Pandora: Documentation en: Inventory

From Pandora FMS Wiki
Revision as of 12:12, 17 December 2012 by Slerena (talk | contribs) (Inventory Data Display in the Agent)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Go back to Pandora FMS documentation index

1 Inventory

1.1 Introduction

Pandora FMS Enterprise version allows to keep an inventory of the devices that the servers monitored by Pandora have. With this inventory, it is possible to keep a list with the CPU, cards, RAM memory, patches, software, etc... or the company servers.

The inventory is independent from the monitoring and could be obtained in a local way (through the Pandora FMS agents) or in a remote way.

1.2 Data collection for the inventory

The data collection for the system inventory is done in two different ways in a remote way through inventory modules, through scripts integrated in Pandora FMS that execute WMI queries, or executable scripts through SSH with Expect or similar methods.

When the data collection is local, with the Pandora FMS agent, it is done through plugins in the agent or a kind of special module, in case of Windows systems.

1.2.1 Inventory Modules

The inventory modules are the remote modules that execute a command against a remote machine. These modules work in a similar way that a plugin. The same modules could be defined as "locals" when they obtain data through an agent.

1.2.2 Remote Inventory

1.2.2.1 Creating Remote Modules

The creation of a remote inventory module by the administrator is not usual. These come already "precharged" with Pandora FMS Enterprise. Regardless, Pandora FMS allows you to create your own inventory modules or modify the ones that already exist through the inventory module editor.

To create a remote module go to Administration> Manage modules> Inventory modules where there are all the inventory modules that have been already created.



In1.png



To create a new module press on "Create".



In2.png



Next describe the existing fields.

Name

Field where you should write the Module name.

Description

Field to write the Module description:

OS

Combo where you can choose the Operative System the module is created for. It is very important to choose well the Operative System because by adding inventory modules into an agent there will appear only these modules where the Operative System of the module matches with the Operative System of the agent.

Interpreter

Field where you can put the command interpreter that is used in the module. It can be Shellscript, Perl or other valid interpreter for the inventory server that is executed on a Linux system.

Format

Field where are the fields separated by the sign "; ", that the module will return.

Code

Module code, usually it is Perl or ShellScript code. If it was binary code it will need a different load procedure that should be introduced through peripheral scripts.

Once the module has been created press on "Create".



In3.png



1.2.2.2 Editing Remote Modules

To edit a remote module go to Administration> Manage modules> Inventory modules, where are all the inventory modules that have been created. Press on the module you want to edit or on the icon that is on the right of the red X.



In4.png



The module creation page will appear again.



In5.png



Change the fields you want to change and press "Update".

1.2.2.3 Deleting Remote Modules

To delete a remote module go to Administration> Manage modules> Inventory modules where are shown all the inventary modules that have been created. Press on the red x that is on the right of the module that you want to delete.



In6.png



1.2.2.4 Asigning Remote Modules

The Inventory modules assignment is done in the agent in the agent administration flap.

In Administración>Manage Agent click on the agent name to which you want to assign inventory modules.



In7.png



Click on Inventory flap



In8.png



There is the page where you can add the Inventory Modules.



In9.png



Next are described the fields that you should complete to add an Inventory Module.

  • Module: Combo where you can choose the Inventory Module that you want to add. It will only show the modules which Operative System will match up with that from the agent.
  • Target: IP or servername from you want to get the inventory.
  • Interval: Combo where you choose the time interval in which the Inventory Module will ve executed.
  • Username: User that will ve used to execute the Inventory Module.
  • Password: User Password that will be used to execute the Inventory Module.

Once the form has been filled in, click on "Add" in order the module would be added to the inventory modules.



In10.png



1.2.2.5 Editing an Assigned Inventory Module

It is possible to edit the Inventory modules. This edition is done in the same page where they are created. To edit an Inventory Module click on the module name or on the icon that is on the image.



In20.png



1.2.2.6 Deleting an Assigned Inventory Module

It is possible to delete the Inventory Modules. The deleting is done in the same page where they are created. To delete an Inventory Module click on the red x that is on the right of the module name.

1.2.2.7 Full Example of Remote Inventory Modules

Imagine you need to get the list of physical addresses from a server, in this case a Unix server. This command is usually get through the command "arp -a -n", that if we execute it in the server it will give us something similar to this:


[email protected]:~$ arp -a -n
? (192.168.70.74) at 08:00:27:39:BF:6F [ether] on eth2
? (192.168.70.162) at B4:74:9F:94:98:84 [ether] on eth2
? (192.168.50.30) at 08:00:27:10:D1:1A [ether] on eth0
? (192.168.70.90) at 98:0C:82:54:2F:DE [ether] on eth2
? (192.168.50.2) at 08:00:27:EA:B2:FF [ether] on eth0
? (192.168.70.135) at C8:60:00:4B:96:67 [ether] on eth2
? (192.168.60.182) at FE:26:C5:91:B1:DA [ether] on tap0


What we are looking for is the IP address, the MAC and the adapter name.

This could be done in the shellscript in the following way,that is, using " " to separate the fields:

arp -a -n | sort | grep -v incomplete | awk '{ print $2,$4,$7 }'


So we have almost all the necessary to "import" this information in the Pandora Remote Inventory server. To do it, we use as base the "CPU" remote inventory module and we change it "lightly. This script is connected via SSH with the destination server and it executes the command. The command exit should return each file separated by the ";" character.


At this point, you will need to have some knowledge of programming to do your own scripts. The remote inventory scripts, although the are not complex, it will require that you have some knowledge of perl, shellscript, or other languages. You could also write them in java, c++, and call their execution from the module, as long as you return the values of each field separated by ";" and a new line for each data.


#!/usr/bin/perl
##########################################################################
# pandora_linux_arptable.pl
##########################################################################
# Copyright (c) 2012 Sancho Lerena <[email protected]>
#           (c) 2012 Artica Soluciones Tecnologicas S.L
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
##########################################################################

use strict;
use warnings;

# Check for ssh
my $ssh_client = "ssh";
if (system("$ssh_client -v > /dev/null 2>&1") >> 8 != 255) {
	print "[error] $ssh_client not found.\n";
	exit 1;
}

if ($#ARGV < 1) {
	print "Usage: $0 <target ip> <username>\n";
	exit 1;
}

my $target_ip = $ARGV[0];
my $username = $ARGV[1];

# Retrieve ARP table
my ($ip, $mac, $iface);
my $command = '/usr/sbin/arp -a -n | sort | grep -v incomplete | awk \'{ print \$2,\$4,\$7 }\'';

my @info = `$ssh_client $username\@$target_ip "$command" 2> /dev/null`;
foreach my $line (@info) {
	if ($line =~ /^(.+)\s(.+)\s(.+)/) {
		$ip = $1;
		$mac = $2;
		$iface = $3;
		print "$ip;$mac;$iface\n";
	} 
}
 
exit 0;


In order the SSH connection works in an automatic way, you should copy the user public key, which is "root" form the pandora server in the destination server. Imagine that this command is going to be executed in 192.168.50.10. Follow these steps:


1. Create the key in the pandora server as root.

ssh-keygen


2. Use the command ssh-copy-id to copy the public key of the destination server (192.168.50.10) with the destination user (in this case the user artica):


ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]


(You should enter one time the user password "artica" in 192.168.50.10 to install the public key in the destination user)

3. Try to connect. It should connect without it ask for the password:


ssh [email protected]


4. If the process was successful, the inventory module will follow the same process, so try to execute it from the command line, recording the previous script in the disk (temporal.pl) and executing it with the IP and the user as parameters:


perl temporal.pl 192.168.50.10 artica
(192.168.50.1);00:0f:ea:27:ba:f0;eth0
(192.168.50.3);08:00:27:98:f8:48;eth0


Please, consider that the script calls remotely to /usr/sbin/arp.The command should be in this path, if not, change the script. You can also notice that we call our script with the command "perl" , that usually is at /usr/bin/perl. This is what should be when defining the module, as you can see here:




Inventory sample1 .png




When applying it to an agent, be careful to check that the OS is the same. If you have different operative systems, then you should create a different module for each one of them, because the same code won't work.




Inventory sample2 .png




Once this module has been executed, it could be visualized like this:




Inventory sample3 .png



1.2.3 Local Inventory through Software Agents

It is possible to obtain the Inventory Data from a machine through the Software Agents. You will only need to apply the required Inventory Modules in the Software Agent configuration.Same as in the remote modules it is also necessary to add these modules as Inventory Module in Operación > Manage modules> Inventory modules.

1.2.3.1 Creating Local Modules

To create a Local Module go to Administration> Manage modules> Inventory modules where there are all the Inventory Modules that have been created. You should create all the modules that are defined in the Agent.



In22.png



To create a new module click on "Create".



In23.png



For the remote modules it is not necessary to complete all the fields. Next we describe the fields that should be fill in:

  • Name:field to put the Module name.
  • Description: field where to put the module description.
  • OS: combo where to choose the Operative System for which the module is created. For the locate modules you should choose the option "Agent".
  • Format: field where to put the fields separated by ; the the module will return.

Once you have created the module, press on "Create".



In24.png



1.2.3.2 Inventory Module in Windows Systems through Software Agents

The Windows Software Agent Module uses, in a local way, predefined WMI to collect information about different aspects of the machine, both Software and Hardware.

The module syntax is the following:



In25.png



Next are described all the fields that you should complete to add the Inventory Module in Windows Systems:

module_begin

Beginning of any module of a Software Agent.

module name Inventory

Field where is the name for the module, in this case is "Inventory".

module_interval 3

Field that fix the module execution interval (in days).Fix how often (in days) the module will be executed. In this example are 3 days. BEWARE of previous erratas in documentations, is not module_inventory_interval, is module_interval ! If the value is 0 the information will be sent in each agent execution.

module_type generic_data_string

Value that defines the kind of data in Pandora FMS, the kind of data of the Inventory Modules is:

“generic_data_string”.

module_inventory CDROM Patches Software

Field where are defined the inventory objects that we want to collect.In this example are collected the CDROM, the patches and the software.In this field are defined the different parameters where the inventory objects that we want to collect. To add more objects you only need to add the name of them in the module line_inventory. It is possible to collect the following objects:

  • CPU: gets information about CPus.
  • RAM: gets information about RAM modules.
  • CDROM: gets information about CDROM devices.
  • Video: gets information about Video cards.
  • Hds: gets information about Hard Drivers.
  • Patches: gets information about the installed patches.
  • Software: gets information about the installed software.
  • Services: gets information about the services installed on the machine(running or not).
  • NIC: gets information about Network cards, Network Interface Controlers.

module_description Inventory

Field where to put the module description.In this example is Inventory.

module_end

End of any module of a software agent. To activate the inventory module you only have to copy the code previously described in the field pandora_agent.conf of the software agent. This activation can be done in a local way in the machine or in a remote way from the agent remote configuration.



In26.png



1.2.3.3 Inventory Module in Unix Systems through Software Agent.

The Unix software agent module uses, in a local way, a plugin to get information about different aspects of the machine, both from Software and Hardware.

The module syntax is this:



In27.png



The module consist of one line with the following parameters:

  • Module activation



In28.png



  • Field where is fixed how often(in days) the module will be executed. If the value is 0 the inventory information is sent in each agent execution.



In29.png



  • Field where the inventory objects that are collected are defined.



In30.png



Same as in the Windows agent, it is possible to collect the following objects:

  • CPU: gets information about CPUs.
  • cdrom: gets information about CDROM devices.
  • video: gets information about Videocards.
  • hd: gets information about Hard Drivers.
  • nic:gets information about Network cards, Network Interface Controlers.
  • Patches: gets information about the installed patches.
  • software: gets information about the installed software.
  • process: processes in execution at this moment in the server.
  • ram: gets information about RAM modules.
  • filesystem: gets information about system partitions.
  • users: get information about users.
  • init_services: get infotmation about init services

The plugin that the inventory collects is at the directory /etc/pandora/plugins



In31.png



Is also possible to set the plugin to gather all information available. In this example, the plugin will get all information daily: inventario:

# Plugin for inventory on the agent (Only Enterprise)
module_plugin inventory 1

To activate the Inventory Module you need only to copy the code previously described at the pandora_agent.conf file from the software agent. This activation could be done in a local way in the machine or in a remote way from the agent remote configuration.



In32.png



1.2.3.4 Assigning Local Modules

It is not necessary to activate the modules in the Agents defined at the console. If the modules have been created at Administration> Manage Modules > Inventory modules and they are configured in the Software agent, then, they will appear directly in the Agent at the console.



In33.png




1.2.3.5 Creation of Local Inventory Modules (that are executed in the agent)

Beside the inventory systems that comes "by default" in the agent, you can easily create (much more easily than the remote modules), inventory modules for Unix and Windows systems. You have to create a script which generates a XML with the following structure:


<inventory>
<inventory_module>
<name>INVENTORY_MODULE_NAME</name>
<type>generic_data_string</type>
<datalist>
    <data>DATA1;DATA2;DATA3....</data>
</datalist>
</inventory_module>
</inventory>

Where is written "INVENTORY_MODULE_NAME" it should be written the same name of the module that will be registered in pandora Where is written DATA1;DATA2...are the data you want to get.

Supposing that you want to get an ARP table and IP with their interfaces (see the previous example of the remote inventory modules). This is basically the exit of the command arp -a modified a little.

This time we are going to develop in Windows, the little script that you need, and we are going to save it at "C:\tmp\windows_arp_inventory.bat" that is the following:


@echo off
echo ^<inventory^>
echo ^<inventory_module^>
echo ^<name^>ARP_Table^</name^>
echo ^<type^>generic_data_string^</type^>
echo ^<datalist^>
arp -a | sort | grep "[0-9]"  | grep -v ":" | gawk "{ print \"^<data^>\" $1\";\"$2\";\"$3 \"^</data^>\" }"
echo ^</datalist^>
echo ^</inventory_module^>
echo ^</inventory^>

Now you need to modify pandora_agent.conf, and add the following line:

module_plugin cmd.exe /C C:\tmp\windows_arp_inventory.bat

Template warning.png

This script will be executed each five minutes (default agent interval). If you wnat to execute each X time, you need to code that logic in the script itself.

 


Don't forget, before re-starting the pandora agent, in order that it gets the changes, to create the inventory module in Pandora:



Inventory sample4 .png



Notice that as it is a local module, it don't has the field "interpreter" neither the "code" fields filled in, but it has the Operative System filled in.

The results obtained are the same as the ones we got for the equivalent of remote module on Linux:




Inventory sample5 .png



There are more inventory modules in the Pandora online module library (http://pandorafms.com), both remote and local, and, of course, always the ones that are specifically of it, as you could have seen in this section.

1.3 Data Display for the Inventory

The Inventory Data that have been collected from a system, either in a local way or in a remote way, could be seen from the agent or from the Console Inventory Menu.

1.3.1 Inventory Data Display in the Agent

To see the collected data from an agent with inventory from the agent, go to the Agent Operation Menu and click on the Inventory flap.



In34.png



It is possible to filter the information through the inventory or through a open search. Since 4.0.x version, searches includes custom fields, so it's very useful to search for example, a specific version of software:



Inventory search 403.png



1.3.2 Inventory Data Display in the Inventory Menu

From Operation > Inventory, it's possible to see the Inventory Data of all agents, to do searches and to export data to a CSV.



In37.png



The fields that could be used for searches are these:

  • Group: Combo where you can choose the group of agents you want to filter through.
  • Module: Combo where you can choose the inventory module you want to filter through.
  • Agent: Field where you can write the name of the agent you want to filter through.
  • Search: Field where you can write a text in order to do a search through all the inventory fields.

Through searches it is possible to see the modules of all agents that have inventory, selecting all in the search options and clicking on “Search”.



In38.png



Or an specific module in all agents with inventory, selecting the module and clicking on “Search”.



In39.png



1.3.3 Exporting the Inventory Data to CSV

From Operation > Inventory is possible to export the Inventory Data that are the result of a filter to a CSV file.

Choose the filter and once that there would be data click on “Export CSV”.



In40.png



It is created a file with the Inventory Data separated by semicolon.

Go back to Pandora FMS documentation index