Difference between revisions of "Pandora: Documentation en: Operations"

From Pandora FMS Wiki
Jump to: navigation, search
(Custom Fields)
 
(97 intermediate revisions by 10 users not shown)
Line 1: Line 1:
[[Pandora:Documentation_en|Go back Pandora FMS 3.0 documentation index]]
+
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 +
 
  
 
= Monitoring with Software Agents =
 
= Monitoring with Software Agents =
 +
 +
==Agent names==
 +
 +
From Pandora FMS version 7 onwards, the agents have an alias and a name (or unique identifier). An agent configured by default will generate a name (or identifier) based on a pseudo-random hexadecimal string, and an alias (or visible name) based on the hostname of the machine.
 +
 +
In previous versions, there was only the "name" of the machine, and the previous system is totally compatible with later Pandora FMS versions, the only issue is that if there are two agents with the same identifier (or names) in the same Pandora FMS installation, the data of both agents will be mixed and/or will be overwritten. That is why we introduced from version 7 onwards the possibility that agents with different names could have the same alias.
 +
 +
The following configuration tokens are used to change this behavior:
 +
pandora_agent
 +
pandora_alias
 +
 +
The configuration file does not use either one of them by default, so it gets the hostname of the machine as an alias and a very large random hexadecimal number as a name or identifier. The agent name is no longer visible (except in the agent detail view) and CANNOT be changed. The Agent Alias can be changed at any time, without having to worry about the configuration of the software agent, since the agent's unique identifier is the agent's "name".
  
 
== Agent Configuration ==
 
== Agent Configuration ==
  
Pandora FMS agents have a local configuration by default, so their maintenance is managed from the monitored machine which edits their configuration file.
+
All the configuration and monitoring parameters of the software agents can be found in their configuration file ''pandora_agent.conf''. This is stored locally in the machine where the software agent is installed, so any modification to be made in the agent must be reflected in this file. You have a detailed description of all agent configuration tokens in the chapter "PandoraFMS Agent Configuration" [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Configuration_Agents] while here we will only focus on the advanced uses of some of them.
  
 
=== Remote Configuration ===
 
=== Remote Configuration ===
  
On the Enterprise version, there is a remote Agent Configuration feature which allows centralized configuration and file management from the server console.
+
On the Enterprise version, there is a remote Agent Configuration feature which allows centralized configuration and file management from the server console. This allows centralized management of all our software agents without the need to physically access the systems where they are installed.
  
The configuration consists of two files. Their file names are <md5>.conf and <md5>.md5, where <md5> is the agent's name hash code. Those files are stored in '/var/spool/pandora/data_in/conf' and '/var/spool/pandora/data_in/md5' folders.
+
The configuration consists of two files. Their file names are <md5>.conf and <md5>.md5, where <md5> is the agent's name hash code. Those files are stored in '/var/spool/pandora/data_in/conf' and '/var/spool/pandora/data_in/md5' folders respectively.
  
Those files are composed of plain text and can be edited from the console, which regenerates them if there is any change. Communication is always in the direction from agent to server, which means the functionality is controlled by the agent.
+
These files stored in the server are modified by Pandora FMS console when the agent configuration is edited remotely.  
  
 +
<br>
 
<center>
 
<center>
[[Image:Xml_transfer.png|550px|center|Xml file transfer]]
+
[[image:Sw-agent.png|center|550px]]
 
</center>
 
</center>
 +
<br>
 +
 +
To enable remote configuration, enable the corresponding parameter in the agent's local configuration file first. From this moment on, all the changes must be made from Pandora FMS console:
  
In order to enable the remote configuration, edit the 'remote_config' parameter from the 'pandora_agent.conf' file, setting it to '1'. Once changed, the agent's configuration file will be ignored, because it's detecting a change in the configuration. It's going to download the new version from the server. This is a good way to force the server to get the agent's local configuration to delete both configuration files from the server.
+
remote_config 1
 +
 
 +
{{Tip|Once the agent's remote configuration is enabled, any changes made locally in the configuration file will be overwritten by the configuration stored in the console. If you want to prevent this from happening, stop the agent, modify the configuration file, disable the remote configuration and launch the agent again.}}
  
 
== Common Configuration Parameters ==
 
== Common Configuration Parameters ==
  
In the [[Pandora:Documentation en:Configuration#Pandora_FMS_software_agents|Pandora FMS Software Agents]] section you can find a complete explanation on Agent Configuration. In this section, the common parameters used to configure the Software Agents are going to be explained.
+
In the [[Pandora:Documentation en:Configuration#Pandora_FMS_software_agents|Pandora FMS Software Agents]] section you can find a complete explanation on Agent Configuration. In this section, the common parameters used to configure the Software Agents will be explained.
  
 
The most common parameters are:
 
The most common parameters are:
  
*'''server_ip''': IP direction of Pandora FMS Server.
+
*'''server_ip''': IP address of Pandora FMS Server.
 
*'''server_path''': Path of the 'incoming' folder for the Pandora FMS server (it's '/var/spool/pandora/data_in' by default).
 
*'''server_path''': Path of the 'incoming' folder for the Pandora FMS server (it's '/var/spool/pandora/data_in' by default).
*'''temporal''': Software agent's temporal folder (it's '/var/spool/pandora/data_out' by default).
+
*'''temporal''': Software agent's temporal folder (it is '/var/spool/pandora/data_out' by default).
*'''logfile''': Software agent's log file (it's '/var/log/pandora/pandora_agent.log' by default).
+
*'''logfile''': Software agent's log file (it is '/var/log/pandora/pandora_agent.log' by default).
*'''interval''': Agent's execution interval (it's '300' by default).
+
*'''interval''': Agent's execution interval (it is '300' by default).
*'''intensive_interval''': Intensive module execution interval (it's '300' by default).
+
*'''intensive_interval''': Intensive module execution interval (it is '300' by default).
*'''debug''': Debug mode enable ('0' - it's disabled by default).
+
*'''debug''': Enables (1) the debug mode, to save XML data files and analyze them. When it is activated, it does not send XML to the server and for execution, to be able to analyze the XML generated.
 
*'''agent_name''': Agent name (hostname is taken by default).
 
*'''agent_name''': Agent name (hostname is taken by default).
*'''server_port''': Tentacle server port (it's '41121' by default).
+
*'''remote_config''': Activation of remote configuration. It is disabled (0) by default. Only for Enterprise version.
*'''transfer_mode''': File-transfer mode (it's 'tentacle' by default).
 
*'''remote_config''': Activation of remote configuration ('0' - it's disabled by default).
 
  
An example of the general parameters for a '''UNIX configuration''' would be:
+
An example of the general parameters for '''UNIX configuration''' would be:
  
 
  server_ip      192.168.1.1  
 
  server_ip      192.168.1.1  
Line 52: Line 69:
 
  remote_config  1  
 
  remote_config  1  
  
An example of the general parameters for a '''Windows configuration''' would be:  
+
An example of the general parameters for '''Windows configuration''' would be:  
  
 
  server_ip      192.168.1.1  
 
  server_ip      192.168.1.1  
Line 67: Line 84:
 
==Custom Fields==
 
==Custom Fields==
  
Custom fields are an easy way to personalize agent information. Create custom fields by clicking on 'Resources' -> 'Custom fields'.
+
Custom fields are an easy way to customize agent information. Create custom fields by clicking on 'Resources' -> 'Custom fields'.
 +
 
 +
<br>
 +
<center>
 +
[[image:RK0b6ZaqBm.png|center|800px]]
 +
</center>
 +
<br>
  
 
<center>
 
<center>
[[image:Custom_fields1.png|center|800px]]
+
[[image:vW9D9s2l9u.png|center|800px]]
 
</center>
 
</center>
 +
<br>
  
If you want to create a custom field, click on the 'Create field' button and fill in the fields as described below:
+
{{Tip|<nowiki>You can include links in custom fields using the [url]link[/url] or [url=link]webname[/url] tags.</nowiki>}}
  
 +
When creating your own custom fields, you will be able to specify the following parameters:
 +
 +
* '''Name''': Name of the custom field.
 +
* '''Password type''': The fields with this parameter activated will be shown as asterisks.
 +
* '''Display up front''': With this parameter enabled, custom field information will be displayed in the agent's general view as shown below. In addition, enable this token to send ''Custom Fields'' information to the Metaconsole and be able to see it in the [https://pandorafms.com/docs/index.php?title=Pandora:Metaconsole:Documentation_en:Visualization#Agents agent] view and work in [https://pandorafms.com/docs/index.php?title=Pandora:Metaconsole:Documentation_en:Visualization#Custom_Fields_View ''Custom Field View''] with this data.
 +
 +
<br>
 
<center>
 
<center>
[[image:Custom_fields2.png|center|800px]]
+
[[image:eqyIkxu4qJ.png|center|800px]]
 +
[[image:x1fYvcHCZt.png|center|800px]]
 
</center>
 
</center>
 +
<br>
 +
 +
* '''Enabled combo''': This parameter allows you to activate the configuration of selectable parameters from a drop-down list. Once activated, a new field will appear in the configuration window of the corresponding custom field to enter the combo values separated by commas.
  
* '''Name''': Name of the custom field.
+
{{Warning|If the "Enabled combo" parameter is enabled, "Password type" will be disabled.}}
* '''Display on front''': With this field checked, the custom field will be displayed in front of the agent like on the screenshot below:
 
  
 +
<br>
 
<center>
 
<center>
[[image:Custom_fields3.png|center|800px]]
+
[[image:customfields2.JPG|center|800px]]
 
</center>
 
</center>
 +
<br>
 +
 +
These custom fields can also be retrieved from the agent configuration file, using the following configuration token:
 +
 +
custom_field1_name Model
 +
custom_field1_value i386
 +
 +
This example allows you to use a custom agent field defined in the agent's. conf.
  
 
== Monitoring with the Software Agent ==
 
== Monitoring with the Software Agent ==
  
The data collected by the software agents is kept in small information pieces called 'modules'. Each module only keeps one kind of data. Each module's value is the value of a supervised variable. Once the agent starts sending information, the data will start to consolidate in the database where you're able to access it.
+
Software agents are running on the systems from which they collect information. '''Each of the checks''' they make on the system, such as CPU usage, free memory or disk space, corresponds to a ''module''.
 +
Therefore, each of these modules collects a single data in each execution.
  
 +
There are also some agent-specific ''directives'' that help to collect certain data directly from the operating system (e.g. CPU usage, memory, events, etc.). With these agent-specific directives, there is no need to execute commands. Check the Software Agents Installation Section to obtain more information about them.
  
Please check the Software Agents Installation Section to obtain more information about them.
+
<br>
 
 
 
[[File:Agent-monitoring.png|500px|center]]
 
[[File:Agent-monitoring.png|500px|center]]
 +
<br>
  
The Pandora FMS Software Agents use the operating system's specific commands to obtain information. The Pandora FMS Data Server keeps and processes data generated by these commands which are sent to the server in form of an XML file. The information which gets returned by these commands is contained in what we call 'Modules'.
+
Pandora FMS software agents use the commands of the operating system in which they are installed to obtain the information for each one of their modules. The Pandora FMS data server processes and stores in the database all the information generated by the software agents, which send you their data in an XML file.
  
<center>
+
<br>
[[Image:PandoraAgent_logical_schema.png|center|650px]]
+
[[File:Esquema-3.png|center|650px]]
</center>
+
<center>''Logical schema of an agent/physical agent''</center>
 +
<br>
  
In the agent configuration file, the modules are defined by the following structure:
+
In the agent configuration file, modules are defined by the following structure:
  
 
  module_begin  
 
  module_begin  
Line 110: Line 156:
 
  module_end
 
  module_end
  
The parameter which indicates how to get the module information is called ''' 'module_exec' '''. This parameter specifies the command which the agent should execute in order to get the information from the system. Example:
+
A real case can be:
 +
 
 +
module_begin
 +
module_name Files data_in
 +
module_type generic_data
 +
module_exec ls /var/spool/pandora/data_in | wc -l
 +
module_description Number of files incoming dir
 +
module_end
 +
 
 +
The ''module_exec'' line contains the command that will be executed to collect the information. The value returned by that execution will be the data obtained by the module and will be shown in the monitoring. Another command to get information using ''module_exec'' would be:
  
 
  module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }'
 
  module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }'
  
The agent will execute the command as an operator to collect the information:
+
To collect the information, the agent will execute the command in the shell as if it was done by an operator, so it is always advisable to manually launch the command and analyze the output:
  
 
  $> vmstat 1 2 | tail -1 | awk '{ print $13 }'
 
  $> vmstat 1 2 | tail -1 | awk '{ print $13 }'
  
Then the agent gets the returned value by the command and attaches it to the XML file as module data. Of course the agent can execute any program or script which returns the monitoring value. The field 'module_exec' could be for example:
+
The value returned by the execution will be stored in XML as module data. You can indicate anything in the '' module_exec'' line as long as the output is compatible with the values accepted by Pandora FMS (numerical, alphanumeric or boolean), so it is possible to indicate custom scripts:
  
 
  module_exec myScript.pl --h 127.0.0.1 -v cpu
 
  module_exec myScript.pl --h 127.0.0.1 -v cpu
  
Again the agent is going to execute the command and collects the returned value in the same way as an operator would type in the shell:
+
Again, the agent will execute the command and collect the returned value in the same way as an operator would type in the shell:
  
 
  $> myScript.pl --h 127.0.0.1 -v cpu
 
  $> myScript.pl --h 127.0.0.1 -v cpu
  
 +
When the software agent is executed for the first time, it sends an XML to the Pandora FMS which creates the agent automatically with all its modules.
  
When the software agent is executed for the first time, it sends an XML to the Pandora FMS data server which is received in the server's incoming directory through Tentacle, SSH or FTP. The data server checks this directory every X time and when it finds a file, it gets processed. On opening this data file (XML), it identifies the agent by its specific name. This is because each agent is required to have a distinct, case-sensitive name. The server creates all agents automatically from which it receives data and which aren't already logged in on the DB by default. In the same way, if the agent has been added in 'learning mode', the modules which haven't been previously defined in the agent will be created automatically by the Server.
+
=== Types of Modules ===
 
+
The following are the possible types of modules in software agents depending on the type of data returned:
 
 
{{warning|Configuration file encoding. It's very important to have exactly the same value as the one set in the '''encoding''' configuration parameter. If the encoding is properly set, you're going to avoid the reception of data, bearing wrong encoding characters.}}
 
 
 
=== Kinds of Modules ===
 
 
 
There are several kinds of modules, but they're mainly classified in two categories: Data which originated on software agents and data which originated on network modules, executed by a network server. The modules identified as 'generic' are the ones which originate on software agents and those identified as 'remote' are network modules.
 
 
 
'''generic_data'''
 
 
 
A kind of numerical data. It's pretty useful to keep numerical data (in whole numbers and floating point) obtained through a Pandora FMS agent module.
 
 
 
'''generic_data_inc'''
 
 
 
A kind of increasing numerical data. It keeps data which results in the difference between the last agent data and the current data. The Pandora FMS server calculates and keeps the rate by second automatically. All of the modules which end on 'inc' are of the incremental kind. This kind of data is used to count the 'number of times' of something per second, e.g. the entries in a log, bytes/sec, connections/sec, etc.
 
 
 
'''generic_data_inc_abs'''
 
 
 
A kind of increasing numerical data. It collects data as a result of the difference between the previous module data and the current data, without making the division by seconds, obtaining total increment and not increment per second. All of the modules that end on 'inc_abs' are of incremental absolute type. This kind of data is used to count the 'number of times' of something, e.g. the entries in a log, total traffic of bytes, connections to a host, etc.
 
 
 
'''generic_proc'''
 
 
 
They are generally called "monitors", too. They belong to the boolean kind of data where a value of '0' means 'false' or 'bad value', and values higher than '0' mean 'right' or 'right value'. The 'generic proc' kind is also called 'monitor', because they can show if something is right or wrong without the need of interpreting or establishing alerts on it. They are displayed in the agent view as small lights. Red if it's '0', green if it's higher than'0'. All of modules which end on 'proc' are monitors.
 
 
 
'''generic_data_string'''
 
 
 
Kinds of alphanumeric data (text).
 
 
 
''Image module''
 
 
 
If the data in the module is a base64 image, in other words, part of the string contains "data:image", it will be identified as an image and, on the views where it appears, it will enable a link to open a window to display the image. Also on its historical data the strings that build/generate the images will be saved and displayed.
 
 
 
'''async_data'''
 
 
 
It's a kind of asynchronous numeric data. It's the same as 'generic_data' but for asynchronous data which is only updated if there is a change. The asynchronous kind of data don't have a defined periodicity when we can obtain data.
 
 
 
'''async_string'''
 
 
 
This is a kind of asynchronous alphanumeric data. It's the same as 'generic_string' but for asynchronous data which are only updated if there is a change. It's the kind of data that you're recommended to use if you want to monitor searches in logs or event viewers. We could have new data by any second or not having one at all in many days.
 
  
''Image module''
+
*'''generic_data''': Numerical and floating point data.
 +
*'''generic_data_inc''': A kind of increasing numerical data. Stores the difference between the previous and current data divided by the elapsed time in seconds, showing the rate per second. This type of data is used to count "number of times per second" of something, such as log entries/sec, receivedbytes/sec , incoming connections/sec , etc.
 +
*'''generic_data_inc_abs''': Type of absolute increasing numerical data. It stores the difference between the previous and current data, without dividing it between the elapsed seconds, so the value will correspond to the total increase between the two executions, and not to the increase per second. This type of data is used to count the number of times something happens, such as log entries, total received bytes, number of incoming connections, and so on.
 +
*'''generic_proc''': Boolean type of data, where a value of 0 means False or incorrect, and values above zero mean True or correct. The ''generic_proc'' types have the critical (0) and correct (1 or higher) states preconfigured.
 +
*'''generic_data_string''': Kinds of alphanumeric data (text).
 +
*'''async_data''': It is a kind of asynchronous numeric data. It is the same as 'generic_data' but for asynchronous data which is only updated if there is a change. The asynchronous kind of data do not have a defined periodicity when data can be obtained.
 +
*'''async_string''': This is a kind of asynchronous alphanumeric data. It is the same as 'generic_string' but for asynchronous data which are only updated if there is a change. It is the kind of data that you are recommended to use if you want to monitor searches in logs or event viewers. New data can be obtained at any moment or not for several days.
 +
*'''async_proc''': It is a kind of asynchronous boolean data. It is the same as 'generic _proc' but for asynchronous data which are only updated if there is a change.
  
If the data in the module is a base64 image, in other words, part of the string contains "data:image", it will be identified as an image and, on the views that it appears, it will enable a link to open a window to display the image. Also on its historical data the strings that build/generate the images will be saved and displayed.
 
  
'''async_proc'''
+
*'''Image module''': They are based on a text string type module (generic_data_string or async_string). If the data in the module is a base64 image, in other words, part of the string contains "data:image", it will be identified as an image and, on the views that it appears, it will enable a link to open a window to display the image. Also on its historical data the strings that build/generate the images will be saved and displayed.
  
It's a kind of asynchronous boolean data. It's the same as 'generic _proc' but for asynchronous data which are only updated if there is a change.
+
The software agent already comes preconfigured to send certain data from the system on which it is installed. These usually are (depending on the version):
 
 
The software agent already comes preconfigured to send certain data from the system on which it's installed. These usually are (depending on the version):
 
  
 
* System CPU  
 
* System CPU  
Line 183: Line 205:
 
* Monitor of the programs and services states
 
* Monitor of the programs and services states
  
Depending on the software agent, they are also going to look for one operating system or another. They also might have more modules or different things to check.
+
===Intervals in local modules===
 +
The local modules (or software agent modules) all have the interval of their agent as a "base". In other words, if an agent has an interval of 5 minutes (300 seconds), all modules will have an interval of 5 minutes by default. You can make a module have a HIGHER interval, but you can never make it lower than the agent's base interval, since the interval of a module is defined as a multiplier of the agent's interval.
  
All this information is located in the file 'pandora_agent.conf'. This file is in the directory '/etc/pandora/' under GNU/Linux and, under the default Windows installation, the directory is 'C:\Archivos de Programa\pandora_agent\' or 'C:\Program Files\pandora_agent\' or similar.
+
If an agent has an interval of 300 and a module of that agent has the following configuration:
  
We are now going to explain the kind of data for some of the modules:
+
module_interval 2
  
Percentage of CPU usage under GNU/Linux
+
The interval module will be 300x2. The module_interval parameter only supports whole numbers higher than zero.
  
<pre>
+
=== Module Creation Interface ===
# CPU usage percentage (GNU/Linux)
 
module_begin
 
module_name cpu_user
 
module_type generic_data
 
module_interval 1
 
module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }'
 
module_max 100
 
module_min 0
 
module_description User CPU Usage (%)
 
module_end
 
</pre>
 
 
 
It's obvious the kind of module is from the 'generic_data' kind which executes a GNU/Linux console command to obtain the result ('module_exec'). The maximum is set to '100' and the minimum to '0'. The interval ('module_interval') represents the number of iterations between the execution of each module. If it's different from '1', the module will only start the execution of the agent the number of times which is set there. If e.g. the agent execution time is set on '300' and the module interval is '3', the module is going to be executed every 900 seconds.
 
 
 
Percentage of the CPU usage under Windows:
 
 
 
<pre>
 
# CPU usage percentage (Windows)
 
module_begin
 
module_name CPUUse
 
module_type generic_data
 
module_cpuusage all
 
module_description CPU#0 usage
 
module_end
 
</pre>
 
  
As you can easily see, the module is completely different from GNU/Linux under Windows. Under Windows it's an internal agent command where '''module_cpuusage all''' represents the CPU usage for all CPUs. Using 'module_cpuusage' is only going to calculate the CPU usage for CPU #0. The rest of the fields are optional.
+
(Enterprise only)
  
To add one more module, please check the agent configuration and create a valid module block. Once you have done this, keep the agent configuration file and restart the agent, no matter if it's the UNIX daemon or the Windows service.
+
In the Enterprise version, it is possible to create and manage local modules of the software agents if they have the ''remote_config 1'' parameter. If you do not have the Enterprise version, all these operations must be done directly on the configuration file of the software agent, locally in the system where the agent is installed.
  
=== Module Creation Interface ===
+
Creating local modules from the console is done using a text box form. This is the location to specify the configuration data, which will be placed into the configuration file of the software agent (besides the common configuration with the remote modules like thresholds, type and group).
  
The creation of local modules from the console is done using a text box form. This is the location to specify the configuration data, which will be placed into the configuration file of the software agent (besides the common configuration with the remote modules like thresholds, type and group).
+
''Creating a module with the remote config enabled on the agent:''
 
 
''Creation of a module with the remote config enabled on the agent:''
 
  
 
<center>
 
<center>
Line 232: Line 228:
 
</center>
 
</center>
  
In this text box there are '''two buttons''': One to '''create a basic configuration structure''' and the other to '''check that the data is correct'''. This check is intended for basic parameters, e.g. checking if it begins with 'module_begin', ends with 'module_end' and if it has a valid type and name. Other parameters may be wrong, but that won't be detected here.
+
In this text box there are '''two buttons''', one to '''create a basic configuration structure''' and the other to '''check that the data is correct'''. This check is intended for basic parameters, e.g. checking if it begins with 'module_begin', ends with 'module_end' and whether it has a valid type and name. Other parameters may be wrong, but that will not be detected here.
  
<center>
+
'''The field name and the type combo are linked to the 'module_name' and 'module_type' parameters of the data configuration'''. If the module name on the name field is changed, the configuration data name will be changed automatically and vice versa. If a type in the combo is selected, the data configuration type will be changed and if a correct type was written in the configuration data, this type will be selected automatically in the combo.
[[Image:local_module_editor_basic.png|center|750px]]
 
</center>
 
  
<center>
+
When a module from a local component is changed, it might have macros. If that is the case, the configuration data box will be hidden and a field for each macro will appear instead. You can find a detailed explanation of this feature in the following section:
[[Image:local_module_editor_check_wrong.png|center|750px]]
 
</center>
 
 
 
<center>
 
[[Image:local_module_editor_check_right.png|center|750px]]
 
</center>
 
 
 
'''The field name and the type combo are linked to the parameters 'module_name' and 'module_type' of the data configuration'''. If you change the module name on the name field, the configuration data name will be changed automatically and vice versa. If you select a type in the combo, the data configuration type will be changed and if a correct type was written in the configuration data, this type will be selected automatically in the combo.
 
 
 
When a module from a local component is changed, it might have macros. If it has macros, the configuration data will be hidden and a field for each macro is going to appear instead. You can find a detailed explanation of this feature in the following section:
 
  
 
[[Pandora:Documentation_en:Templates_and_components#Macros|Templates and components]]
 
[[Pandora:Documentation_en:Templates_and_components#Macros|Templates and components]]
  
 
=== Conditional Monitoring ===
 
=== Conditional Monitoring ===
 +
==== Post-Conditions ====
  
The Pandora FMS Software Agent supports the execution of a script as a postcondition, depending on the module value. Also the software agent has a feature to evaluate a precondition before module execution. We're going to explain both features and provide examples in this section for them.
+
Pandora FMS software agent supports the execution of commands and scripts as post-conditions. This means that '''actions could be performed depending on the value obtained in the execution of the module'''.
 
 
==== Post-Conditions ====
 
  
The parameter '''module_condition''' defines a postcondition in the moment of module execution. It means this parameter defines the command which will be executed depending on the value returned by the module. The structure in the configuration file is:
+
With the ''module_condition'' parameter, a value or range of values and the execution to be carried out must be indicated in case the module is between these values:
  
 
  module_begin
 
  module_begin
Line 279: Line 262:
 
Some examples:
 
Some examples:
  
''Execution if the module data is less than '20' '':
+
Execution if the module data is less than '20' :
  
 
  module_begin
 
  module_begin
Line 288: Line 271:
 
  module_end
 
  module_end
  
If the script named 'get_cpu_usage.pl' returns '18', the software agent is going to execute the script 'add_processes.sh', otherwise it won't.
+
If the script named 'get_cpu_usage.pl' returns '18', the software agent will execute the script 'add_processes.sh', otherwise it will not.
  
''Execution with two preconditions'':
+
Execution with two postconditions:
  
 
  module_begin
 
  module_begin
Line 300: Line 283:
 
  module_end
 
  module_end
  
If the module returns '15', the software agent is going to only execute the script named 'add_processes.sh' - but if the value is '6', the script is going to execute both scripts named 'start_new_server.sh' and 'add_processes.sh'.
+
If the module returns '15', the software agent will only execute the script named 'add_processes.sh' - but if the value is '6', the script will execute both scripts named 'start_new_server.sh' and 'add_processes.sh'.
  
 
==== Pre-Conditions ====
 
==== Pre-Conditions ====
  
The parameter ''' 'module_precondition' ''' defines a precondition to evaluate before a module execution. Depending on the result of this precondition, the software agent will execute the module or not. The structure of the configuration file is:
+
The '''module_precondition''' parameter defines a precondition to evaluate before a module execution. Depending on the result of this precondition, the software agent will execute the module or not. The structure of the configuration file is:
  
 
  module_begin
 
  module_begin
Line 323: Line 306:
 
  module_end
 
  module_end
  
Some examples:
+
In the example above, there are two preconditions. For the module to be executed all preconditions must be met, in this case two, so the module will only be executed when the number_active_processes.sh script returns a number higher than 10 and the important_service_enabled.sh script returns 1.
  
 
''Module execution if the precondition is above '10' only:''
 
''Module execution if the precondition is above '10' only:''
Line 334: Line 317:
 
  module_end
 
  module_end
  
The software agent executes the script 'number_active_processes.sh', if the returned value is greater than '10'. If the returned value is lower than '10', the module will never be executed.
+
In the example above, the software agent executes the 'number_active_processes.sh' script, if the returned value is higher than '10'. If the returned value is lower than '10', the module will not be executed.
  
''Module execution if only two of the preconditions are met:'':
+
=== Intensive Monitoring ===
 
 
module_begin
 
module_name CPU_Usage
 
module_type generic_data
 
module_exec get_cpu_usage.pl
 
module_precondition > 10 number_active_processes.sh
 
module_precondition = 1 important_service_enabled.sh
 
module_end
 
  
We have two preconditions in this example. To execute the module (both of them in this case), all preconditions must be met. The module will only be executed if the script 'number_active_processes.sh' returns a value greater than '10' and when the script 'important_service_enabled.sh' returns a value of '1'.
+
There are certain specially important modules, such as critical running processes or services. Intensive monitoring enables more controlled monitoring of these particular cases.
  
=== Intensive Monitoring ===
+
It consists of warning in a shorter interval that a problem has arosen without reducing the agent's general interval.
  
(Only available in versions 5.0 or above)
+
The software agent presents these two configuration parameters:
 +
*'''Interval''': agent sampling time in seconds. This is the general range for all local modules. Required parameter.
 +
*'''Intensive_interval''': time in which you will be notified of a problem on the especially critical modules. Optional parameter.
  
Certain values are very important for some modules, while others are not. If when you are monitoring a system service, you want to be notified as soon as possible if the service goes down - but you don't need to be reminded the service is up every ten seconds.
+
At module level, the ''module_intensive_condition'' parameter will be used to determine under which condition the status of the module will be notified in the time defined by the'' intensive_interval''.
  
This is where intensive modules come in. Intensive modules run with an interval of ''intensive_interval'' in seconds. When intensive conditions are met, they run the rest of the time with an interval of ''interval'' seconds like the rest of the modules.
+
* '''module_intensive_condition = 0''': if the module obtains as a result the value indicated in this parameter (in this case 0), it will be notified in the intensive interval defined in the agent.
  
If you want to check whether the SSHD system service is running every 10 seconds, but want to be notified every 10 minutes if the service is fine, you may configure the agent in the following way:
+
The following example shows the configuration of a agent about which it is desired to be notified in 10 seconds if the sshd process has stopped working:
  
 
  intensive_interval 10
 
  intensive_interval 10
  interval 600
+
  interval 300
  
 
  module_begin
 
  module_begin
Line 368: Line 345:
 
  module_end
 
  module_end
  
If the service goes down, you will be notified in the next 10 seconds. If the service is up, you will be notified in the next 10 minutes.
+
If the service fails, you will be notified in the next 10 seconds. If the service is up, you will be notified in the next 5 minutes, like normally.
 
 
This can save a lot of space in the Pandora FMS Database.
 
  
 
=== Programmed Monitoring ===
 
=== Programmed Monitoring ===
  
The software agent supports the definition of programmed modules which are executed in the defined instances. The syntax is the same as crontab. For a detailed explanation, see http://en.wikipedia.org/wiki/Cron#Predefined_scheduling_definitions
+
The software agent supports the definition of programmed modules which are executed in the defined instances. The syntax is the same as crontab. The module structure is the following:
 
 
The module structure is the following:
 
  
 
  module_begin
 
  module_begin
Line 385: Line 358:
 
  module_end
 
  module_end
  
In this example the module '''is executed once''', every Monday from 1200 to 1500 hours.
+
In this example, the module is executed every Monday from 12 to 15.
  
If you want a module which is executed '''during all the interval''', we have to set the option 'module_cron_interval' to '0' in this way:
+
If you are required to execute the module every hour and ten minutes, you can use this module definition:
  
 
  module_begin
 
  module_begin
Line 393: Line 366:
 
  module_type generic_data
 
  module_type generic_data
 
  module_exec script.sh
 
  module_exec script.sh
  module_crontab * 12-15 * * 1
+
  module_crontab 10 * * * *
module_cron_interval 0
 
 
  module_end
 
  module_end
  
If we're required to execute the module every hour past ten minutes we can use this module definition:
+
{{Tip|Note that if you use an interval that causes the module not to report data, this module will go into "unknown" status. Use asynchronous modules for these cases.}}
 
 
module_begin
 
module_name crontab
 
module_type generic_data
 
module_exec script.sh
 
module_crontab 10 * * * *
 
module_cron_interval 0
 
module_end
 
  
=== Specific Monitoring for Windows ===
+
== Specific Monitoring for Windows ==
  
 
The software agent for Windows has specific features to make monitoring a lot easier. These features are explained with some examples:
 
The software agent for Windows has specific features to make monitoring a lot easier. These features are explained with some examples:
  
==== Monitoring Processes and Watchdog Process ====
+
=== Monitoring Processes and Process Watchdog ===
  
===== Monitoring of Processes =====
+
==== Process Monitoring ====
  
The parameter '''module_proc''' verifies if a process with a preset name is running on this machine. The module definition is:
+
The parameter '''module_proc''' verifies whether a process with a preset name is running on this machine. The module definition is:
  
 
  module_begin
 
  module_begin
Line 424: Line 388:
 
  module_end
 
  module_end
  
If the process name has blanks, '''don't use «" "»'''. The process name is the same as shown in Windows Task Manager (taskmngr) including the .exe extension. It's very important to '''use the same upper and lower-case letters'''.
+
If the process name has blanks, '''do not use «" "»'''. The process name is the same as the one shown in Windows Task Manager (taskmngr) including the .exe extension. It is very important to '''use the same upper and lower-case letters'''.
  
If you want the software agent to immediately notify you if a process is not working add the parameter '''module_async yes'''. In this case, the module definition would be:
+
If you want the software agent to immediately notify you if a process is not working, add the parameter '''module_async yes'''. In this case, the module definition would be:
  
 
  module_begin
 
  module_begin
Line 436: Line 400:
 
  module_end
 
  module_end
  
===== Watchdog Process =====  
+
==== Watchdog Process ====  
  
The watchdog feature on the Pandora Agent for Windows allows immediate response to the crash of a process and restarts it. It's important to keep in mind that the watchdog only works if the module is of the asynchronous type.
+
The watchdog feature on the Pandora FMS Agent for Windows allows immediate response to the failure of a process and restarts it. It is important to keep in mind that the watchdog only works if the module is of the asynchronous type.
  
 
The definition of a module with watchdog enabled would be as follows:
 
The definition of a module with watchdog enabled would be as follows:
Line 449: Line 413:
 
  module_async yes
 
  module_async yes
 
  module_watchdog yes
 
  module_watchdog yes
 +
module_user_session yes
 
  module_start_command c:\windows\notepad.exe
 
  module_start_command c:\windows\notepad.exe
 
  module_startdelay 3000
 
  module_startdelay 3000
Line 455: Line 420:
 
  module_end
 
  module_end
  
In the previous example, the watchdog is only going to activate the 'notepad.exe' if the process is not running. It's going to execute the command  
+
In the previous example, the watchdog will be activated each time the notepad.exe process is deactivated and the command c: \windows\notepad. exe will be executed. In addition, if we look at the other watchdog configuration parameters, we will see that the process reactivation will be attempted 5 times with an initial wait time of 3 seconds and a waiting time between retries of 2 seconds. In this example, the notepad.exe process will be launched in the user's session.
''c:\windows\notepad.exe'' each time. Other preconfigured parameters for the watchdog execution are to try 5 times with a warm-up time (delay before trying) of 3 seconds and a time of 2 seconds between retries.
 
  
==== Service Monitoring and Watchdog Service ====
+
=== Service Monitoring and Service Watchdog ===
  
===== Service Monitoring =====  
+
==== Service Monitoring ====  
  
The parameter '''module_service''' verifies if a specified service is running on the machine. The definition of this module is as follows:
+
The '''module_service''' parameter verifies whether a specified service is running on the machine. The definition of this module is as follows:
  
 
  module_begin
 
  module_begin
Line 471: Line 435:
 
  module_end
 
  module_end
  
If the service name has blanks, don't use «" "». To find the service name, you can look at the Service Name field under the Windows Service Manager. It's important to keep in mind that all names are case sensitive.
+
If the service name has blanks, do not use «" "». To find the service name, look for the Service Name field under the Windows Service Manager. It is very important to '''use the same upper and lower-case letters'''.
  
If you want the software agent to warn you immediately when a service is down, add the parameter '''module_async yes'''. The module definition would be as follows:
+
If you want the software agent to warn you immediately when a service is down, add the parameter '''module_async yes'''. The module definition should be as follows:
  
 
  module_begin
 
  module_begin
Line 483: Line 447:
 
  module_end
 
  module_end
  
===== Watchdog Service =====
+
==== Service Watchdog ====
  
There is a watchdog mode for services which allow you to detect and restart a downed service almost in real time. A module definition example using watchdog would be the following:
+
There is a watchdog mode for services which allows you to detect and restart a downed service almost in real time. A module definition example using watchdog would be the following:
  
 
  module_begin
 
  module_begin
Line 496: Line 460:
 
  module_end
 
  module_end
  
The watchdog definition for services which have no need for any extra parameters because they are incorporated in the service definition.
+
The watchdog definition for services has no need for any extra parameters because they are incorporated in the service definition.
  
==== Monitoring Basic Resources ====
+
=== Basic Resource Monitoring ===
  
 
This section describes how to monitor the basic variables of a Windows-based machine.
 
This section describes how to monitor the basic variables of a Windows-based machine.
  
===== Monitoring the CPU =====
+
==== CPU Monitoring ====
  
To monitor the CPU, you may use the parameter '''module_cpuusage''' which returns the CPU usage percentage.
+
The parameter '''module_cpuusage''' returns the CPU usage percentage.
  
Its possible to monitor the CPU based on its ID with a module definition like the following:
+
It is possible to monitor the CPU based on its ID with a module definition like the following:
  
 
  module_begin
 
  module_begin
Line 515: Line 479:
 
  module_end
 
  module_end
  
You're also able to monitor the average CPU usage from all systems with the following module:
+
It is also possible to monitor the average CPU usage from all systems with the following module:
  
 
  module_begin
 
  module_begin
Line 524: Line 488:
 
  module_end
 
  module_end
  
===== Memory Monitoring =====
+
==== Memory Monitoring ====
  
 
To monitor the memory, you can use two parameters: '''module_freememory''' which returns the amount of free memory in the system and '''module_freepercentmemory'''
 
To monitor the memory, you can use two parameters: '''module_freememory''' which returns the amount of free memory in the system and '''module_freepercentmemory'''
Line 546: Line 510:
 
  module_end
 
  module_end
  
===== Monitoring Hard drives =====
+
==== Hard Drive Monitoring ====
  
To monitor the hard drive space, you may use two parameters: '''module_freedisk''' which returns the amount of available space and '''module_freepercentdisk''' which returns the percentage of available space. Both parameters require the monitored unit as an input. '''Please don't forget the «":"» characters.'''
+
To monitor hard drive space, you may use two parameters: '''module_freedisk''' which returns the amount of available space and '''module_freepercentdisk''' which returns the percentage of available space. Both parameters require the monitored unit as an input. '''Do not forget the character « : ».'''
  
A module which utilizes the '''module_freedisk''' parameter is defined in this way:
+
A module that uses the '''module_freedisk''' parameter is defined in this way:
  
 
  module_begin
 
  module_begin
Line 558: Line 522:
 
  module_end
 
  module_end
  
An module which utilizes the '''module_freepercentdisk''' parameter is defined in this way:
+
A module example that uses the '''module_freepercentdisk''' parameter is defined in this way:
  
 
  module_begin
 
  module_begin
Line 568: Line 532:
 
==== WMI Queries ====
 
==== WMI Queries ====
  
The Pandora FMS Software Agent allows you to extract information by using WMI queries and ODBC connections - very common technologies used to store external or system-related information.
+
Pandora FMS Software Agent allows you to retrieve information by using WMI queries, which is a source of data widely used to obtain  external or system-related information.
  
===== WMI Queries =====
+
The software agent allows you to execute any local WMI query you want using the '''module_wmiquery''' parameter. To perform the query, WMI query is defined in the '''module_wmiquery''' parameter and the column that contains the information to be monitores with the '''module_wmicolumn''' parameter.
  
The software agent allows you to execute any local WMI query you want using the '''module_wmiquery''' parameter. To perform the query, set the parameter '''module_wmiquery''' by the query which is going to be performed and to set the parameter '''module_wmicolumn''' by the column which has the information to monitor.
+
You will get a list with the installed services:
 
 
We're able to get a list with the installed services:
 
  
 
  module_begin
 
  module_begin
Line 583: Line 545:
 
  module_end
 
  module_end
  
We're also able to get the CPU load using WMI:
+
You will also be able to get the current CPU load using WMI:
  
 
  module_begin
 
  module_begin
Line 592: Line 554:
 
  module_end
 
  module_end
  
=== Remote Checks with Software Agents ===
+
== Remote Checks with Software Agents ==
  
A remote check performed by the agent makes it easy to monitor complex networks that have special, security-related requirements. This section explains how to use this feature of the software agent:
+
A remote check performed by the agent makes it easy to monitor complex networks that have special, security-related requirements.  
  
==== ICMP Checks ====
+
This way of working is usually used when remote checks have to be launched on systems that the main Pandora FMS server does not have access to, for which it is possible to install a software agent, run remote checks from that point and distribute them in broker agents.
  
ICMP or ping checks come in handy if the machine is connected to a network. Only one software agent is easily able to monitor the status of the whole network in this way.
+
This section explains how to use this feature of the software agents.
 +
 
 +
=== ICMP Checks ===
 +
 
 +
ICMP or ping checks are very useful to know whether a machine is connected to a network or not. In this way, a single software agent could easily monitor the status of all machines.
  
 
'''UNIX'''
 
'''UNIX'''
  
By using the UNIX software agent, you're able to utilize the system commands to create a module which performs the ping check. An example module definition would be:
+
By using the UNIX software agent, you are able to use the system commands to create a module which performs the ping check. An example module definition would be:
  
 
  module_begin
 
  module_begin
 
  module_name Ping
 
  module_name Ping
 
  module_type generic_proc
 
  module_type generic_proc
  module_exec ping -c 1 192.168.100.54 >/dev/null 2>&1; if [ $? == 0 ]; then echo 1; else echo 0; fi
+
  module_exec ping -c 1 192.168.100.54 >/dev/null 2>&1; if [ $? -eq 0 ]; then echo 1; else echo 0; fi
 
  module_end
 
  module_end
  
In this example module, we're going to perform a ping check on the host '192.168.100.54'. If you want to check a different host, all you have to do is to change the IP.
+
In this example module, a ping check is performed on the '192.168.100.54' host. To check a different host, change the IP.
  
 
'''Windows'''
 
'''Windows'''
  
The software agent for Windows platforms has the following parameters to configure the ping checks:
+
The software agent for Windows platforms supports specific configuration parameters to configure ping checks:
  
* module_ping_count x: Number of ECHO_REQUEST packages to send (Default value is '1').
+
* module_ping_count x: Number of ECHO_REQUEST packages to be sent (Default value is '1').
 
* module_ping_timeout x: Timeout in seconds (Default value is '1').
 
* module_ping_timeout x: Timeout in seconds (Default value is '1').
 
* module_advanced_options: Advanced options for 'ping.exe'.
 
* module_advanced_options: Advanced options for 'ping.exe'.
Line 630: Line 596:
 
  module_end
 
  module_end
  
In this example, we're going to perform the same check as in the previous one, but now we're going to use the Software Agent for Windows platforms.
+
In this example, the same check is going to be performed as the previous one, but now the Software Agent for Windows platforms is going to be used.
  
==== TCP Checks ====  
+
=== TCP Checks ===  
  
TCP checks are useful to verify if a port of a host happens to be open or not. Interesting in case you want to know if an application is connected to the network or not.
+
TCP checks are useful to verify whether a port of a host happens to be open or not. That may be interesting in case you want to know whether an application is connected to the network or not.
  
 
'''UNIX'''
 
'''UNIX'''
  
We're able to perform the TCP checks by the following module by utilizing the software agent for UNIX platforms:
+
You will able to perform the TCP checks through the following module by using the software agent for UNIX platforms:
  
 
  module_begin
 
  module_begin
Line 647: Line 613:
 
  module_end
 
  module_end
  
With this module, we're going to check if port 80 of the host '192.168.100.54' is open or not.
+
This module will help you to check whether port 80 of the '192.168.100.54' host is open or not.
  
  
 
'''Windows'''
 
'''Windows'''
  
If we want to use the software agent for Windows, we have some parameters to configure for the TCP check. The parameters are:
+
If you want to use the software agent for Windows, here you have some parameters to configure the module. They are:
  
 
* module_tcpcheck: Host to be checked
 
* module_tcpcheck: Host to be checked
Line 668: Line 634:
 
  module_end
 
  module_end
  
This module is the equivalent for the Windows software agent to perform the check on port 80 of the host '192.168.100.54'.
+
This module is the equivalent for the Windows software agent to perform the check on port 80 of the '192.168.100.54' host.
  
==== SNMP Checks ====
+
=== SNMP Checks ===
  
 
SNMP checks are commonly used to monitor network devices to check the interface status, inbound/outbound bytes, etc.
 
SNMP checks are commonly used to monitor network devices to check the interface status, inbound/outbound bytes, etc.
Line 676: Line 642:
 
'''UNIX'''
 
'''UNIX'''
  
If you are using the software agent for UNIX platforms, you may create the module using the command 'snmpget' like this:
+
If you are using the software agent for UNIX platforms, you may create the module using the 'snmpget' command like this:
  
 
  module_begin
 
  module_begin
Line 684: Line 650:
 
  module_end
 
  module_end
  
This module returns the value for OID .1.3.6.1.2.1.2.2.1.1.148 on the host '192.168.100.54'.
+
This module returns the value for OID .1.3.6.1.2.1.2.2.1.1.148 on the '192.168.100.54' host.
  
 
'''Windows'''
 
'''Windows'''
  
For the Windows software agent, we have the following configuration parameters for the module:
+
For Windows software agent, these are the parameters:
  
 
* module_snmpversion [1,2c,3]: SNMP version (Default value is '1').
 
* module_snmpversion [1,2c,3]: SNMP version (Default value is '1').
Line 708: Line 674:
 
  module_end
 
  module_end
  
Using the UNIX software agents, this module is the Windows platform equivalent to do the last performed check.
+
This module would be the Windows platform equivalent for the previous check performed through the software agent for Unix.
  
=== Proxy Mode ===
+
== Proxy Mode ==
  
{{Warning|To use the agent's proxy mode on Linux or UNIX systems, '''the agent must -not- be executed by a root user !''' You're required to perform a custom installation of the Pandora FMS agent to do so. You may look up all the details about custom installations in the section [[Pandora:Documentation_en:Installing#Custom_agent_installation|Custom Agent Installation.]]}}
+
{{Warning|To use Pandora FMS agent's proxy mode on Linux or UNIX systems, '''the agent must -not- be executed by a root user !''' You are required to perform a custom installation of the Pandora FMS agent to do so. You may look up all the details about custom installations in the section [[Pandora:Documentation_en:Installing#Custom_agent_installation|Custom Agent Installation.]]}}
  
Pandora FMS Software Agents have a Proxy Mode which allows them to act as proxies, redirecting the communication of several agents to the Pandora FMS Server. The software agent with an enabled proxy mode is able to perform monitoring tasks, too.
+
Pandora FMS Software Agents have a Proxy Mode which allows them to act other software agent proxies, redirecting the communication of several agents to the Pandora FMS Server. The software agent with an enabled proxy mode is able to perform monitoring tasks too.
  
 +
<br>
 
[[File:Proxy-mode.png|700px|center]]
 
[[File:Proxy-mode.png|700px|center]]
 +
<br>
  
The Proxy Mode is very useful if you're dealing with a network in which only one machine can communicate with the Pandora FMS Server. In this situation, all software agents installed on machines without access to the Pandora FMS Server are going to send the XML files to the agent currently working as a proxy - which is going to redirect all files to Pandora FMS Server.
+
The Proxy Mode is very useful if you are dealing with a network in which only one machine can communicate with Pandora FMS Server and you need to monitor by means of software agents the rest of network computers. In this situation, the other computers will communicate with the proxy instead of the server.
  
In addition to XML file redirection, the proxy mode supports ''Remote Configuration'' and ''File Collection'' features.
+
In addition data forwarding through XML, the proxy mode supports ''Remote Configuration'' and ''File Collection'' features.
  
To enable the Proxy Mode in a software agent, you're required to configure the following parameters:
+
With all these features, the Proxy Mode offers a ''transparent operation'' of software agents in networks with limited connectivity.
  
* server_ip: IP of the Pandora FMS Server. If the proxy mode is enabled, '''the IP is not allowed to take the following values: '127.0.0.1', 'localhost' or '0.0.0.0'.'''
+
To enable the Proxy Mode in a software agent, configure the following parameters:
* proxy_mode: If it's set to '1', the proxy mode is enabled. The default value is '0' (disabled).
+
 
* proxy_max_connection: Maximum number of connections for the proxy. The default value is '10'.
+
* server_ip: IP of the Pandora FMS Server.
 +
* proxy_mode: Enabled (1) or diabled (0).
 +
* proxy_max_connection: Maximum number of simultaneous connections for the proxy. The default value is '10'.
 
* proxy_timeout: Proxy timemout. The default value is '1' (in seconds).
 
* proxy_timeout: Proxy timemout. The default value is '1' (in seconds).
 +
* proxy_address: Address in which the proxy listens.
 +
* proxy_port: Port in which the proxy listens.
  
 
A configuration example:
 
A configuration example:
Line 736: Line 708:
 
  proxy_timeout 3
 
  proxy_timeout 3
  
To redirect a software agent's connection, you're only required to set the IP address of the proxy mode enabled software agent to the IP address of the Pandora FMS Server on agents with limited access, e.g.:
+
To redirect the connection of a software agent, enter as Pandora FMS server address that of the agent with the Proxy Mode activated. For example:
  
Our proxy mode enabled agent has the IP of '192.168.100.24'.
+
This proxy mode enabled agent has the IP 192.168.100.24
  
In the software agent which can't directly connect to the Pandora FMS Server, we configure the parameter '''server_ip''' in the following way:
+
In the software agent which cannot directly connect to the Pandora FMS Server, configure the '''server_ip''' parameter in the following way:
  
 
  server_ip 192.168.100.24
 
  server_ip 192.168.100.24
  
 +
With this configuration, the software agent with limited communication will use the software agent in Proxy Mode to communicate with Pandora FMS server, keeping all its features such as remote configuration, policies or file collections.
  
This configuration allows the access-limited software agent to use the other software agent with enabled proxy mode to communicate with the Pandora FMS Server.
+
== Broker Mode ==
 
 
=== Broker Mode ===
 
  
 
The software agent has a Broker Mode which allows one agent to monitor and manage the configuration as if there were several software agents installed:
 
The software agent has a Broker Mode which allows one agent to monitor and manage the configuration as if there were several software agents installed:
  
 +
<br>
 
[[File:Modo-broker.png|700px|center]]
 
[[File:Modo-broker.png|700px|center]]
 +
<br>
  
The software agent with enabled Broker Mode has an auxiliary configuration file (defined for each broker) which is similar to a software agent's main configuration file. In this way the software agent's behavior is the same as if several software agents were installed in the same machine, it means, each broker works in the same way a software agent does. This feature is very useful to remotely manage several devices by installing only one software agent. It's also possible to monitor several devices with different configuration files but only one software agent in this way.
+
When the broker mode is activated in a software agent, a new configuration file is created. From that moment on, the original software agent and the new broker will be managed separately with their independent configuration files, as if they were two completely separate software agents on the same machine.
  
 
The main features of the Broker Mode are:
 
The main features of the Broker Mode are:
  
* To send local data as another agent. Very useful to monitor different software instances as different agents.
+
* Sending local data as another agent. Very useful to monitor different software instances as different agents.
* To send the collected data from the remote checks to other machines as if a software agent had been installed on them.
+
* Sending the collected data from the remote checks to other machines as if a software agent had been installed on them.
  
To create a broker, you're only required to add a line with the parameter '''broker_agent <broker_name>'''  
+
To create a broker, add a line with the '''broker_agent <broker_name>''' parameter. It is possible to create as many broker agents as you wish, just by adding the corresponding ''broker_agent'' lines, as follows:
  
 
  broker_agent dev_1
 
  broker_agent dev_1
 
  broker_agent dev_2
 
  broker_agent dev_2
  
Once the brokers are created, the configuration files 'dev_1.conf' and 'dev_2.conf' are going to be created with the same content as in the original software agent, but with a different agent name. By adding or deleting modules from configuration files 'dev_1.conf' and 'dev_2.conf', we can customize the checks performed by the brokers.
+
Once the brokers are created, the 'dev_1.conf' and 'dev_2.conf' configuration files will be created with the same content as in the original software agent, but with their corresponding name. By adding or deleting modules from 'dev_1.conf' and 'dev_2.conf' configuration files, you can customize the checks performed by the brokers.
  
On the Pandora FMS web console '''the brokers appear and will be managed like other agents''', which means that if we have a software agent installed with two brokers, we're going to see three different agents with their modules, configurations, etc. on the web console.
+
On the Pandora FMS web console '''the brokers appear and will be managed independent agents''', which means that if you have a software agent installed with two brokers, you will see three different agents with their modules, configurations, etc. on the web console.
  
'''NOTE''': broker agent instances cannot use file collections. If you want to use collections, you can "execute" files from collections from an instance, but it must be distributed by the "main" agent, not in an instance.
+
'''NOTE''': Broker agent instances cannot use file collections. If you want to use collections, distribute them and/or use them in the "real" agent that is used as a basis for the broker agent, not in one of its instances.
  
'''NOTE''': modules that keep data in memory between executions (module_logevent and module_regexp on Windows) will not work when broker agents are enabled.
+
'''NOTE''': Modules that save data within the memory between executions (module_logevent and module_regexp on Windows) will not work when broker agents are enabled.
  
==== Examples of Use ====
+
=== Broker mode use Examples ===
  
===== Monitor a local Database as a different Agent =====
+
==== Monitoring a local Database as a different Agent ====
  
We want to monitor the basic parameters of a machine (CPU, memory and hard drive) and an installed database that we want to monitor separately.
+
The objective here is monitoring basic parameters (CPU, memory and hard drive) and monitoring an installed database separately.
  
To perform this monitoring, we are going to use the following structure:
+
To perform this monitoring, the following structure will be used:
  
 
* Installed Software Agent: monitoring CPU, memory and disk.
 
* Installed Software Agent: monitoring CPU, memory and disk.
 
* Broker for the Database: monitoring internal status of the database.  
 
* Broker for the Database: monitoring internal status of the database.  
  
We're going to install the software agent on the machine to monitor the CPU, memory and hard drive. We're also adding the following line in the software agent configuration:
+
The first step is installing the software agent on the machine to monitor the CPU, memory and hard drive parameters. Then the following line is added in the software agent configuration:
  
 
  broker_agent DBApp
 
  broker_agent DBApp
  
We're going to create a broker agent called 'DBApp' by adding this line. A configuration file named 'dbapp.conf' will appear. We're adding the modules to perform the checks for the database in this configuration file:
+
Secondly, a broker agent called 'DBApp' is created by adding this line, so a configuration file named 'dbapp.conf' will appear. Finally, the modules to perform the checks for the database are added in this configuration file:
  
 
  module_begin
 
  module_begin
Line 802: Line 775:
 
  module_end
 
  module_end
  
By doing this, you're going to see two agents in the Pandora web console: One bearing the name of the machine with the modules 'CPU', 'Memory' and hard drive and another one called 'DBApp' with the modules 'Num Users' and 'Num slows queries'.
+
By doing this, two agents will appear in the Pandora FMS web console: One bearing the name of the machine with the 'CPU', 'Memory' and hard drive modules and another one called 'DBApp' with the 'Num Users' and 'Num slows queries' modules.
  
===== Remotely Monitor Devices using Brokers =====
+
==== Monitoring Devices Remotely Using Brokers ====
  
For this example, we've installed a software agent on a Windows machine, monitoring CPU, memory and hard drive. We're also required to monitor a router with the IP '192.168.100.54' without being allowed to install an agent on it. To solve the problem, we can use brokers.
+
For this example, a software agent has been installed on a Windows machine, monitoring CPU, memory and hard drive. It is also required to monitor a router with the IP '192.168.100.54' without installing an agent on it. To solve the problem, brokers are used.
  
We're going to create a broker using the following parameter:
+
A broker will be created using the following parameter:
  
 
  broker_agent routerFloor5
 
  broker_agent routerFloor5
  
By adding this line, we're going to create a broker agent by the name of 'routerFloor5'. The software agent was installed on a Windows machine, so we're able to monitor the router by using the ping and SNMP modules available for Windows software agents. To do that, modify the file 'routerFloor5.conf' by adding the following lines:
+
By adding this line, a broker agent will be created with the name 'routerFloor5'. The software agent was installed on a Windows machine, so the router can be monitored by using the ping and SNMP modules available for Windows software agents. To do that, the 'routerFloor5.conf' file must be modified by adding the following lines:
  
 
  module_begin
 
  module_begin
Line 842: Line 815:
 
  module_end
 
  module_end
  
In this example, the web console of Pandora FMS shows two agents: One is the Windows machine with the modules 'CPU', 'Memory' and 'hard drive' and the other one is 'routerFloor5' bearing the modules named 'Ping', 'Eth 1 up' and 'Eth 2 up'.
+
In this example, the web console of Pandora FMS shows two agents: One is the Windows machine with the 'CPU', 'Memory' and 'hard drive' modules and the other one is 'routerFloor5' bearing the modules named 'Ping', 'Eth 1 up' and 'Eth 2 up'.
  
===== Remote Monitoring of a Network with limited Communication Options =====  
+
==== Monitoring inaccessible networks remotely ====  
  
In some cases, you need to monitor devices remotely where the Pandora FMS Remote Server can't access them directly.
+
In some cases, you need to monitor devices remotely where the Pandora FMS Remote Server cannot access them directly.
  
 +
<br>
 
<center>
 
<center>
[[Image:Broker_example_no_access.png|790px]]
+
[[Image:Broker_example_no_access.png|center|790px]]
 
</center>
 
</center>
 +
<br>
  
In this example, we have to monitor some devices from one of the company sites from the headquarters remotely. The Pandora FMS Server is connected to the other company sites in the headquarters using a VPN. Due to some restrictions, the Pandora Remote Server can't access the machines directly. To monitor the company sites, we're going to use Broker Mode which allows a software agent to send XML files to the Pandora Server as if there were several different devices.
+
In this example, some devices from one of the company facilities from the headquarters must be remotely monitored. The Pandora FMS Server is connected to the other company facilities in the headquarters using a VPN. Due to some restrictions, the Pandora FMS Remote Server cannot access the machines directly. To monitor the company's branches, the Broker Mode, which allows a software agent to send XML files to the Pandora FMS Server as if there were several different devices, is used.
  
We add as many brokers as there are devices to be monitored. In the configuration file of the software agent, an example configuration could be:
+
One can add as many brokers as devices to be monitored to the configuration file of the software agent. A configuration example could be:
  
 
  broker_agent device_1
 
  broker_agent device_1
Line 862: Line 837:
 
  ...
 
  ...
  
Once the brokers are created, we're able to customize the monitoring for each devices by modifying the configuration file of each broker. The configuration e.g. for the Windows machine called 'device_1' is:
+
Once the brokers are created, the monitoring for each device can be customized by modifying the configuration file of each broker.  
 +
For example, the configuration for the Windows machine called 'device_1' is:
  
 
  module_begin
 
  module_begin
Line 893: Line 869:
 
  module_end
 
  module_end
  
We're able to use the remote configuration feature by a configuration like this. We're also able to send monitoring information to the Pandora FMS Server, despite the restrictions in the communication between the different company sites.
+
With this configuration, it is possible to configure remotely and send the files to Pandora FMS server in spite of the communication restrictions between the company's headquarters.
  
===== Shared Monitoring Load by Brokers =====
+
==== Shared Monitoring Load through Brokers ====
  
 
Broker mode is very useful for sharing and distributing the monitoring load within several network points.
 
Broker mode is very useful for sharing and distributing the monitoring load within several network points.
  
 +
<br>
 
<center>
 
<center>
[[Image:Broker_scalation_example.png|800px]]
+
[[Image:Broker_scalation_example.png|center|800px]]
 
</center>
 
</center>
 +
<br>
  
In this example, our architecture has several networks named from A to Z with a 1000 devices each. The capacity of the Pandora FMS Remote Server is about 2000 agents, because we've decided to use broker mode enabled software agents to share and distribute the load. These broker mode enabled software agents are going to remotely monitor all devices from the network and send the data in XML format to the Pandora FMS Central Server.
+
In this example, the architecture has several networks named from A to Z with 1000 devices each. The capacity of the Pandora FMS Remote Server is about 2000 agents, so it is decided to use broker mode enabled software agents to share and distribute the monitoring load. These broker mode enabled software agents will monitor remotely all network devices and send the data in XML format to the Pandora FMS Central Server.
  
For each network, we have a broker mode enabled agent. On it, we're going to create as many brokers as the number of devices to be monitored. An example configuration for the software agent 'Broker_Agent_Net_A' could be the following:
+
For each network, there is a broker mode enabled agent. On it, brokers will be created until the number of devices to be monitored is reached. An example configuration for the 'Broker_Agent_Net_A' software agent could be the following:
  
 
  broker_agent device_1
 
  broker_agent device_1
Line 913: Line 891:
 
  ...
 
  ...
  
In addition for each broker, we're going to add the modules to monitor the devices. Example: The broker 'device_1' (which is a router) could have this configuration:
+
In addition, for each broker, the modules to monitor the devices are added. Example: The broker 'device_1' (which is a router) could have this configuration:
  
 
  module_begin
 
  module_begin
Line 943: Line 921:
 
  module_end
 
  module_end
  
Another example configuration for the broker 'device_2' which monitors a Windows machine with the following modules:
+
This is another example configuration for the ''device_2'' broker, which monitors a Windows machine with the following modules:
  
 
  module_begin
 
  module_begin
Line 974: Line 952:
 
  module_end
 
  module_end
  
Using broker mode enabled software agents, we're easily able to share the load to collect the data from thousands of devices.
+
Using broker mode enabled software agents, makes sharing the load to collect data from thousands of devices easier.
  
=== Inventory using Software Agents ===
+
== Inventory using Software Agents ==
  
Pandora FMS Software Agents support inventory features for both hardware and software. The inventory system allows you to get a history of CPU, cards, memory, patches, software, etc, used in the company servers. Furthermore, it's possible to generate alerts if a change occurs in the inventory, e.g. if a disk was replaced or an application was deleted.
+
Pandora FMS Software Agents support inventory features for both hardware and software. The inventory system allows to keep a history of CPU, cards, RAM memory, patches, software, etc, used in the company servers. Furthermore, it is possible to generate alerts if there is a change in the inventory, e.g. if a disk was replaced or an application was uninstalled.
  
For further information on the subject, please have a look at the section [[Pandora:Documentation_en:Inventory#Local_Inventory_through_Software_Agents| Local Inventory by Software Agents]].
+
For further information on the subject, please have a look at the section [[Pandora:Documentation_en:Inventory#Local_Inventory_through_Software_Agents| Local Inventory through Software Agents]].
  
===UDP remote commands===
+
==UDP remote commands==
  
==== How to ask an Agent for On-Demand Information ====
+
=== How to ask an on-demand agent for information ===
 +
Pandora FMS software agent includes the ''UDP Server'' feature, which allows to remotely indicate actions to an agent, such as restarting or executing a command.
  
Before the publication of version 3.2, there wasn't any way to ask the remote software agent for information. You were compelled to wait for the agent to reach its interval limit to send its information. The Windows Agent 3.0 has a discreet feature called "UDP Server" which admits communication data from outside to ask for information and to force the agent to refresh its cycle which forces it to send the information to the Server.
+
The basic configuration parameters of the UDP Server in the software agents are:
  
In v. 3.2 the same feature is called 'REFRESH AGENT' and is available under the UNIX agent as well. We also included a 'default' alert template and commands, designed for easy handling. You now can setup your agents (for Windows and UNIX) to receive orders from the console to report the data immediately, without having to wait for it's interval any more.
+
*'''udp_server''': it enables (1) or disables (0) this feature.
 +
*'''udp_server_port''': listening port of the UDP server in the software agent.
 +
*'''udp_server_auth_address''': IP address where the UDP server accepts requests. You can set it to 0.0.0.0.0 to accept from all sources.
  
This feature is pretty simple. First, you're required to setup your agent (Windows or Linux) to accept outside connections on a specific UDP port, from a specific IP address (or 0.0.0.0 for anyone). Under Windows, you can also define other possible things the agent can execute as a result of a remote command. Under UNIX, the only supported operation (at this time) is "REFRESH AGENT". Clicking on it is going to result in an immediate agent execution which skips its interval.
+
Configuration example :
 
 
This is an example of the UDP server settings under the 3.2 Unix software agent:
 
  
 
  udp_server 1
 
  udp_server 1
Line 998: Line 977:
 
  udp_server_auth_address 0.0.0.0
 
  udp_server_auth_address 0.0.0.0
  
You may enable the server by setting the value of '1' and disable it with '0' under the 'udp_server' option. Please set '0.0.0.0' as source IP address to enable any IP.
+
Now, to force the restart of the agent the '''udp_client. pl''' script must be used, present in the Pandora FMS server, and normally located in /usr/share/pandora_server/util. It can be run from the command line or used in an alert, making use of the command that is pre-configured in the '''"Remote agent control"''' console.
 
 
This is an example of the UDP server settings under the 3.x Windows software agent:
 
 
 
udp_server 1
 
udp_server_port 41122
 
udp_server_auth_address 192.168.1.23
 
 
 
As you can see, it's exactly the same. In this case, we're going to use the IP address '192.168.1.23' as the only authorized one to refresh this agent.
 
 
 
The Pandora FMS Server has a small script which sends the order to the agent. In our default command, it's fully operational and ready to be used. This script is written in Perl which acts as a small client to communicate with the simple UDP server, embedded in the agent and sends commands passed to the command line.
 
 
 
 
 
<center>
 
[[Image:Remote_agent_command.png|850px]]
 
</center>
 
 
 
To limit the possible values on a field, it is possible to define a list of value/tag. If this list is defined, the field will be a selection combination.
 
 
 
The format will be the following:
 
 
 
value1,tag1;value2,tag2;value3,tag3
 
  
 +
There is also a default alert action called ''Restart agent'', which uses this script. It uses the action ''REFRESH AGENT'' on the ''udp_client. pl'' script to restart the agent if it has the UDP server listening.
  
 +
<br>
 
<center>
 
<center>
[[Image:fields.png|center|850px]]
+
[[Image:agent_restart_action.png|center|850px]]
 
</center>
 
</center>
 +
<br>
 +
Follow these steps to enable the Software Agent's remote refresh option:
  
We also provide a default alert template to assign "manual" alerts to an agent which means an alert will never be fired automatically. Use the 'manual alerts' to force a manual alert execution by using the circle-shaped button on the agent's main view.
+
1. In the configuration file, set up the options for the software agent (UNIX or Windows). Be mindful on the authorized IP address (is the Pandora FMS server behind a NAT?), or just type in '0.0.0.0' on that field to allow any IP address to force a refresh of the agent.
 
 
 
 
<center>
 
[[Image:Alert_template_manual.png|850px]]
 
</center>
 
 
 
We have created a default alert action called "Restart Agent", which is going to call up the remote agent's command. This action attaches the REFRESH AGENT command to the command, and utilizes the main IP address of the agent to reach, using the default port for the UDP server (41122):
 
 
 
 
 
<center>
 
[[Image:agent_restart_action.png|850px]]
 
</center>
 
 
 
Please follow these steps to enable the Software Agent's remote refresh option:
 
 
 
1. In the configuration file, set up the options for the software agent (UNIX or Windows). Please be mindful on the authorized IP address (is the Pandora FMS server behind a NAT ?), or just put '0.0.0.0' in the field to allow any IP address to force a refresh of the agent.
 
 
 
2. Restart the software agent.
 
 
 
3. You need to set up the IP address on your agent item in the Pandora FMS console. The alert action will use the IP address to connect to the software agent running on the remote system.
 
 
 
4. Set an alert to any of the modules of that agent (no matter which), using this screenshot as an example guide:
 
 
 
 
 
<center>
 
[[Image:alert_restart_combinationsettings.png|800px]]
 
</center>
 
  
5. You're now ready to force a refresh for that agent using the main view, clicking on the green circle-shaped button on the left of the alert you've just defined:
+
2. Restart the software agent for the changes to be applied.
  
<center>
+
3. Associate the ''Restart agent'' alert to the module of some agent (it is necessary that this agent has the IP address correctly configured).
[[Image:agent_refresh_button.png|800px]]
 
</center>
 
  
If you want to instantly get the agent's information without having to wait for the agent interval, just click the button and wait a few seconds. The agent will be contacted and forced to execute, the XML file will be transferred to your Pandora FMS server and processed, depending on your system load. It will be processed in approx. 1-5 seconds and displayed on the console.
+
4. Force the execution of the alert or force an incorrect state of the module to trigger the alert.
  
 +
Now, thanks to this action, it is possible to manually force the alert at any time to refresh the agent software remotely and get the information quickly.
  
====Custom remote commands====
+
===Custom remote commands===
  
Apart from the Refresh agent command, you can specify new and custom actions for the agents to perform under the Pandora server's orders.
+
Apart from the Refresh agent command, you can specify new and custom actions for the agents to perform under the Pandora FMS server's UDP orders.
  
If you're interested, you need to make a slight modification in pandora_server.conf, apart from enabling udp server, as shown before:
+
If you are interested, make a slight modification in pandora_server.conf, apart from enabling the udp service as well as configure it so that it receives the server's orders:
  
 
  udp_server 1
 
  udp_server 1
Line 1,074: Line 1,008:
 
  udp_server_auth_address <server IP>
 
  udp_server_auth_address <server IP>
  
Then you have to add a line for each custom command you want to perform, following this syntax:
+
Then add a line for each custom command you want to perform, following this syntax:
 
  process_nameofthecommand_start <command>
 
  process_nameofthecommand_start <command>
  
For example, if you wanted to create a custom command to start sshd service, you would have to add a line such as this:
+
For example, if you want to create a custom command to start sshd service, you should add a line like this one:
 
  process_sshdproc_start /etc/init.d/sshd start
 
  process_sshdproc_start /etc/init.d/sshd start
  
Then you have to create a new alert action at Pandora Console for each remote command you made. You can copy the "Remote agent control" action, which is already prepared to send udp commands. Set "START PROCESS sshdproc" on Field 1.
+
Then create a new alert action at Pandora FMS Console for each remote command you made. You can copy the "Remote agent control" action, which is already prepared to send UDP commands. Set "START PROCESS sshdproc" on Field 1, as seen on the screenchot.
Now you only need to set a new Manual alert with the new alert action on the agent whose sshd service you wanted to start. This way, you'll be able to send the start command just through manually forcing the alert.
 
  
 +
<br>
 +
<center>
 +
[[Image:Udp process.JPG|center|850px]]
 +
</center>
 +
<br>
  
{{tip|You can also create custom orders to execute scripts. This allows a huge variety of remote actions to be performed on a remote agent just by clicking on "Force alert".}}
+
Now, you only need to set a new manual alert with the new alert action on the agent whose sshd service you wish to start. When the alert is forced, the order will be launched and the agent will start the service.
  
=== Using Software Agent Plugins ===
+
{{tip|Custom orders can also be created to execute scripts. This allows a huge variety of remote actions to be performed on a remote agent just by clicking a button.}}
  
Agent plugins are executed by the software agent and are able to report several information (modules) at once. Each plugin works in a different way and you should test how it works before using it. Default installation of Pandora FMS comes with a bunch of plugins. Of course, UNIX and Windows agents come with different plugins and some of them work very similarly.
+
== Plugins in software agents ==
  
==== On Windows Systems ====
+
They are characterized by performing complex advanced checks from the software agents, '''being able to return several modules as a result''' instead of a single value. Unlike the server plugins, which are executed by Pandora FMS server, agent plugins return their data in an XML, reporting one or several modules at the same time.
  
Under the 3.2 version, the Windows agents come with the following plugins:
+
=== Execution on Windows systems ===
  
* df.vbs: Reports the available hard drive space in bytes. It reports different modules for each hard disk that is found on the system. If you want to report the data of specific units only, just use the parameters after the 'module_plugin' call.
+
In Windows, all the default plugins are programmed in VBScript. To run them, it is vital to use the appropriate interpreter indicating the full path.  
  
* df_percent.vbs: Very similar to the previous one, but it's going to report the available space as a percentage. It's going to generate modules with names like 'DiskFree_C'.
+
Here are some examples of how to use the default plugins included in the Windows agent:
  
* logevent_log4x.vbs: Reads event-log entries and generates 'log4x' data.
+
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\logevent_log4x.vbs" Application System 300
 
 
* ps.vbs: It requires process names and checks if these processes are running. If you execute it with "iexplorer.exe mucommand.exe other.exe" it checks for three processes, returns different modules for each of them and reports if the processes are down or not.
 
 
 
Under Windows, all default plugins are coded in VBScript. You're going to need to use the correct interpreter for the VBScript Console (sometimes referred to as 'Windows Scripting Host') to run it.
 
 
 
These are some examples for the usage of the previous plugins:
 
 
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\logevent_log4x.vbs" Aplicacion System 300
 
 
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
 
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\ps.vbs" iexplore.exe myapp.exe
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\ps.vbs" iexplore.exe myapp.exe
  
==== On Unix Systems ====
+
The Windows agent includes several ready-to-use plugins.
  
Under version 3.2, the generic UNIX agent comes with following plugins:
+
=== Execution on Unix systems ===
  
* files_indir: This plugin receives a target directory, e.g. '/tmp' and returns two modules: One called 'FS_/tmp/' (boolean) which returns a value of '1' if it contains the same number of files as in the previous execution. The other module called 'NumFiles_FS_/tmp/' returns the number of files in that particular directory.
+
Unix plugins are by default in the directory "/plugin" of the agent directory, in /etc/pandora/plugins, so it would not be necessary to use the full path in its execution if they are in this directory.  
  
* grep_log: It's a generic log parser and it takes tree arguments: <file_to_process>, <module_name> and <reg_exp>. It will generate information inside an 'async_string' module type called <module_name>, using all data which match the <reg_exp> regular expression. For more information on this plugin, please look at the example below.
+
Here are some examples of using plugins:
  
* pandora_df: It's very similar to the Windows plugin. It reports available space on all mounted partitions on the system. It also takes information from the NFS mounts. The information for all filesystems is returned, but one or more filesystems may be specified as plugin parameters by default.
+
  module_plugin grep_log /var/log/syslog Syslog .
 +
  module_plugin pandora_df tmpfs /dev/sda1
  
These plugins are very similar to the Windows plugins. We're not required to use the full path to the plugins, because the 'module_plugin' directive looks for the plugin directory under the agent's home directory. We use the following syntax to execute them:
+
The Unix software agent comes with several plugins by default ready to work.
  
module_plugin grep_log /var/log/syslog Syslog .
+
=== Plugin use Examples ===
 
module_plugin pandora_df tmpfs /dev/sda1
 
  
And some special plugins working under UNIX:
+
Plugins for the software agent can return a piece of data or a group of data. An example of a plugin that returns a piece of data can be the Windows ''ps. vbs'' plugin, which simply checks whether a process is running. With the next line the plugin is run:
 
 
* nagios_plugin_wrapper: This is not really a plugin, it's just a wrapper, used to execute a Nagios plugin and to process the output to generate a Pandora module. It grabs the standard output, puts the results into the module description and gets the errorlevel to process a 'module_proc' (boolean) module by its results. Just call up the Nagios plugin as a parameter to 'nagios_plugin_wrapper' with all necessary parameters and it generates a Pandora FMS module.
 
 
 
* inventory: This is used in the inventory system. It will create an inventory XML with information about the system. It can be modified to gather different information, but by default, it only works under Linux and gets packages and services in the default runlevel and some other options. Please check out the inventory documentation for more information.
 
 
 
* pandora_update: This is used to utilize the autoupdate feature on the software agents. Please check out the agent configuration section for more information.
 
 
 
==== Examples using Plugins ====
 
 
 
The plugins for software agents are able to return one type of data or a group of them. An example of a plugin which only returns one data type could be the plugin 'ps.vbs' for Windows. We're going to execute the plugin with the following line:
 
  
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\ps.vbs" IEXPLORE.EXE
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\ps.vbs" IEXPLORE.EXE
  
The result will be a module which returns a value of '0' if the process is down and '1' if the process is running, e.g.:
+
The result will be a module that returns 0 if the process is not active and 1 if it is active:
  
 
  <module>
 
  <module>
 
     <name><![CDATA[IEXPLORE.EXE]]></name>
 
     <name><![CDATA[IEXPLORE.EXE]]></name>
 
     <description><![CDATA[Process IEXPLORE.EXE status]]></description>
 
     <description><![CDATA[Process IEXPLORE.EXE status]]></description>
     <data><![CDATA[1]]></data>
+
     <nowiki><data><![CDATA[1]]></data></nowiki>
 
  </module>
 
  </module>
  
An example of a plugin which returns several data could be the plugin 'df.vbs' for Windows. The line to execute the plugin could be:
+
An example of a plugin that returns several data can be the Windows plugin ''df. vbs''. The line to run this plugin would be:
  
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
 
  module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
  
The plugin returns a module per found hard drive. The result would be something like this:
+
The plugin returns one module for each found disk, the result would be:
  
 
  <module>
 
  <module>
 
     <name><![CDATA[C:]]></name>
 
     <name><![CDATA[C:]]></name>
 
     <description><![CDATA[Drive C: free space in MB]]></description>
 
     <description><![CDATA[Drive C: free space in MB]]></description>
     <data><![CDATA[8050]]></data>
+
     <nowiki><data><![CDATA[8050]]></data></nowiki>
 
  </module>
 
  </module>
 
   
 
   
Line 1,165: Line 1,082:
 
     <name><![CDATA[D:]]></name>
 
     <name><![CDATA[D:]]></name>
 
     <description><![CDATA[Drive D: free space in MB]]></description>
 
     <description><![CDATA[Drive D: free space in MB]]></description>
     <data><![CDATA[900]]></data>
+
     <nowiki><data><![CDATA[900]]></data></nowiki>
 
  </module>
 
  </module>
  
=== Local Plugins Editor ===
+
=== Agent Plugin Management from the Console ===
  
From version 5 of Pandora FMS, it's possible to manage the software agent's plugins from the console without the requirement of editing the configuration file directly.
+
In the '''Enterprise''' version, it is possible to manage software agent plugins from the console without directly editing the configuration file.
  
If an agent has an enabled remote configuration, it's going to have the plugins editor tab in the 'Manage' view, as you can see in the screenshot below:
+
If an agent has remote configuration activated, the plugin editor tab is available in its administration view.
  
 
<center>
 
<center>
 +
<br><br>
 
[[image:plugin_editor_tab.png]]
 
[[image:plugin_editor_tab.png]]
 +
<br><br>
 
</center>
 
</center>
  
The editor shows the plugins list and allows it to be deleted, added to and disabled. Disabling it under the plugins policy can be useful, because the plugins are still disabled if the policy is going to be applied again.
+
This section shows the list of active plugins in the agent, and allows you to delete, add or deactivate them. In the case of policy plugins, it may be useful to disable them because they will remain disabled when the policy is re-applied.
  
 
<center>
 
<center>
[[image:plugin_editor.png|750px]]
+
<br><br>
 +
[[image:plugin_editor.png|800px]]
 +
<br><br>
 
</center>
 
</center>
  
The managed plugins from this editor can be edited from the agent configuration file, too:
+
The plugins managed in this editor can also be edited from the agent configuration file.
  
 
<center>
 
<center>
[[image:plugin_editor_conf.png|750px]]
+
<br><br>
 +
[[image:plugin_editor_conf.png|800px]]
 +
<br><br>
 
</center>
 
</center>
  
=== How to Create your own Agent Plugins ===
+
=== How to create your own agent plugins ===
  
The plugins can be developed in any programming language, but they have to respect the following two restrictions:
+
Plugins can be created in any programming language. They only have to obey to these rules:
  
* Whatever you want to do has to be completely automated (no interactive processing from the user) and must be done from the command line (shell). You're allowed to use any kind of scripting or compiled language, but you have to provide a stand-alone executable with all it's dependencies (libraries, dll, etc.) in this case.
+
* Regardless of what you want to do, it must be automatic (without user interaction), and it must be done from the shell. You can use any type of scripting language or compiled language, but in that case you must also distribute, in addition to the executable, all libraries (or DLL) that are necessary for the plugin to run.
  
* Plugin has to report the information to the standard output (just using 'echo', 'printf' or the equivalent in your language) and to use the XML syntax for the Pandora FMS agent information. This is an example of 'generic_data' (numerical information) in XML:
+
* The plugin must return the information through the standard output (simply using echo, printf or the equivalent in the language that will be used for the plugin), and must use the XML format of Pandora FMS agents to return the information.  
 +
 
 +
This is an example of a numerical module in XML:
  
 
  <module>
 
  <module>
 
  <name><![CDATA[Sample_Module]]></name>
 
  <name><![CDATA[Sample_Module]]></name>
 
  <type><![CDATA[generic_data]]></type>
 
  <type><![CDATA[generic_data]]></type>
  <data><![CDATA[47]]></data>
+
  <nowiki><data><![CDATA[47]]></data></nowiki>
 
  <description><![CDATA[47]]></description>
 
  <description><![CDATA[47]]></description>
 
  </module>
 
  </module>
  
The <![CDATA[xxx]]> is used to 'encapsulate' data and to protect the XML files from non-valid characters like ',', '&' or '%'.
+
The data contained in the <!CDATA[xxx]]> are used to protect XML from certain information that may contain "difficut" characters for XML, such as <, >, & or %.  
 
 
Please take a look at our Pandora FMS plugin library at http://pandorafms.org before trying to create your own plugin. If you want to create your own, please upload it to the Pandora FMS public library to allow others to use your plugin when it's done.
 
 
 
  
 +
Before trying to create a plugin, visit the Pandora FMS plugin library at https://library.pandorafms.com, and if you decide to create your own plugin, send it to the public library, so that others can use it.
  
{{warning|Be sure to finish your custom plugin with an errorcode of 0, otherwise, the Pandora FMS agent will assume your plugin has an error and output will be discarded }}
+
{{warning|Make sure you finish the output of your plugin (if it is a script) with an error level 0, or the agent will think that the plugin has had an error and was not able to be run.}}
  
==== Sample plugin ====
+
==== Shellscript (Linux/Unix) plugin example ====
  
 
<pre>
 
<pre>
Line 1,245: Line 1,168:
 
</pre>
 
</pre>
  
=== Using Nagios Plugins from the Agent ===
+
====  VBScript (Windows) plugin example ====
 +
 
 +
<pre>
 +
' df.vbs
 +
' Returns free space for available drives.
 +
' --------------------------------------
 +
 
 +
Option Explicit
 +
On Error Resume Next
 +
 
 +
' Variables
 +
Dim objWMIService, objItem, colItems, argc, argv, i
 +
 
 +
' Parse command line parameters
 +
argc = Wscript.Arguments.Count
 +
Set argv = CreateObject("Scripting.Dictionary")
 +
For i = 0 To argc - 1
 +
    argv.Add Wscript.Arguments(i), i
 +
Next
 +
 
 +
' Get drive information
 +
Set objWMIService = GetObject ("winmgmts:\\.\root\cimv2")
 +
Set colItems = objWMIService.ExecQuery ("Select * from Win32_LogicalDisk")
 +
 
 +
For Each objItem in colItems
 +
If argc = 0 Or argv.Exists(objItem.Name) Then
 +
If objItem.FreeSpace <> "" Then
 +
Wscript.StdOut.WriteLine "<module>"
 +
Wscript.StdOut.WriteLine "    <name><![CDATA[" & objItem.Name & "]]></name>"
 +
Wscript.StdOut.WriteLine "    <description><![CDATA[Drive " & objItem.Name & " free space in MB]]></description>"
 +
Wscript.StdOut.WriteLine "    <data><![CDATA[" & Int(objItem.FreeSpace /1048576) & "]]></data>"
 +
Wscript.StdOut.WriteLine "</module>"
 +
            Wscript.StdOut.flush
 +
End If
 +
End If
 +
Next
 +
</pre>
 +
 
 +
=== Using Nagios plugins from the agent ===
  
Nagios has a lot of amazing plugins you're free to use in conjunction with Pandora FMS. One way is to use remote plugins with the Plugin Server, using the Nagios compatibility, but they only receive it's status. They're not going to use the descriptive output that some Nagios plugins have.
+
Nagios has a large number of plugins that can be used with Pandora FMS. One way to do this is using remote plugins with the Plugin Server, using Nagios compatibility. But in this way, you will only get the statuses, since it does not use the descriptive output that some plugins for Nagios have.
  
Using the wrapper to utilize Nagios plugins in the software agent will solve this problem. The wrapper comes with 3.2 Unix agent by default. An equivalent plugin for Pandora FMS Windows agents can be downloaded from our website at http://pandorafms.org resource library at [http://pandorafms.com/index.php?sec=Library&sec2=repository&lng=en&action=view_PUI&id_PUI=178]).
+
Using the wrapper to use Nagios plugins in the software agent will solve this problem. The wrapper comes by default with the Unix 3.2 agent. An equivalent plugin for Pandora FMS Windows agents can be downloaded from the Pandora FMS resource library, at [https://library.pandorafms.com/index.php?sec=Library&sec2=repository&lng=es&action=view_PUI&id_PUI=178]).
  
What does the plugin wrapper for Nagios plugins do ?
+
'''What does the plugin wrapper do for Nagios plugins?'''
  
It executes the Nagios plugin, utilizes it's native parameters and converts the output into useful values for Pandora FMS. It has two kinds of information:
+
It executes the Nagios plugin, using its original parameters and turning the output into useful data for Pandora FMS. It has two types of information:
  
* Status information: 'NORMAL' ('1'), 'CRITICAL' ('0'), 'WARNING' ('2'), 'UNKNOWN' ('3') and 'OTHER' ('4'). It's going to use a 'proc' module by default, so the values 'NORMAL' and 'CRITICAL' are working by default. If you want to have information on 'WARNING' and 'OTHER' values, you're required to setup the module thresholds manually.
+
*Status information: NORMAL (1), CRITICAL (0), WARNING (2), UNKNOWN () and others (4). By default, they will use a proc module, so the NORMAL and CRITICAL values are working "by default". If you wish to have information about WARNING and other values, you must configure the module thresholds manually.
  
* Descriptive information: Usually string information. It goes on the description field on the module. This is usually something like "OK: successfully logged in" or similar.
+
*Descriptive information: generally string information. It will be placed in the module description field. Usually something like "OK: successfully logged in."
  
 
==== Example ====
 
==== Example ====
  
You have a pop3 plugin (in '/tmp/check_pop3_login') with execution permissions, which checks if the pop3 account is working. By connecting to a remote host, sending a user and password and checking everything is ok. This is a command line example:
+
If you have a pop3 plugin (in /tmp/check_pop3_login) with the run permissions, (which checks whether the pop3 account is working only by connecting to a remote host, sending a user and password and displaying everything is correct), then you can run it from the command line:
  
 
  /tmp/check_pop3_login  mail.artica.es [email protected] mypass
 
  /tmp/check_pop3_login  mail.artica.es [email protected] mypass
  
It's going to return something like this:
+
I will return something like :
  
 
  OK: successfully logged in.
 
  OK: successfully logged in.
 
   
 
   
If it's -not- ok, will return something like this:
+
And if it is not right, it will return something like this:
  
  Critical: unable to log in.
+
  Critical: unable to log on
  
Using the wrapper is simple. Before the call up, you're just required to put in the wrapper and the module name you want:
+
Using the wrapper is easy. Just put the wrapper and the name you want into the module before executing the call:
  
 
  /etc/pandora/plugins/nagios_plugin_wrapper sancho_test /tmp/check_pop3_login  mail.artica.es [email protected] mypass
 
  /etc/pandora/plugins/nagios_plugin_wrapper sancho_test /tmp/check_pop3_login  mail.artica.es [email protected] mypass
  
It generates a full XML for the agent plugin:
+
This will generate a complete XML for the agent plugin.
  
 
  <module>
 
  <module>
 
  <name>sancho_test</name>
 
  <name>sancho_test</name>
 
  <type>generic_proc</type>
 
  <type>generic_proc</type>
  <data>0</data>
+
  <nowiki><data>0</data></nowiki>
 
  <description><![CDATA[Critical: unable to log on]]></description>
 
  <description><![CDATA[Critical: unable to log on]]></description>
 
  </module>
 
  </module>
Line 1,291: Line 1,252:
 
  <name>sancho_test</name>
 
  <name>sancho_test</name>
 
  <type>generic_proc</type>
 
  <type>generic_proc</type>
  <data>1</data>
+
  <nowiki><data>1</data></nowiki>
 
  <description><![CDATA[OK: successfully logged in.]]></description>
 
  <description><![CDATA[OK: successfully logged in.]]></description>
 
  </module>
 
  </module>
  
The full entry in the 'pandora_agent.conf' will be something like this:
+
The complete entry in pandora_agent. conf will be something like:
  
 
  module_plugin nagios_plugin_wrapper POP3_artica.es /tmp/check_pop3_login mail.artica.es [email protected] mypass
 
  module_plugin nagios_plugin_wrapper POP3_artica.es /tmp/check_pop3_login mail.artica.es [email protected] mypass
  
In the module, this will be seen like this on a 'fail' event:
+
This will look similar to this in the module (in the fail event):
  
 
<center>
 
<center>
[[file:Sample_plugin_wrapper.png]]
+
<br>
 +
[[file:Sample_plugin_wrapper.png|center]]
 
</center>
 
</center>
  
=== Monitoring with KeepAlive ===
+
== Monitoring with KeepAlive ==
  
There is a special module called 'keep_alive' that is very useful to receive any information if there is no agent contact. It lets you know if an agent has stopped sending information, and notifies you about it.
+
There is a special module which has a unique type called "keep_alive" and it is used to give information in the absence of contact with the agent. It is useful to know when an agent has stopped sending information and receiving an alert of this fact.
  
If there is a module (local or remote) which gets information from the agent, the date of the last 'contact' is updated in a way that there is always data. The agent's last date of contact is updated. This can come in handy if the agent 'doesn't answer'. Any agent is considered 'dead' if it hasn't managed to update data during a period 2x as long as its configured interval. E.g. If it has a 5 minute interval and more than 10 minutes have passed since the last update, the agent is considered 'dead'.
+
When there is a module, remote or local, that obtains information from the agent, the date of last "contact" with the agent is updated, so that whenever there is data, even if it is only one module of the total, the agent will have updated its date of last contact, which is useful to know if the agent "does not respond". Specifically, an agent is considered "dead" when it has not updated its date in twice the time of its interval, that is, if it has an interval of 5 minutes, and it has been more than 10 minutes since it sent an update, the agent is considered dead.
  
In this moment, the KeepAlive module would appear. It would get fired and appears as a 'Critical' state on the monitor.
+
This is the case when the keepalive module comes into play, triggering and marking the monitor into Critical status.
  
The configuration of this kind of modules is very easy. Just create a new module kind called 'dataserver' e.g. in the following way:
+
Configuring this type of modules is very easy, just create a new module type "KeepAlive".:
  
 +
<br><br>
 
<center>
 
<center>
[[File:Keepalive create.png|center|650px]]
+
[[File:Keepalive.JPG|center|800px]]
</center>
+
</center><br>
 
+
<br>
Once created (if the agent has data in its interval) it will always be in 'NORMAL' (green) status.
+
Once created, if the agent has data, within its interval, it will always be in "NORMAL" status (green):<br><br>
 
+
<center>
 +
[[File:Keepalive1.png|center|800px]]
 +
</center><br>
 +
<br>
 +
If the agent stops sending data (in this example, it had an interval of 1 minute), then it will automatically jump and be set to CRITICAL (red) status:
 +
<br><br>
 
<center>
 
<center>
[[File:Keepalive1.png|center|650px]]
+
[[File:Keepalive2.png|center|800px]]
</center>
+
</center><br>
 +
<br>
  
If the agent stops sending data (in this example it has interval of 1 minute), it will pop up automatically and on 'CRITICAL' status (red):
+
It should be noted that if you have a remote module, for example, a Ping, in addition to the data reported by the agent, the keepalive module would never be triggered, since you are constantly updating the agent through Ping.
  
<center>
+
The keepalive module also behaves like any other module, it can be associated with an alert and can be used for any other element: reports, maps, etc.
[[File:Keepalive2.png|center|650px]]
 
</center>
 
  
Important: If we have a remote module, e.g. one ping apart from the data reported by the agent, the KeepAlive module will never pop up. We're continually updating the agent by the ping.
+
{{Tip|The keepalive module can be created only from the console (even if you do not have remote configuration enabled) and leaves no trace in the pandora_agent.con file.f}}
  
Furthermore, the KeepAlive module works the same as any other. It could be associated to an alert and used for lots of other elements (reports, maps, etc.).
+
== Command screenshot monitoring ==
  
=== Monitoring Command Snapshots ===
+
Commands that have extensive outputs, such as ''top'' or ''netstat'' can be captured completely by a module and fully displayed. The module must be configured as a text type.
  
From the 4.0.3 version and above, this way of monitoring allows administrators to capture the output from commands which differ from the parsing of a single value or string. This module stores the information as text, but with the purpose of getting the exact output of the command, not as single data. It's going to show the same output format and contents like the one returned by the command.
+
In the next screenshot, the result of one of these modules is shown, in this case the output of ''netstat -an'':
 
 
As below:
 
  
 +
<br>
 
<center>
 
<center>
 
[[File:Snapshot 1.png|center|650px]]
 
[[File:Snapshot 1.png|center|650px]]
 
</center>
 
</center>
 +
<br>
  
This is the 'netstat -an' command output, captured by Pandora FMS after clicking on the special icon for the command snapshot. It's only available if we have a multiline text and a '''non-split''' output.
+
{{Warning|In order for it to work like this, it is necessary to configure properly both the Pandora FMS console (setup) and the agent that collects this information, making sure that it is untreated text.}}
 +
 
 +
To configure the console properly, make sure that in the main setup section you have the "Command line snapshot" property activated:
  
 
<center>
 
<center>
[[File:Snapshot 2.png|center|650px]]
+
[[File:command_line_snapshot_setup.png|center]]
 
</center>
 
</center>
  
These are the different "snapshots" across a certain time. Pandora is only going to show information if the agent's information is different (data type continues to be of the 'generic_data_string' type here). It's -not- recommended, but if you want to store each single data string, you may use 'async_string'. The behaviour of showing information only when changes occur is perfect for reporting data on problems and to compare other events to the information contained in the command snapshot pertaining that period.
+
== Image monitoring and visualization ==
  
To capture the command outputs in a snapshot, you're required to write a small plugin which sends all data with a 'module_plugin' syntax (including the XML tags) and executes the plugin as a standard plugin. This is an example which generates output for the 'netstat' command:
+
This method allows you to define string type modules (generic_data_string or async_string) that contain images in text format with base64 encoding, being able to display that image instead of a specific result. This is stored as text information, and displayed in a different way, not as simple data, but by means of reconstructing an image.
  
<pre>
+
This is how you can see the output of a text string with the content "data: image" (image in base64), captured by Pandora FMS, when clicking on the special icon for screenshot:
#!/bin/bash
 
echo "<module>"
 
echo "<name>netstat</name>"
 
echo "<type>generic_data_string</type>"
 
echo "<data><![CDATA["
 
netstat -an | grep LIST
 
echo "]]></data>"
 
echo "</module>"
 
</pre>
 
 
 
Please save this script contents in a file on the agent (or remotely distribute it along with file collections), execute it and use the syntax below:
 
 
 
module_plugin <full path for file>
 
 
 
The agent is going to generate a command snapshot for almost any command. Just replace 'netstat' with your command. Some useful suggestions for UNIX systems are e.g.:
 
 
 
* top -b -n 1
 
* ps aux
 
* vmstat 1 5
 
* who
 
* last -10
 
 
 
On Windows systems:
 
 
 
* tasklist
 
* netstat -an
 
* net start
 
 
 
{{tip|Remember that you're always required to do this within a script which is generating the XML file. If you do that by calling up a 'module_exec', each line reported by the command will be interpreted as a line with different 'data blocks' - and you cannot see it as a command snapshot anymore.}}
 
 
 
 
 
=== Monitoring and visualization of images ===
 
 
 
This way of monitoring, available from v 6.0 SP4 onward, allows you to define modules which contain images in text format, coded in base64, displaying the image in place of a specific result. This is stored as text data, but it is visualized as a reconstructed image.
 
 
 
This is what a string output looks like with the content "data:image" (image in base64), captured by Pandora FMS, when you click on the 'capture image' icon:
 
  
 +
<br>
 
<center>
 
<center>
 
[[File:Snapshot_text 1.png|center|650px]]
 
[[File:Snapshot_text 1.png|center|650px]]
</center>
+
</center><br>
 +
 
 +
<br>
  
To capture images like this, you need to write a plugin which sends all the data and the required XML tags, and execute the plugin with the directive module plugin. The next example plugin generates an image output, as in the previous example:
+
To capture these images, just write a plugin that sends all the data, generating the necessary XML tags, and running the plugin as such, with the ''module_plugin'' directive. Let us see the following example plugin, which generates the output of an image, as you have just seen in the previous capture:
  
 
<pre>
 
<pre>
 
#!/bin/bash
 
#!/bin/bash
 
echo "<module>"
 
echo "<module>"
echo "<name>Current league leader</name>"
+
echo "<name>Last football championship winner</name>"
 
echo "<type>async_string</type>"
 
echo "<type>async_string</type>"
 
echo "<data><![CDATA[data:image/jpeg;base64,/9j/4AAQSkZ....]]></data>"
 
echo "<data><![CDATA[data:image/jpeg;base64,/9j/4AAQSkZ....]]></data>"
  
//the previous data would be generated by a device/application supplying images in base64.
+
The previous data would be generated by a device/application rendering images in base64.
  
 
echo "</module>"
 
echo "</module>"
 
</pre>
 
</pre>
  
Save the content in a file on an agent (or distribute it with a file collection) and execute:
+
Save that content in a file in the agent (or distribute it with file collections) and run it as follows:
  
module_plugin <path completo al fichero>
+
module_plugin <complete path to the file>
  
=== Password protected groups ===
+
== Password protected groups ==
  
By default, when an agent sends data for the first time to the Pandora FMS Server it is automatically added to whatever group is defined in the agent's configuration file. This means that, in practice, anyone can add agents to any group as long as its name is known. This could be a problem if your Pandora FMS instance is shared by multiple clients or you need tight control over what is in each group.
+
By default, when an agent sends data for the first time to the Pandora FMS server, it is automatically added to the group that has been defined in the agent configuration file. This means that, in practice, anyone can add an agent to a group if they know the group name. This could be a problem if several clients share their Pandora FMS instance or if you want to control what is in each group.
  
Starting from version 6.0SP5, you can optionally configure a password for a group from the Pandora FMS Console. An agent will not be added to a group unless the right password is specified in the agent's configuration file. Bear in mind that if the agent already belongs to the group the password is not checked.
+
We can optionally configure a password for a group from the Pandora FMS Console. An agent will not be added to a group unless the correct password has been specified in the agent configuration file.
  
==== Example ====
+
=== Example ===
  
To configure a password for a group, navigate to the group editor and click on ''edit'':
+
To set a password for a group, navigate to the ''group editor'' and click on ''edit'', enter the group password and save your changes:
  
  <screenshot>
+
<center>
 +
[[File:Passgr1.JPG|center]]
 +
</center>
  
Then enter the group password and save your changes:
+
To add a new agent to this group, edit your configuration file and add the following configuration option:
  
   <screenshot>
+
   group_password <password>
  
To add a new agent to this group, edit its configuration file (''pandora_agent.conf'') and append the following configuration option:
+
Do not forget to restart the agent to make the changes effective. The agent should be created correctly in the Pandora FMS console.
 
 
  group_password <password>
 
  
Finally, restart the agent. You should see the newly created agent in your Pandora FMS Console:
 
  
  <screenshot>
 
  
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]

Latest revision as of 08:44, 30 October 2020

Go back to Pandora FMS documentation index


Contents

1 Monitoring with Software Agents

1.1 Agent names

From Pandora FMS version 7 onwards, the agents have an alias and a name (or unique identifier). An agent configured by default will generate a name (or identifier) based on a pseudo-random hexadecimal string, and an alias (or visible name) based on the hostname of the machine.

In previous versions, there was only the "name" of the machine, and the previous system is totally compatible with later Pandora FMS versions, the only issue is that if there are two agents with the same identifier (or names) in the same Pandora FMS installation, the data of both agents will be mixed and/or will be overwritten. That is why we introduced from version 7 onwards the possibility that agents with different names could have the same alias.

The following configuration tokens are used to change this behavior:

pandora_agent
pandora_alias

The configuration file does not use either one of them by default, so it gets the hostname of the machine as an alias and a very large random hexadecimal number as a name or identifier. The agent name is no longer visible (except in the agent detail view) and CANNOT be changed. The Agent Alias can be changed at any time, without having to worry about the configuration of the software agent, since the agent's unique identifier is the agent's "name".

1.2 Agent Configuration

All the configuration and monitoring parameters of the software agents can be found in their configuration file pandora_agent.conf. This is stored locally in the machine where the software agent is installed, so any modification to be made in the agent must be reflected in this file. You have a detailed description of all agent configuration tokens in the chapter "PandoraFMS Agent Configuration" [1] while here we will only focus on the advanced uses of some of them.

1.2.1 Remote Configuration

On the Enterprise version, there is a remote Agent Configuration feature which allows centralized configuration and file management from the server console. This allows centralized management of all our software agents without the need to physically access the systems where they are installed.

The configuration consists of two files. Their file names are <md5>.conf and <md5>.md5, where <md5> is the agent's name hash code. Those files are stored in '/var/spool/pandora/data_in/conf' and '/var/spool/pandora/data_in/md5' folders respectively.

These files stored in the server are modified by Pandora FMS console when the agent configuration is edited remotely.


Sw-agent.png


To enable remote configuration, enable the corresponding parameter in the agent's local configuration file first. From this moment on, all the changes must be made from Pandora FMS console:

remote_config 1

Info.png

Once the agent's remote configuration is enabled, any changes made locally in the configuration file will be overwritten by the configuration stored in the console. If you want to prevent this from happening, stop the agent, modify the configuration file, disable the remote configuration and launch the agent again.

 


1.3 Common Configuration Parameters

In the Pandora FMS Software Agents section you can find a complete explanation on Agent Configuration. In this section, the common parameters used to configure the Software Agents will be explained.

The most common parameters are:

  • server_ip: IP address of Pandora FMS Server.
  • server_path: Path of the 'incoming' folder for the Pandora FMS server (it's '/var/spool/pandora/data_in' by default).
  • temporal: Software agent's temporal folder (it is '/var/spool/pandora/data_out' by default).
  • logfile: Software agent's log file (it is '/var/log/pandora/pandora_agent.log' by default).
  • interval: Agent's execution interval (it is '300' by default).
  • intensive_interval: Intensive module execution interval (it is '300' by default).
  • debug: Enables (1) the debug mode, to save XML data files and analyze them. When it is activated, it does not send XML to the server and for execution, to be able to analyze the XML generated.
  • agent_name: Agent name (hostname is taken by default).
  • remote_config: Activation of remote configuration. It is disabled (0) by default. Only for Enterprise version.

An example of the general parameters for UNIX configuration would be:

server_ip       192.168.1.1 
server_path     /var/spool/pandora/data_in 
temporal        /var/spool/pandora/data_out 
logfile         /var/log/pandora/pandora_agent.log 
interval        300 
debug           0 
agent_name      box01 
server_port     41121 
transfer_mode   tentacle 
remote_config   1 

An example of the general parameters for Windows configuration would be:

server_ip       192.168.1.1 
server_path     /var/spool/pandora/data_in 
temporal        c:\program files\pandora_agent\temp
logfile         c:\program files\pandora_agent\pandora_agent.log 
interval        300 
debug           0 
agent_name      box01 
server_port     41121 
transfer_mode   tentacle 
remote_config   1

1.4 Custom Fields

Custom fields are an easy way to customize agent information. Create custom fields by clicking on 'Resources' -> 'Custom fields'.


RK0b6ZaqBm.png


VW9D9s2l9u.png


Info.png

You can include links in custom fields using the [url]link[/url] or [url=link]webname[/url] tags.

 


When creating your own custom fields, you will be able to specify the following parameters:

  • Name: Name of the custom field.
  • Password type: The fields with this parameter activated will be shown as asterisks.
  • Display up front: With this parameter enabled, custom field information will be displayed in the agent's general view as shown below. In addition, enable this token to send Custom Fields information to the Metaconsole and be able to see it in the agent view and work in Custom Field View with this data.


EqyIkxu4qJ.png
X1fYvcHCZt.png


  • Enabled combo: This parameter allows you to activate the configuration of selectable parameters from a drop-down list. Once activated, a new field will appear in the configuration window of the corresponding custom field to enter the combo values separated by commas.

Template warning.png

If the "Enabled combo" parameter is enabled, "Password type" will be disabled.

 



Customfields2.JPG


These custom fields can also be retrieved from the agent configuration file, using the following configuration token:

custom_field1_name Model
custom_field1_value i386

This example allows you to use a custom agent field defined in the agent's. conf.

1.5 Monitoring with the Software Agent

Software agents are running on the systems from which they collect information. Each of the checks they make on the system, such as CPU usage, free memory or disk space, corresponds to a module. Therefore, each of these modules collects a single data in each execution.

There are also some agent-specific directives that help to collect certain data directly from the operating system (e.g. CPU usage, memory, events, etc.). With these agent-specific directives, there is no need to execute commands. Check the Software Agents Installation Section to obtain more information about them.


Agent-monitoring.png


Pandora FMS software agents use the commands of the operating system in which they are installed to obtain the information for each one of their modules. The Pandora FMS data server processes and stores in the database all the information generated by the software agents, which send you their data in an XML file.


Esquema-3.png
Logical schema of an agent/physical agent


In the agent configuration file, modules are defined by the following structure:

module_begin 
module_name cpu_user
module_type generic_data
module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }'
module_description User CPU Usage (%)
module_end

A real case can be:

module_begin 
module_name Files data_in
module_type generic_data
module_exec ls /var/spool/pandora/data_in | wc -l
module_description Number of files incoming dir
module_end

The module_exec line contains the command that will be executed to collect the information. The value returned by that execution will be the data obtained by the module and will be shown in the monitoring. Another command to get information using module_exec would be:

module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }'

To collect the information, the agent will execute the command in the shell as if it was done by an operator, so it is always advisable to manually launch the command and analyze the output:

$> vmstat 1 2 | tail -1 | awk '{ print $13 }'

The value returned by the execution will be stored in XML as module data. You can indicate anything in the module_exec line as long as the output is compatible with the values accepted by Pandora FMS (numerical, alphanumeric or boolean), so it is possible to indicate custom scripts:

module_exec myScript.pl --h 127.0.0.1 -v cpu

Again, the agent will execute the command and collect the returned value in the same way as an operator would type in the shell:

$> myScript.pl --h 127.0.0.1 -v cpu

When the software agent is executed for the first time, it sends an XML to the Pandora FMS which creates the agent automatically with all its modules.

1.5.1 Types of Modules

The following are the possible types of modules in software agents depending on the type of data returned:

  • generic_data: Numerical and floating point data.
  • generic_data_inc: A kind of increasing numerical data. Stores the difference between the previous and current data divided by the elapsed time in seconds, showing the rate per second. This type of data is used to count "number of times per second" of something, such as log entries/sec, receivedbytes/sec , incoming connections/sec , etc.
  • generic_data_inc_abs: Type of absolute increasing numerical data. It stores the difference between the previous and current data, without dividing it between the elapsed seconds, so the value will correspond to the total increase between the two executions, and not to the increase per second. This type of data is used to count the number of times something happens, such as log entries, total received bytes, number of incoming connections, and so on.
  • generic_proc: Boolean type of data, where a value of 0 means False or incorrect, and values above zero mean True or correct. The generic_proc types have the critical (0) and correct (1 or higher) states preconfigured.
  • generic_data_string: Kinds of alphanumeric data (text).
  • async_data: It is a kind of asynchronous numeric data. It is the same as 'generic_data' but for asynchronous data which is only updated if there is a change. The asynchronous kind of data do not have a defined periodicity when data can be obtained.
  • async_string: This is a kind of asynchronous alphanumeric data. It is the same as 'generic_string' but for asynchronous data which are only updated if there is a change. It is the kind of data that you are recommended to use if you want to monitor searches in logs or event viewers. New data can be obtained at any moment or not for several days.
  • async_proc: It is a kind of asynchronous boolean data. It is the same as 'generic _proc' but for asynchronous data which are only updated if there is a change.


  • Image module: They are based on a text string type module (generic_data_string or async_string). If the data in the module is a base64 image, in other words, part of the string contains "data:image", it will be identified as an image and, on the views that it appears, it will enable a link to open a window to display the image. Also on its historical data the strings that build/generate the images will be saved and displayed.

The software agent already comes preconfigured to send certain data from the system on which it is installed. These usually are (depending on the version):

  • System CPU
  • Available space on the hard-drive
  • Free memory
  • Monitor of the programs and services states

1.5.2 Intervals in local modules

The local modules (or software agent modules) all have the interval of their agent as a "base". In other words, if an agent has an interval of 5 minutes (300 seconds), all modules will have an interval of 5 minutes by default. You can make a module have a HIGHER interval, but you can never make it lower than the agent's base interval, since the interval of a module is defined as a multiplier of the agent's interval.

If an agent has an interval of 300 and a module of that agent has the following configuration:

module_interval 2

The interval module will be 300x2. The module_interval parameter only supports whole numbers higher than zero.

1.5.3 Module Creation Interface

(Enterprise only)

In the Enterprise version, it is possible to create and manage local modules of the software agents if they have the remote_config 1 parameter. If you do not have the Enterprise version, all these operations must be done directly on the configuration file of the software agent, locally in the system where the agent is installed.

Creating local modules from the console is done using a text box form. This is the location to specify the configuration data, which will be placed into the configuration file of the software agent (besides the common configuration with the remote modules like thresholds, type and group).

Creating a module with the remote config enabled on the agent:

Local module editor.png

In this text box there are two buttons, one to create a basic configuration structure and the other to check that the data is correct. This check is intended for basic parameters, e.g. checking if it begins with 'module_begin', ends with 'module_end' and whether it has a valid type and name. Other parameters may be wrong, but that will not be detected here.

The field name and the type combo are linked to the 'module_name' and 'module_type' parameters of the data configuration. If the module name on the name field is changed, the configuration data name will be changed automatically and vice versa. If a type in the combo is selected, the data configuration type will be changed and if a correct type was written in the configuration data, this type will be selected automatically in the combo.

When a module from a local component is changed, it might have macros. If that is the case, the configuration data box will be hidden and a field for each macro will appear instead. You can find a detailed explanation of this feature in the following section:

Templates and components

1.5.4 Conditional Monitoring

1.5.4.1 Post-Conditions

Pandora FMS software agent supports the execution of commands and scripts as post-conditions. This means that actions could be performed depending on the value obtained in the execution of the module.

With the module_condition parameter, a value or range of values and the execution to be carried out must be indicated in case the module is between these values:

module_begin
module_name CPU_Usage_Condition
module_type generic_data
module_exec get_cpu_usage.pl
module_condition < 20 add_processes.sh
module_end

You can define multiple postconditions for the same module, e.g.:

module_begin
module_name CPU_Usage_Condition
module_type generic_data
module_exec get_cpu_usage.pl
module_condition (90, 100) remove_processes.sh
module_condition < 20 add_processes.sh
module_end

Some examples:

Execution if the module data is less than '20' :

module_begin
module_name CPU_Usage_Condition
module_type generic_data
module_exec get_cpu_usage.pl
module_condition < 20 add_processes.sh
module_end

If the script named 'get_cpu_usage.pl' returns '18', the software agent will execute the script 'add_processes.sh', otherwise it will not.

Execution with two postconditions:

module_begin
module_name CPU_Usage_Condition
module_type generic_data
module_exec get_cpu_usage.pl
module_condition < 10 start_new_server.sh
module_condition < 20 add_processes.sh
module_end

If the module returns '15', the software agent will only execute the script named 'add_processes.sh' - but if the value is '6', the script will execute both scripts named 'start_new_server.sh' and 'add_processes.sh'.

1.5.4.2 Pre-Conditions

The module_precondition parameter defines a precondition to evaluate before a module execution. Depending on the result of this precondition, the software agent will execute the module or not. The structure of the configuration file is:

module_begin
module_name CPU_Usage
module_type generic_data
module_exec get_cpu_usage.pl
module_precondition > 10 number_active_processes.sh
module_end

You can define multiple preconditions for the same module:

module_begin
module_name CPU_Usage
module_type generic_data
module_exec get_cpu_usage.pl
module_precondition > 10 number_active_processes.sh
module_precondition = 1 important_service_enabled.sh
module_end

In the example above, there are two preconditions. For the module to be executed all preconditions must be met, in this case two, so the module will only be executed when the number_active_processes.sh script returns a number higher than 10 and the important_service_enabled.sh script returns 1.

Module execution if the precondition is above '10' only:

module_begin
module_name CPU_Usage
module_type generic_data
module_exec get_cpu_usage.pl
module_precondition > 10 number_active_processes.sh
module_end

In the example above, the software agent executes the 'number_active_processes.sh' script, if the returned value is higher than '10'. If the returned value is lower than '10', the module will not be executed.

1.5.5 Intensive Monitoring

There are certain specially important modules, such as critical running processes or services. Intensive monitoring enables more controlled monitoring of these particular cases.

It consists of warning in a shorter interval that a problem has arosen without reducing the agent's general interval.

The software agent presents these two configuration parameters:

  • Interval: agent sampling time in seconds. This is the general range for all local modules. Required parameter.
  • Intensive_interval: time in which you will be notified of a problem on the especially critical modules. Optional parameter.

At module level, the module_intensive_condition parameter will be used to determine under which condition the status of the module will be notified in the time defined by the intensive_interval.

  • module_intensive_condition = 0: if the module obtains as a result the value indicated in this parameter (in this case 0), it will be notified in the intensive interval defined in the agent.

The following example shows the configuration of a agent about which it is desired to be notified in 10 seconds if the sshd process has stopped working:

intensive_interval 10
interval 300
module_begin
module_name SSH Daemon
module_type generic_data
module exec ps aux | grep sshd | grep -v grep | wc -l
module_intensive_condition = 0
module_end

If the service fails, you will be notified in the next 10 seconds. If the service is up, you will be notified in the next 5 minutes, like normally.

1.5.6 Programmed Monitoring

The software agent supports the definition of programmed modules which are executed in the defined instances. The syntax is the same as crontab. The module structure is the following:

module_begin
module_name crontab
module_type generic_data
module_exec script.sh
module_crontab * 12-15 * * 1
module_end

In this example, the module is executed every Monday from 12 to 15.

If you are required to execute the module every hour and ten minutes, you can use this module definition:

module_begin
module_name crontab
module_type generic_data
module_exec script.sh
module_crontab 10 * * * *
module_end

Info.png

Note that if you use an interval that causes the module not to report data, this module will go into "unknown" status. Use asynchronous modules for these cases.

 


1.6 Specific Monitoring for Windows

The software agent for Windows has specific features to make monitoring a lot easier. These features are explained with some examples:

1.6.1 Monitoring Processes and Process Watchdog

1.6.1.1 Process Monitoring

The parameter module_proc verifies whether a process with a preset name is running on this machine. The module definition is:

module_begin
module_name CMDProcess
module_type generic_proc
module_proc cmd.exe
module_description Process Command line
module_end

If the process name has blanks, do not use «" "». The process name is the same as the one shown in Windows Task Manager (taskmngr) including the .exe extension. It is very important to use the same upper and lower-case letters.

If you want the software agent to immediately notify you if a process is not working, add the parameter module_async yes. In this case, the module definition would be:

module_begin
module_name CMDProcess
module_type generic_proc
module_proc cmd.exe
module_async yes
module_description Process Command line
module_end

1.6.1.2 Watchdog Process

The watchdog feature on the Pandora FMS Agent for Windows allows immediate response to the failure of a process and restarts it. It is important to keep in mind that the watchdog only works if the module is of the asynchronous type.

The definition of a module with watchdog enabled would be as follows:

module_begin
module_name Notepad
module_type generic_data
module_proc notepad.exe
module_description Notepad
module_async yes
module_watchdog yes
module_user_session yes
module_start_command c:\windows\notepad.exe
module_startdelay 3000
module_retrydelay 2000
module_retries 5
module_end

In the previous example, the watchdog will be activated each time the notepad.exe process is deactivated and the command c: \windows\notepad. exe will be executed. In addition, if we look at the other watchdog configuration parameters, we will see that the process reactivation will be attempted 5 times with an initial wait time of 3 seconds and a waiting time between retries of 2 seconds. In this example, the notepad.exe process will be launched in the user's session.

1.6.2 Service Monitoring and Service Watchdog

1.6.2.1 Service Monitoring

The module_service parameter verifies whether a specified service is running on the machine. The definition of this module is as follows:

module_begin
module_name Service_Dhcp
module_type generic_proc
module_service Dhcp
module_description Service DHCP Client
module_end

If the service name has blanks, do not use «" "». To find the service name, look for the Service Name field under the Windows Service Manager. It is very important to use the same upper and lower-case letters.

If you want the software agent to warn you immediately when a service is down, add the parameter module_async yes. The module definition should be as follows:

module_begin
module_name Service_Dhcp
module_type generic_proc
module_service Dhcp
module_description Service DHCP Client
module_async yes
module_end

1.6.2.2 Service Watchdog

There is a watchdog mode for services which allows you to detect and restart a downed service almost in real time. A module definition example using watchdog would be the following:

module_begin
module_name ServiceSched
module_type generic_proc
module_service Schedule
module_description Service Task scheduler
module_async yes
module_watchdog yes
module_end

The watchdog definition for services has no need for any extra parameters because they are incorporated in the service definition.

1.6.3 Basic Resource Monitoring

This section describes how to monitor the basic variables of a Windows-based machine.

1.6.3.1 CPU Monitoring

The parameter module_cpuusage returns the CPU usage percentage.

It is possible to monitor the CPU based on its ID with a module definition like the following:

module_begin
module_name CPU_1
module_type generic_data
module_cpuusage 1
module_description CPU usage for CPU 1
module_end

It is also possible to monitor the average CPU usage from all systems with the following module:

module_begin
module_name CPU Usage
module_type generic_data
module_cpuusage all
module_description CPU Usage for all system
module_end

1.6.3.2 Memory Monitoring

To monitor the memory, you can use two parameters: module_freememory which returns the amount of free memory in the system and module_freepercentmemory which returns the percentage of free memory.

An example for a module using the module_freememory parameter would be:

module_begin
module_name FreeMemory
module_type generic_data
module_freememory
module_description Non-used memory on system
module_end

An example for a module using the module_freepercentmemory parameter would be:

module_begin
module_name FreePercentMemory
module_type generic_data
module_freepercentmemory
module_end

1.6.3.3 Hard Drive Monitoring

To monitor hard drive space, you may use two parameters: module_freedisk which returns the amount of available space and module_freepercentdisk which returns the percentage of available space. Both parameters require the monitored unit as an input. Do not forget the character « : ».

A module that uses the module_freedisk parameter is defined in this way:

module_begin
module_name FreeDisk
module_type generic_data
module_freedisk C:
module_end

A module example that uses the module_freepercentdisk parameter is defined in this way:

module_begin
module_name FreePercentDisk
module_type generic_data
module_freepercentdisk C:
module_end

1.6.3.4 WMI Queries

Pandora FMS Software Agent allows you to retrieve information by using WMI queries, which is a source of data widely used to obtain external or system-related information.

The software agent allows you to execute any local WMI query you want using the module_wmiquery parameter. To perform the query, WMI query is defined in the module_wmiquery parameter and the column that contains the information to be monitores with the module_wmicolumn parameter.

You will get a list with the installed services:

module_begin
module_name Services
module_type generic_data_string
module_wmiquery Select Name from Win32_Service
module_wmicolumn Name
module_end

You will also be able to get the current CPU load using WMI:

module_begin
module_name CPU_Load
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
module_wmicolumn LoadPercentage
module_end

1.7 Remote Checks with Software Agents

A remote check performed by the agent makes it easy to monitor complex networks that have special, security-related requirements.

This way of working is usually used when remote checks have to be launched on systems that the main Pandora FMS server does not have access to, for which it is possible to install a software agent, run remote checks from that point and distribute them in broker agents.

This section explains how to use this feature of the software agents.

1.7.1 ICMP Checks

ICMP or ping checks are very useful to know whether a machine is connected to a network or not. In this way, a single software agent could easily monitor the status of all machines.

UNIX

By using the UNIX software agent, you are able to use the system commands to create a module which performs the ping check. An example module definition would be:

module_begin
module_name Ping
module_type generic_proc
module_exec ping -c 1 192.168.100.54 >/dev/null 2>&1; if [ $? -eq 0 ]; then echo 1; else echo 0; fi
module_end

In this example module, a ping check is performed on the '192.168.100.54' host. To check a different host, change the IP.

Windows

The software agent for Windows platforms supports specific configuration parameters to configure ping checks:

  • module_ping_count x: Number of ECHO_REQUEST packages to be sent (Default value is '1').
  • module_ping_timeout x: Timeout in seconds (Default value is '1').
  • module_advanced_options: Advanced options for 'ping.exe'.

A module configuration example could be:

module_begin
module_name Ping
module_type generic_proc
module_ping 192.168.100.54
module_ping_count 2
module_ping_timeout 5
module_end

In this example, the same check is going to be performed as the previous one, but now the Software Agent for Windows platforms is going to be used.

1.7.2 TCP Checks

TCP checks are useful to verify whether a port of a host happens to be open or not. That may be interesting in case you want to know whether an application is connected to the network or not.

UNIX

You will able to perform the TCP checks through the following module by using the software agent for UNIX platforms:

module_begin
module_name PortOpen
module_type generic_proc
module_exec nmap 192.168.100.54 -p 80 | grep open > /dev/null 2>&1; echo $?; if [ $? == 0 ]; then echo 1; else echo 0; fi
module_timeout 5
module_end

This module will help you to check whether port 80 of the '192.168.100.54' host is open or not.


Windows

If you want to use the software agent for Windows, here you have some parameters to configure the module. They are:

  • module_tcpcheck: Host to be checked
  • module_port: Port to be checked
  • module_timeout: Timeout for the check

A module definition example is this:

module_begin
module_name TcpCheck
module_type generic_proc
module_tcpcheck 192.168.100.54
module_port 80
module_timeout 5
module_end

This module is the equivalent for the Windows software agent to perform the check on port 80 of the '192.168.100.54' host.

1.7.3 SNMP Checks

SNMP checks are commonly used to monitor network devices to check the interface status, inbound/outbound bytes, etc.

UNIX

If you are using the software agent for UNIX platforms, you may create the module using the 'snmpget' command like this:

module_begin
module_name SNMP get
module_type generic_data
module_exec snmpget 192.168.100.54 -v 1 -c public .1.3.6.1.2.1.2.2.1.1.148 | awk '{print $4}'
module_end

This module returns the value for OID .1.3.6.1.2.1.2.2.1.1.148 on the '192.168.100.54' host.

Windows

For Windows software agent, these are the parameters:

  • module_snmpversion [1,2c,3]: SNMP version (Default value is '1').
  • module_snmp_community <community>: SNMP community (Default value is 'public').
  • module_snmp_agent <host>: The host to monitor.
  • module_snmp_oid <oid>: OID.
  • module_advanced_options: Advanced options for 'snmpget.exe'.

A module example could be:

module_begin
module_name SNMP get
module_type generic_data
module_snmpget
module_snmpversion 1
module_snmp_community public
module_snmp_agent 192.168.100.54
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.148
module_end

This module would be the Windows platform equivalent for the previous check performed through the software agent for Unix.

1.8 Proxy Mode

Template warning.png

To use Pandora FMS agent's proxy mode on Linux or UNIX systems, the agent must -not- be executed by a root user ! You are required to perform a custom installation of the Pandora FMS agent to do so. You may look up all the details about custom installations in the section Custom Agent Installation.

 


Pandora FMS Software Agents have a Proxy Mode which allows them to act other software agent proxies, redirecting the communication of several agents to the Pandora FMS Server. The software agent with an enabled proxy mode is able to perform monitoring tasks too.


Proxy-mode.png


The Proxy Mode is very useful if you are dealing with a network in which only one machine can communicate with Pandora FMS Server and you need to monitor by means of software agents the rest of network computers. In this situation, the other computers will communicate with the proxy instead of the server.

In addition data forwarding through XML, the proxy mode supports Remote Configuration and File Collection features.

With all these features, the Proxy Mode offers a transparent operation of software agents in networks with limited connectivity.

To enable the Proxy Mode in a software agent, configure the following parameters:

  • server_ip: IP of the Pandora FMS Server.
  • proxy_mode: Enabled (1) or diabled (0).
  • proxy_max_connection: Maximum number of simultaneous connections for the proxy. The default value is '10'.
  • proxy_timeout: Proxy timemout. The default value is '1' (in seconds).
  • proxy_address: Address in which the proxy listens.
  • proxy_port: Port in which the proxy listens.

A configuration example:

server_ip 192.168.100.230
proxy_mode 1
proxy_max_connection 20
proxy_timeout 3

To redirect the connection of a software agent, enter as Pandora FMS server address that of the agent with the Proxy Mode activated. For example:

This proxy mode enabled agent has the IP 192.168.100.24

In the software agent which cannot directly connect to the Pandora FMS Server, configure the server_ip parameter in the following way:

server_ip 192.168.100.24

With this configuration, the software agent with limited communication will use the software agent in Proxy Mode to communicate with Pandora FMS server, keeping all its features such as remote configuration, policies or file collections.

1.9 Broker Mode

The software agent has a Broker Mode which allows one agent to monitor and manage the configuration as if there were several software agents installed:


Modo-broker.png


When the broker mode is activated in a software agent, a new configuration file is created. From that moment on, the original software agent and the new broker will be managed separately with their independent configuration files, as if they were two completely separate software agents on the same machine.

The main features of the Broker Mode are:

  • Sending local data as another agent. Very useful to monitor different software instances as different agents.
  • Sending the collected data from the remote checks to other machines as if a software agent had been installed on them.

To create a broker, add a line with the broker_agent <broker_name> parameter. It is possible to create as many broker agents as you wish, just by adding the corresponding broker_agent lines, as follows:

broker_agent dev_1
broker_agent dev_2

Once the brokers are created, the 'dev_1.conf' and 'dev_2.conf' configuration files will be created with the same content as in the original software agent, but with their corresponding name. By adding or deleting modules from 'dev_1.conf' and 'dev_2.conf' configuration files, you can customize the checks performed by the brokers.

On the Pandora FMS web console the brokers appear and will be managed independent agents, which means that if you have a software agent installed with two brokers, you will see three different agents with their modules, configurations, etc. on the web console.

NOTE: Broker agent instances cannot use file collections. If you want to use collections, distribute them and/or use them in the "real" agent that is used as a basis for the broker agent, not in one of its instances.

NOTE: Modules that save data within the memory between executions (module_logevent and module_regexp on Windows) will not work when broker agents are enabled.

1.9.1 Broker mode use Examples

1.9.1.1 Monitoring a local Database as a different Agent

The objective here is monitoring basic parameters (CPU, memory and hard drive) and monitoring an installed database separately.

To perform this monitoring, the following structure will be used:

  • Installed Software Agent: monitoring CPU, memory and disk.
  • Broker for the Database: monitoring internal status of the database.

The first step is installing the software agent on the machine to monitor the CPU, memory and hard drive parameters. Then the following line is added in the software agent configuration:

broker_agent DBApp

Secondly, a broker agent called 'DBApp' is created by adding this line, so a configuration file named 'dbapp.conf' will appear. Finally, the modules to perform the checks for the database are added in this configuration file:

module_begin
module_name Num Users
module_type generic_data
module_exec get_db_users.pl
module_end

module_begin
module_name Num slows queries
module_type generic_data
module_exec get_db_slows_queries.pl
module_end

By doing this, two agents will appear in the Pandora FMS web console: One bearing the name of the machine with the 'CPU', 'Memory' and hard drive modules and another one called 'DBApp' with the 'Num Users' and 'Num slows queries' modules.

1.9.1.2 Monitoring Devices Remotely Using Brokers

For this example, a software agent has been installed on a Windows machine, monitoring CPU, memory and hard drive. It is also required to monitor a router with the IP '192.168.100.54' without installing an agent on it. To solve the problem, brokers are used.

A broker will be created using the following parameter:

broker_agent routerFloor5

By adding this line, a broker agent will be created with the name 'routerFloor5'. The software agent was installed on a Windows machine, so the router can be monitored by using the ping and SNMP modules available for Windows software agents. To do that, the 'routerFloor5.conf' file must be modified by adding the following lines:

module_begin
module_name Ping
module_type generic_proc
module_ping 192.168.100.54
module_ping_count 2
module_ping_timeout 500
module_end

module_begin
module_name Eth 1 up
module_type generic_data
module_snmpget
module_snmpversion 1
module_snmp_community public
module_snmp_agent 192.168.100.54
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.1
module_end

module_begin
module_name Eth 2 up
module_type generic_data
module_snmpget
module_snmpversion 1
module_snmp_community public
module_snmp_agent 192.168.100.54
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.2
module_end

In this example, the web console of Pandora FMS shows two agents: One is the Windows machine with the 'CPU', 'Memory' and 'hard drive' modules and the other one is 'routerFloor5' bearing the modules named 'Ping', 'Eth 1 up' and 'Eth 2 up'.

1.9.1.3 Monitoring inaccessible networks remotely

In some cases, you need to monitor devices remotely where the Pandora FMS Remote Server cannot access them directly.


Broker example no access.png


In this example, some devices from one of the company facilities from the headquarters must be remotely monitored. The Pandora FMS Server is connected to the other company facilities in the headquarters using a VPN. Due to some restrictions, the Pandora FMS Remote Server cannot access the machines directly. To monitor the company's branches, the Broker Mode, which allows a software agent to send XML files to the Pandora FMS Server as if there were several different devices, is used.

One can add as many brokers as devices to be monitored to the configuration file of the software agent. A configuration example could be:

broker_agent device_1
broker_agent device_2
broker_agent device_3
broker_agent device_4
...

Once the brokers are created, the monitoring for each device can be customized by modifying the configuration file of each broker. For example, the configuration for the Windows machine called 'device_1' is:

module_begin
module_name Ping
module_type generic_proc
module_ping 192.168.100.54
module_ping_count 2
module_ping_timeout 500
module_end

module_begin
module_name CPU_Load
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
module_wmicolumn LoadPercentage
module_end

module_begin
module_name Mem_Free
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Memory
module_wmicolumn FreeMemory
module_end

module_begin
module_name Disk_Free
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Disk
module_wmicolumn FreeSpace
module_end

With this configuration, it is possible to configure remotely and send the files to Pandora FMS server in spite of the communication restrictions between the company's headquarters.

1.9.1.4 Shared Monitoring Load through Brokers

Broker mode is very useful for sharing and distributing the monitoring load within several network points.


Broker scalation example.png


In this example, the architecture has several networks named from A to Z with 1000 devices each. The capacity of the Pandora FMS Remote Server is about 2000 agents, so it is decided to use broker mode enabled software agents to share and distribute the monitoring load. These broker mode enabled software agents will monitor remotely all network devices and send the data in XML format to the Pandora FMS Central Server.

For each network, there is a broker mode enabled agent. On it, brokers will be created until the number of devices to be monitored is reached. An example configuration for the 'Broker_Agent_Net_A' software agent could be the following:

broker_agent device_1
broker_agent device_2
broker_agent device_3
broker_agent device_4
...

In addition, for each broker, the modules to monitor the devices are added. Example: The broker 'device_1' (which is a router) could have this configuration:

module_begin
module_name Ping
module_type generic_proc
module_ping 192.168.100.54
module_ping_count 2
module_ping_timeout 500
module_end

module_begin
module_name Eth 1 up
module_type generic_data
module_snmpget
module_snmpversion 1
module_snmp_community public
module_snmp_agent 192.168.100.54
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.1
module_end

module_begin
module_name Eth 2 up
module_type generic_data
module_snmpget
module_snmpversion 1
module_snmp_community public
module_snmp_agent 192.168.100.54
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.2
module_end

This is another example configuration for the device_2 broker, which monitors a Windows machine with the following modules:

module_begin
module_name Ping
module_type generic_proc
module_ping 192.168.100.54
module_ping_count 2
module_ping_timeout 500
module_end

module_begin
module_name CPU_Load
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
module_wmicolumn LoadPercentage
module_end

module_begin
module_name Mem_Free
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Memory
module_wmicolumn FreeMemory
module_end

module_begin
module_name Disk_Free
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Disk
module_wmicolumn FreeSpace
module_end

Using broker mode enabled software agents, makes sharing the load to collect data from thousands of devices easier.

1.10 Inventory using Software Agents

Pandora FMS Software Agents support inventory features for both hardware and software. The inventory system allows to keep a history of CPU, cards, RAM memory, patches, software, etc, used in the company servers. Furthermore, it is possible to generate alerts if there is a change in the inventory, e.g. if a disk was replaced or an application was uninstalled.

For further information on the subject, please have a look at the section Local Inventory through Software Agents.

1.11 UDP remote commands

1.11.1 How to ask an on-demand agent for information

Pandora FMS software agent includes the UDP Server feature, which allows to remotely indicate actions to an agent, such as restarting or executing a command.

The basic configuration parameters of the UDP Server in the software agents are:

  • udp_server: it enables (1) or disables (0) this feature.
  • udp_server_port: listening port of the UDP server in the software agent.
  • udp_server_auth_address: IP address where the UDP server accepts requests. You can set it to 0.0.0.0.0 to accept from all sources.

Configuration example :

udp_server 1
udp_server_port 41122
udp_server_auth_address 0.0.0.0

Now, to force the restart of the agent the udp_client. pl script must be used, present in the Pandora FMS server, and normally located in /usr/share/pandora_server/util. It can be run from the command line or used in an alert, making use of the command that is pre-configured in the "Remote agent control" console.

There is also a default alert action called Restart agent, which uses this script. It uses the action REFRESH AGENT on the udp_client. pl script to restart the agent if it has the UDP server listening.


Agent restart action.png


Follow these steps to enable the Software Agent's remote refresh option:

1. In the configuration file, set up the options for the software agent (UNIX or Windows). Be mindful on the authorized IP address (is the Pandora FMS server behind a NAT?), or just type in '0.0.0.0' on that field to allow any IP address to force a refresh of the agent.

2. Restart the software agent for the changes to be applied.

3. Associate the Restart agent alert to the module of some agent (it is necessary that this agent has the IP address correctly configured).

4. Force the execution of the alert or force an incorrect state of the module to trigger the alert.

Now, thanks to this action, it is possible to manually force the alert at any time to refresh the agent software remotely and get the information quickly.

1.11.2 Custom remote commands

Apart from the Refresh agent command, you can specify new and custom actions for the agents to perform under the Pandora FMS server's UDP orders.

If you are interested, make a slight modification in pandora_server.conf, apart from enabling the udp service as well as configure it so that it receives the server's orders:

udp_server 1
udp_server_port 41122
udp_server_auth_address <server IP>

Then add a line for each custom command you want to perform, following this syntax:

process_nameofthecommand_start <command>

For example, if you want to create a custom command to start sshd service, you should add a line like this one:

process_sshdproc_start /etc/init.d/sshd start

Then create a new alert action at Pandora FMS Console for each remote command you made. You can copy the "Remote agent control" action, which is already prepared to send UDP commands. Set "START PROCESS sshdproc" on Field 1, as seen on the screenchot.


Udp process.JPG


Now, you only need to set a new manual alert with the new alert action on the agent whose sshd service you wish to start. When the alert is forced, the order will be launched and the agent will start the service.

Info.png

Custom orders can also be created to execute scripts. This allows a huge variety of remote actions to be performed on a remote agent just by clicking a button.

 


1.12 Plugins in software agents

They are characterized by performing complex advanced checks from the software agents, being able to return several modules as a result instead of a single value. Unlike the server plugins, which are executed by Pandora FMS server, agent plugins return their data in an XML, reporting one or several modules at the same time.

1.12.1 Execution on Windows systems

In Windows, all the default plugins are programmed in VBScript. To run them, it is vital to use the appropriate interpreter indicating the full path.

Here are some examples of how to use the default plugins included in the Windows agent:

module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\logevent_log4x.vbs" Application System 300
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\ps.vbs" iexplore.exe myapp.exe

The Windows agent includes several ready-to-use plugins.

1.12.2 Execution on Unix systems

Unix plugins are by default in the directory "/plugin" of the agent directory, in /etc/pandora/plugins, so it would not be necessary to use the full path in its execution if they are in this directory.

Here are some examples of using plugins:

 module_plugin grep_log /var/log/syslog Syslog .
 module_plugin pandora_df tmpfs /dev/sda1

The Unix software agent comes with several plugins by default ready to work.

1.12.3 Plugin use Examples

Plugins for the software agent can return a piece of data or a group of data. An example of a plugin that returns a piece of data can be the Windows ps. vbs plugin, which simply checks whether a process is running. With the next line the plugin is run:

module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\ps.vbs" IEXPLORE.EXE

The result will be a module that returns 0 if the process is not active and 1 if it is active:

<module>
    <name><![CDATA[IEXPLORE.EXE]]></name>
    <description><![CDATA[Process IEXPLORE.EXE status]]></description>
    <data><![CDATA[1]]></data>
</module>

An example of a plugin that returns several data can be the Windows plugin df. vbs. The line to run this plugin would be:

module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"

The plugin returns one module for each found disk, the result would be:

<module>
    <name><![CDATA[C:]]></name>
    <description><![CDATA[Drive C: free space in MB]]></description>
    <data><![CDATA[8050]]></data>
</module>

<module>
    <name><![CDATA[D:]]></name>
    <description><![CDATA[Drive D: free space in MB]]></description>
    <data><![CDATA[900]]></data>
</module>

1.12.4 Agent Plugin Management from the Console

In the Enterprise version, it is possible to manage software agent plugins from the console without directly editing the configuration file.

If an agent has remote configuration activated, the plugin editor tab is available in its administration view.



Plugin editor tab.png

This section shows the list of active plugins in the agent, and allows you to delete, add or deactivate them. In the case of policy plugins, it may be useful to disable them because they will remain disabled when the policy is re-applied.



Plugin editor.png

The plugins managed in this editor can also be edited from the agent configuration file.



Plugin editor conf.png

1.12.5 How to create your own agent plugins

Plugins can be created in any programming language. They only have to obey to these rules:

  • Regardless of what you want to do, it must be automatic (without user interaction), and it must be done from the shell. You can use any type of scripting language or compiled language, but in that case you must also distribute, in addition to the executable, all libraries (or DLL) that are necessary for the plugin to run.
  • The plugin must return the information through the standard output (simply using echo, printf or the equivalent in the language that will be used for the plugin), and must use the XML format of Pandora FMS agents to return the information.

This is an example of a numerical module in XML:

<module>
<name><![CDATA[Sample_Module]]></name>
<type><![CDATA[generic_data]]></type>
<data><![CDATA[47]]></data>
<description><![CDATA[47]]></description>
</module>

The data contained in the <!CDATA[xxx]]> are used to protect XML from certain information that may contain "difficut" characters for XML, such as <, >, & or %.

Before trying to create a plugin, visit the Pandora FMS plugin library at https://library.pandorafms.com, and if you decide to create your own plugin, send it to the public library, so that others can use it.

Template warning.png

Make sure you finish the output of your plugin (if it is a script) with an error level 0, or the agent will think that the plugin has had an error and was not able to be run.

 


1.12.5.1 Shellscript (Linux/Unix) plugin example

#!/bin/bash
# Detect if local Mysql is without password
# First, do we have a running MySQL?
CHECK_MYSQL=`netstat -an | grep LISTEN | grep ":3306 "`
if [ ! -z "$CHECK_MYSQL" ]
then

        CHECK_MYSQL_ROOT=`echo "select 1234" | mysql -u root 2> /dev/null | grep 1234`
        if [ -z "$CHECK_MYSQL_ROOT" ]
        then
        echo "<module>"
        echo "<type>generic_proc</type>"
        echo "<name>mysql_without_pass</name>"
        echo "<data>1</data>"
        echo "<description>MySQL have a password</description>"
        echo "</module>"
        else
        echo "<module>"
        echo "<type>generic_proc</type>"
        echo "<name>mysql_without_pass</name>"
        echo "<data>0</data>"
        echo "<description>MySQL do not have a password</description>"
        echo "</module>"
        fi
fi

exit 0

1.12.5.2 VBScript (Windows) plugin example

' df.vbs
' Returns free space for available drives.
' --------------------------------------

Option Explicit
On Error Resume Next

' Variables
Dim objWMIService, objItem, colItems, argc, argv, i

' Parse command line parameters
argc = Wscript.Arguments.Count
Set argv = CreateObject("Scripting.Dictionary")
For i = 0 To argc - 1
    argv.Add Wscript.Arguments(i), i
Next

' Get drive information
Set objWMIService = GetObject ("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery ("Select * from Win32_LogicalDisk")

For Each objItem in colItems
	If argc = 0 Or argv.Exists(objItem.Name) Then
		If objItem.FreeSpace <> "" Then
			Wscript.StdOut.WriteLine "<module>"
			Wscript.StdOut.WriteLine "    <name><![CDATA[" & objItem.Name & "]]></name>"
			Wscript.StdOut.WriteLine "    <description><![CDATA[Drive " & objItem.Name & " free space in MB]]></description>"
			Wscript.StdOut.WriteLine "    <data><![CDATA[" & Int(objItem.FreeSpace /1048576) & "]]></data>"
			Wscript.StdOut.WriteLine "</module>"
            Wscript.StdOut.flush
		End If
	End If
Next

1.12.6 Using Nagios plugins from the agent

Nagios has a large number of plugins that can be used with Pandora FMS. One way to do this is using remote plugins with the Plugin Server, using Nagios compatibility. But in this way, you will only get the statuses, since it does not use the descriptive output that some plugins for Nagios have.

Using the wrapper to use Nagios plugins in the software agent will solve this problem. The wrapper comes by default with the Unix 3.2 agent. An equivalent plugin for Pandora FMS Windows agents can be downloaded from the Pandora FMS resource library, at [2]).

What does the plugin wrapper do for Nagios plugins?

It executes the Nagios plugin, using its original parameters and turning the output into useful data for Pandora FMS. It has two types of information:

  • Status information: NORMAL (1), CRITICAL (0), WARNING (2), UNKNOWN () and others (4). By default, they will use a proc module, so the NORMAL and CRITICAL values are working "by default". If you wish to have information about WARNING and other values, you must configure the module thresholds manually.
  • Descriptive information: generally string information. It will be placed in the module description field. Usually something like "OK: successfully logged in."

1.12.6.1 Example

If you have a pop3 plugin (in /tmp/check_pop3_login) with the run permissions, (which checks whether the pop3 account is working only by connecting to a remote host, sending a user and password and displaying everything is correct), then you can run it from the command line:

/tmp/check_pop3_login  mail.artica.es [email protected] mypass

I will return something like :

OK: successfully logged in.

And if it is not right, it will return something like this:

Critical: unable to log on

Using the wrapper is easy. Just put the wrapper and the name you want into the module before executing the call:

/etc/pandora/plugins/nagios_plugin_wrapper sancho_test /tmp/check_pop3_login  mail.artica.es [email protected] mypass

This will generate a complete XML for the agent plugin.

<module>
<name>sancho_test</name>
<type>generic_proc</type>
<data>0</data>
<description><![CDATA[Critical: unable to log on]]></description>
</module>

Or:

<module>
<name>sancho_test</name>
<type>generic_proc</type>
<data>1</data>
<description><![CDATA[OK: successfully logged in.]]></description>
</module>

The complete entry in pandora_agent. conf will be something like:

module_plugin nagios_plugin_wrapper POP3_artica.es /tmp/check_pop3_login mail.artica.es [email protected] mypass

This will look similar to this in the module (in the fail event):


Sample plugin wrapper.png

1.13 Monitoring with KeepAlive

There is a special module which has a unique type called "keep_alive" and it is used to give information in the absence of contact with the agent. It is useful to know when an agent has stopped sending information and receiving an alert of this fact.

When there is a module, remote or local, that obtains information from the agent, the date of last "contact" with the agent is updated, so that whenever there is data, even if it is only one module of the total, the agent will have updated its date of last contact, which is useful to know if the agent "does not respond". Specifically, an agent is considered "dead" when it has not updated its date in twice the time of its interval, that is, if it has an interval of 5 minutes, and it has been more than 10 minutes since it sent an update, the agent is considered dead.

This is the case when the keepalive module comes into play, triggering and marking the monitor into Critical status.

Configuring this type of modules is very easy, just create a new module type "KeepAlive".:



Keepalive.JPG


Once created, if the agent has data, within its interval, it will always be in "NORMAL" status (green):

Keepalive1.png


If the agent stops sending data (in this example, it had an interval of 1 minute), then it will automatically jump and be set to CRITICAL (red) status:

Keepalive2.png


It should be noted that if you have a remote module, for example, a Ping, in addition to the data reported by the agent, the keepalive module would never be triggered, since you are constantly updating the agent through Ping.

The keepalive module also behaves like any other module, it can be associated with an alert and can be used for any other element: reports, maps, etc.

Info.png

The keepalive module can be created only from the console (even if you do not have remote configuration enabled) and leaves no trace in the pandora_agent.con file.f

 


1.14 Command screenshot monitoring

Commands that have extensive outputs, such as top or netstat can be captured completely by a module and fully displayed. The module must be configured as a text type.

In the next screenshot, the result of one of these modules is shown, in this case the output of netstat -an:


Snapshot 1.png


Template warning.png

In order for it to work like this, it is necessary to configure properly both the Pandora FMS console (setup) and the agent that collects this information, making sure that it is untreated text.

 


To configure the console properly, make sure that in the main setup section you have the "Command line snapshot" property activated:

Command line snapshot setup.png

1.15 Image monitoring and visualization

This method allows you to define string type modules (generic_data_string or async_string) that contain images in text format with base64 encoding, being able to display that image instead of a specific result. This is stored as text information, and displayed in a different way, not as simple data, but by means of reconstructing an image.

This is how you can see the output of a text string with the content "data: image" (image in base64), captured by Pandora FMS, when clicking on the special icon for screenshot:


Snapshot text 1.png


To capture these images, just write a plugin that sends all the data, generating the necessary XML tags, and running the plugin as such, with the module_plugin directive. Let us see the following example plugin, which generates the output of an image, as you have just seen in the previous capture:

#!/bin/bash
echo "<module>"
echo "<name>Last football championship winner</name>"
echo "<type>async_string</type>"
echo "<data><![CDATA[data:image/jpeg;base64,/9j/4AAQSkZ....]]></data>"

The previous data would be generated by a device/application rendering images in base64.

echo "</module>"

Save that content in a file in the agent (or distribute it with file collections) and run it as follows:

module_plugin <complete path to the file>

1.16 Password protected groups

By default, when an agent sends data for the first time to the Pandora FMS server, it is automatically added to the group that has been defined in the agent configuration file. This means that, in practice, anyone can add an agent to a group if they know the group name. This could be a problem if several clients share their Pandora FMS instance or if you want to control what is in each group.

We can optionally configure a password for a group from the Pandora FMS Console. An agent will not be added to a group unless the correct password has been specified in the agent configuration file.

1.16.1 Example

To set a password for a group, navigate to the group editor and click on edit, enter the group password and save your changes:

Passgr1.JPG

To add a new agent to this group, edit your configuration file and add the following configuration option:

 group_password <password>

Do not forget to restart the agent to make the changes effective. The agent should be created correctly in the Pandora FMS console.


Go back to Pandora FMS documentation index