Pandora: Documentation en: Remote Monitoring

From Pandora FMS Wiki
Jump to: navigation, search

Go back to Pandora FMS documentation index

1 Remote Monitoring

1.1 Introduction

Pandora FMS Network Server is an essential piece of Pandora FMS, because it allows remote checks to be conducted from a central point. The Data Server and the Network Server are carrying out the tasks they have been assigned through a multiprocess queue system. A network server can also work with other network servers, balance the load and act as a support device in case another network server fails, carrying out the work the failing server was supposed to do. If you would like to know more about High Availability (HA) under Pandora FMS, please take a look at this chapter.

Our Network Servers only work with assigned network modules. Because there are network tests to perform, the Network Server should of course have complete visibility (IP addresses and ports) over the devices you are going to perform the tests on. It is completely futile to perform tests against a system with ports which cannot be seen or for which you do not have the proper paths. The existence of firewalls (or the problems generated though the existence of these kinds of devices) or pre-existing paths in the network have nothing to do with Pandora FMS nor with one of its specific configurations.

Remote-monitoring.jpg

1.2 Remote Network Modules

Pandora FMS Network Modules carry out remote monitoring tasks. The remote execution of tasks can be summarized in three blocks:

ICMP Tests

These tests consist of whether a machine answers to a 'ping' ('remote_icmp_proc') or the latency of a system in milliseconds ('remote_icmp'). In both cases, the tests are conducted by the network server to which the agent which contains these network modules is assigned.

TCP Tests

In this test, it is going to remotely checked if a system has opened the TCP port which was specified in the module definition. Additionally, a text string can be sent (using the string '^M' to replace the 'CR'). By receiving a response sub string, you are able to check whether the communication is alright. This method allows easy protocol checks to be implemented. We can check whether a server is 'alive' by sending the following string:

GET / HTTP/1.0^M^M

We suggest waiting a moment to be able to receive the '200 OK' string here.

SNMP Tests

It is possible to launch SNMP petitions remotely (called 'SNMP Polling') which are accessible and have activated SNMP services to obtain data like: 'state of the interfaces' and 'consumed network bandwidth by interface', etc. If you want to know more about SNMP, please take a look at the section for SNMP with Pandora FMS here.

Pandora 1.3 Network&DataServer Arch.png

In conclusion it is quite obvious that the network server is the one which carries out the different network tests assigned to each agent. Each agent is assigned to a Network Server - and it is this Network Server the one that executes the task and transfers the results to the DB of Pandora FMS.

1.2.1 General Configuration of a Module for Network Monitoring

To remotely monitor any kind of equipment or an equipment service (FTP, SSH, etc.), you are required to create the corresponding agent to monitor the service first.

Info.png

When talking about creating an agent, it does not mean installing a software agent in the target machine, but creating an agent in the Pandora FMS interface.

 


Please go to the Pandora FMS section for console administration and click on Resources > Manage agents:

Anvi.jpg

In the following screen, please click on Create agent:

Bibi.jpg

Please enter the proper data to define your new agent and click on Create:

Raro.jpg

Once you have created the agent, please click on the drop down menu of the modules. Please select 'Create a new network module' in it and click on the Create button:

Sasa.jpg

Please select a network component module in the following form: Look for the check you need in the drop-down menu on the right. In this example, we have selected 'Host Alive' which represents a ping for the machine. It is a simple check to find out if the machine is connected to the internet or not.

Alive.jpg

The advanced options will be discussed later on. Make sure the modules have obtained the agent's IP address. You are also able to enter a different IP address here. Once you have finished defining the module, press the Create button.

In the following screen, all modules for the agent are shown. On the picture below, you can see the preset Keepalive (which was created along with the agent) and the added 'Host Alive' module:

Kiji.jpg

As you can see, there is a warning attached to the modules. The warning only means that no data has been received by the module yet, because it has been added just a moments ago. Once the modules begin to receive data, the warning disappears.

To see the data from the newly created module, just click on the 'view' button on the top right and look at the bottom where the data is going to appear if it starts to receive anything:

Keso.jpg

To perform another kind of network check, we suggest proceeding exactly as described above, but with a different kind of module.

1.2.2 ICMP Monitoring

The previous example was the one of ICMP monitoring. These are the more basic and simple checks which give us important and precise information. There are two kinds of ICMP checks:

  • icmp_proc, host (ping) check which allows to come to know if an IP address responds or not.
  • icmp_data or latency check. It basically tells us the time in milliseconds it takes to respond to an ICMP basic query.

1.2.3 TCP Monitoring

TCP check allows to check the state of a port or a TCP service.

There are two specific fields for TCP tests:

The main parameters of these type of modules are target port, target IP, and the TCP send and receive data.

By default, TCP check is simply a test for whether the destination port is open or not. You are also able to send a text string and wait to receive something which will be processed directly as data.

It is possible to send a text string (using the «^M» string to replace the CR) and to wait if you are going to receive an answer substring to check whether the communication is functioning properly or not. This allows simple protocol checks to be implemented. If you want to check whether a server is alive or not, you may send the following string:

 GET / HTTP/1.0^M^M 

Then just wait to receive the string:

200 OK

This string is coded in 'TCP send' and 'TCP receive' fields.

TCP send

The field to configure the parameters intended to be sent to the TCP port. It accepts the '^M' string as a replacement for the CR sending. To send several strings in a row in a send/response manner, you are required to separate them by the character:

TCP receive

The field to configure the text strings which we expect to receive on the TCP connection. If they send/receive in several steps, each step should be separated by the '|' (pipe) character.

By means of the Pandora FMS TCP check, you are able to perform more things than just inspecting whether a port is open or waiting for an answer from a simple request. It is possible to send data, wait to receive something, send something afterwards, wait to receive something and so on. Only if all the processes are carried out in the right way, are you able to validate the results.

To use the Pandora FMS Dialog and Response Checking System, you may separate the different petitions by the | ('pipe') character.

This is an example of an SMTP conversation:

R: 220 mail.supersmtp.com Blah blah blah
S: HELO myhostname.com
R: 250 myhostname.com
S: MAIL FROM: 
R: 250 OK
S: RCPT TO: 
R: 250 OK
S: DATA
R: 354 Start mail input; end with .
S: .......your mail here........
S: .
R: 250 OK
S: QUIT
R: 221 mail.supersmtp.com Service closing blah blah blah

If you want to check the first protocol points, the necessary fields to emulate this conversation would be:

TCP Send

HELO myhostname.com^M|MAIL FROM: ^M| RCPT TO: ^M

TCP Receive

250|250|250

If the three first steps are OK (code 250), then the SMTP is working properly. You do not need to send a complete mail here (but you could, in any case). This enables protocol-based TCP checks which could be used for any protocol that uses plain text conversations.

1.2.4 SNMP Monitoring

1.2.4.1 Introduction to SNMP Monitoring

When we talk about SNMP monitoring, the most important thing is to separate the testing concepts (polling) and traps. SNMP testing means ordering Pandora FMS to forward an 'snmpget' command against an SNMP device such as a router or a switch (or even a computer with an installed SNMP agent). This is a synchronous operation (every X seconds). Receiving an SNMP trap, on the other hand, is an asynchronous operation (that might or might not happen in a million years). It is commonly used to receive 'alerts' coming from a device, e.g. if a switch knocks down a port or its fan is too hot.

To use the SNMP monitoring test, you are only required to add an SNMP module under Pandora FMS which creates a new network module. The majority of the SNMP items which report data in the incremental way ('generic_data_inc'), e.g. when it asks for a value, it reports the 'global' quantity of information, if a total amount of bytes gets collected from the moment the device starts. This would be necessary to extract the last quantity of bytes known from the one which is working and gets divided by the seconds from the last known data. This division is going to provide the required data for displaying 'bytes per second' display. This operation is done with Pandora FMS using generic data inc.

Using SNMP Traps is something completely different. It is possible to receive traps from any device without the necessity of configuring anything (except the SNMP console). If a trap gets received, it will appear on the SNMP console.

It is possible to define an alert, based on OID (the code that identifies a trap, something similar to 3.4.1.1.4.5.24.2), in an IP agent or in a custom data (data that could be in the trap). It is also possible to order Pandora FMS to copy the information on a special text module in the agent. If the agent is defined, this operation is called SNMP Traps transfer.

Pandora FMS is able to work along with any device that supports SNMP. It currently works with SNMP versions 1, 2, 2c and 3.

Pandora FMS works with SNMP using individual OIDs, where each OID is a network module for it. If you want to monitor a 24-port 'Cisco Catalyst' switch and find out the operating system and the entry and exit port, you have to define a total of 72 modules (24 x 3).

To work with SNMP devices, you are required to know the following:

  • What the SNMP Protocol is and how it works. The published RFC3411 from the IETF describes it in detail here: https://www.ietf.org/rfc/rfc3411.txt
  • The IP and the SNMP community of the remote device.
  • How to activate the device's SNMP management so that you are able to perform SNMP queries from the network server.
  • The specific OID of the remote device which you want to check.
  • How to manage the data that will be returned by the device. SNMP devices usually return data in different formats.

This network server should be the one assigned for the agent if you are going to define network modules. You also need to keep in mind that, if you want other network servers to do queries (in case the assigned server fails), they will perform the queries with other IP addresses.

Pandora FMS could manage almost all of them, except the 'timetick' that gets managed as a numeric format without converting it to date / hour. Pandora FMS manages counters of the 'data' kind as 'remote_snmp_inc'. They are of special importance, since they are counters which cannot be considered numeric data. The majority of the SNMP statistical data are of the 'counter' kind and it is necessary to configure them as 'remote_snmp_inc' if you want to monitor them properly.

1.2.4.2 Monitoring through Network Modules with SNMP

To monitor any element through SNMP, you should at least know its IP and its SNMP community. It would also be quite important to know the OID that you want to monitor, although you could obtain it by means of an SNMP Walk as long as you know where each OID comes from. To monitor an element through SNMP, you first have to create an agent for it. If you already have one, simply add a new network module and follow the previous instructions.

Once the module has been created, select an SNMP data type in the configuration module form just like the ones shown on the image:

Cap5 snmp 1.png

Any of the three SNMP data types are valid. Simply select the one which matches the type of data that you want to monitor.

Once you have selected an SNMP data type, the form will expand, showing additional fields for SNMP like the following:

Cap5 snmp 2.png

Next, define the fields:

SNMP community

The SNMP community is necessary to monitor the element. It acts as a password.

SNMP version

The SNMP protocol version of the device. It could be 1, 2, 2c or 3.

SNMP OID

The OID identifier to monitor. They can consist of numeric values. Alphanumeric values are internally transformed into numeric values by the system (which are the ones used to do the request) by means of a dictionary called MIB.

An alphanumeric OID can be similar to this one:

  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3

The numeric equivalent would be something like this:

  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3

Without the MIB, the alphanumeric format is invalid. Installing an MIB on the system is not easy task, so it is recommended to work with numeric identifiers directly, although it is a little more cryptic. The above shown is much more portable and it also does not pose any trouble for you, because it does not require MIBs.

Pandora FMS includes some OIDs in its database which could be used directly. If you are going to create the module, select the 'Cisco MIBs' component to show a list of the available MIBs for Cisco devices:

Cap5 snmp 4.png

Once you have selected the proper component, you will be able to pick the available MIB for it:

Cap5 snmp 5.png

By doing this, the fields will be filled out with the necessary information.

There are more MIBs included in Pandora FMS. With Enterprise Version, there are several MIB packages for different devices included. Once you have entered the data, please click on the Create button.

To see the data of the module which has been just created, just click on the upper flap named View and take a look at the bottom of the page, where the data will be displayed once it starts to receive any. With these data you could see a realtime SNMP graph.

SNMP nueva.png


1.2.4.3 SNMP Monitoring from Agents

Windows software agents have a feature for obtaining SNMP information. In Unix/Linux snmpget agents is usually available, so it can be called from the module_exec line.

We have added the 'snmpget.exe' feature to the Windows agent by default (which is part of the 'net-snmp' project and comes with a BSD license). We have also added the basic 'MIBs' and a wrapper / script to wrap the call into the 'snmpget.exe' feature.

Using this call, you are allowed to monitor SNMP from an agent, obtaining information from any remote system to which the agent has access to, so you can work as a 'satellite agent' or 'proxy agent' (just as the manual says).

Under Windows, the syntax for the execution is:

module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>

Some examples of SNMP modules executed by Windows agents are:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec getsnmp.bat public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_if3_desc
module_type generic_data_string
module_exec getsnmp.bat public 192.168.55.1 IF-MIB::ifDescr.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec getsnmp.bat public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

The same examples, executed under UNIX agents:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec snmpget -v 1 -c public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec snmpget -v 1 -c public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

It is important to remember that only the 'basic' OIDs are translatable for their numerical equivalent. It is advisable to always use numerical OIDs, because we do not know if the tool would otherwise be able to translate it or not. In any case, the MIBs can always be obtained in the '/util/mibs' directory under Windows or in '/usr/share/snmp/mibs' under Linux.

1.2.5 Pandora FMS SNMP MIB Browser

The SNMP explorer can be accessed through the Monitoring > SNMP > SNMP Browser menu.

The first thing to be understood is that Pandora FMS makes a complete path of the device tree, so if it is big (like a switch) this operation can take several minutes. You can also choose to explore only one sub-system, which will save you a lot of time.

For example, to get CISCO information only, you could explore your cisco sub-mib enterprise starting with:

 .1.3.6.1.4.1.9

The browser is used to navigate, which means clicking on each tree and sub tree to arrive at the last piece of information on the branch, which is a sole OID with a single value. Click the 'eye' icon to get the value of the OID. The system will try to locate the description and human-readable OID translation if the MIB for that branch is available. If you do not have an MIB available, the only thing you can see is the numerical OID information, value and data type. The descriptive information is stored in MIB files. If you want to know more about this topic, please follow this link [1]. If you do not have an MIB for the device you intend to browse, you probably have to 'dig search' in the values - which is pretty complex and takes a lot of time.

The Pandora FMS SNMP MIB Browser allows you to search for a text string or numerical value in the OID's values and also the translated OID's (if available). It could be very helpful to be able to search for known values to identify the matching OID value. If there are several matches, you're able to browse within them. Matches are displayed in yellow.

Snmp browser module creator.png

From the SNMP browser, you can create a network component for later reuse.

Snmp browser from module creation.jpg

From the SNMP module editor, when you create or edit a network module, you can launch the SNMP browser by clicking on the "SNMP Browser"button, which will open it in a floating window. Once you have chosen the OID you are looking for, by clicking on the icon of the hand with the finger pointing downwards, choose that OID and move it to the corresponding field of the module definition, automatically, for its use in Pandora FMS.

1.2.6 MIB Management

Through Pandora FMS you can upload and manage the MIBS to be able to add new mibs or delete the ones that are not revelant. These MIBs will be only used by Pandora FMS, which will also use the operating system (in /usr/share/snmp/mibs). Pandora FMS will use the {PANDORA_CONSOLE}/attachment/mibs path to store the mibs.

New snmp browser mibmanager.png

It is important to point out that Pandora FMS MIBs manager only manages the "polling" mibs that have nothing to do with SNMP traps mibs. For this functionality there is another manager, exclusive to the Enteprise version of Pandora FMS.

1.2.7 Pandora FMS SNMP Wizard

In the agent management view, there is a set of tools specifically created to create modules remotely: The Agent Wizard.

Agent wizard.png

1.2.7.1 SNMP Wizard

Agent wizard snmp wizard.png

You must set up the IP target, the community and other desired parameters (SNMP v3 is supported) to make an SNMP-Walk to the host.

Snmp wizard form.png

Once the data is correctly retrieved, a form for module creation will appear:

Snmp wizard module creator.png

It is possible to create modules from the following kinds of SNMP data through the SNMP Wizard:

  • Devices
  • Processes
  • Free Space on Harddrives
  • Temperature Sensors
  • Other SNMP Data

You may select the kind of module and add the desired elements from the left combo to the right one. Once you have completed this process, please click on the 'Create modules' button.

This wizard will create two kinds of modules:

  • SNMP Modules for data with a static OID (sensors, memory data, CPU data, etc.).
  • Plugin Modules for data with dynamic OID or calculated data (processes, disk space, used memory in percentage, etc).


Template warning.png

For plugin modules the remote SNMP plugin will be used. So if the plugin is not installed in the system, these features will remain disabled. The plugin must be named "snmp_remote. pl". The location where it is hosted will not matter.

 


1.2.7.2 SNMP Interface Wizard

Agent wizard snmp interfaces wizard.png

In the Agent Wizard, there is an SNMP wizard specifically created for browsing interfaces.

This Wizard browses the SNMP branch IF-MIB::interfaces, offering the possibility of creating multiple modules of different interfaces with multiple selections.

Like the SNMP Wizard (after selecting the IP target, community, etc.), the system directs an SNMP query on the host and fills out the module creation form.

Select one or more interfaces from the left combo. After that, the common elements available to them (e.g. description, speed, inbound / outbound traffic, etc.) will appear on the right. You can select one or more elements of this combo and click on 'Create modules' to create these modules for each selected interface in the combo on the left.

Agent wizard snmp interfaces creation.png

1.2.8 Common Advanced Features of Network Modules

The following screen shows the advanced features for network module configuration:

Cap5 snmp 8.png

Description

Module description. There is already a default description which can be changed.

Custom ID

Custom identifier which is necessary if you wish the server to send multicast messages with information about agents. You can also use this field to integrate Pandora FMS data into an external information system like a CMDB.

Interval

The module's execution interval. As shown in the example, it could be different from the agent's interval.

The values shown depend on those configured in the "Settings > Visual Styles" section in the "Interval Values" section.

An administrator user will be given the possibility to define a custom interval at the time of creating or editing a module, standard users will only be able to define previously configured intervals, displaying the default ones when not being defined in "Visual Styles".

Post Process

The module's post processing. It is useful to multiply or divide the returned value, e.g. when you obtain bytes and you want to show the value in Megabytes.

Min. Value

The module's minimum value. Any value lower than the one defined here will be considered 'invalid' and ruled out.

Max. Value

The module's maximum value. Any value higher than the one defined here will be considered 'invalid' and ruled out.

Export Target

It is useful to export the values returned by the module to an Export Server. It is available in the Pandora FMS Enterprise Version only, and could come in pretty handy if you have configured an export server previously. Check the section on the export server for more details.

CRON

If Cron from is set, the module will be run once when the current date and time match the date and time configured in Cron from, ignoring the module's own interval. For example, the following configuration would cause the module to be run every Monday at 6:30:

Cron from ex1.png

If both Cron from and Cron to are set, the module will be run once when the current date and time fall between the date and time configured in Cron from and the date and time configured in Cron to, ignoring the module's own interval. For example, the following configuration would cause the module to be run everyday between 6 and 7:

Cron from ex2.png

For local modules, the corresponding module_crontab line is added to the agent's configuration file. See Programmed Monitoring for more information.

Timeout

Time the agent is going to wait for the execution of the module in seconds.

Category

This categorization has no effect on the normal user interface, it is intended to be used together with the meta console.

1.3 Windows Remote Monitoring with WMI

WMI is a micro system for remote information of computers running Windows OS, it is available from Windows XP version to the most current versions. WMI allows you to get all kinds of information from OS, applications and even hardware. WMI queries can be made locally (in fact, Pandora FMS' agent does it internally, calling the API of the operating system and asking the WMI subsystem) or remotely. In some systems, remote access to WMI is not enabled and must be enabled in order to be consulted from the outside.

Pandora FMS allows remote monitoring of Windows equipment through WMI queries. To do this it is be necessary to enable the component wmiserver in the configuration file of Pandora FMS server.

# wmiserver : '1' or '0'. Set to '1' to activate the WMI server in this setup.
# DISABLED BY DEFAULT
  wmiserver 1

Queries are made in WQL, a kind of Microsoft-specific SQL language for internal queries to the operating system, and any query that appears in the WMI system database can be made.

To start monitoring through WMI, first create the corresponding agent, and once ready, click on the top flap of the modules (Modules). Then, select the option to create a new WMI module and press the Create button.:

Feo.jpg

Some fields are WMI specific and require a short explanation:

Namespace

Space for WMI names. This field is different from 'empty string' by default and depends on the information source of the application intended to monitor.

Username

Name of the Administrator or any other user which has been granted the privileges to remotely execute WMI queries.

Password

Password for the Administrator or any other user.

WMI Query

WMI query. It is very similar to a sentence in SQL, e.g.:

SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
SELECT SerialNumber FROM Win32_OperatingSystem
SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory
SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"

Key String

Optional field to compare the returned query with a string. In case it exists, the module will return either '1' or '0' instead of the string itself.

Field Number

The number of the returned field, starting from 0 (WMI queries are able to return more than one field). Most of the time, the value is 0 or 1.

Fill out the required fields as shown below:

Campos.jpg

If you do not know the exact parameters, you may also select one of the preinstalled ones included in the Pandora FMS Database. Please select the WMI module component for it:

Galleta.jpg

Once you have done that, select a WMI check from one of the available ones:

Galletita.jpg

The required information is filled in automatically, except for the user and its password. Please remember that only users with administration permissions and their passwords are valid here. The module is also unable to return any value:

Otro.jpg

The Pandora FMS Enterprise version owns more than 400 WMI Remote Monitoring Modules for Windows. They are available for the following devices and components:

  • Active Directory
  • BIOS
  • System Information
  • Windows Information
  • Printers
  • MSTDC
  • IIS
  • LDAP
  • Microsoft Exchange

1.4 WMI Wizard

Under the Agent Wizard feature shown on the picture below, there is a WMI wizard which is intended to browse in and create modules with WMI queries on a specified agent:

Agent wizard wmi wizard.png

You will need to specify the Administrator (or a user with WMI query permissions) user and password on the target server to make the first WMI queries. This information will be used to create modules.

Wmi wizard module creator.png

It is possible to create modules from different kinds of WMI data through the WMI Wizard:

  • Services: Creates boolean monitors in 'normal' status if the service is running and in 'critical' when it is shut down.
  • Processes: The process monitor will only receive any data if the process is active, otherwise it will be on 'unknown' status.
  • Free space on disk The available space on the harddrive.
  • WMI components: You are able to choose from the WMI components registered on the system (they are found under 'Administration' -> 'Manage modules' -> 'Network components').

1.5 Monitoring with Plug Ins (Server Plugin)

This type of monitoring consists on executing plugins remotely from Pandora FMS server against other systems. Installations come with several server plugins by default ready to use, and the user can always add as many as needed.

A remote plugin is a script or executable that supports parameters and returns a value. Through a plugin you can implement any type of operation by yourself, and through a few input parameters, customize, as you may want that application you have developed to work. This would allow you, for example, to pass the target IP of the test as a parameter. The result could be a number, a boolean value (0 error, > 0 OK), or a text string. The only limitation of remote plugins is that they can only return a single value.

To register a plugin in Pandora FMS, we will go to the administration section of the console, and in it, click on Manage servers; then click Manage plugins:

Verdecito1.jpg

Verdecito2.jpg

From this screen you can see that you already have a few plugins registered. You can also register your plugin manually here. To explain how it works, let us see an already registered plugin, click on the one called "UDP Plugin" that allows you to perform a UDP connectivity test to a remote machine.

Plugin create 1.jpg

Plugin Type

There are two types of plugins: standard (standard) and Nagios plugins. Standard plug-ins are scripts that execute actions and support parameters. Nagios add-ons are, as its name indicates, Nagios add-ons that can be used in Pandora FMS. The difference is mainly that nagios plugins return an error level to indicate whether the test was successful or not and an additional descriptive string. This description is not a numerical value that can be used as a module value, so in this case weh will use it to update the module description.

In this case (for the example plugin, UDP port check), Standard will be selected since it is not a Nagios plugin.

Max. Timeout

The expiration time of the plugin. If you do not receive a response within the specified time, it is recommended to select the module as 'unknown', because then its value will not get updated. It is a very important factor when implementing monitoring with plugins. If the plugin execution time is longer than the specified value, you would never obtain data with it. This value is recommended to always be higher than the time it (usually) takes to return a value of the script or executable which is used as a plug in. If there is no preconfigured value, it is recommended to use the same value which can be found under plugin_timeout in the configuration.

Info.png

In the execution of a plugin, there are three timeouts: server, plugin and module. Please note that the server prevails over the others, and secondly, the plugin. That is, if you have a server with a 10-second timeout and a plugin with a 20-second timeout and a module that uses that plugin with a 30-second timeout, the maximum time to wait for the execution of that module will be 10 seconds.

 


For our example, the value selected is '15'.

Description

Description of the add-on. Write a brief description, such as: Check a remote UDP port (by using NMAP). Use IP address and Port options. The description is not trivial, since it will be shown in the user interface of the plugin. Make sure it explains what the plugin is for.

Plugin create 2.jpg

Plug-in Command

Path to the plugin executable. By default, if the installation has been standard, they will be in the directory /usr/share/pandora_server/util/plugin/. Although it could be any route in the system. In this case, type /usr/share/pandora_server/util/plugin/udp_nmap_plugin. sh in the field. If you use your own plugin, make sure that you know the path where you left the plugin and that you have run permissions (chmod 755).

Plug-in parameters

A string with the plugin parameters, which will go after the command and a blank space. This field accepts macros such as _field1_ _field2_... _fieldN_. This is where the most complex part of a plugin's operation is, we will see it with an example.

Parameter Macros

Unlimited macros can be added for use in the plugin parameters field. These macros will appear as text fields in the module configuration so that the user abstracts the complexity of using a plugin module. It is about the user using a plugin as if it were a "library" module in which he fills in fields, without having to know how it works underneath. Macros definition allows the user to fill in the script call parameters without knowing how it works, neither the script nor the way to call it.

Each macro has 3 fields:

  • Description: A short string describing the macro. It is the label next to the field.
  • Default value: The default value assigned to the field.
  • Help: A text with an explanation of the macro, to show some examples of use or better explain what that field is for.

An example of a macro configuration:

Macro configuration.png

An example of this macro in the module editor:

Macro editor2.jpg

1.5.1 Internal Macros

Like the alerts, it is possible to use internal macros in the plugin configuration, too.

The supported macros are:

  • _agent_ o _agentalias_: Alias of the agent to which the module belongs.
  • _agentname_: Name of the agent to which the module belongs.
  • _agentdescription_: Description of the agent to which the module belongs.
  • _agentstatus_: Current status of the agent to which the module belongs.
  • _address_: Address of the agent to which the module belongs.
  • _module_: The module's name.
  • _modulegroup_: The module's group name.
  • _moduledescription_: A description of the module.
  • _modulestatus_: The status of the module.
  • _moduletags_: The module's associated tags.
  • _id_agent_: The ID of the agent. It is quite useful to generate a direct URL to redirect to a Pandora FMS console webpage.
  • _id_module_: The module's ID.
  • _policy_: The name of the policy the module belongs to (if that applies).
  • _interval_: The execution interval of the module.
  • _target_ip_: The target IP address of the module.
  • _target_port_: The target port number of the module.
  • _plugin_parameters_: The plug-in parameters of the module.
  • _email_tag_: The emails associated to module tags.

1.5.2 A remote plugin from the inside

The UP plugin code is extremely simple and helps us to explain how the whole process works:

#!/bin/bash
# This is called like -p xxx -t xxxx
HOST=$4
PORT=$2
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l

This Linux plugin takes two parameters, the UDP port to test and the destination address, with the -p and -sU parameters respectively. When registering the plugin you have defined two macros, one for the port and another for the IP so that when the user is going to create a plugin module it only sees that, nothing else.

Once the plugin has been registered, in order to use it in an agent, you must create a plugin server module, click on the top tab of the modules ("Modules"). There, select create a new network module and click on the Create button:

Trescientos1.jpg

In the following form, fill in the empty fields, select the module type Generic module to acquire numeric data, specify the IP address to which the analysis must be performed, and also the port on which to do it:

Example1 edition module.png

Once you have finished, press the Create button.

The following screen will show the modules for the agent, the "UDP Port check" module that you have just created:

Udp port check demo.jpg

1.5.3 Example #1 : Plugin Module for MySQL

This is another more complex example on how to implement a plugin. It is another plugin included by default in Pandora FMS. In this case, it is the MySQL check plugin.

First, create a plugin module ('Administration' -> 'Manage Servers' -> 'Manage plug ins') for MySQL using the following data:

  • Name: MySQL
  • Plugin type: Standard
  • Max. timeout: 10 seconds
  • Description: MySQL check plugin
  • Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
  • Plugin parameters: -s _field1_ -u _field2_ -p _field3_ -q _field4_
  • Macro _field1_:
    • Description: IP Address
    • Default value: X.X.X.X
  • Macro _field1_:
    • Description: User
    • Default value: User
  • Macro _field1_:
    • Description: Password
    • Default value: Password
  • Macro _field1_:
    • Description: Check
    • Default value: Connections
    • Help: Possible values: Connections/Com_select/Com_update/Innodb_rows_read

When it is ready, the plugin should look like this:

Plugin mysql1.png
Plugin mysql2.png
Plugin mysql3.png
Plugin mysql4.png

This plug in provides four checks:

  • -q Connections: Connections
  • -q Com_select: Number of select queries from start
  • -q Com_update: Number of update queries from start
  • -q Innodb_rows_read: Innodb file readings

Create a module in the agent of the computer where Pandora FMS is installed and assign it; its name will be Mysql Connections, using as plugin "MySQL", as IP localhost, as Pandora FMS user, as password the password of Pandora FMS database, and as check the word Connections.

After its creation, the should look like this:

Plugin mysql module.png
Mysql module2.png

Once created, it will appear in the list of modules, as a plugin type module (in this case, pending initialization)

Fosforo3.jpg

1.5.4 Example 2 SMTP Server Remote Plugin Module

This plugin sends an email using a remote server, you can specify server IP, port, user and password and authentication scheme, as well as destination email. It returns 1 if it works and 0 if it fails, that is, it should be used using generic_proc type.

This is a screenshot of the module definition using this plug in:

Pandora plugin SMTP5.png
Smtp module2.png

1.5.5 Example 3 - DNS Server Remote Plug In

This plug in checks the IP address of a specified domain (eg artica.es). This is a fixed IP, using an external DNS as reference. You are able to validate whether the domain is returning the correct IP address to avoid unnecessary balancing, DNS attacks, etc. in this way. It returns the value of '1' if it works properly and '0' if not. The plugin is required to be of the 'generic_proc' type.

This is a screen shot of the module definition using this plugin:

Pandora plugin DNS5.png
Dns module2.png

1.6 Custom field macros for remote monitoring

When configuring remote modules, having to enter agent-specific configuration options multiple times can quickly become tedious (e.g., an SNMP community string). Custom field macros allow you to use agent custom fields as macros for certain module configuration options.

In the following example, an SNMP network component that can be reused across SNMP agents with different community strings will be created:

  • First, go to Resources/Custom fields in your Pandora FMS Console and define a new custom field that will be used to store the SNMP community string. Write down its ID, since it will be part of the macro later, and fill in the appropriate community string in your SNMP agents.
Snmp custom field.png
  • Then create a new SNMP network component and enter _agentcustomfield_n_ as the SNMP community string, where n is the ID of the custom field (in our example, _agentcustomfield_11_).
Custom field network component.png
  • Finally, configure a module using the newly created network component. The module will start working automatically.

Custom field macros work with SNMP, WMI, plug-in and inventory modules. They can be used in standalone modules, network components and policy modules.

For a WMI module you could analogously define two new custom fields to store the username and the password, and use the corresponding custom field macros in the module definition.

Wmi custom field.png

1.7 Remote wizard and network test execution (Exec Server)

This feature allows some actions to be run on Pandora FMS remote servers from the Pandora FMS Console. Thus, allowing the use of the agent SNMP Wizards, MIBs' browser and 'event responses' from a remote server, as well as accessing it from the server where the console is.

Internally, it works through SSH remote command execution from the Pandora FMS console to the enabled servers, which will be called “Exec Server”. These servers can be Pandora FMS or Satellite Servers, but always in Linux.

1.7.1 Configuration

It is important to keep in mind that, in order to use this feature correctly, it will be necessary for the agent which is being worked on to have been previously created by the server that is going to be employed, and for said server to have the remote configuration enabled in case it is a satellite server.

Template warning.png

If remote cofiguration is not enabled, satellite modules will not be created through wizard.

 


To configure Exec Server correctly, the systems must be configured following a series of steps:

1. In the Pandora FMS server list, access the server edition you want to use as exec server:

Exec-server-111.JPG


2. Edit the IP of the server where you will launch the desired commands and activate “Exec Server” check. This option can be configured on the Network Server and / or Satellite Server.

3. Do not perform the configuration test because the system is not completely configured at this point and it would generate an error message.

Exec-server-222.JPG


4. Enable the server where the Pandora FMS console runs so that the “apache” or equivalent user has a shell execution. Modify the following line in the /etc/passwd file so that the user has a valid shell, for example:

apache:x:48:48:Apache:/var/www:/bin/bash

5. Create the “.ssh” directory in the “/var/www/” route and give permission for the “apache” user:

mkdir /var/www/.ssh
chown apache /var/www/.ssh

6. Execute as root:

su apache

7. Generate the SSH key for the connection to the remote machine executing the following command:

ssh-keygen 

Accept any questions that it might ask you by clicking “enter”:

Exec-server-3.jpg


8. Before accessing "Exec server” by SSH (which will be a Pandora FMS server or a Linux server satellite), create on that machine a specific user, called “pandora_exec_proxy” and also create the “/home/pandora_exec_proxy/.ssh/” folder:

sudo useradd pandora_exec_proxy -m
mkdir /home/pandora_exec_proxy/.ssh/


NOTE: The user does not have a password, so it cannot be used for remote connection.


9. Copy the contents of the public key, generated in the previous step, from the Pandora FMS console to the “exec server” server. In order to do this, copy the contents of the /var/www/.ssh/id_rsa.pub file (by copying and pasting that content) to the /home/pandora_exec_proxy/.ssh/authorized_keys'' file and change the permissions of that file:

chown -R pandora_exec_proxy /home/pandora_exec/.ssh/

10. Once the user is created, from the machine where the console is running, and through the “apache” user, execute the following command manually to verify that you can log in without entering a password (replacing the IP by the hostname/IP from the Exec server which has been configured in previous steps)

 ssh [email protected]_address

11. When all these steps are correct, edit (in the console) the /etc/pass file in order to leave the apache user as it was originally (without local shell):

apache:x:48:48:Apache:/var/www:/sbin/nologin

12. Finally, test the configuration in the editing section of your proxy server, within the Pandora FMS console, and if the test indicator turns green, it will be fully operational and functional.

Exec-server-4.png

1.7.2 Using the exec servers feature

From now on, in the MIB browser, in agent SNMP wizard and event responses, you can choose from where you will launch the request, whether from the local console or from the configured Exec server:

Exec-server-555.JPG


And the same goes for the WMI Wizard, the SNMP interfaces one and SNMP agent wizard (not available for satellite servers)

Exec-server-666.JPG

Depending on the selected server, when launching the Wizard, adapted modules for satellite server or server will be created. In the satellite server case, write the modules in the remote configuration file so that they can be executed by the server.

For executing “event response”, firstly configure a new event response that uses the new exec server:

Exec-server-777.JPG


And then, launch it from an event:

Exec-server-8.JPG

1.8 Path monitoring

Pandora FMS offers by default complete route monitoring between two network points, visually indicating the path that is being followed at all times to communicate between these two points.

To use this system you need:

  • A software agent at the point of origin of the route you want to analyze
  • Being able to reach the destination point via ICMP from the point of origin.

The Pandora FMS path analyzer uses an agent plugin to map the route. This agent plugin uses several methods to collect information, reporting structured information to Pandora FMS server.

Note: Optionally, if you want to scan routes over the Internet, it is recommended that you deploy the mtr application on your route source computer. More information at:

https://en.wikipedia.org/wiki/MTR_%28software%29

http://www.bitwizard.nl/mtr/


1.8.1 Configuration

From version 7.0 OUM715 onwards, the plugin is included in the agent. To configure it, activate the execution of the plugin from the Pandora FMS console, once the agent's remote configuration is enabled.


Access the plugin configuration tab in your agent and add the following line (if the agent version is earlier than 7.0 715, or if you have not deployed the plugin in the utility folder, you must specify the full path to the plugin to run it)

route_parser -t target_address

Where target address can be a v4 IP address or an FQDN domain name.

Route conf2.png

1.8.2 Visualization

Once the system is configured and reporting, a new tab will appear in the agent view with the path communications have followed to reach the target:

Sample route view to a machine on a network other than the source network (LAN connections)

Route view1.png

Sample route to 8.8.8.8.8 example view (Google's DNS) (WAN connections)

Route view2.png

Go back to Pandora FMS documentation index