winexe''' command installed in your computer and properly working. This command is provided with Pandora FMS Enterprise server. In needs dependencies '''zlib.i686''' and '''glibc.i686''' to work.<br><br>En <b>Windows</b> environments, it is recommended to carry out the installation as admin user. Before starting the service, define an admin account for its use.}}
  
  
[[File:Depl_info2.png]]
+
The steps to deploy agents from the console are:
  
These messages indicate:
+
* '''Register the versions of the software agents to be deployed in the [[Documentation_en:Managing_and_Administration#Software_agent_repository|agent repository]]''': You will need the installators in the agents to be deployed. You may also use custom agents.
  
The first message indicates that the ''public_url'' public access URL must be configured so that the targets can get connected to the console and be configured.
+
+ '''Register the credentials to be used to connect the targets in the [[Pandora:Documentation_en:Managing_and_Administration#Credential_store|credential manager]]''': Specify the credentials with which the accesses to found or specified targets will be tested.
  
{{Warning|This system does not perform PUSH operations. All deployments are sent by ''offering'' the software and ordering the target to install it.}}
+
* '''Check that your environment is ready for deployment.'''
 +
** Define '''deployment targets'''.
 +
** Define '''public access URL'''.
 +
** Register '''installators to deploy the software'''.
  
 +
[[Image:depl_info1.png|center|600px|No deployment targets have been defined yet.]]
  
The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.
+
These objectives will be defined according to the instructions of the following sections
  
 +
[[Image:Depl_info2.png|center|600px|No public URL has been defined yet.]]
  
 +
The previous message provides a link ('''public_url''') that leads to configure the public URL of Pandora FMS server.
  
 +
[[Image:Depl_info22.png|center|600px|No installer has been added to the agent repository.]]
  
==== Target Search ====
+
The previous message offers a link (''''here'''') that leads to configure the Software Agent installers for each different environment.
  
'''Search or point out the targets in the deployment center.'''
+
{{Warning|This system does not perform PUSH operations. All deployments are sent by ''offering'' the software and ordering the target to install it.}}
  
Use any of the methods described below to register new targets.
+
==== Target Search ====
  
You may use any of the following options to define targets:
+
'''Deployment targets'''
  
[[File:Depl_action_buttons.png]]
+
Use any of the methods described below to define new targets:
  
 +
[[Image:Depl_action_buttons.png|center|400px|Explore, add or load targets.<br>Check the following sections]]
  
  
 
===== Scan one or more networks in pursuit of targets. =====
 
===== Scan one or more networks in pursuit of targets. =====
  
By pressing the scan targets button, a pop-up with the following fields will be displayed:
+
By pressing scan targets, a pop-up with the following fields will be displayed:
  
 
[[File:Depl2.png]]
 
[[File:Depl2.png]]
Line 896: Line 1,124:
 
Firstly indicate:
 
Firstly indicate:
  
* The network or networks (separated by commas) to scan.
+
* '''Network/mask''': The network or networks (separated by commas) to scan.
* The Discovery server that will perform the scan.
+
* '''Scan from''': The Discovery server that will perform the scan.
* The credentials used to try to connect to the discovered targets.
+
* '''Credentials to try with''': The credentials used to try to connect to the discovered targets.
* The software agent version registered as "desired" for the discovered targets.
+
* '''Desired agent version''': The software agent version registered as "desired" for the discovered targets.
* The IP of the target server where these software agents will point when they are installed (corresponds to the "server_ip" field in the agent configuration file).
+
* '''Target server IP''': The IP of the target server where these software agents will point when they are installed (it corresponds to the <code>server_ip</code> field in the agent configuration file).
  
  
 
When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.
 
When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.
  
[[File:Depl_info3.png]]
+
[[Image:Depl_info3.png|center|500px]]
  
  
 
A new entry will appear in the task list:
 
A new entry will appear in the task list:
  
[[File:Depl2b.png]]
+
[[Image:Depl2b.png|center|800px]]
  
  
Line 919: Line 1,147:
 
As possible targets are found, they will appear in the deployment center:
 
As possible targets are found, they will appear in the deployment center:
  
[[File:Depl3.png]]
+
[[Image:Depl3.png|center|800px]]
 
 
 
 
{{Tip|The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not}}
 
  
  
 +
{{Tip|The discovered targets added to this list are all found devices whose operating system matches Windows or Linux/Unix based systems, regardless of whether valid credentials were found or not.}}
  
 +
===== Define a target manually. =====
  
===== Define a target manually. =====
+
[[Image:Depl5.png|center|600px]]
  
 
You may manually register the target by defining:
 
You may manually register the target by defining:
  
* IP.
+
;IP: IP address or addresses to be deployed.
* OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
+
;OS: This version only allows Windows and those operating systems based on Linux / Unix compatible with the <code>tar.gz</code> agent installer.
* Architecture.
+
;Architecture: Processor architecture, x86 (32-bit) or x64 (64-bit).
* Credentials used to try to connect to the target.
+
;Credentials: Used to try to connect to the target.
* The agent version you wish to deploy.
+
;Desired agent version: The agent version you wish to deploy.
* The IP address of the server where that agent will point once installed (corresponds to the field ''server_ip '' of the software agent configuration).
+
;Desired agent version: The IP address of the server where that agent will point once installed (it corresponds to the field <code>server_ip</code> of the software agent configuration).
  
[[File:Depl5.png]]
+
===== Upload a CSV file with target information =====
 
 
 
 
 
 
 
 
 
 
===== Upload a CSV file with target information. =====
 
  
 
If you wish to mass register targets, upload a CSV file with the following format:
 
If you wish to mass register targets, upload a CSV file with the following format:
Line 950: Line 1,171:
  
 
  IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
 
  IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
 +
 +
* IP: IP address of the computer where the agent will be installed.
 +
* Operating system: AIX, BSD, HP-UX, Linux, Solaris, Windows are supported.
 +
* Architecture: x64 or x86.
 +
* Target agent version: Numeric ID of the agent registered in the Software Agent Repository.
 +
* Credentials Identifier: "Identifier" field of the key created in the Credentials Store.
 +
* Target server IP: IP address of the server where deployed software agent will point to.
  
  
 
[[File:Depl6.png]]
 
[[File:Depl6.png]]
  
The system will create the objectives based on what is defined in the CSV.
+
The system will create the targets based on what is defined in the CSV.
  
 
==== Deploy the software ====
 
==== Deploy the software ====
  
{{Warning|You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy}}
+
{{Warning|You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.}}
  
 
When you have possible targets on the list, launch agent deployment:
 
When you have possible targets on the list, launch agent deployment:
Line 965: Line 1,193:
  
  
Select the IPs of the objectives from the list (only valid objectives will appear) and press ''deploy''.
+
Select the IPs of the targets from the list (only valid targets will appear) and press ''deploy''.
  
 
A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.
 
A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.
  
You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:
+
You can confirm that the agent has been successfully installed from the list of targets of the deployment center:
  
 
[[File:Depl7.png]]
 
[[File:Depl7.png]]
Line 977: Line 1,205:
  
  
Failure example: The user not only entered the IP of the target, but also its netmask ('''THE IP IS ENOUGH''').
+
Failure example: The user not only entered the IP of the target, but also its netmask ('''THE IP IS ENOUGH'''). When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:
 
 
When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:
 
  
 
[[File:Depl_err1.png]]
 
[[File:Depl_err1.png]]
Line 986: Line 1,212:
  
 
A list of devices can be imported to represent them as agents using the agent import wizard through CSV.
 
A list of devices can be imported to represent them as agents using the agent import wizard through CSV.
 +
 +
{{Tip|This feature only creates agents in Pandora FMS for its remote monitoring.}}
 +
  
 
<center>
 
<center>
Line 999: Line 1,228:
 
==Custom NetScan==
 
==Custom NetScan==
  
Allows the execution of custom scripts for the execution of network recognition tasks.
+
It allows the execution of custom scripts for the execution of network recognition tasks.  
 
 
Create a recognition task specifying:
 
 
 
* Task name: Name of the recognition task.
 
* Comment: Allows adding comments.
 
* Discovery server: Server that will execute the task.
 
* Group: Group it belongs to.
 
* Interval: Execution interval.  
 
  
 
<center>
 
<center>
Line 1,013: Line 1,234:
 
</center>
 
</center>
  
Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.  
+
Specify:
 +
* '''Task name''': Name of the recognition task.
 +
* '''Comment''': Allows adding comments.
 +
* '''Discovery server''': Server that will execute the task.
 +
* '''Group''': Group it belongs to.  
 +
* '''Interval''': Execution interval.
 +
 
  
 +
 +
Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.
  
 
==Net scan scripts==
 
==Net scan scripts==
  
This section will show the different scripts that have been created for custom recognition tasks. A view is displayed in which the name and description of the task are defined.  
+
This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.  
  
 
<center>
 
<center>
Line 1,026: Line 1,255:
 
Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.  
 
Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.  
  
The parameters that can be defined are the following:  
+
The parameters that can be defined are the following:
 
 
* Name: Script name.
 
* Script fullpath: Path where the script is located.
 
* Description: Script description. You can define descriptions of the different fields, as well as default values for them.
 
* Hide value: In case you wish to hide the value of a field.
 
* Help: Help fields.
 
  
 
<center>
 
<center>
 
[[File:DISC_Net_scan_scripts_2.JPG]]
 
[[File:DISC_Net_scan_scripts_2.JPG]]
 
</center>
 
</center>
 +
 +
* '''Name''': Script name.
 +
* '''Script fullpath''': Path where the script is located.
 +
* '''Description''': Script description. You can define descriptions of the different fields, as well as default values for them.
 +
* '''Hide value''': In case you wish to hide the value of a field.
 +
* '''Help''': Help fields.
 +
  
 
Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.
 
Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.

Latest revision as of 23:25, 13 April 2021

Go back to Pandora FMS documentation index


Contents

1 What is Pandora FMS Discovery?

Info.png

Available for Pandora FMS 732 versions or higher.

 


Discovery provides a set of tools to simplify monitoring through wizards. You may get more information through our video tutorial "Introduction to Pandora FMS Discovery"

Task list
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
Discovery Applications
It allows to monitor MySQL®, Oracle® or VMware® environments from a new management console.
Discovery Cloud
Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services® (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Computer®.
Console Tasks
It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
Discovery Host&Devices
It includes the tools needed to discover or import devices and equipment to your network.

Discovery1.png

2 Discovery Task list

Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at Console Tasks and Server Tasks levels.

DISC Task list 1.JPG

2.1 Console tasks

Console Tasks.jpeg

This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:

  • User: It is the user who created the task.
  • Task: Description of the programmed task
  • Scheduled: It specifies how often the task will be executed.
  • Next Execution: It specifies the next task execution.
  • Last Execution: It indicates when the task was last executed.
  • Group: The group to which the task belongs.
  • Operations: It shows the actions that can be performed on the task, such as editing and deleting.

2.1.1 Edit Console tasks

This button allows creating or editing a task:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom reports:
      • Save custom report to disk.
      • Save custom XML report to disk.
      • Send custom report (from template) by email.
      • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.

2.1.1.1 Parameters of different tasks


Backup Pandora FMS database
Path where the information backup will be stored, Save to disk in path.
Execute custom script
Name of the script to be executed, Custom script.
“Save custom report to disk” and “Save custom XML report to disk”
Name of the report to be created, Report pending to be created; path where the created report will be stored, Save to disk in path.
"Send custom report (from template) by email" and "Send custom report by email"
Reports to be sent by email:
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Send to email addresses: Email addresses to which the report will be sent.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

2.2 Server tasks

This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:

  • Force: Option that will allow forcing the task execution.
  • Task name: Name assigned to the task.
  • Server name: Server that will execute the task.
  • Interval: Time interval during which the task will be performed.
  • Network: Network where the checks will be made.
  • Status: Status of the scheduled task.
  • Task type: Type of the task that has been generated.
  • Progress: Progress of the task in case of being executed.
  • Updated at: It indicates when the task was last executed.
  • Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.

2.2.1 Operations

The edition of the server recognition tasks allows to adjust the following parameters:

  • Interval: The task execution interval can be set, either manually or defined.
  • Task name: Task Name.
  • Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
  • Network: Network on which the checks are to be carried out.
  • Group: Group to which it belongs.
  • Comment: Comments to add.

3 Discovery Applications

Menu db2 discovery.png

Now, it is possible to monitor applications remotely using Discovery Applications.

3.1 Discovery Applications: DB2

Info.png

Version NG 747 or higher.

 


To monitor the DB2 relational database engine from IBM, the IBM official client is used, to be more specific ibm_data_server_driver_package_linuxx64_v11.5.tar.gz; however, this package is included within ISO appliance installation. Once the package has been downloaded, follow these instructions to decompress and install it:

tar -zxvf ibm_data_server_driver_package_linuxx64_v11.5.tar.gz

Move the file to the directory where you want to install it (e.g. /opt/dsdriver).

mv PATH/ibm_data_server_driver_package_linuxx64_v11.5 /opt/dsdriver/
cd /opt/dsdriver
bash installDSDriver
export DB2_HOME=/opt/dsdriver
export DB2LIB=/opt/dsdriver/lib
cd /usr/lib64
ln -s /opt/dsdriver/lib/* ./


In the file /etc/pandora/pandora_server.env, set this variables:

#!/bin/bash
VERSION=12.2
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/dsdriver/lib

export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
export DB2_HOME=/opt/dsdriver
export DB2LIB=/opt/dsdriver/lib
Version db2.png

Template warning.png

The version may be 11.1 or 12.2, depending on the system installed.

 


3.1.1 Features

Conf2 db2 discovery 1.png
  • Predefined module, Get database summary:
OR9bC6dZIf.png
  • Predefined module, Check transactional log utilization:
Chrome mAl1yniQE5.png
  • Predefined module, Number of connections:

Chrome UM71cIq8Bk.png

  • Predefined module, DB size:
DEQpfVh7fy.png
  • Predefined module, Retrieve cache statistics:
L7sXBJr4wR.png
  • Module through custom queries:
Chrome wYULn1VsyH.png

To perform this custom monitoring, follow the steps of the wizard to configure the DB2 task.

Conf1 db2 discovery.png

In the first step, define the following parameters:

  • Task name: Name of the task.
  • Discovery server: Server that will execute the DB2 monitoring task.
  • Group: Group the created agents will belong to.
  • DB2 target strings: Section where the target strings of your task will be defined. You may add as many target IPs as you want separating them by commas or by lines. You may use # to comment the desired lines.
  • User: DB2 user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval.

Conf2 db2 discovery.png

This will be indicated in the second part of the task setup:

  • Target agent: Agent that will receive the information from the DB2 monitoring. In case of defining several target strings, you may indicate several names in this field separated by commas.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Get database summary: It returns a summary of the database status.
  • Check transactional log utilization: It shows the percentage of the total space of the record that is in use.
  • Get number of connections: It returns the number of connections.
  • Check DB size: It returns the size of the database.
  • Retrieve cache statistics: It returns the cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: It allows you to define custom queries.

The example

SELECT count(*) FROM SYSIBMADM.SNAPLOCKWAIT 

it returns information about the screenshots of the database agents working on behalf of the requests that are waiting to get locks. Following the query format:

SELECT * FROM <schema_name>.<table_name>

for this kind of database you may obtain all kinds of modules.

Conf2 db2 discovery 2.png

Once done with the previous steps, you will get a general view similar to this one:

Chrome 0qtstUpxJC.png

3.2 Discovery Applications: MySQL

Info.png

Version NG 733 or superior.

 


The following parameters must be defined for the task:

DISCMySQL1.JPG
  • Task name: Name of the task that will perform MySQL monitoring.
  • Discovery Server: Server that will perform the execution of the specified task.
  • MySQL server IP: IP of the server where the MySQL environment to be monitored is.
  • MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
  • Interval: Time interval in which monitoring will be executed.
  • User: MySQL user with which to login.
  • Password: MySQL user password specified above.

Template warning.png

It must be a user with enough permissions on the database to execute the queries.

 


Once done with the configuration, specify the modules:

DISCMySQL2.JPG
  • Target agent: Agent on which the modules resulting from monitoring will be created.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Scan databases: It will scan the databases.
  • Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
  • Check engine uptime: It will check the time that MySQL engine is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Retrieve InnoDB statistics: It returns InnoDB statistics.
  • Retrieve cache statistics: It returns cache statistics.
  • Custom queries: It allows defining custom statements.

3.3 Discovery Applications: Oracle

Info.png

Version NG 733 or higher.

 


DISC Oracle1.JPG


Oracle monitoring will allow to define the following parameters:

  • Task name: Task Name
  • Discovery server: Server that will run the Oracle monitoring task.
  • Group: Group it belongs to.
  • Oracle target strings: Where the target strings of the task will be defined.
  • User: Oracle user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval

Once the previous values are configured, proceed to complete the following task modules:

  • Target agent: Agent that will receive Oracle monitoring information.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Check engine uptime: It will check the time that Oracle is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Calculate fragmentation ratio: It calculates the fragmentation rate.
  • Monitor tablespaces: It monitors tablespaces.
  • Retrieve cache statistics: It returns cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: It allows to define customized queries.

3.3.1 Installing Oracle packages

This package is included within ISO appliance installation, for installations done other way, the process will be the following:

  • Install oracle instant client from the Oracle page:
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  • Required packages:
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
  • Prepare the boot environment of pandora_server:

Template warning.png

In the pandora_server path, you need to create a file called pandora_server.env with the following information and execute ./pandora_server.env

 


# Set Oracle environment for pandora_server
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
#!/bin/bash
VERSION=11.1
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV
  • Restart pandora_server
/etc/init.d/pandora_server restart

Template warning.png

If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used.

 


3.4 Discovery Applications: SAP

Info.png

Versión NG 741 o superior.

 


The system will guide you along each step to configure SAP, according to your needs. More information can be found in the video tutorial «SAP Monitoring with Pandora FMS Discovery». You may define the same task to monitor systems with similar configurations.

Template warning.png

If you need to monitor different configurations, create a task for each configuration.

 


Discoverysap2.png

Template warning.png

To be able to use SAP in Discovery, configure an specific license number for this plugin, which is not included in the Pandora FMS Enterprise license. You must configure this license in Setup -> Enterprise.

 


Select from the list the information about the SAP system you wish to retrieve as shown below:

Discoverysap3.png

Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.

Template warning.png

If you install Pandora FMS from packages, or your system is previous to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually according to section SAP Discovery connector manual installation.

 


3.4.1 Custom SAP

Info.png

NG 747 version or higher.

 


Apart from the Available modules in Pandora FMS, you can add a lot of additional Modules through the Custom module definitions section.

Discovery-Application-sap r3 task sap r3 details-custom module definitions.png

Each line you add must use the following format, using the semicolon as a field separator:

<module name>;<module_type>;<sap check definition>

An example to get to know the SAP system information:

SAP info;generic_data_string;-m 120

You can add as many custom modules as you need, then continue with the process in the same way as described in the previous section.

3.4.2 SAP Discovery connector manual installation

If your Pandora FMS version was installed before NG 741 version, download the connector and configure it manually.

# Discovery SAP 
java /usr/bin/java

# Discovery SAP utils
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP
  • In the directory indicated, with the configuration token sap_utils decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:
Deset_SAP_Plugin.jar
dev_jco_rfc.trc
libsapjco3.so
sapjco3.dll
sapjco3.jar
  • Restart the pandora_server
/etc/init.d/pandora_server restart

3.4.3 SAP View

It allows you to see the general state of the SAP servers:

Discoverysap4.png

This view will display a panel with the available SAP modules of the selected SAP agent. You may select the refresh time and the interval to show in the graphs.

3.4.4 SAP specific view

The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:

Discoverysap5.png

The agent view will provide an overview of the status of the SAP modules for the current agent:

Discoverysap6.png

3.5 Discovery Applications: VMware

Info.png

Version NG 732 or superior.

 


Discoveryapplications2.png

The following must be specified:

  • A name to identify the task.
  • A Discovery server where to run it.
  • IP address, V-Center IP.
  • Name of the datacenter, which can be retributed from the admin screen of the VMWare installation.
  • User and password with reading permissions; only for this wizard you may enable password encryption.
  • Monitoring lapse, Interval.
  • A group to which the agents generated by the VMware task will be associated.

Info.png

It must be taken into account that if Pandora FMS server has the autocreate_group token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.

 


Template warning.png

In case of manual installation or update from a Pandora FMS prior to 732, it will be necessary to install SDK for VMWare's proper working.

 


Once the basic configuration is completed, specify the following:

Discoveryapplications3.png
  • Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
  • Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
  • Event mode: Only for VCenter. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
  • Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
  • Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode.

For more information, visit this section.

3.6 Discovery Applications: MS SQL


This new Pandora FMS integration allows monitoring Microsoft SQL server databases. For that, ODBC must be installed in the system where Pandora FMS server is running.


Info.png

From version 753 onwards, ODBC is preinstalled in Pandora FMS ISO Appliance. For now, we are still working on this Pandora FMS feature.

 


3.6.1 How to install Microsoft ODBC

  • In CentOS 7:
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17
  • In CentOS 8:
curl https://packages.microsoft.com/config/rhel/8/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17

Check the configuration file from Pandora FMS server.

/etc/pandora/pandora_server.conf

Once you go to the configuration file, look for the following token:

mssql_driver IDENTIFYING STRING

The <IDENTIFYING STRING> parameter can be found in /etc/odbcinst.ini, which will be created when installing ODBC.

This is the default string:

ODBC Driver 17 for SQL Server

3.6.2 Configure a Discovery Applications MS SQL task

To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery -> Applications -> Microsoft SQL Server).

Once you choose the Microsoft SQL Server task, you may define the instances in the following way:

IP\Instance

If you wish so, define a port like this:

IP:Port\Instance
Mssql1.png

This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.

Mssql3.png

If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.

3.6.3 Modules available by default

PFMS modules ms sql server.png

The user and credentials used for monitoring must have the necessary permissions on the databases to be connected in order to perform the corresponding operations.

Nane Description
MSSQL connection Checks for MS SQL server connection.
queries: delete Amount of delete queries run since the last execution.
queries: insert Amount of insert queries run since the last execution.
queries: update Amount of update queries run since the last execution.
queries: select Amount of queries run since the last execution.
restart detection Check how long the database service has been running uninterruptedly.
session usage Percentage of open sessions with respect to the maximum available. Displays the current and maximum value in the Module description.

4 Discovery Cloud

Discovery Cloud allows you to monitor Amazon Web Services®, Google Cloud Platform® and Microsoft Azure® accounts in a single tool.

Azure66.JPG

Account management, both from AWS and Microsoft Azure, will be made through the Credential Store located in Profiles -> Manage agent groups -> Credential Store.

Credential store.png

4.1 Discovery Cloud: Amazon Web Services (AWS)

Template warning.png

This section is under construction.

 


To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.


4.1.1 AWS. Credential validation

Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as imported_aws_account.

AWS-credentials01.png

You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down. Then in the section Credential store from Profiles > Manage agent groups store all previously created Amazon Web Services® accounts.

AWS4.png
AWS5.png


Query accounts in Amazon AWS must be created with the following permissions:

Awsgrants.png
  • Billing (read)
  • CloudWatch (list,read)
  • Cost Explorer Service (Full access)
  • EC2 (full read, limited: list)


Summary of the policy in JSON:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "ec2:DescribeInstances",
               "ec2:DescribeVolumesModifications",
               "ec2:GetHostReservationPurchasePreview",
               "ec2:DescribeSnapshots",
               "aws-portal:ViewUsage",
               "ec2:DescribePlacementGroups",
               "ec2:GetConsoleScreenshot",
               "ec2:DescribeHostReservationOfferings",
               "ec2:DescribeInternetGateways",
               "ec2:GetLaunchTemplateData",
               "ec2:DescribeVolumeStatus",
               "ec2:DescribeScheduledInstanceAvailability",
               "ec2:DescribeSpotDatafeedSubscription",
               "ec2:DescribeVolumes",
               "ec2:DescribeFpgaImageAttribute",
               "ec2:DescribeExportTasks",
               "ec2:DescribeAccountAttributes",
               "aws-portal:ViewBilling",
               "ec2:DescribeNetworkInterfacePermissions",
               "ec2:DescribeReservedInstances",
               "ec2:DescribeKeyPairs",
               "ec2:DescribeNetworkAcls",
               "ec2:DescribeRouteTables",
               "ec2:DescribeReservedInstancesListings",
               "ec2:DescribeEgressOnlyInternetGateways",
               "ec2:DescribeSpotFleetRequestHistory",
               "ec2:DescribeLaunchTemplates",
               "ec2:DescribeVpcClassicLinkDnsSupport",
               "ec2:DescribeVpnConnections",
               "ec2:DescribeSnapshotAttribute",
               "ec2:DescribeVpcPeeringConnections",
               "ec2:DescribeReservedInstancesOfferings",
               "ec2:DescribeIdFormat",
               "ec2:DescribeVpcEndpointServiceConfigurations",
               "ec2:DescribePrefixLists",
               "cloudwatch:GetMetricStatistics",
               "ec2:GetReservedInstancesExchangeQuote",
               "ec2:DescribeVolumeAttribute",
               "ec2:DescribeInstanceCreditSpecifications",
               "ec2:DescribeVpcClassicLink",
               "ec2:DescribeImportSnapshotTasks",
               "ec2:DescribeVpcEndpointServicePermissions",
               "ec2:GetPasswordData",
               "ec2:DescribeScheduledInstances",
               "ec2:DescribeImageAttribute",
               "ec2:DescribeVpcEndpoints",
               "ec2:DescribeReservedInstancesModifications",
               "ec2:DescribeElasticGpus",
               "ec2:DescribeSubnets",
               "ec2:DescribeVpnGateways",
               "ec2:DescribeMovingAddresses",
               "ec2:DescribeAddresses",
               "ec2:DescribeInstanceAttribute",
               "ec2:DescribeRegions",
               "ec2:DescribeFlowLogs",
               "ec2:DescribeDhcpOptions",
               "ec2:DescribeVpcEndpointServices",
               "ce:GetCostAndUsage",
               "ec2:DescribeSpotInstanceRequests",
               "cloudwatch:ListMetrics",
               "ec2:DescribeVpcAttribute",
               "ec2:GetConsoleOutput",
               "ec2:DescribeSpotPriceHistory",
               "ce:GetReservationUtilization",
               "ec2:DescribeNetworkInterfaces",
               "ec2:DescribeAvailabilityZones",
               "ec2:DescribeNetworkInterfaceAttribute",
               "ce:GetDimensionValues",
               "ec2:DescribeVpcEndpointConnections",
               "ec2:DescribeInstanceStatus",
               "ec2:DescribeHostReservations",
               "ec2:DescribeIamInstanceProfileAssociations",
               "ec2:DescribeTags",
               "ec2:DescribeLaunchTemplateVersions",
               "ec2:DescribeBundleTasks",
               "ec2:DescribeIdentityIdFormat",
               "ec2:DescribeImportImageTasks",
               "ec2:DescribeClassicLinkInstances",
               "ec2:DescribeNatGateways",
               "ec2:DescribeCustomerGateways",
               "ec2:DescribeVpcEndpointConnectionNotifications",
               "ec2:DescribeSecurityGroups",
               "ec2:DescribeSpotFleetRequests",
               "ec2:DescribeHosts",
               "ec2:DescribeImages",
               "ec2:DescribeFpgaImages",
               "ec2:DescribeSpotFleetInstances",
               "ec2:DescribeSecurityGroupReferences",
               "ec2:DescribeVpcs",
               "ec2:DescribeConversionTasks",
               "ec2:DescribeStaleSecurityGroups",
               "ce:GetTags"
           ],
           "Resource": "*"
       }
   ]
}


Assign the policy to a new user.

Awsgrants2.png


Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.

Info.png

Enterprise version.
If you do not have pandora-cm-api in the installation, you may get it from the following link: Pandora Cloud Monitoring API

 


4.1.2 Discovery Cloud. AWS

AWS6.png

Once the credentials are validated, go to the menu Discovery Cloud > Amazon Web Services. For each account added to the Credential store the environment EC2 stored in that account may be monitored.

4.1.3 Discovery Cloud AWS EC2

Within EC2 monitoring you can find:

  • Expense monitoring.
  • Summary of resources registered in AWS.EC2.
  • Specific instance monitoring.
  • Volume and elastic IP address monitoring.
Cloud3.png

To start the monitoring process, a series of basic data is requested, such as name, the Discovery Server that will execute it, group and interval.

4.1.3.1 Discovery Cloud AWS EC2

Template warning.png

Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/

 


Expense monitoring provides a separate monitoring interval to avoid extra charges.

Cloud4.png

Both the overall cost and the independent cost per region can be monitored.

4.1.3.2 Discovery Cloud AWS.EC2 Summary

The Discovery task can be configured to collect general information on the stock status in all regions. To enable it, the Scan and general monitoring option must be activated.

Cloud5.png

Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).


4.1.3.3 Discovery Cloud AWS.EC2 Specific Instance Monitoring

Specific instances can be monitored to obtain readings of:

  • CPUUtilization: Average CPU usage
  • DiskReadBytes: Reading bytes (disk)
  • DiskWriteBytes: Writing bytes (disk)
  • DiskReadOps: Read operations (disk)
  • DiskWriteOps: Writing operations (disk)
  • NetworkPacketsIn: Input packets (network)
  • NetworkPacketsOut: Output packets (network)

The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted. The update_parent token must be configured to 1 in Pandora FMS server configuration to keep the parent-child relationships updated.

Navigation must be carried out through the browser by selecting the instances that need to be monitored:

Cloud6.png

4.1.3.4 Discovery Cloud AWS.EC2 Extras

In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances. Two extra modules will appear in the region agents:

  • Total reserved volume (GB)
  • Total registered volumes (number)

You can also choose to activate the Elastic IP addresses token. The number of elastic IPs registered in the AWS.EC2 account will be reported.

Cloud7.png

Once the wizard is completed, the progress of the execution in Discovery Task list can be seen:

Tasklist1.png

4.1.4 Discovery Cloud. AWS.RDS

The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.

Template warning.png

Integration with AWS RDS only supports Oracle, MySQL and Mariadb.

 


AWS8.JPG

Once satisfied with the previous parameters, you may monitor different RDS instances, both the source of data as well as the availability, in addition to all metrics that could be usually monitored through a database (under RDS).

4.1.5 Discovery Cloud S3 Buckets

The S3 Buckets service provides storage for files called objects, such as enterprise applications, data lakes, websites, big data analytics, mobile applications, backup and restore processes, archiving operations, among many others.

With the registered credentials, access the creation of a survey task and select the objects to be monitored, either one by one and/or by region.

AWS81.png

Click on Next: select monitoring by Bucket size and/or Bucket elements numbers.

AWS82.png

Click on Finish. Agents will be AWS global and Regions; new Modules will be:

bucket.size <bucket-id> (region)
bucket.items <bucket-id> (region)

Info.png

In the case of region monitoring, a Bucket that has been discovered and monitored, and then deleted, will leave all its corresponding Modules in Unknown status.

 


4.1.6 Discovery Cloud. Overview

Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.

In the AWS view, the account from which you wish to display the information can be selected:

AWS9.JPG

It includes:

  • Current expenses
  • Previous expenses
  • Expense evolution chart (6 months)
  • Reserve / instance evolution chart (1 month)
  • Map of regions with the number of instances per region.

Awsview.png

4.2 Discovery Cloud: Microsoft Azure


To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.

4.2.1 How to register a user to use the Azure API

Azure.png

  • Go to App registrations> New registration:

Azure2.png


  • Enter the data.

Azure3.png


  • Write down the values Application (client) ID client_id and Directory (tenant) ID directory:

Azure4.png

  • Next, access certificates & secrets and create a new one:

Azure5.png

Template warning.png

Write down the key that is shown, it is the application_secret.

 


4.2.2 Assigning permissions

Assign a role to the account that will operate (app). To that effect, access home' and subscription.

Azure6.png


Within the subscription, select Access control (IAM).

Azure7.png

Add a new role assignment and once there, select the reader role for the created app.

Azure8.png

It is important to save the changes by pressing "save".


From that moment onwards, you can connect to the service and make requests through pandora-cm-api.

4.2.2.1 Examples

The status of Azure can be checked from Pandora FMS as follows:

  • Preload the environment.
  • Run . load_env.sh
  • pandora-cm-api --product Azure --get availability


If the environment is operational, the system should return a response of 1.

An example of the contents of the load_env.sh script would be the following:

  • Azure
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"

export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

4.2.3 Configure a task in Pandora FMS

Pandora FMS allows managing several Microsoft Azure® accounts.

You can add as many accounts as needed through the Manage Accounts option next to the Account drop-down.

This will allow access to the Credential store section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure® accounts to be registered.

To configure a new task, follow these steps:

  • Add a new password to the credential store.

Azure9.png


  • Access Discovery> Cloud> Azure and validate the Azure account.


Azure10.png


Azure11.png


Azure12.png


  • From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.

AzureX3.PNG

  • Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.

AzureX4.PNG

  • The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure®. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.

AzureX5.PNG


4.3 Discovery Cloud: Google Cloud Platform (GCP)

Info.png

This feature is available from Pandora FMS version 750.

 


To monitor an infrastructure in Google Cloud Platform® follow the following instructions step by step.

Template warning.png

If you have a version prior to 750, before upgrading you must decrypt the database and re-encrypt the database after upgrading.

 


Template warning.png

If you come from a previous version and you have already done the upgrade to pandora 750 you should decrypt the database partially using usr/share/pandora_server/utils/pandora_encrypt_db -d -m and then you can encrypt it again with usr/share/pandora_server/utils/pandora_encrypt_db -d.

 


4.3.1 Google Cloud Platform (GCP) credential validation

To access the Google Cloud console you have to register the JSON key. Follow the steps below:

  • Access the security settings in GCP IAM. The login account to register will be a service account with the following privileges:
Permisogcp2.png


  • Access in Pandora FMS to Credential Store located in Profiles -> Manage agent groups -> Credential Store and click on the "Add key".
  • In the Product dropdown select Google and add the JSON key from the GCP account.
Jsonapikey.PNG

Info.png

The user field will be filled in automatically.

 


Access Discovery > Cloud > Google Cloud Platform and validate the GCP account by defining a Discovery GCP task.

Azure10.png
Credenciales.PNG
Validacion.PNG

4.3.2 Configuring the task in Pandora FMS

Taskgcp.PNG
  • Task name: Define a name to the task.
  • Discovery server: Select the server that will perform the monitoring.
  • Group: Assign a group.
  • Interval: Indicate the frequency with which the task will be executed.

Once the task data is defined, select the regions of your GCP account that will be monitored. Each region will allow you to select the desired instances.

Instanciasgcp.PNG

Template warning.png

When selecting a zone, automatically new instances detected within that zone will be monitored.

 


Template warning.png

When selecting an instance, it will explicitly be monitored, even if its zone is not monitored.

 


The last step will be to select the metrics to obtain from the agents that Pandora FMS will create for each instance it finds in Google Cloud Platform®. Once this section is configured, you can launch the task and Pandora FMS will automatically create the agents based on the instances requested in the previous steps.

Metricasgcp.PNG

As in Azure or AWS, there will be a generic agent called Google or GCP in which all the modules related to google monitoring will appear.

Some of the metrics it collects from the instances are the following:

Click to zoom in

Info.png

Those instances that disappear from an area that is constantly monitored will appear in critical or removed status and all other modules in unknown. In case the whole instance goes to unknown you can use the auto-disable mode.

 


You may also query a map from the GCP tasklist.

Click to zoom in

5 Discovery Console Tasks

Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:

ConsoleTasks.JPG

6 Discovery Host&Devices

800

6.1 NetScan

With the NetScan tool, you may find devices in a network and apply different monitoring rules.

3oaKq2yukE.png

When creating a tsk, the grout it will belong to must be set beforehand and you must select in the recognition, between loading a file in CSV format with the specific devices to check (Use CSV file definition:) or the Network:.


Template warning.png

The intervals selected as manuals must be manually launched. Discovery will not launch any manual task automatically.

 



The feature section has several options in a single screen, (the following example is divided with didactical purposes):

Network Scan Features 1.png


  • Known hardware auto discovery: It dinamically applies the templates that were previously added to the Private Enterprise Number section. To learn more, go to the following link.
  • Module templates: Try to apply the modules from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
  • Check results: The user must validate the results selecting which agents will be created from those found through the discovery task.
  • Apply autoconfiguration rules: It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following link.

Info.png

Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.

 


Info.png

Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.

 



  • SNMP enabled: To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
    • SNMP version: Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
    • SNMP communities: Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.

Network Scan Features 2.png

  • WMI enabled: You may enable WMI scanning. Just select the previously loaded credentials from the credential store.

Info.png

The different credentials provided against the detected targets that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.

 


  • OS detection: Detect the target's operating system.
  • Name resolution: Solve the target's name.
  • Parent detection: By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  • Parent recursion: It improves parent detection, adding recursion to the process.
  • VLAN enabled: It detects the VLAN to which the different devices are connected.

Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:

800

Once the task is finished, if you access from Review, you will see a summary of the devices found that respond to ping or fping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:

  • Disabled: There is already an agent or module being monitored in the environoment and it will not be created nor modified.
  • Enabled: It is a new non-monitored element, or within the obtained metrics there is a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in devices in this status or add any of the new enabled metrics.

HK8XAXtv92.png

Info.png

Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.

 


6.2 Automatic agent deployment

Info.png

Enterprise versionVersion NG 737 or higher.

 


For more information, check out the video tutorial "Discovering devices and loading agents with Pandora FMS: Discovery Host&Devices".

Depl1.png

Template warning.png

Server version must be EL7 for agent automatic deployment to work.

 


Template warning.png

Before using this feature, check you have the winexe command installed in your computer and properly working. This command is provided with Pandora FMS Enterprise server. In needs dependencies zlib.i686 and glibc.i686 to work.

En Windows environments, it is recommended to carry out the installation as admin user. Before starting the service, define an admin account for its use.

 



The steps to deploy agents from the console are:

  • Register the versions of the software agents to be deployed in the agent repository: You will need the installators in the agents to be deployed. You may also use custom agents.

+ Register the credentials to be used to connect the targets in the credential manager: Specify the credentials with which the accesses to found or specified targets will be tested.

  • Check that your environment is ready for deployment.
    • Define deployment targets.
    • Define public access URL.
    • Register installators to deploy the software.
No deployment targets have been defined yet.

These objectives will be defined according to the instructions of the following sections

No public URL has been defined yet.

The previous message provides a link (public_url) that leads to configure the public URL of Pandora FMS server.

No installer has been added to the agent repository.

The previous message offers a link ('here') that leads to configure the Software Agent installers for each different environment.

Template warning.png

This system does not perform PUSH operations. All deployments are sent by offering the software and ordering the target to install it.

 


6.2.1 Target Search

Deployment targets

Use any of the methods described below to define new targets:

Explore, add or load targets.Check the following sections


6.2.1.1 Scan one or more networks in pursuit of targets.

By pressing scan targets, a pop-up with the following fields will be displayed:

Depl2.png


Firstly indicate:

  • Network/mask: The network or networks (separated by commas) to scan.
  • Scan from: The Discovery server that will perform the scan.
  • Credentials to try with: The credentials used to try to connect to the discovered targets.
  • Desired agent version: The software agent version registered as "desired" for the discovered targets.
  • Target server IP: The IP of the target server where these software agents will point when they are installed (it corresponds to the server_ip field in the agent configuration file).


When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.

Depl info3.png


A new entry will appear in the task list:

Depl2b.png


Info.png

Discovery tasks related to agent deployment are volatile tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.

 



As possible targets are found, they will appear in the deployment center:

Depl3.png


Info.png

The discovered targets added to this list are all found devices whose operating system matches Windows or Linux/Unix based systems, regardless of whether valid credentials were found or not.

 


6.2.1.2 Define a target manually.
Depl5.png

You may manually register the target by defining:

IP
IP address or addresses to be deployed.
OS
This version only allows Windows and those operating systems based on Linux / Unix compatible with the tar.gz agent installer.
Architecture
Processor architecture, x86 (32-bit) or x64 (64-bit).
Credentials
Used to try to connect to the target.
Desired agent version
The agent version you wish to deploy.
Desired agent version
The IP address of the server where that agent will point once installed (it corresponds to the field server_ip of the software agent configuration).
6.2.1.3 Upload a CSV file with target information

If you wish to mass register targets, upload a CSV file with the following format:


IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
  • IP: IP address of the computer where the agent will be installed.
  • Operating system: AIX, BSD, HP-UX, Linux, Solaris, Windows are supported.
  • Architecture: x64 or x86.
  • Target agent version: Numeric ID of the agent registered in the Software Agent Repository.
  • Credentials Identifier: "Identifier" field of the key created in the Credentials Store.
  • Target server IP: IP address of the server where deployed software agent will point to.


Depl6.png

The system will create the targets based on what is defined in the CSV.

6.2.2 Deploy the software

Template warning.png

You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.

 


When you have possible targets on the list, launch agent deployment:

Depl4.png


Select the IPs of the targets from the list (only valid targets will appear) and press deploy.

A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.

You can confirm that the agent has been successfully installed from the list of targets of the deployment center:

Depl7.png


The name of the target also becomes a link to the corresponding Pandora FMS agent.


Failure example: The user not only entered the IP of the target, but also its netmask (THE IP IS ENOUGH). When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:

Depl err1.png

6.3 Import a list of your devices in CSV

A list of devices can be imported to represent them as agents using the agent import wizard through CSV.

Info.png

This feature only creates agents in Pandora FMS for its remote monitoring.

 



Hostdevices2.png

Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".

Hostdevices3.png

6.4 Custom NetScan

It allows the execution of custom scripts for the execution of network recognition tasks.

DISC NetScan Custom 1.JPG

Specify:

  • Task name: Name of the recognition task.
  • Comment: Allows adding comments.
  • Discovery server: Server that will execute the task.
  • Group: Group it belongs to.
  • Interval: Execution interval.


Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.

6.5 Net scan scripts

This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.

DISC Net scan scripts.JPG

Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.

The parameters that can be defined are the following:

DISC Net scan scripts 2.JPG

  • Name: Script name.
  • Script fullpath: Path where the script is located.
  • Description: Script description. You can define descriptions of the different fields, as well as default values for them.
  • Hide value: In case you wish to hide the value of a field.
  • Help: Help fields.


Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.