Difference between revisions of "Pandora: Documentation en: Remote Monitoring"

From Pandora FMS Wiki
Jump to: navigation, search
(WMI Wizard)
 
(245 intermediate revisions by 17 users not shown)
Line 1: Line 1:
 
[[Pandora:Documentation en|Go back to Pandora FMS documentation index]]
 
[[Pandora:Documentation en|Go back to Pandora FMS documentation index]]
  
=Remote Monitoring =
+
= Remote Monitoring =
  
==Introduction==
+
== Introduction ==
  
Pandora FMS network server is an essential key piece so it allows to execute test in a remote and centralized way. On the contrary that the data server, the network server executes the tasks assigned to it through a multiprocess queue systme. And a network server can also work with other network servers balancing the load and acting as a support in case that another network server falls, doing the work that the fallen server had to do. To know more about the HA in PandorA, please take a look at the corresponding chapter.
+
Pandora FMS Network Server is an essential piece of Pandora FMS, because it allows remote checks to be conducted from a central point. The Data Server and the Network Server are carrying out the tasks they have been assigned through a multiprocess queue system. A network server can also work with other network servers, balance the load and act as a support device in case another network server fails, carrying out the work the failing server was supposed to do. If you would like to know more about High Availability (HA) under Pandora FMS, please take a look at the corresponding chapter.
  
The network server works only with those network modules assigned to it.Obviously, and because they are network tests, the network server should have a complete visibility (IP adresses and ports) over which we are going to do the tests. There is any sense at all doing tests against a sytem with ports that can not be see or over which we do not have the paths. The existence of firewalls or paths in the network has nothing to do with Pandora FMS and the problems generated by these reasons have neither to do with an specific configuration of Pandora FMS.
+
Network Servers only work with assigned network modules. Because there are network tests to perform, the Network Server should of course have complete visibility (IP addresses and ports) over the devices you are going to perform the tests on. It is completely futile to perform tests against a system with ports which cannot be seen or for which you do not have the proper paths. The existence of firewalls (or the problems generated though the existence of these kinds of devices) or pre-existing paths in the network have nothing to do with Pandora FMS nor with one of its specific configurations.
  
== Remote Network Modules ==
+
Besides the network server, there are many more additional Pandora FMS server subtypes that execute remote tests. This chapter will discuss network servers, remote plugin servers and server that launch remote tests against Windows machines (WMI Server). Other servers that also process remote tests, as WEB test server (WEB Server or Goliat server), have specific documentation chapters.
  
Pandora FMS network modules execute remote monitoring tasks. The remote execution tasks can be summarize in three  blocks:
+
[[File:Remote-monitoring.jpg|500px|center]]
  
 +
== Basic network monitoring ==
 +
 +
Pandora FMS Network Modules carry out [https://pandorafms.com/server-monitoring/ remote monitoring tasks]. The remote execution of tasks can be summarized in three blocks:
  
 
'''ICMP Tests'''
 
'''ICMP Tests'''
  
If a machine answer to ''Ping''(''remote_icmp_proc'') or the latency time of a system in milliseconds (''remote_icmp''). In both cases the tests are executed by the network server to which the agent that contains these networks modules was assigned.
+
Those are basic network tests that allow to find out whether a host is accessible and alive and the time it takes to get to that device through the network.
  
 
'''TCP Tests'''
 
'''TCP Tests'''
  
In a remote way it is checked that a system has open the TCP port that was specified in the modules definition.In an additional way a text string can be sent (using the string «^M» to replace the CR).And you can expect by receiving a response substring to check that the communication is right.This allows to implement easy protocol checkings. For example, we could check if a server ''is alive'' sending the string
+
This test checks if a system has the TCP port open which was specified in the module definition. Additionally, a text string can be sent and it can wait to receive a specific response to check whether the communication is correct. This method allows simple protocol checks to be implemented and verification of whether the other end responds or not.
GET / HTTP/1.0^M^M and waiting to receive the «200 OK» string.  
+
 
 +
For example, the "GET/HTTP/1.0^M^M" string could be sent to check whether an HTTP server is alive, waiting to receive the "200 OK" string.
  
 
''' SNMP Tests'''
 
''' SNMP Tests'''
  
It is possible to launch remotely  SNMP petitions (''SNMP Polling'')that have their SNMP service activated and accessible to obtain data as state of the interfaces, network consume by interface, etc. There is a section for SNMP with Pandora FMS. (see forward).
+
It is possible to launch SNMP petitions remotely (called 'SNMP Polling') to systems that have their SNMP service activated to obtain data like: 'interface status' and 'consumed network bandwidth by interface', etc. There is a specific section devoted to SNMP with Pandora FMS (later on).
 +
 
 +
<center>
 +
[[Image:Network-data-server-arq.png|center|700px]]
 +
</center>
  
<center><br><br>
+
In conclusion it is quite obvious that the network server is the one which carries out the different network tests assigned to each agent. Each agent is assigned to a Network Server - and it is this Network Server the one that executes the task and transfers the results to the DB of Pandora FMS.
[[Image:Pandora 1.3 Network&DataServer Arch.png|center|700px]]
 
</center><br><br>
 
  
To summarize, we can say that the network server is which execute the different network tests assigned to each agent. Each agent is assigned to a network server, and it is this which will execute it, placing the results in the DD.BB of the Pandora FMS system.
+
=== General Configuration of a Module for Network Monitoring ===
  
== Generic Configuration of a Module for Network Monitoring ==
+
To remotely monitor any kind of equipment or an equipment service (FTP, SSH, etc.), create the corresponding agent to monitor the service first.
  
To monitor an equip or an equip service (FTP, SSH, etc.) in a remote way, first you should create the correspondent agent to monitor the service.
+
{{Tip|When talking about creating an agent, it does not mean installing a software agent in the target machine, but creating an agent in the Pandora FMS interface.}}
  
In Pandora FMS section for console administration press on '''Manage agents''':
+
Go to the Pandora FMS section for console administration and click on '''Resources''' > '''Manage agents''':
  
<center><br><br>
+
<center>
[[image:anvi.jpg]]
+
[[image:anvi.jpg|center]]
</center><br><br>
+
</center>
  
In the following screen, press button '''Create agent''':
+
In the following screen, please click on '''Create agent''':
  
<center><br><br>
+
<center>
[[image:bibi.jpg|center|750px]]
+
[[image:bibi.jpg|750px|center]]
</center><br><br>
+
</center>
  
Fill data for your new agent an press button '''Create agent''':
+
Enter the proper data to define your new agent and click on '''Create''':
  
<center><br><br>
+
<center>
[[image:Raro.jpg|center|750px]]
+
[[image:Raro.jpg|750px|center]]
</center><br><br>
+
</center>
  
Once you have created the agent, press on the upper flap of the modules (Modules). In it, select create a new network module and press the '''Create ''' button:
+
Once you have created the agent, please click on the drop down menu of the modules. Select 'Create a new network module' in it and click on the '''Create''' button:
  
<center><br><br>
+
<center>
[[image:Sasa.jpg|center|650px]]
+
[[image:Sasa.jpg|650px|center]]
</center><br><br>
+
</center>
  
In the following form select a network component module, and when the drop-down menu at right,look for the checking you need. In this example we select Host Alive, that represents a ping for the machine, a simple checking to know if the machine is connected to Internet or not.
+
Select a network component module in the following form: Look for the check you need in the drop-down menu on the right. In this example,  'Host Alive' is selected which represents a ping for the machine. It is a simple check to find out if the machine is connected to the internet or not.
  
<center><br><br>
+
<center>
 
[[image:Alive.jpg|center|800px]]
 
[[image:Alive.jpg|center|800px]]
</center><br><br>
+
</center>
  
We left the advanced options for later.Consider that the modules has obtained the agent IP address. If you want this could be different.Once you have finished to define the module. press the '''Create''' button.
+
The advanced options are left for later. Make sure the modules have obtained the agent's IP address. You may enter a different IP address here. Once you have finished defining the module, press the '''Create''' button.
  
In the following screen the modules for the agent are shown, the predetermined Keepalive that is created with the agent and the module Host Alive added:
+
In the following screen, all modules for the agent are shown. On the picture below, you can see the preset Keepalive (which was created along with the agent) and the added 'Host Alive' module:
  
<center><br><br>
+
<center>
 
[[image:Kiji.jpg|center|800px]]
 
[[image:Kiji.jpg|center|800px]]
</center><br><br>
+
</center>
  
As you see,there is a warning on modules. The warning only means that any data has been received at the module yet, so they have been just added now.Once we start to receive data the warning will disappear.
+
As seen, there is a warning attached to the modules. The warning only means that no data has been received by the module yet, because it has been just added. Once data starts to be received, the warning disappears.
  
To see the data from the module that has been just created, press the upper flap View, and from it go to the bottom where data will be shown once them start being received:
+
To see the data from the newly created module, click on the 'view' button on the top right and look at the bottom where the data will appear once it starts receiving data:
  
<center><br><br>
+
<center>
 
[[image:keso.jpg|center|800px]]
 
[[image:keso.jpg|center|800px]]
</center><br><br>
+
</center>
 
 
To add another kind of network checking, do the same as before but selecting another kind of modules.
 
  
== ICMP Monitoring ==
+
To add another kind of network check, proceed exactly as described above, but with a different kind of module.
  
The previous example is an example of ICMP monitoring. These are the more basic and simple checkings that give us an important and precise information.There are two kinds of ICMP checking:
+
=== ICMP Monitoring ===
  
* '''icmp_proc''', host (ping)checking,that allows to know if an IP address responds or not.
+
The previous example was the one of ICMP monitoring. These are the more basic and simple checks which give us important and precise information. There are two kinds of ICMP checks:
  
* '''icmp_data''' , or latency checking. Basically it informs about the time in millisecond that the IP address takes for answering a basic ICMP consult.
+
* '''icmp_proc''', host (ping) check which allows to come to know if an IP address responds or not.
  
== TCP Monitoring ==
+
* '''icmp_data''' or latency check. It basically tells us the time in milliseconds it takes to respond to an ICMP basic query.
  
The TCP checking allows to check the state of a port or a TCP service.
+
=== TCP Monitoring ===
  
There are two specific fields for TCP tests:
+
TCP check allows to check the state of a port or a TCP service.
  
<center><br><br>
+
The main parameters of these type of modules are target port, target IP, and the TCP send and receive data.
[[image:Cap5_snmp_9.png|500px]]
 
</center><br><br>
 
  
The TCP checking by default simply looks if the destination port is open or not. Optionally you could send a text string and wait to receive something that will be processed directly as a data.
+
By default, TCP check is simply a test for whether the destination port is open or not. You are also able to send a text string and wait to receive something which will be processed directly as data by Pandora FMS, through TCP Send and TCP Receive fields.
  
It is possible to send a text string(using the «^M» string to replace the CR)and you can wait when receiving  an answer substring to check that the communication is right. This allows to implement simple protocol checking. For example, we could check if a server is alive sending the string:
+
It is possible to send a text string (using the «^M» string to replace the CR) and to wait to receive an answer substring to check whether the communication is working properly or not. This allows simple protocol checks to be implemented. If you want to check whether a server is alive or not, you may send the following string:
  
 
   GET / HTTP/1.0^M^M  
 
   GET / HTTP/1.0^M^M  
  
And waiting to receive the string
+
Wait to receive the string:
  
 
  200 OK
 
  200 OK
  
This is codified in TCP Send and TCP receive fields.
+
This string is coded in 'TCP send' and 'TCP receive' fields.
  
 
'''TCP send'''
 
'''TCP send'''
 
   
 
   
Field to configure the parameters to send to the TCP port. It accept the ^M string to replace it for the sending of a CR.To send several strings in sequence send/response, you should separate them with the character
+
The field to configure the parameters intended to be sent to the TCP port. It accepts the '^M' string as a replacement for the CR sending. To send several strings in a row in a send/response manner, you are required to separate them by the character:
  
 
'''TCP receive'''
 
'''TCP receive'''
  
Field to configure the text strings that we expect receiving in the TCP connexion. If they send/receive in several steps, each step should be separated by the | character.
+
The field to configure the text strings which we expect to receive on the TCP connection. If they are sent/received in several steps, each step should be separated by the '|' (pipe) character.
  
Through the Pandora FMS TCP checking you can do more things than only see if a port is open or waiting for an answer from a simple request.It is possible to send data, waiting to receive something,to send something after, waiting to send something and this way to the step we want. Only if all the process is right we can validate the result.
+
By means of the Pandora FMS TCP check, you are able to do more than just inspecting whether a port is open or waiting for an answer from a simple request. It is possible to send data, wait to receive something, send something afterwards, wait to receive something and so on. Only if all the processes are carried out in the right way, the results can be validated.
  
To use the Pandora FMS dialog/response checking system, you can separate the different petitions with the | character.
+
To use the Pandora FMS Dialog and Response Checking System, you may separate the different petitions by the | ('pipe') character.
  
Lets see an example of a SNMP conversation.
+
This is an example of an SMTP conversation:
  
 
  R: 220 mail.supersmtp.com Blah blah blah
 
  R: 220 mail.supersmtp.com Blah blah blah
Line 154: Line 156:
 
  250|250|250
 
  250|250|250
  
If the three first steps are OK (code 250), then the SMTP is ok.You do not need to send a complete mail (but you could, in any case). This allow to do TCP checkings based on the protocol, that could be used for any protocol that uses plain text conversations.
+
If the three first steps are OK (code 250), then the SMTP is working properly. It does not need to send a complete mail here (but it could, in any case). This enables protocol-based TCP checks which could be used for any protocol that uses plain text conversations.
 +
 
 +
=== Remote execution modules ===
 +
 
 +
From version 741 onwards, the following network server <b>Enterprise</b> modules are available:
 +
 
 +
* Remote execution data
 +
* Remote execution data proc
 +
* Remote execution data string
 +
* Remote execution data inc
 +
 
 +
To be able to use those modules successfully, connection data of the agent intended to monitor is necessary. Therefore, register the connection data against the target in the [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store|<b>safe credential storage</b>]:
 +
 
 +
<center>
 +
[[image:remotexec9.PNG|center]]
 +
</center>
 +
 
 +
Once the credentials are registered, use them when defining the module.
 +
 
 +
Create a new network server module.
 +
 
 +
Choose one of the menu options in <b>module type</b>.
 +
 
 +
<center>
 +
[[image:remotexec2.png|center]]
 +
</center>
 +
 
 +
For remote executions, the following types of data are valid:
 +
 
 +
* remote_execution_data: numeric.
 +
* remote_execution proc: boolean (0 <b>FALSE</b>, different from 0 <b>TRUE</b>).
 +
* remote_execution_data_string: alphanumeric (string).
 +
* remote_execution_data_inc: incremental (ratio).
 +
 
 +
Define these:
 +
 
 +
# The credential set to be used for the connection.
 +
# Optionally the target IP (otherwise that of the agent will be used).
 +
# Optionally the target OS (otherwise that of the agent will be used).
 +
# Optionally the port to connect to (22 in Linux, whatever in Windows).
 +
# The command to forward to carry out the monitoring process.
 +
 
 +
Example:
 +
 
 +
<br>
 +
 
 +
<center>
 +
[[image:remotexec8.png|center]]
 +
</center>
 +
 
 +
<br>
 +
 
 +
<center>
 +
[[image:remotexec3.png|center]]
 +
</center>
 +
 
 +
<br>
 +
 
 +
The system will execute the command against the remote machine, receiving the number of files in the temporary work directory.
 +
 
 +
<br>
 +
 
 +
<center>
 +
[[image:remotexec4.png|center]]
 +
</center>
 +
 
 +
<br>
 +
 
 +
You may also choose a type of alphanumeric data to see the command’s literal output:
 +
 
 +
Module setup:
 +
 
 +
<br>
 +
 
 +
<center>
 +
[[image:remotexec5.png|center]]
 +
</center>
 +
 
 +
<br>
 +
 
 +
<b>Target OS</b> parameter can be configured to inherit the operative system of the agent that is beign targeted.
 +
 
 +
Result:
 +
 
 +
<br>
 +
 
 +
<center>
 +
[[image:remotexec6.png|center]]
 +
</center>
 +
 
 +
<br>
 +
 
 +
<center>
 +
[[image:remotexec7.png|center]]
 +
</center>
 +
 
 +
<br>
 +
 
 +
{{Warning|The module’s performance is the same when allocating alerts, generating events or viewing reports.}}
 +
 
 +
{{Warning|From Pandora FMS version <b>743</b> onwards, the following tokens related to remote execution modules parameters will be available in <b>pandora_server.conf</b>: <b>ssh_launcher</b>, <b>rcmd_timeout</b> and <b>rcmd_timeout_bin</b>.}}
 +
 
 +
=== SNMP Monitoring ===
 +
 
 +
==== Introduction to SNMP Monitoring ====
 +
 
 +
When we talk about SNMP monitoring, the most important thing is to separate the testing concepts (polling) and traps. SNMP testing means ordering Pandora FMS to execute a "get" command against an SNMP device such as a router or a switch. This is a synchronous operation (which takes place from time to tima actively).
 +
 
 +
Receiving an SNMP trap, on the other hand, is an asynchronous operation (based on changes or events that may take place or not). It is commonly used to receive 'alerts' coming from a device, e.g. if a switch knocks down a port or its fan is too hot.
 +
 
 +
SNMP checks of the polling type are carried out creatinf network modules in Pandora FMS as it is usually done.
 +
 
 +
Using SNMP Traps is something completely different. It is possible to receive traps from any device without the need of configuring anything except the SNMP console in Pandora FMS, where all traps received will appear on the SNMP console. Alerts can be defined through filtering rules by enay of its fields.
 +
 
 +
Pandora FMS works with SNMP using individual OIDs, where each OID is a network module. If you want to monitor a 24-port 'Cisco Catalyst' switch and find out the operating system and the entry and exit port, you have to define a total of 72 modules (24 x 3).
 +
 
 +
To work with SNMP devices, you are required to know the following:
 +
 
 +
* What the SNMP Protocol is and how it works. The published RFC3411 from the IETF describes it in detail.
 +
* The IP and the SNMP community of the remote device.
 +
* How to activate the device's SNMP management so that you are able to perform SNMP queries from the network server. This network server must be allocated by the agent where network modules are to be defined. Bear in mind that if you wish for other network servers to make queries in case the assigned server fails, these will make those queries with another IP address.
 +
* The specific OID of the remote device which you want to check (or use one of the multiple Pandora FMS wizards or its SNMP OID browser).
 +
* How to manage the data returned by the device. SNMP devices usually return data in different formats. Pandora FMS can manage almost all of them. Pandora FMS manages data of the 'counter' kind as 'remote_snmp_inc'. They are of special importance, since they are counters, they cannot be considered numeric data but element rate per second. The majority of SNMP statistical data are of the counter kind and it is necessary to set them as 'remote_snmp_inc' if you want to monitor them properly.
 +
 
 +
==== Monitoring through Network Modules with SNMP ====
 +
 
 +
To monitor any element through SNMP, you should at least know its IP and its SNMP community. It would also be quite important to know the OID that you want to monitor, although you could obtain it by means of an SNMP Walk as long as you know where each OID comes from. However, this is not always an easy task.
 +
 
 +
To monitor an element through SNMP, create an agent for it. If you already have one, simply add a new network module and follow the previous instructions.
 +
 
 +
Once the module has been created, select an SNMP data type in the configuration module form just like the ones shown on the image:
 +
 
 +
<center>
 +
[[image:Cap5_snmp_1.png|center|800px]]
 +
</center>
 +
 
 +
Any of the three SNMP data types are valid. Simply select the one which matches the type of data that you want to monitor.
 +
 
 +
Once you have selected an SNMP data type, the form will expand, showing additional fields for SNMP like the following:
 +
 
 +
<center>
 +
[[image:Cap5_snmp_2.png|center|800px]]
 +
</center>
 +
 
 +
Next, define the fields:
 +
 
 +
'''SNMP community'''
 +
 
 +
The SNMP community is necessary to monitor the element. It acts as a password.
 +
 
 +
'''SNMP version'''
 +
 
 +
The SNMP protocol version of the device. It could be 1, 2, 2c or 3. Version 3 includes encryption and safe authentication when communicating, which makes configuration more burdensome and makes Pandora FMS network server polling performance worse.
 +
 
 +
'''SNMP OID'''
 +
 
 +
The OID identifier to monitor. They can consist of numeric values and dots. These strings are translated automatically to more descriptive alphanumeric strings if the corresponding MIBs are installed within the system. MIBs are manufacturer libraries that help translate OIDs into more descriptive strings.
 +
 
 +
An alphanumeric OID can be similar to this one:
 +
  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3
 +
 
 +
The numeric equivalent would be something like this:
  
== SNMP Monitoring ==
+
  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3
  
=== Introduction to the SNMP Monitoring ===
 
  
When we talk about the SNMP monitoring, the most important thing at the beginning is to separate the testing concepts (polling) and the traps.The SNMP testing implies to order that Pandora execute a snmpget command aganist a SNMP device, such as a router or an switch ( or even a computer with an installed snmp agent),this is a synchronous operation(every X seconds). On the contrary, receiving an SNMP trap is an asynchronous operation(that could or not happens in a million years), commonly used to receive "alerts" coming from a device. like, for example, when a switch knock down a port or its fan is too hot.
+
Pandora FMS includes some OIDs in its database which could be used directly. When creating the module, select the 'Cisco MIBs' component to show a list of the available MIBs for Cisco devices:
  
To use the SNMP testing monitoring, you only need to add an SNMP module in Pandora, creating a new network module. The majority or the SNMP items that report data in an incremental way (generic_data_inc), this is
+
<center>
that when it ask for a value, this reports the "global" quantity of information, for example, if a total of bytes collected from the moment the device start. So, this would be necessary to extract the last quantity of bytes known from the one that is working and divide it between the seconds from last known data. This will give the data of Bytes/second that are needed. This operation is done with Pandora using generic data inc.
+
[[image:Cap5_snmp_4.png]]
 +
</center>
  
Using the SNMP Traps is something totally diferent. It is possible to receive traps from any device, without the necessity of configuring anythin (except the SNMP console).When ta trap is received, this will appear in the SNMP console.
+
Once you have selected the proper component, you will be able to pick the available MIB for it:
  
It is possible to define an alert, based on OID (the code that identifies a trap, something similar to
+
<center>
3.4.1.1.4.5.24.2), in a IP agent or in a ''custom data '' (data that could be in the trap). It is also possible to order Pandora that it copies the information in an special text module in the agent. If the agent is defined, this operation is called SNMP Traps transfer.
+
[[image:Cap5_snmp_5.png|center|750px]]
 +
</center>
  
Pandora FMS can work with any device that supports SNMP. Currently works with SNMP v1, v2, v2c and v3 versions.
+
By doing this, the fields will be filled out with the necessary information.
  
Pandora FMS works with SNMP using individual OID. For Pandora FMS each OID is a network module. This is, if we want to monitor a Cisco Catalyst switch of 24 ports and know the operative system of any port and also the entry and exit port, we have to define a total of 72 modules (24 x 3).
+
There are more MIBs included in Pandora FMS. With Enterprise Version, there are several MIB packages for different devices included.
 +
Once you have entered the data, please click on the '''Create''' button.
  
To work with SNMP devices you need:
+
To see the data of the created module, click on the upper flap named '''View''' and take a look at the bottom of the page, where the data will be displayed once it starts to receive any. With these data you could see a realtime SNMP graph.
  
* To know what is and how works the SNMP protocol. This is described in depth in the RFC3411 published by the IETF:
+
<center>
* To know the IP and the SNMP community of the remote device.
+
[[image:SNMP_nueva.png]]
* To activate the SNMP management of the device so that from the network server we could do SNMP queries.
+
</center><br>
This network server should be the one assigned for the agent when we are going to define the network modules. You need also to consider that if we want that other network servers do queries in case the assigned server falls, they will do the queries with other IP address.
 
* To know the specific OID of the remote device that we want to check.
 
* To know how managing the data that the device returns. The SNMP devices return data in different formats.
 
Pandora FMS could manage almost all of them, except the timetick that it manage as a numeric format without converting them to date/hour. Data kind counter are the ones that Pandora manages as remote_snmp_ inc and they are of special importance, so as they are counters they could not be considered as numeric data. The majority of the SNMP statistic data are counter kind and it is necessary to configure them as remote_snmp_inc if we want to monitor them properly.
 
  
=== Monitoring SNMP from Agents===
+
==== SNMP Monitoring from Agents ====
  
Since version 3.2, there it's possible to get SNMP information, that is available in the Windows agent. In the Unix/Linux snmpget is usually available, so it could be get in an automatic way, not as in the Windows systems, where it's necessary an external utility that isn't always easy to get or to install.
+
Windows software agents have a feature for obtaining SNMP information. In Unix/Linux snmpget agents it is usually available, so it can be called from the module_exec line.
  
We have packaged in the Windows agent "by default" the utility  snmpget.exe (part of the net-snmp project, with BSD license), and we've added the basic "mibs" and a wrapper or script to wrap the call to the snmpget.exe utility
+
The 'snmpget.exe' feature has been added to the Windows default agent (which is part of the 'net-snmp' project and comes with a BSD license). The basic 'MIBs' and a wrapper / script to wrap the call into the 'snmpget.exe' feature have also been added.
  
Using this call, we can monitor SNMP from an agent, getting information of any remote system to which the agent has access to, being able to work in this way as a "satellite agent" or "proxy agent" ( as manuals says).
+
Using this call, SNMP can be monitored from an agent, obtaining information from any remote system to which the agent has access to, so you can work as a 'satellite agent' or 'proxy agent' (according to the documentation).
  
In Windows the syntax for execution is:
+
In Windows, the syntax for this execution is:
  
 
module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>
 
module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>
Line 216: Line 377:
 
  module_end
 
  module_end
  
The same examples executed from Unix agents:
+
The same examples, executed under UNIX agents:
  
 
  module_begin
 
  module_begin
Line 230: Line 391:
 
  module_end
 
  module_end
  
It's important to say that only the "basic" OID are translatables for their numerical equivalent, and it's advisable to use always numerical OIDS, so we don't know ir the tool would be able to translate it or not. In any case, the mibs could be always get at /util/mibs directory in Windows, or at /usr/share/snmp/mibs in Linux.
+
It is important to highlight that only the 'basic' OIDs are translatable into their numerical equivalent. It is advisable to always use numerical OIDs, because the tool might be able to translate it or not. In any case, the MIBs can always be obtained from the '/util/mibs' directory in Windows or in '/usr/share/snmp/mibs' in Linux.
  
=== Monitoring with Network Modules with SNMP ===
+
=== Pandora FMS SNMP MIB Browser ===
  
To could monitor any element through SNMP, we should know, that at least its IP and its SNMP community. It would be also very interesting to know the OID that we want to monitor, although we could obtain it through a SNMP Walk, as long as we know where each OID comes from.
+
The SNMP explorer can be accessed through the ''Monitoring'' > ''SNMP'' > ''SNMP Browser'' menu.
  
To monitor an element through SNMP, first you have to create an agent for it.If you have already one, then simply add a new network module following the previous instructions.
+
From <b>Pandora FMS</b> version <b>744</b> new operations can be added to policies and agents. This development is only available for Pandora FMS Enterprise versions.
  
Once the module has been created, you should select a SNMP data kind in the configuration module form.See the image:
+
The first thing to understand is that Pandora FMS makes a complete path of the device tree, so if it is big (like a switch) this may take several minutes. You may also choose to explore only one sub-system, which will save you a lot of time.
  
<center><br><br>
+
For example, to get Cisco information only, you may explore your Cisco enterprise sub-mib starting with:
[[image:Cap5_snmp_1.png|center|800px]]
 
</center><br><br>
 
  
Any of the three SNMP data kinds are valid, simply select the one that coincides with the kind of data that you want to monitor.
+
  .1.3.6.1.4.1.9
  
Once you have selected a SNMP kind of data, the form will expand showing the additional fields for SNMP:
+
The browser is used to navigate, which means clicking on each branch and obtain values. The system will ask for that information and will show the requested OID information (if available). If there is no information about the device OID, this is only displayed in numeric format. The OID descriptive information is stored through MIBs [http://en.wikipedia.org/wiki/Management_information_base]. If there is no MIB for the device you wish to explore, you may have to look for "pieces of information" throughout the information displayed by Pandora FMS, which is complex and takes time.
  
<center><br><br>
+
Pandora FMS SNMP browser allows to search for a text string both throughout the obtained OID values and the translated OID values (if available). It could be particularly helpful to look for known and specific strings and locate their OID. If it finds several entries, it will allow you to go from one occurrence to another and it will highlight them in yellow.
[[image:Cap5_snmp_2.png|center|800px]]
 
</center><br><br>
 
  
Next you should define the fields:
+
<center>
 +
[[file:snmp_browser_module_creator.png]]
 +
</center>
  
'''SNMP community'''
+
From version <b>Enterprise 744</b> you may select several OIDs and add them to an agent by clicking on “Create agent modules”.
  
SNMP community. Necessary to monitor the element. It acts as it if were a password.
+
Select the agents where you wish to monitor said OIDs and add them to the bot on the right. These modules are created once you click on “Add modules”.
  
'''SNMP version'''
+
<center>
 +
[[File:SNMP1.png]]
 +
</center>
  
SNMP protocol version of the device. It could be 1, 2, 2c and 3.
+
<center>
 +
[[File:SNMP12.png]]
 +
</center>
  
'''SNMP OID'''
+
You may also select several OIDs to add them to a policy using the “Create policy modules” button.
  
The OID identifier to monitor. They can be numeric values. The alphanumeric values are transformed internally by the system into numeric values(that are the ones used to do the petition) through a dictionary called MIB.
+
<center>
 +
[[File:SNMP21.png]]
 +
</center>
  
An OID alphanumeric can be similar to this one:
+
Select all policies where you wish to add module configuration of those OIDs. If you want to generate a new policy for those OIDs click on “Create new policy”.
  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3
 
  
The numeric equivalent would be this:
+
<center>
 +
[[File:SNMP3.png]]
 +
</center>
  
  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3
+
Fill out the fields assigning a name, a group, a policy description and click on “Create policy”.
  
Without a MIB the alphanumeric format is not good, and to install a MIB in the system is not a trivial thing, so this is better to work directly with numeric identifiers, although it is more cryptic this is much more portable and it does not gives any problem because it does not need a MIB.
+
Then it will be available in the policy board.
  
Pandora FMS includes some OID in its database, that could be used directly. For example, when you are going to create the module, select the MIBs Cisco component to show a list of the available MIB for Cisco:
+
Add them to the box on the right and click on “Add modules” to apply this configuration on policies.
  
<center><br><br>
+
<center>
[[image:Cap5_snmp_4.png]]
+
[[File:SNMP31.png]]
</center><br><br>
+
</center>
 +
<center>
 +
[[File:SNMP32.png]]
 +
</center>
  
Once you have selected this component, you can choose between the available MIB for it:
+
If what you want is to select a specific OID from <b>Pandora FMS</b> version <b>744 Enterprise</b> the “Create agent module” button is available from the OID detail. This button will allow to select a specific agent and will redirect to module creation within said agent will all the selected SNMP data.
  
<center><br><br>
+
<center>
[[image:Cap5_snmp_5.png|center|750px]]
+
[[File:SNMP41.png]]
</center><br><br>
+
</center>
  
By doing this, the fields will be full with the necessary information.
 
  
There are more MIB included in Pandora FMS an with the Enterprise version there are included MIB packages for different devices.
+
From the SNMP module editor, when you create or edit a network module, you may launch the SNMP browser by clicking on "SNMP Browser", which will open it on a floating window.
Once you have introduced the data, press on the button '''Create'''.
 
  
To see the data of the module that has been just created, press on the upper flap '''View''', and in it go to the bottom, where the data will be shown once they start being received.
+
Once you choose the OID you were looking for, by clicking on the filter icon, choose that OID and it will appear automatically on the corresponding field of module definition to be used in your agent.
  
<center><br><br>
+
<center>
[[image:Cap5_snmp_6.png|center|750px]]
+
[[File: Snmp browser from module creation.jpg]]
</center><br><br>
+
</center>
  
To see the data of the modules text string kind (In the example, the System Description) go to the upper flap of the data '''Data'''
+
=== MIB Management ===
  
<center><br><br>
+
Through Pandora FMS you can upload and manage the MIBS to be able to add new mibs or delete the ones that are not revelant. These MIBs will be only used by Pandora FMS, which will also use the operating system (in /usr/share/snmp/mibs). Pandora FMS will use the {PANDORA_CONSOLE}/attachment/mibs path to store the mibs.
[[image:Cap5_snmp_7.png|center|750px]]
 
</center><br><br>
 
  
The data received by the SNMP System Description data module are stressed in red colour.
+
<center>
 +
[[file:new_snmp_browser_mibmanager.png|350px]]
 +
</center>
  
=== Pandora FMS SNMP MIB browser  ===
+
It is important to point out that Pandora FMS MIB manager only manages the "polling" MIBs that have nothing to do with SNMP traps MIBs. For this feature, there is another manager, exclusive to the Enterprise version of Pandora FMS.
  
From Pandora FMS 5.0, you have available a complete SNMP MIB browser included in the Pandora FMS console. This is available in the Opensource version, and doesn't requiere any additional software, like java plugins or flash. It's purely based on javascript and html code, at the backend it uses net-snmp (linux base SNMP system), a pre-requisite for Pandora FMS console install, so must be installed.
+
=== Pandora FMS SNMP Wizard ===
  
You can access the SNMP browser from SNMP menu. At this moment only supports SNMP v1.
+
In the agent management view, there is a set of tools specifically created to create modules remotely: The Agent Wizard.  
  
First at all, you need to understand, that Pandora FMS do a full scan of the SNMP tree of the target device, so if the device have a huge OID database (like a modern switch with lots of ports), this operation can take several minutes. You also can choose to explore a single sub-tree, and in that way, save time.
+
<center>
 +
[[file:agent_wizard.png]]
 +
</center>
  
For example, to get information only of "enterprise" subtree for a Cisco device, you can use this OID:
+
===== SNMP Wizard =====
  
  .1.3.6.1.4.1.9
+
<center>
 +
[[file:agent_wizard_snmp_wizard.png]]
 +
</center>
  
The browser is used to navigate, that means, clicking on each tree, and subtree until get the last piece of information on the branch, a single OID with a single value. You will see an "eye" icon, if you click there, you will get the value of the OID, and the system will try to locate the description and human-readable OID translation if the MIB for that branch is available. If you dont have a MIB available you only be able to see the numerical OID information, value and datatype.  
+
Set the target IP, the community and other desired parameters (SNMP v3 is supported) to do an SNMP walk to the host.
  
Descripttive information are stored in MIB files [http://en.wikipedia.org/wiki/Management_information_base]. If you dont have MIB for the device you want to browse, probably you have to "dig" searching in the values, that is complex and takes time.
+
<center>
 +
[[file:snmp_wizard_form.png|750px]]
 +
</center>
  
Pandora FMS SNMP Mib browser, allows you to search for a text string or numerical value in the OID's values or the translated OID's (if available). This could be very helpful to search known values for identify the matching OID value. If there are several matches, you can browse between them, and you will get also the matches in a yellow color, easily identificable.
+
Once the data is correctly retrieved, a form for module creation will appear:
  
<center><br><br>
+
<center>
[[file:snmp_browser_module_creator.png|750px]]
+
[[file:snmp_wizard_module_creator.png|750px]]
</center><br><br>
+
</center>
  
==== MIB management ====
+
It is possible to create modules from the following types of SNMP data through the SNMP Wizard:
  
You can upload and manage Pandora FMS managed mibs. You can add new mibs or delete mibs. These mibs will be used ONLY by Pandora, which also will use the system mibs (at /usr/share/snmp/mibs). Pandora FMS utilizará el path {PANDORA_CONSOLE}/attachment/mibs to store the mib files.
+
* '''Devices'''
 +
* '''Processes'''
 +
* '''Free Space on Hard Drives'''
 +
* '''Temperature Sensors'''
 +
* '''Other SNMP Data'''
  
<center><br><br>
+
You may select the kind of module and add the desired elements from the left combo to the right one. Once you have completed this process, click on 'Create modules'.
[[file:new_snmp_browser_mibmanager.png|750px]]
 
</center><br><br>
 
  
Could be a confussion between the "trap" mibs and the polling mibs. This manager is for polling mibs, the snmp traps management is at a different section and it's only available in the enterprise version.
+
This wizard will create two kinds of modules:
  
There are many "prepagacked" collections of mibs, one of the best is available at Getif website, one of the best free SNMP browsers for Windows [http://www.wtcs.org/snmp4tpc/getif.htm].
+
* '''SNMP Modules for data with a static OID''' (sensors, memory data, CPU data, etc.).
 +
* '''Plugin Modules for data with a dynamic OID or calculated data''' (processes, disk space, used memory in percentage, etc).
  
==== SNMP browser on module creation ====
 
  
You can use the SNMP browser from the network module creator / editor section, by clicking in the "SNMP Walk" button. That will open a floating window, which will show the SNMP tree of the device (if you put the IP and SNMP community there). Once you locate the OID you want, by clicking in the hand icon, that OID information will be copied to the module definition, to be used in Pandora.
+
{{warning|For plugin modules, the remote SNMP plugin will be used. So if the plugin is not installed in the system, these features will remain disabled. The plugin must be named "snmp_remote. pl". The location where it is hosted is not relevant.}}
  
  
<center><br><br>
+
For the SNMP wizard to be able to obtain data from an SNMP device thanks to the remote components, it is necessary to fulfill 2 requirements:
[[file:browser_snmp_enter_the_browser_dragon.png|750px]]
+
  - To have the Private Enterprise Number (PEN) of the device manufacturer registered in Pandora FMS.
</center><br><br>
+
  - To have the SNMP wizard components for the device manufacturer registered and enabled in Pandora FMS.
  
<center><br><br>
+
If the scanned device fulfills these requirements, all the modules from which data could have been obtained will be shown to give you the opportunity to select which one you want to create and which not.
[[file:snmp_browser_module_creator.png|750px]]
 
</center><br><br>
 
  
=== Pandora FMS SNMP Wizard  ===
+
These modules will be shown organized in blocks, based on the group the wizard component that generated them belongs to.
  
In the agent management view, there is a set of tools to create modules remotely: The Agent Wizard.  
+
All the blocks will be shown compressed at first to make visualization easier. That way, they can be extended to modify selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate this.
  
<center><br><br>
+
<center>
[[file:agent_wizard.png]]
+
[[image:IMG8_wizard_components.png]]
</center><br><br>
+
</center>
  
Some of these tools use SNMP to explore data from the host and put it in a form combo. In this way is possible to create in few steps dozens of customized modules.
+
If you deploy a block, you can choose which modules will be added and which will not, as well as the option of modifying the name, description or thresholds of each module individually.
  
==== SNMP Wizard ====
+
<center>
 +
[[image:IMG9_wizard_components.png]]
 +
</center>
  
<center><br><br>
+
Once you click on ''Create modules'', a summary list of the chosen modules with their configuration will be displayed. In this list you will see the modules that could not be created, either because they already exist in the agent or because two or more modules with the same name have been configured in the wizard itself.
[[file:agent_wizard_snmp_wizard.png]]
 
</center><br><br>
 
  
You can set the IP Target, Community and other params (SNMP v3 is supported) to make a Walk to the host
+
In spite of all the modifications you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.
  
<center><br><br>
 
[[file:snmp_wizard_form.png|750px]]
 
</center><br><br>
 
  
Once the data is correctly retrieved, will appear a form of modules creation:
+
<center>
 +
[[image:IMG10_wizard_components.png]]
 +
</center>
  
<center><br><br>
 
[[file:snmp_wizard_module_creator.png|750px]]
 
</center><br><br>
 
  
With the SNMP Wizard is possible to create modules from various kind of SNMP data:
+
Once the module creation has been confirmed, it will be re-evaluated one by one whether they can be created or not, to avoid duplicating modules in case the same modules have been created by another means in the confirmation time frame.
  
* Devices
+
You will be notified if the process was successfully completed or if there were any modules that could not be created.
* Processes
 
* Free space on disk
 
* Temperature sensors
 
* Other SNMP Data
 
  
You select the kind of module, and put the elements that you want from the left combo to the right one. When you finish this process click on Create modules button.
+
===== SNMP Interface Wizard =====
  
This wizard will create two kind of modules:  
+
<center>
* '''SNMP modules for the data with a static OID''' (sensors, memory data, CPU data, etc.).
+
[[file:agent_wizard_snmp_interfaces_wizard.png]]
* '''Plugin modules for the data with dinamic OID or calculated data''' (Processes, Disk space, Used memory in percentage, etc).
+
</center>
  
 +
In the Agent Wizard, there is an SNMP wizard specifically created for browsing interfaces.
  
{{warning|For all the Plugin modules we will use the SNMP remote module. So if this plugin is not installed in the system, these features will be disabled. The plugin must be named "snmp_remote.pl". The path where it be placed doesnt matter.}}
+
This Wizard browses the SNMP branch '''IF-MIB::interfaces''', offering the possibility of creating multiple modules of different interfaces with multiple selections.
  
==== SNMP Interfaces wizard ====
+
Like the SNMP Wizard (after selecting the IP target, community, etc.), the system directs an SNMP query to the host and fills out the module creation form.
  
<center><br><br>
+
Select one or more interfaces from the left combo. After that, their common available elements (e.g. description, speed, inbound/outbound traffic, etc.) will appear on the right. You may select one or more elements from this combo and click on 'Create modules' to create these modules for each selected interface in the combo on the left.
[[file:agent_wizard_snmp_interfaces_wizard.png]]
 
</center><br><br>
 
  
In the Agent Wizard there is a SNMP wizard specifically created to interfaces browsing.
+
<center>
 +
[[file:agent_wizard_snmp_interfaces_creation.png|800px]]
 +
</center>
  
This Wizard browses the SNMP branch '''IF-MIB::interfaces''', offering the possibility of create multiple modules of various interfaces with the multiple selection.
+
For the SNMP interface wizard to obtain data from an SNMP device, it is necessary to meet one requirement:
 +
 +
  - The SNMP device must return data from the branch ''IF-MIB''.
  
 +
If this requirement is met, it will be possible to choose for each device network interface the modules that you want to add to the monitoring.
  
Like the SNMP Wizard, after select the IP target, community, etc. The system make a SNMP query to the host and fill the module creation form.
+
You will see an introductory general configuration block for all the selected interfaces of the device with the possible modules to add. The modules that are selected in this block and their thresholds will be the default configuration that will be added for network interfaces. This block could be disabled in order not to add general monitoring to the interfaces.
  
 +
<center>
 +
[[image:IMG11_wizard_components.png]]
 +
</center>
  
Using it, you can select two or more interfaces from the left combo. Then, in the right one will appear the common elements available on them (Description, Speed, In/Out traffic...). You can select one of more elements of this combo and click on Create modules to create these modules for each selected interface.
+
There will also be a specific block for each network interface, which you may select to indicate that the interface should be monitored. If, in addition, in the previous block, a general monitoring has been configured, all the checked interfaces will take those configurations.
  
+
<center>
<center><br><br>
+
[[image:IMG12_wizard_components.png]]
[[file:agent_wizard_snmp_interfaces_creation.png|700px]]
+
</center>
</center><br><br>
 
  
=== MIB Study with External Tools and Integration in Pandora FMS ===
+
In each interface block, you may also indicate specific configurations for the interface, that is, add specific modules not included in the general monitoring block, or overwrite those configurations with a different one for a particular case.
 +
You may also modify the names and descriptions of the modules for each specific case. It is necessary that the interface block is marked for monitoring, so the specific configurations will take effect.
  
To do an analysis of the possible OID to use them in Pandora FMS, it is recommended to use a MIB browser to analyze the MIB given by each manufacturer. These MIB browsers are screen tools that read, process, analyze and show to the user the complete tree of each MIB OID, allowing to search and understand which OIDS are the necessaries to monitor our devices.
 
  
We propose the following MIB management tools:
+
<center>
 +
[[image:IMG13_wizard_components.png]]
 +
</center>
  
* iReasoning MIB Browser (Windows, Linux, Java): [http://www.ireasoning.com]
+
All the blocks will be shown compressed at first to make their visualization easier. That way, they can be extended to modify selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate it.
* Get-If Free MIB Browser (Windows): [http://www.wtcs.org/informant/getif.htm]
 
* TKMib: Para UNIX, estándar en la mayoría de las distribuciones de GNU/Linux.
 
  
The shown snapshots have been done working on the iReasoning tool.
 
  
In the first snapshot you can see a request of the device with a MIB load (''MIB2 default'') that recognizes some of the existing OID. These OID are represented as string or in a numeric way. Pandora FMS understand both, but it is only able to resolve the alphanumeric OID if it has the right MIB loaded in the operative system. The best option, and the most portable one, is to use numeric OID.
+
Once you click on ''Create modules'', a summary list of the chosen modules with their configuration will be shown. In this list you will see the modules that cannot be created, either because they already exist in the agent or because 2 or more modules with the same name have been configured in the wizard.
  
<br><br>
+
In spite of all the modifications you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.
<center>[[Image:Snmp_manager_1.jpg|700px]]</center>
 
<br><br>
 
  
In the second snapshot, we can see the result of doing a recursive ''walk'' on a branch on which we do not habe MIB. It results in a serial of numeric OID that are not useful at all, so we do not have idea what are them for , or which kind of data they offer.
+
<center>
 +
[[image:IMG14_wizard_components.png]]
 +
</center>
  
<br><br>
+
Once the creation of the modules has been confirmed, they will be re-evaluated one by one to check whether they can be created or not, to avoid duplicate modules in case the same modules have been created by another means in the confirmation time frame.
<center>[[Image:Snmp_manager_2.jpg]]</center>
 
<br><br>
 
  
Apart of all we can do with a MIB exploring tool, we can use OID references through OID index (some manufacturers have MIB and OID references), or through links that store interesting OID. Other manufacturers of SNMP batteries, document with natural language their SNMP records, and they are easy to understand and so we can easily obtain the OID that we need ( it is the case UCD-SNMP, the SNMP battery that use the majority of the UNIX systems). Lot of other SNMP batteries of operative systems like AIX or Windows are also widely documented.
+
You will be notified if the process was successfully completed or if there were any modules that could not be created.
  
'''Recommended links to work with SNMP'''
+
=== Common Advanced Features of Network Modules ===
  
* '''Full OID Catalog for CISCO''' (extremadamente útil): [ftp://ftp.cisco.com/pub/mibs/oid]
+
The following screen shows the advanced features for network module configuration:
* HP Printer MIB: [http://www.oidview.com/mibs/11/LaserJet-Series4050-MIB.html]
 
* Nagios Exchange - SNMP [http://www.nagiosexchange.org/SNMP.51.0.html]
 
* Algunos OID SNMP frecuentemente usados en ''routers'': [http://www.opennet.ru/base/cisco/monitor.txt.html]
 
  
== Common Advanced Features of the Network Modules==
+
<center>
 +
[[image:Cap5_snmp_8.png|center|800px]]
 +
</center>
  
The following screen shows the advanced features for the network module configuration:
+
'''Description'''
 
 
<center><br><br>
 
[[image:Cap5_snmp_8.png|center|450px]]
 
</center><br><br>
 
  
'''Description'''
+
Module description. There is already a default description which can be changed.
Module description. There is already a default description, that could we change.
 
  
 
'''Custom ID'''
 
'''Custom ID'''
  
Customizable identifier that is necessary it you wish that the server sends multicast messages with information about agents, or use this field to integrate the Pandora FMS data in an system of external information, such as a CMDB.
+
Custom identifier which is necessary if you wish for the server to send multicast messages with information about agents. You can also use this field to integrate Pandora FMS data into an external information system like a CMDB.
  
 
'''Interval'''
 
'''Interval'''
  
Execution interval of the module. It could be different from that of the agent, as in the example.
+
The module's execution interval. As shown in the example, it could be different from the agent's interval.
 +
 
 +
The values shown depend on those configured in the "Settings > Visual Styles" section in the "Interval Values" section.
 +
 
 +
An administrator user will be given the possibility to define a custom interval at the time of creating or editing a module. Standard users will only be able to define previously configured intervals, displaying the default ones when not being defined in "Visual Styles".
  
'''Post process'''
+
'''Post Process'''
  
Module post processing.It is useful to multiply or divide the returned value, as for example, when we obtain bytes and we want to show the value in Megabytes.  
+
The module's post processing. It is useful to multiply or divide the returned value, e.g. when you obtain bytes and you want to show the value in Megabytes.  
  
 
'''Min. Value'''
 
'''Min. Value'''
  
Minimum value of the module. Any value lower that this will be considered as invalid and it will be ruled out.
+
The module's minimum value. Any value lower than the one defined here will be considered 'invalid' and ruled out.
  
 
'''Max. Value'''
 
'''Max. Value'''
  
Maximum value of the module. Any value higher than this will be considered as invalid and it will be ruled out.
+
The module's maximum value. Any value higher than the one defined here will be considered 'invalid' and ruled out.
  
'''Export target'''
+
'''Export Target'''
  
It is useful to export the values returned by the module to a export server. It is only available in the Pandora FMS Enterprise version, and if we have previously configured a export server. Go to the section that refers to the export server to obtains more details.
+
It is useful to export the values returned by the module to an Export Server. It is only available in the Pandora FMS Enterprise Version, and could come in pretty handy if you have configured an export server previously. Check the section on the export server for more details.
  
== Remote Windows Monitoring with WMI==
+
'''CRON'''
  
To monitor a system or a Windows system service in a remote way through SMI.
+
If ''Cron from'' is set, the module will be run once the current date and time match the date and time configured in ''Cron from'', ignoring the module's own interval. For example, the following configuration would cause the module to be run every Monday at 6:30:                                                                                                                                                                                                       
The queries are done in WQL, a Microsoft specific SQL language for internal queries to the operative system, and you can do any query that is shown in the Microsoft database.
+
                                                                                                                                                                                                                                         
There are tools, such as ''WMI Explorer'' that allow to explore the tree of WMI values completely, and that could be very useful to locate those WMI values that interest us , so the "standard" Windows servers could have more than 1,000 different queries, and with additional software, with its own WMI sources it will be increased. For this, it is not enough to have a record of modules that have been already done, but to have the tools to find the things that we consider the most useful for us.
+
<center>                                                                                                                                                                                                                                 
 +
[[image:cron_from_ex1.png|750px]]                                                                                                                                                                                                       
 +
</center>                                                                                                                                                                                                                               
 +
                                                                                                                                                                                                                                         
 +
If both ''Cron from'' and ''Cron to'' are set, the module will be run once when the current date and time fall between the date and time configured in ''Cron from'' and the date and time configured in ''Cron to'', ignoring the module's own interval. For example, the following configuration would cause the module to be run everyday between 6 and 7:                                                                                                                     
 +
                                                                                                                                                                                                                                         
 +
<center>                                                                                                                                                                                                                                 
 +
[[image:cron_from_ex2.png|750px]]                                                                                                                                                                                                       
 +
</center>                                                                                                                                                                                                                               
 +
                                                                                                                                                                                                                                         
 +
For local modules, the corresponding ''module_crontab'' line is added to the agent's configuration file. See [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Operations#Programmed_Monitoring Programmed Monitoring] for more information.
  
''WMI Explorer snapshot working on Windows''
+
'''Timeout'''
  
<center><br><br>
+
Time the agent will wait for the execution of the module in seconds.
[[image:wmiexplorer.png|center|600px]]
 
</center><br><br>
 
  
NOTE: to use the monitor service through WMI, we have to activate it in the configuration file of pandora /etc/pandora/pandora_server.conf, in the following way:
+
'''Category'''
 
 
# wmiserver : 1 or 0. Set to 1 to activate WMI server with this setup
 
# DISABLED BY DEFAULT
 
  wmiserver 1
 
  
To start monitoring through WMI, first we should create the corresponding agent to monitor the service, so you should start from there.
+
This categorization has no effect on the normal user interface, it is intended to be used together with the Metaconsole.
  
In the Pandora FMS console administration section, press on '''Manage agents'''.
+
== Windows Remote Monitoring with WMI ==
  
<center><br><br>
+
WMI is a Microsoft system for obtaining remote information from computers running Windows OS. It is available from Windows XP version to the most current versions. WMI allows you to get all kinds of information from the OS, applications and even hardware. WMI queries can be made locally (in fact, Pandora FMS agent does it internally, calling the API of the operating system and asking the WMI subsystem) or remotely. In some systems, remote access to WMI is not enabled and must be enabled in order to be consulted from the outside.
[[image:Nono.jpg]]
 
</center><br><br>
 
  
In the following screen press on '''Create agent''':
+
Pandora FMS allows remote monitoring of Windows equipment through WMI queries. To do this, it is be necessary to enable the '' wmiserver'' component in the Pandora FMS server configuration file.
  
<center><br><br>
+
# wmiserver : '1' or '0'. Set to '1' to activate the WMI server in this setup.
[[image:Nona.jpg|center|400px]]
+
# DISABLED BY DEFAULT
</center><br><br>
+
  wmiserver 1
 
 
Fill in the data for your new agent and press on '''Create agent''':
 
  
<center><br><br>
+
Queries are made in WQL, a kind of Microsoft-specific SQL language for internal queries to the operating system, and any query that appears in the WMI system database can be made.
[[image:rellene.jpg|center|400px]]
 
</center><br><br>
 
  
Once that you have created the agent, press on the upper flap of the modules ('''Modules'''). In it, select create a new network module and press on '''Create''':
+
To start monitoring through WMI, first create the corresponding agent, and once ready, click on the top flap of the modules ('''Modules'''). Then, select the option to create a new WMI module and press the '''Create''' button.:
  
<center><br><br>
+
<center>
 
[[image:Feo.jpg|center|400px]]
 
[[image:Feo.jpg|center|400px]]
</center><br><br>
+
</center>
 
 
In the following form are the necessary fields to could monitor the Window system remotely through WMI. You should fill in the necessary fields, like:
 
 
 
'''Name'''
 
 
 
Module name
 
 
 
'''Type'''
 
 
 
Kind of monitored data
 
 
 
'''Target'''
 
  
Remote system IP to monitor.
+
Some fields are WMI specific and require a short explanation:
  
 
'''Namespace'''
 
'''Namespace'''
  
Space of WMI names. In same queries this field is different from empty string (by default), depending of the information source of the application that we monitor.
+
Space for WMI names. This field is different from 'empty string' by default and depends on the information source of the application intended to monitor.
  
 
'''Username'''
 
'''Username'''
  
Name of the administrator user or of another user that has priviledges to execute WMI queries in a remote way.
+
Name of the Administrator or any other user which has been granted the privileges to remotely execute WMI queries.
  
 
'''Password'''
 
'''Password'''
  
Password for the administrator user or the given user.
+
Password for the Administrator or any other user.
  
 
'''WMI Query'''
 
'''WMI Query'''
  
WMI query, similar ot a sentence in SQL. We can see some examples:
+
WMI query. It is very similar to a sentence in SQL, e.g.:
  
 
  SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
 
  SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
Line 566: Line 718:
 
  SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"
 
  SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"
  
'''Key string'''
+
'''Key String'''
 
 
OPtional, fiel to compare with the string returned by the query, and in case that it exist, the module will return 1 ó 0. instead of the string itself.
 
 
 
'''Field number'''
 
  
The number of the returned field, starting from 0 (the WMI queries could return more than one field). Most of the times it is 0 or 1.
+
Optional field to compare the returned query with a string. In case it exists, the module will return either '1' or '0' instead of the string itself.
  
Fill in the required fields:
+
'''Field Number'''
  
<center><br><br>
+
The number of the returned field, starting from 0 (WMI queries are able to return more than one field). Most of the time, the value is 0 or 1.
[[image:Campos.jpg|center|550px]]
 
</center><br><br>
 
  
The advanced options are the same as for all network modules. Please, go to the network advanced fields section if you need to obtain more information. Note that the module has got the agent IP adress. If you want, this could be different. Once you have finish to define the module, press on ''Create''.
+
<center>
 +
[[image:Campos.jpg|center|800px]]
 +
</center>
  
If you do not know the exact parameters, you could sect one of the default ones included in the Pandora FMS database. For it, select the WMI module component:
+
If you do not know the exact parameters, you may also select one of the preinstalled ones included in the Pandora FMS Database. Therefore, select the WMI module component:
  
<center><br><br>
+
<center>
 
[[image:Galleta.jpg|center|450px]]
 
[[image:Galleta.jpg|center|450px]]
</center><br><br>
+
</center>
  
And after, select a WMI check of the possible ones:
+
Once you have done that, select a WMI check from one of the available ones:
  
<center><br><br>
+
<center>
 
[[image:Galletita.jpg]]
 
[[image:Galletita.jpg]]
</center><br><br>
+
</center>
 
 
The information that is needed is fill in automatically, except the user and the password. '''Consider that you should introduce an user with administration permisions and its password. On the contrary the module could not return any value''':
 
 
 
<center><br><br>
 
[[image:otro.jpg|center|500px]]
 
</center><br><br>
 
 
 
Once you have finish to configure the module, click on ''Create''.
 
In the following screen the modules for the agent will be shown, and the module ''Windows version'' added:
 
 
 
<center><br><br>
 
[[image:general.png|center|650px]]
 
</center><br><br>
 
 
 
As we can see, there is a warning on the modules. The warning only means that any data on the module has been received yet, so they have been just added. Once we start to receive data. the warning will disappear.
 
 
 
To see the just created module data, click on the upper flap '''View''', and in it go below, where the data will be shown, once they start to be received.
 
 
 
<center><br><br>
 
[[image:generala.png|center|650px]]
 
</center><br><br>
 
  
To see the module data kind string text (in the example, the System Description) go to the data upper flap '''Data''':
+
The required information is filled out automatically, except for the user and its password. '''Please remember that only users with administration permissions and their passwords are valid here. Otherwise, the module cannot return any value''':
  
<center><br><br>
+
<center>
[[image:generalin.png|center|650px]]
+
[[image:otro.jpg|center|800px]]
</center><br><br>
+
</center>
  
Pandora FMS Enterprise version has more than 400 WMI modules of remote monitoring for Windows, availables for the following technologies:
+
The Pandora FMS Enterprise version owns more than 400 WMI Remote Monitoring Modules for Windows. They are available for the following devices and components:
  
 
*Active Directory
 
*Active Directory
 
*BIOS
 
*BIOS
*Información del sistema
+
*System Information
*Información de Windows
+
*Windows Information
*Impresoras
+
*Printers
 
*MSTDC
 
*MSTDC
 
*IIS
 
*IIS
Line 633: Line 760:
 
*Microsoft Exchange
 
*Microsoft Exchange
  
==== WMI Wizard ====
+
== WMI Wizard ==
  
In the Agent Wizard (Tab in the manage view of an agent), there is a WMI Wizard, used to browse and create modules with WMI queries on a specified agent.
+
Under the Agent Wizard feature shown on the picture below, there is a WMI wizard which is intended to browse and create modules with WMI queries on a specified agent:
  
<center><br><br>
+
<center>
 
[[file:agent_wizard_wmi_wizard.png]]
 
[[file:agent_wizard_wmi_wizard.png]]
</center><br><br>
+
</center>
  
You must specify administrator user and password of the target host to make the first WMI queries. This data will be used to create WMI modules.   
+
You will need to specify the Administrator (or a user with WMI query permissions) user and password on the target server to make the first WMI queries. This information will be used to create modules.   
  
<center><br><br>
+
<center>
[[file:wmi_wizard_module_creator.png|750px]]
+
[[file:wmi_wizard_module_creator.png|800px]]
</center><br><br>
+
</center>
  
With the WMI Wizard is possible to create modules from various kind of WMI data:
+
It is possible to create modules from different kinds of WMI data through the WMI Wizard:
  
* Services: Will create boolean monitors in normal status if the service is running and critical status when is stopped.  
+
* '''Services''': It creates boolean monitors in 'normal' status if the service is running and in 'critical' when it is shut down.
* Processes: The processes monitors will receive data only when the process is active. It fall to unknown status otherwise.
+
* '''Processes''': The process monitor will only receive any data if the process is active, otherwise it will be on 'unknown' status.
* Free space on disk
+
* '''Free space on disk''' The available space on the hard drive.
* WMI components: In this case you choose among the WMI components registered on the system (Administration->Manage modules->Network components)
+
* '''WMI components''': It will choose from the WMI components registered on the system (they are found under 'Administration' -> 'Manage modules' -> 'Network components').
  
You select the kind of module, and put the elements that you want from the left combo to the right one. When you finish this process click on Create modules button.
 
  
== Monitoring with Plugins up to 4.0.x  ==
+
In order for the WMI wizard to obtain data from a Windows computer, a requirement must be met:
 +
  - To have the WMI wizard components registered and enabled in Pandora FMS.
  
Unlike with the rest of components, in a default way Pandora FMS does not include any pre-configured complement, so first you should create and configure a complement to could after add it to the module of an agent. But Pandora FMS includes plugins in the installation directories, but as have already been said, they are not configured in the database.
+
If this requirement is met, all modules from which data can be obtained will be displayed to give you the opportunity to create them or not.
  
To add a plugin that already exists to Pandora FMS, go to the console administration section, and in it, click on Manage servers. After doing this, click on Manage plugins:
+
These modules will be shown organized in blocks based on the group the wizard component that generated them belongs to.
  
<center><br><br>
+
All blocks will be shown compressed at first to make visualization easier. That way, they can be expanded to modify the selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate this.
[[image:verdecito1.jpg]]
 
</Center><br><br>
 
  
Once you are in the screen of the plugin management, click on ''Create'' a new plugin, so there will be no one.
+
<center>
 +
[[image:IMG15_wizard_components.png]]
 +
</center>
  
<center><br><br>
+
If you deploy a block, you may choose which modules will be added and which will not, as well as modify the name, description or thresholds of each module individually.
[[image:verdecito2.jpg|center|650px]]
 
</Center><br><br>
 
  
Fill in the plugin creation form with the following data:
+
<center>
 +
[[image:IMG16_wizard_components.png]]
 +
</center>
  
 +
Once you click on ‘’Create modules’’, a summary list of the chosen modules with their configuration will be displayed. In this list you will see the modules that could not be created, either because they already exist in the agent or because two or more modules with the same name have been configured in the wizard itself.
  
'''Name'''
 
  
Name of the plugin, in this case Nmap.
+
In spite of all the modifications that you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.
  
'''Plugin command'''
+
<center>
 +
[[image:IMG17_wizard_components.png]]
 +
</center>
  
 +
== Monitoring with server remote plugins ==
  
It is the path wher the plugin command is. In a default way, if the installation has been an standard one, there will be in the directory
+
This type of monitoring consists on executing plugins remotely from Pandora FMS server against other systems. Installations come with several server plugins by default ready to use, and the user can always add as many as needed.  
''/usr/share/pandora_server/util/plugin/''. Though it could be any path of the system. For this case, writte ''/usr/share/pandora_server/util/plugin/udp_nmap_plugin.sh''in the field.
 
  
Pandora server will execute this script, so this should have permissions of access and execution on it.
+
A remote plugin is a script or executable that supports parameters and returns a value. Through a plugin you can implement any type of operation by yourself, and through a few input parameters, customize as you may want that application you have developed to work. This would allow you, for example, to pass the target IP of the test as a parameter. The result could be a number, a boolean value (0 error, > 0 OK), or a text string. The only limitation of remote plugins is that they can only return a single value.
  
'''Plugin type'''
+
To register a plugin in Pandora FMS, go to the management section of the console, and once there, click on Manage servers, then click on "Manage plugins":
  
There are two kinds of plugins, the standard ones and the kind Nagios. The standard plugins are scripts that execute actions and accept parameters. The Nagios plugins are, as their name shows, Nagios plugins that could be being used in Pandora FMS.The difference is mainly on that the Nagios plugins return an error level to show if the test has been successful or not.
+
<center>
 +
[[image:verdecito1.jpg]]
 +
</Center>
  
If you want to use a plugin kind Nagios and you want to get a data, not an state (good/Bad), then you can use a plugin kind Nagios is the "Standard" mode.
+
<center>
 +
[[image:verdecito2.jpg|center|800px]]
 +
</Center>
  
In this case (for the NMAP example plugin), we have to select Standard.
+
From this screen you can see that you already have a few plugins registered. Here you may also register your plugin manually. To explain how it works, see an already registered plugin, click on the one called "UDP Plugin" that allows you to perform a UDP connectivity test to a remote machine.
  
'''Max. timeout'''
+
<center>
 +
[[Image:plugin_create_1.jpg]]
 +
</center>
  
It is the time of expiration of the plugin. If you do not receive a response in this time, you should select the module as unknown, and its value will be not updated.It is a very important factor when implementing monitoring with plugins, so if the time it takes at executing the plugin is bigger than this number, we never could obtain values with it. This value should always be bigger than the time it takes usually to return a value the script/executable that is used as plugin. In there is nothing said, then you should used the value that in the configuration is named ''plugin_timeout''.
+
'''Plugin Type'''
  
In this case, we write 15.
+
There are two types of plugins: standard (standard) and Nagios plugins. Standard plug-ins are scripts that execute actions and support parameters. Nagios add-ons are, as its name indicates, Nagios add-ons that can be used in Pandora FMS. The difference is mainly that nagios plugins return an error level to indicate whether the test was successful or not and an additional descriptive string. This description is not a numerical value that can be used as a module value, so in this case it will be used to update the module description.  
  
'''IP address option'''
+
In this case (for the example plugin, UDP port check), Standard will be selected since it is not a Nagios plugin.
  
It is useful to define the crossing interface of the IP adress parameter that is given to the plugin. All plugins should get at least the destination IP adress of the test, that is given when we linked a module kind plugin to an agent.
+
'''Max. Timeout'''
  
 +
The expiration time of the plugin. If you do not receive a response within the specified time, it is not run anymore. It is a very important factor when implementing monitoring with plugins. If the plugin execution time is longer than the specified value, you would never obtain data with it (it will not even be initiated). This value is recommended to always be higher than the time it usually takes to return a value of the script or executable which is used as a plug in. If there is no preconfigured value, it is recommended to use the same value which can be found under ''plugin_timeout'' in the configuration.
  
In order that Pandora would known how to pass this parameter to the plugin, you should show it with which parameter it has to be pass, and this always depends on the plugin and its interface, in this case, it will be pass with ''-t''.
+
{{Tip|In the execution of a plugin, there are three timeouts: server, plugin and module. Please note that the server prevails over the others, and secondly, the plugin. That is, if you have a server with a 10-second timeout and a plugin with a 20-second timeout and a module that uses that plugin with a 30-second timeout, the maximum time to wait for the execution of that module will be 10 seconds. }}
  
'''Port option'''
+
For this example, the value selected is '15'.
  
Same as in the previous case, it is necessary to define the interface that the plugin uses. In this case, the destination port of the test, that could be optional. In this example, we use ''-p'' to pass the TCP destination port of the Nmap test.
+
'''Description'''
  
 +
Description of the add-on. Write a brief description, such as: Check a remote UDP port (by using NMAP). Use IP address and Port options. The description is not trivial, since it will be shown in the user interface of the plugin. Make sure it explains what the plugin is for.
  
'''Password option''' / '''User option'''
+
<center>
 +
[[Image:plugin_create_2.jpg]]
 +
</center>
  
More interface parameters, used as fields user and password respectively. In this case we won't use it and left it blank.
+
'''Plug-in Command'''
  
'''Description'''
+
Path to the plugin executable. By default, if the installation has been standard, they will be in the ''/usr/share/pandora_server/util/plugin/'' directory. Although it could be any path in the system. In this case, type ''/usr/share/pandora_server/util/plugin/udp_nmap_plugin. sh'' in the field. If you use your own plugin, make sure that you know the path where you left the plugin and that you have run permissions (chmod 755).
  
Plugin description. Write a short description, as for example:Test # UDP open ports, and if it is possible, specify the complete interface of parameters to help to someone that will after check the plugin definition to know which parameters accept.
+
'''Plug-in parameters'''
  
<center><br><br>
+
A string with the plugin parameters, which will go after the command and a blank space. This field accepts macros such as _field1_ _field2_... _fieldN_. This is where the most complex part of a plugin's operation is, we will see it with an example.
[[image:verdecito3.jpg|450px]]
 
</Center><br><br>
 
  
Click on ''Create'' and check that the plugin has been correctly created.
+
'''Parameter Macros'''
  
<center><br><br>
+
Unlimited macros can be added for use in the plugin parameter field. These macros will appear as text fields in the module configuration so that the user abstracts the complexity of using a plugin module. It is about the user using a plugin as if it were a "library" module in which he fills in fields, without having to know the process behind it. Macros definition allows the user to fill in the script call parameters without knowing how it works, neither the script nor the way to call it.  
[[image:verdecito4.jpg|center|500px]]
 
</Center><br><br>
 
  
The plugin code could be seen in the given address, It is:
+
Each macro has 3 fields:
  
<pre>
+
* Description: A short string describing the macro. It is the label next to the field.
#!/bin/bash
+
* Default value: The default value assigned to the field.
# This is called like -p xxx -t xxxx
+
* Help: A text with an explanation of the macro, to show some examples of use or better explain what that field is for.
HOST=$4
 
PORT=$2
 
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l
 
</pre>
 
  
That basically uses the IP address given Parameters and a port option to execute a quick UDP (-sU) nmap ''(-T5) and that has ''(wc_l) the open ports quantity ''(grep open)''.
+
An example of a macro configuration:
  
Once that the plugin has been created, to could use it on an agent, you should create an agent in case that you have not done this before. In the Pandora FMS console administration section click on ''Manage agents'':
+
<center>
 +
[[image:macro_configuration.png]]
 +
</Center>
  
<center><br><br>
+
An example of this macro in the module editor:
[[image:verdecito5.jpg]]
 
</Center><br><br>
 
  
In the following screen click on ''Create agent'':
+
<center>
 +
[[image:macro_editor2.jpg]]
 +
</Center>
  
<center><br><br>
+
===Internal Macros===
[[image:verdi1.jpg|center|400px]]
 
</Center><br><br>
 
  
Fill in the data for your new agent and click on ''Create agent'':
+
Like the alerts, it is possible to use internal macros in the plugin configuration, too.
  
<center><br>
+
The supported macros are:
[[image:trescientos.jpg|center|450px]]
 
</Center><br>
 
  
Once you have created the agent, click on the modules upper flag (''Modules''). In it, select create a new network module and click on ''Create'':
+
*_agent_ o _agentalias_: Alias of the agent to which the module belongs.
  
<center><br>
+
*_agentname_: Name of the agent to which the module belongs.
[[image:trescientos1.jpg|center|450px]]
 
</Center><br>
 
  
In the following form, fill in the blank fields, select the module kind ''Generic module to adquire numeric data'', eliminate the user options and the password, specifying the IP address against which to do the analysis and also the port on which to do this:
+
*_agentdescription_: Description of the agent to which the module belongs.
  
<center><br><br>
+
*_agentstatus_: Current status of the agent to which the module belongs.
[[image:trescientos2.jpg|center|550px]]
 
</Center><br><br>
 
  
Once you have finish this, click on ''Create''.
+
*_address_: Address of the agent to which the module belongs.
  
In the following screen will be shown the modules for the agent, the module ''Nmap añadido'':
+
*_module_: The module's name.
  
<center><br><br>
+
*_modulegroup_: The module's group name.
[[image:topito1.jpg|center|550px]]
 
</Center><br><br>
 
  
As you can see, there is a warning on modules. The warning only means that no data in the module has received yet, so they have been just added. Once that data start being received, the warning will disappear.
+
*_moduledescription_: A description of the module.
  
To see the data of the just created module. click on the upper flap ''View'', and in it go below, where data will be shown once they start being received.
+
*_modulestatus_: The status of the module.
  
<center><br><br>
+
*_moduletags_: The module's associated tags.
[[image:topito2.jpg|center|550px]]
 
</Center><br><br>
 
  
To see data of the modules kind text string (in the example, the ''System Description'') go to the data upper flap, ''Data'':
+
*_id_agent_: The ID of the agent. It is quite useful to generate a direct URL to redirect to a Pandora FMS console webpage.
  
=== Example #1: Plugin Module for MySQL ===
+
*_id_module_: The module's ID.
  
This is another example, a more complex one, of how to implement a plugin. In this case, other plugin that comes by default with Pandora, the MYSQL check plugin.
+
*_policy_: The name of the policy the module belongs to (if that applies).
  
Create a plugin module (Administration -> Manage servers -> Manage plugins)for MySQL, with the following data:
+
*_interval_: The execution interval of the module.
  
*Nombre: MySQL
+
*_target_ip_: The target IP address of the module.
*Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
 
*Plugin type: Standard
 
*Max. timeout: 10
 
*IP address option: -s
 
*User option: -u
 
*Password option: -p
 
*Description: -q Connections
 
:::        -q Com_select
 
:::        -q Com_update
 
:::        -q Innodb_rows_read
 
  
The plugin will be as follows:
+
*_target_port_: The target port number of the module.
  
<center><br><br>
+
*_plugin_parameters_: The plug-in parameters of the module.
[[image:fosforo1.jpg|center]]
 
</Center><br><br>
 
  
This plugin gives four checks:
+
*_email_tag_: The emails associated to module tags.
  
*''-q Connections: Connections
+
=== A remote plugin from the inside ===
*''-q Com_select: Number of select queries from start
 
*''-q Com_update: Number of update queries from start
 
*''-q Innodb_rows_read: Innodb files readings
 
  
Create a module in the system agent where Pandora FMS is installed and assign it; its name will be ''Mysql Connections'',using as complement itself (MySQL), as Ip ''localhost'', as Pandora user, and as password, the Pandora database password. In the field ''Plugin parameters'', introduce the following:''–q Connections''.
+
The UP plugin code is extremely simple and helps to explain how the whole process works:
  
The module to create would be like this:
+
#!/bin/bash
 +
# This is called like -p xxx -t xxxx
 +
HOST=$4
 +
PORT=$2
 +
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l
  
<center><br><br>
+
This Linux plugin takes two parameters, the UDP port to test and the destination address, with the -p and -sU parameters respectively.  When registering the plugin you have defined two macros, one for the port and another for the IP so that when the user is going to create a plugin module it only sees that, nothing else.
[[image:fosforo2.jpg|center|550px]]
 
</Center><br><br>
 
  
Once you have created it, it will be next to the Nmap module:
+
Once the plugin has been registered, in order to use it in an agent, you must create a plugin server module, click on the top tab of the modules ("Modules"). There, select create a new network module and click on the ''Create'' button:
  
<center><br><br>
+
<center>
[[image:fosforo3.jpg|center|550px]]
+
[[image:trescientos1.jpg|center|450px]]
</Center><br><br>
+
</Center>
  
And the information in the main page (''View'' tab):  
+
In the following form, fill in the empty fields, select the module type'' Generic module to acquire numeric data'', specify the IP address to which the analysis must be performed, and also the port on which to do it:
  
<center><br><br>
+
<center>
[[image:faltaba.jpg|center|550px]]
+
[[image:example1_edition_module.png|center|800px]]
</Center><br><br>
+
</Center>
  
And the detailed information (''Data'' tab):
+
Once you have finished, press the ''Create'' button.
  
<center><br><br>
+
The following screen will show the modules for the agent, the "UDP Port check" module that you have just created:
[[image:fosforo5.jpg|550px]]
 
</Center><br><br>
 
  
=== Example #2: SMTP Server remote plugin ===
+
<center>
 +
[[image:udp_port_check_demo.jpg]]
 +
</Center>
  
 +
=== Example #1 : Plugin Module for MySQL ===
  
From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).
+
This is another more complex example on how to implement a plugin. It is another plugin included by default in Pandora FMS. In this case, it is the MySQL check plugin.
  
This plugin sends an email using a remote server, you can specify server IP, port, username and password and authentication scheme, as well as e-mail destination and destination. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.
+
First, create a plugin module ('Administration' -> 'Manage Servers' -> 'Manage plug ins') for MySQL using the following data:
  
This is an screenshot of the module definition using this plugin:
+
*Name: MySQL
 +
*Plugin type: Standard
 +
*Max. timeout: 10 seconds
 +
*Description: MySQL check plugin
  
<center><br><br>
+
*Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
[[image:Pandora_plugin_SMTP.png|center|800px]]
+
*Plugin parameters: -s _field1_ -u _field2_ -p _field3_ -q _field4_
</Center><br><br>
+
*Macro _field1_:
 +
** Description: IP Address
 +
** Default value: X.X.X.X
 +
*Macro _field1_:
 +
** Description: User
 +
** Default value: User
 +
*Macro _field1_:
 +
** Description: Password
 +
** Default value: Password
 +
*Macro _field1_:
 +
** Description: Check
 +
** Default value: Connections
 +
** Help: Possible values: Connections/Com_select/Com_update/Innodb_rows_read
 +
 
 +
When it is ready, the plugin should look like this:
 +
 
 +
<center>
 +
[[image:plugin_mysql1.png|center|800px]]
 +
</Center>
 +
 
 +
<center>
 +
[[image:plugin_mysql2.png|center|800px]]
 +
</Center>
 +
 
 +
<center>
 +
[[image:plugin_mysql3.png|center|800px]]
 +
</Center>
  
=== Example #3: DNS Server remote plugin ===
+
<center>
 +
[[image:plugin_mysql4.png|center|800px]]
 +
</Center>
  
From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).
+
This plug in provides four checks:
  
This plugin checks the IP address of a given domain (eg artica.es) is a fixed IP, using as reference an external DNS. In this way we can validate whether the domain is returning the correct IP to avoid unnecessary balancing, DNS attacks, etc.. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.
+
*''-q Connections: Connections
 +
*''-q Com_select: Number of select queries from start
 +
*''-q Com_update: Number of update queries from start
 +
*''-q Innodb_rows_read: Innodb file readings
  
This is an screenshot of the module definition using this plugin:
+
Create a module in the agent of the computer where Pandora FMS is installed and assign it; its name will be ''Mysql Connections'', using as plugin "MySQL", as IP ''localhost'', as user pandora, as password the password of Pandora FMS database, and as check the word '''Connections'''.
  
<center><br><br>
+
After its creation, it should look like this:
[[image:Pandora_plugin_DNS.png|center|800px]]
 
</Center><br><br>
 
  
=== Example #4: UDP Port remote plugin ===
+
<center>
 +
[[image:plugin_mysql_module.png|center|800px]]
 +
</Center>
  
From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).
+
<center>
 +
[[image:mysql_module2.png|center|800px]]
 +
</Center>
  
This plugin checks for a given address and UDP port. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.
+
Once created, it will appear in the list of modules, as a plugin type module (in this case, yet to be initialized)
  
This is an screenshot of the module definition using this plugin:
+
<center>
 +
[[image:fosforo3.jpg|center|800px]]
 +
</Center>
  
<center><br><br>
+
=== Example 2 SMTP Server Remote Plugin Module ===
[[image:Pandora_plugin_UDP.png|center|800px]]
 
</Center><br><br>
 
  
== Monitoring with Plugins from 5.0 ==
+
This plugin sends an email using a remote server, you can specify server IP, port, user and password and authentication scheme, as well as destination email. It returns 1 if it works and 0 if it fails, that is, it should be used using generic_proc type.
  
Unlike with the rest of components, in a default way Pandora FMS does not include any pre-configured complement, so first you should create and configure a complement to could after add it to the module of an agent. But Pandora FMS includes plugins in the installation directories, but as have already been said, they are not configured in the database.
+
This is a screenshot of the module definition using this plug in:
  
To add a plugin that already exists to Pandora FMS, go to the console administration section, and in it, click on Manage servers. After doing this, click on Manage plugins:
+
<center>
 +
[[image:Pandora_plugin_SMTP5.png|center|800px]]
 +
</Center>
  
<center><br><br>
+
<center>
[[image:verdecito1.jpg]]
+
[[image: smtp_module2.png|center|800px]]
</Center><br><br>
+
</Center>
  
Once you are in the screen of the plugin management, click on ''Create'' a new plugin, so there will be no one.
+
=== Example 3 - DNS Server Remote Plug In ===
  
<center><br><br>
+
This plug in checks the IP address of a specified domain (e.g., artica.es). This is a fixed IP, using an external DNS as reference. That way it is possible to validate whether the domain is returning the correct IP address to avoid unnecessary balancing, DNS attacks, etc. It returns value '1' if it works properly and '0' if not. The plugin is required to be of the 'generic_proc' type.
[[image:verdecito2.jpg|center|650px]]
 
</Center><br><br>
 
  
Fill in the plugin creation form with the following data:
+
This is a screen shot of the module definition using this plugin:
  
<center><br><br>
+
<center>
[[image:plugin_creation.png|800px]]
+
[[image:Pandora_plugin_DNS5.png|center|800px]]
</Center><br><br>
+
</Center>
  
'''Name'''
+
<center>
 +
[[image:dns_module2.png|center|800px]]
 +
</Center>
  
Name of the plugin, in this case Nmap.
+
== Custom field macros for remote monitoring ==
  
'''Plugin type'''
+
When configuring remote modules, having to enter agent-specific configuration options multiple times can quickly become tedious (e.g., an SNMP community string). Custom field macros allow you to use [[Pandora:Documentation_en:Operations#Custom_Fields|agent custom fields]] as macros for certain module configuration options.
  
There are two kinds of plugins, the standard ones and the kind Nagios. The standard plugins are scripts that execute actions and accept parameters. The Nagios plugins are, as their name shows, Nagios plugins that could be being used in Pandora FMS.The difference is mainly on that the Nagios plugins return an error level to show if the test has been successful or not.
+
In the following example, an SNMP network component that can be reused across SNMP agents with different community strings will be created:
  
If you want to use a plugin kind Nagios and you want to get a data, not an state (good/Bad), then you can use a plugin kind Nagios is the "Standard" mode.
+
* First, go to ''Resources/Custom fields'' in your Pandora FMS Console and define a new custom field that will be used to store the SNMP community string. Write down its ID, since it will be part of the macro later, and fill in the appropriate community string in your SNMP agents.
 +
<center>
 +
[[image:snmp_custom_field.png|center]]
 +
</center>
 +
* Then create a new SNMP [[Pandora:Documentation_en:Templates_and_components#Network_Components|network component]] and enter _agentcustomfield_''n''_ as the SNMP community string, where ''n'' is the ID of the custom field (in our example, ''_agentcustomfield_11_'').
 +
<center>
 +
[[image:custom_field_network_component.png|center]]
 +
</center>
 +
* Finally, configure a module using the newly created [[Pandora:Documentation_en:Templates_and_components#Network_Components|network component]]. The module will start working automatically.  
  
In this case (for the NMAP example plugin), we have to select Standard.
+
Custom field macros work with SNMP, WMI, plug-in and inventory modules. They can be used in standalone modules, network components and policy modules.
  
'''Max. timeout'''
+
For a WMI module, you could analogously define two new custom fields to store the username and the password, and use the corresponding custom field macros in the module definition.
  
It is the time of expiration of the plugin. If you do not receive a response in this time, you should select the module as unknown, and its value will be not updated. It is a very important factor when implementing monitoring with plugins, so if the time it takes at executing the plugin is bigger than this number, we never could obtain values with it. This value should always be bigger than the time it takes usually to return a value the script/executable that is used as plugin. In there is nothing said, then you should used the value that in the configuration is named ''plugin_timeout''.
+
<center>
 +
[[image:wmi_custom_field.png|center]]
 +
</center>
  
In this case, we write 15.
+
== Remote wizard and network test execution (Exec Server) ==
  
'''Description'''
+
This feature allows some actions to be run on Pandora FMS remote servers from the Pandora FMS Console. Thus, allowing the use of the agent SNMP Wizards, MIBs' browser and 'event responses' from a remote server, as well as accessing it from the server where the console is.
  
Plugin description. Write a short description, as for example:Test # UDP open ports, and if it is possible, specify the complete interface of parameters to help to someone that will after check the plugin definition to know which parameters accept.
+
Internally, it works through SSH remote command execution from the Pandora FMS console to the enabled servers, which will be called “Exec Server”. These servers can be Pandora FMS or Satellite Servers, but always in Linux.
  
'''Plug-in command'''
+
=== Configuration ===
  
It is the path where the plugin command is. In a default way, if the installation has been an standard one, there will be in the directory
+
It is important to keep in mind that, in order to use this feature correctly, it will be necessary for the agent which is being worked on to have been previously created by the server that is going to be employed, and for said server to have the remote configuration enabled in case it is a satellite server.
''/usr/share/pandora_server/util/plugin/''. Though it could be any path of the system. For this case, writte ''/usr/share/pandora_server/util/plugin/udp_nmap_plugin.sh''in the field.
 
  
Pandora server will execute this script, so this should have permissions of access and execution on it.
+
{{Warning|If remote cofiguration is not enabled, satellite modules will not be created through wizard.}}
  
'''Plug-in parameters'''
+
To configure Exec Server correctly, the systems must be configured following a series of steps:
  
A string with the parameters of the command that will be after command and a blank space. This parameters field accepts macros as _field1_ _field2_ ... _fieldN_.
+
1. In the Pandora FMS server list, access the server edition you want to use as exec server:
  
'''Parameters macros'''
+
<center>
 +
[[image:Exec-server-111.JPG|center]]
 +
</Center>
  
Is possible to add unlimited macros to use it in Plug-in parameters field. This macros will appear as normal text fields in the module configuration.
 
  
Each macro has 3 fields:
+
2. Edit the IP of the server where you will launch the desired commands and activate “Exec Server” check. Using the option "Port" you can specify the port used to connect via SSH to this server. This option can be configured on the Network Server and / or Satellite Server.
  
* Description: A short string descripting the macro. Will be the label near the field.
+
3. The configuration test is not performed yet because the system is not completely configured at this point and it would generate an error message.
* Default value: Value asigned to the field by default
 
* Help: A text with a explanation of the macro.
 
  
Example of a macro configuration:
+
<center>
 +
[[image:server_222_2.png|center]]
 +
</Center>
  
<center><br><br>
 
[[image:macro_configuration.png|800px]]
 
</Center><br><br>
 
  
Example of this macro in the module editor:
+
4. Enable the server where the Pandora FMS console runs so that the “apache” or equivalent user has a shell execution. Modify the following line in the /etc/passwd file so that the user has a valid shell, for example:
 +
 
 +
apache:x:48:48:Apache:/var/www:/bin/bash
  
<center><br><br>
+
5. Create the “.ssh” directory in the “/var/www/” route and give permissions for the “apache” user:
[[image:macro_editor.png|800px]]
 
</Center><br><br>
 
  
 +
mkdir /var/www/.ssh
 +
chown apache /var/www/.ssh
  
 +
6. Execute as root:
  
After the configuration, click on ''Create'' and check that the plugin has been correctly created.
+
su apache
  
<center><br><br>
+
7. Generate the SSH key for the connection to the remote machine executing the following command:
[[image:verdecito4.jpg|center|500px]]
 
</Center><br><br>
 
  
The plugin code could be seen in the given address, It is:
+
ssh-keygen
  
<pre>
+
Accept any questions that it might ask you by clicking “enter”:
#!/bin/bash
 
# This is called like -p xxx -t xxxx
 
HOST=$4
 
PORT=$2
 
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l
 
</pre>
 
  
That basically joins the command and parameters, replacing the macros by their values to execute a quick UDP (-sU) nmap ''(-T5) and that has ''(wc_l) the open ports quantity ''(grep open)''.
+
<center>
 +
[[image:Exec-server-3.jpg|center]]
 +
</Center>
  
Once that the plugin has been created, to could use it on an agent, you should create an agent in case that you have not done this before. In the Pandora FMS console administration section click on ''Manage agents'':
 
  
<center><br><br>
+
8. Before accessing "Exec server” by SSH  (which will be a Pandora FMS server or a Linux server satellite), create on that machine a specific user, called “pandora_exec_proxy” and also create the  “/home/pandora_exec_proxy/.ssh/” folder:
[[image:verdecito5.jpg]]
 
</Center><br><br>
 
  
In the following screen click on ''Create agent'':
+
sudo useradd pandora_exec_proxy -m
  
<center><br><br>
+
mkdir /home/pandora_exec_proxy/.ssh/
[[image:verdi1.jpg|center|400px]]
 
</Center><br><br>
 
  
Fill in the data for your new agent and click on ''Create agent'':
 
  
<center><br>
+
'''NOTE''': The user does not have a password, so it cannot be used for remote connection.
[[image:trescientos.jpg|center|450px]]
 
</Center><br>
 
  
Once you have created the agent, click on the modules upper flag (''Modules''). In it, select create a new plugin module and click on ''Create'':
 
  
<center><br>
+
9. Copy the contents of the public key, generated in the previous step, from the Pandora FMS console to the “''exec server''” server. In order to do this, copy the contents of the  <strong>“''/var/www/.ssh/id_rsa.pub''”</strong> file (by copying and pasting that content) to the <strong>''/home/pandora_exec_proxy/.ssh/authorized_keys'</strong>' file and change that file's permissions:
[[image:trescientos1.jpg|center|450px]]
 
</Center><br>
 
  
In the following form, fill in the blank fields, select the module kind ''Generic module to adquire numeric data'', specify the IP address against which to do the analysis and also the port on which to do this:
+
chown -R pandora_exec_proxy /home/pandora_exec/.ssh/
  
<center><br><br>
+
10. Once the user is created, from the machine where the console is running, and through the “apache” user, execute the following command manually to verify that you can log in without entering a password (replacing the IP by the hostname/IP from the Exec server which has been configured in previous steps):
[[image:example1_edition_module.png|center|800px]]
 
</Center><br><br>
 
  
Once you have finish this, click on ''Create''.
+
  ssh [email protected]_address
  
In the following screen will be shown the modules for the agent, the module ''Nmap'':
+
11. When all these steps are correct, edit (in the console) the /etc/pass file in order to leave the apache user as it was originally (without local shell):
  
<center><br><br>
+
apache:x:48:48:Apache:/var/www:/sbin/nologin
[[image:topito1.jpg|center|550px]]
 
</Center><br><br>
 
  
As you can see, there is a warning on modules. The warning only means that no data in the module has received yet, so they have been just added. Once that data start being received, the warning will disappear.
+
12. Finally, test the configuration in the editing section of your proxy server, within Pandora FMS console, and if the test indicator turns green, it will be fully operational and functional.
  
To see the data of the just created module. click on the upper flap ''View'', and in it go below, where data will be shown once they start being received.
+
<center>
 +
[[image:Exec-server-4.png|center]]
 +
</Center>
  
<center><br><br>
+
=== Using the ''exec servers'' feature ===
[[image:topito2.jpg|center|550px]]
 
</Center><br><br>
 
  
To see data of the modules kind text string (in the example, the ''System Description'') go to the data upper flap, ''Data''.
+
From now on, in the MIB browser, in agent SNMP wizard and event responses, you can choose from where you will launch the request, whether from the local console or from the configured Exec server:
  
=== Example #1: Plugin Module for MySQL ===
+
<center>
 +
[[image:Exec-server-555.JPG|center]]
 +
</Center>
  
This is another example, a more complex one, of how to implement a plugin. In this case, other plugin that comes by default with Pandora, the MYSQL check plugin.
 
  
Create a plugin module (Administration -> Manage servers -> Manage plugins)for MySQL, with the following data:
+
And the same goes for the WMI Wizard, the SNMP interfaces one and SNMP agent wizard (not available for satellite servers)
  
*Nombre: MySQL
+
<center>
*Plugin type: Standard
+
[[image:Exec-server-666.JPG|center]]
*Max. timeout: 10 seconds
+
</Center>
*Description:
 
MySQL check plugin
 
  
Checks:
+
Depending on the selected server, when launching the Wizard, adapted modules for satellite server or server will be created. In the satellite server case, write the modules in the remote configuration file so that they can be executed by the server.
  
This plugin gives four checks:
+
For executing “event response”, firstly configure a new event response that uses the new exec server:
  
Connections: Connections
+
<center>
Com_select: Number of select queries from start
+
[[image:Exec-server-777.JPG|center]]
Com_update: Number of update queries from start
+
</Center>
Innodb_rows_read: Innodb files readings
 
  
*Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
 
*Plugin parameters: -s _field1_ -u _field2_ -p _field3_ -q _field4_
 
*Macro _field1_:
 
** Description: IP Address
 
** Default value: X.X.X.X
 
*Macro _field1_:
 
** Description: User
 
** Default value: User
 
*Macro _field1_:
 
** Description: Password
 
** Default value: Password
 
*Macro _field1_:
 
** Description: Check
 
** Default value: Connections
 
** Help: Possible values: Connections/Com_select/Com_update/Innodb_rows_read
 
  
The plugin will be as follows:
+
And then, launch it from an event:
  
<center><br><br>
+
<center>
[[image:plugin_mysql.png|center]]
+
[[image:Exec-server-8.JPG|center]]
</Center><br><br>
+
</Center>
  
This plugin gives four checks:
+
== Path monitoring ==
  
*''Connections: Connections
+
Pandora FMS offers by default complete route monitoring between two network points, visually indicating the path that is being followed at all times to communicate between these two points.
*''Com_select: Number of select queries from start
 
*''Com_update: Number of update queries from start
 
*''Innodb_rows_read: Innodb files readings
 
  
Create a module in the system agent where Pandora FMS is installed and assign it; its name will be ''Mysql Connections'',using as complement itself (MySQL), as Ip ''localhost'', as Pandora user, as password, the Pandora database password, and as Check ''Connections''.
+
To use this system you need:
  
The module to create would be like this:
+
*A software agent at the point of origin of the route you want to analyze
 +
*Being able to reach the destination point via ICMP from the point of origin.
  
<center><br><br>
+
The Pandora FMS path analyzer uses an agent plugin to map the route. This agent plugin uses several methods to collect information, reporting structured information to Pandora FMS server.
[[image:plugin_mysql_module.png|center|800px]]
 
</Center><br><br>
 
  
Once you have created it, it will be next to the Nmap module:
+
'''Note:''' Optionally, if you want to scan routes over the Internet, it is recommended that you deploy the mtr application on your route source computer. More information at:
  
<center><br><br>
+
https://en.wikipedia.org/wiki/MTR_%28software%29
[[image:fosforo3.jpg|center|550px]]
 
</Center><br><br>
 
  
And the information in the main page (''View'' tab):  
+
http://www.bitwizard.nl/mtr/
  
<center><br><br>
 
[[image:faltaba.jpg|center|550px]]
 
</Center><br><br>
 
  
And the detailed information (''Data'' tab):
+
=== Configuration ===
  
<center><br><br>
+
From version 7.0 OUM715 onwards, the plugin is included in the agent. To configure it, activate the execution of the plugin from the Pandora FMS console, once the agent's remote configuration is enabled.
[[image:fosforo5.jpg|550px]]
 
</Center><br><br>
 
  
=== Example #2: SMTP Server remote plugin ===
+
<!--
  
 +
From version 7.0 OUM715 onwards, the plugin is included in the agent. To configure it, activate the execution of the plugin from Pandora FMS console, once the agent's remote configuration is enabled.
  
From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).
+
* Download the plugin for path analysis of the module library:
 +
https://library.pandorafms.com/index.php?sec=Library&sec2=repository&lng=en&action=view_PUI&id_PUI=821
  
This plugin sends an email using a remote server, you can specify server IP, port, username and password and authentication scheme, as well as e-mail destination and destination. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.
+
*Transfer the plugin to your software agent (either by collecting or manually copying the file)
  
This is an screenshot of the module definition using this plugin:
+
<center>
 +
[[image:route_conf1.png|center]]
 +
</Center>
  
<center><br><br>
+
* Activate plugin execution
[[image:Pandora_plugin_SMTP5.png|center|800px]]
+
-->
</Center><br><br>
 
  
=== Example #3: DNS Server remote plugin ===
+
Access the plugin configuration tab in your agent and add the following line (if the agent version is earlier than 7.0 715, or if you have not deployed the plugin in the utility folder, specify the full path to the plugin to run it)
  
From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).
+
route_parser -t target_address
  
This plugin checks the IP address of a given domain (eg artica.es) is a fixed IP, using as reference an external DNS. In this way we can validate whether the domain is returning the correct IP to avoid unnecessary balancing, DNS attacks, etc.. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.
+
Where target address can be a v4 IP address or an FQDN domain name.
  
This is an screenshot of the module definition using this plugin:
+
<center>
 +
[[image:route_conf2.png|center]]
 +
</Center>
  
<center><br><br>
+
=== Visualization ===
[[image:Pandora_plugin_DNS5.png|center|800px]]
 
</Center><br><br>
 
  
=== Example #4: UDP Port remote plugin ===
+
Once the system is configured and reporting, a new tab will appear in the agent view with the path communications have followed to reach the target:
  
From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).
+
Sample route view to a machine on a network other than the source network (LAN connections)
  
This plugin checks for a given address and UDP port. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.
+
<center>
 +
[[image:route_view1.png|center]]
 +
</Center>
  
This is an screenshot of the module definition using this plugin:
+
Sample route to 8.8.8.8.8 example view (Google's DNS) (WAN connections)
  
<center><br><br>
+
<center>
[[image:Pandora_plugin_UDP5.png|center|800px]]
+
[[image:route_view2.png|center]]
</Center><br><br>
+
</Center>
  
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]

Latest revision as of 12:40, 31 July 2020

Go back to Pandora FMS documentation index

1 Remote Monitoring

1.1 Introduction

Pandora FMS Network Server is an essential piece of Pandora FMS, because it allows remote checks to be conducted from a central point. The Data Server and the Network Server are carrying out the tasks they have been assigned through a multiprocess queue system. A network server can also work with other network servers, balance the load and act as a support device in case another network server fails, carrying out the work the failing server was supposed to do. If you would like to know more about High Availability (HA) under Pandora FMS, please take a look at the corresponding chapter.

Network Servers only work with assigned network modules. Because there are network tests to perform, the Network Server should of course have complete visibility (IP addresses and ports) over the devices you are going to perform the tests on. It is completely futile to perform tests against a system with ports which cannot be seen or for which you do not have the proper paths. The existence of firewalls (or the problems generated though the existence of these kinds of devices) or pre-existing paths in the network have nothing to do with Pandora FMS nor with one of its specific configurations.

Besides the network server, there are many more additional Pandora FMS server subtypes that execute remote tests. This chapter will discuss network servers, remote plugin servers and server that launch remote tests against Windows machines (WMI Server). Other servers that also process remote tests, as WEB test server (WEB Server or Goliat server), have specific documentation chapters.

Remote-monitoring.jpg

1.2 Basic network monitoring

Pandora FMS Network Modules carry out remote monitoring tasks. The remote execution of tasks can be summarized in three blocks:

ICMP Tests

Those are basic network tests that allow to find out whether a host is accessible and alive and the time it takes to get to that device through the network.

TCP Tests

This test checks if a system has the TCP port open which was specified in the module definition. Additionally, a text string can be sent and it can wait to receive a specific response to check whether the communication is correct. This method allows simple protocol checks to be implemented and verification of whether the other end responds or not.

For example, the "GET/HTTP/1.0^M^M" string could be sent to check whether an HTTP server is alive, waiting to receive the "200 OK" string.

SNMP Tests

It is possible to launch SNMP petitions remotely (called 'SNMP Polling') to systems that have their SNMP service activated to obtain data like: 'interface status' and 'consumed network bandwidth by interface', etc. There is a specific section devoted to SNMP with Pandora FMS (later on).

Network-data-server-arq.png

In conclusion it is quite obvious that the network server is the one which carries out the different network tests assigned to each agent. Each agent is assigned to a Network Server - and it is this Network Server the one that executes the task and transfers the results to the DB of Pandora FMS.

1.2.1 General Configuration of a Module for Network Monitoring

To remotely monitor any kind of equipment or an equipment service (FTP, SSH, etc.), create the corresponding agent to monitor the service first.

Info.png

When talking about creating an agent, it does not mean installing a software agent in the target machine, but creating an agent in the Pandora FMS interface.

 


Go to the Pandora FMS section for console administration and click on Resources > Manage agents:

Anvi.jpg

In the following screen, please click on Create agent:

Bibi.jpg

Enter the proper data to define your new agent and click on Create:

Raro.jpg

Once you have created the agent, please click on the drop down menu of the modules. Select 'Create a new network module' in it and click on the Create button:

Sasa.jpg

Select a network component module in the following form: Look for the check you need in the drop-down menu on the right. In this example, 'Host Alive' is selected which represents a ping for the machine. It is a simple check to find out if the machine is connected to the internet or not.

Alive.jpg

The advanced options are left for later. Make sure the modules have obtained the agent's IP address. You may enter a different IP address here. Once you have finished defining the module, press the Create button.

In the following screen, all modules for the agent are shown. On the picture below, you can see the preset Keepalive (which was created along with the agent) and the added 'Host Alive' module:

Kiji.jpg

As seen, there is a warning attached to the modules. The warning only means that no data has been received by the module yet, because it has been just added. Once data starts to be received, the warning disappears.

To see the data from the newly created module, click on the 'view' button on the top right and look at the bottom where the data will appear once it starts receiving data:

Keso.jpg

To add another kind of network check, proceed exactly as described above, but with a different kind of module.

1.2.2 ICMP Monitoring

The previous example was the one of ICMP monitoring. These are the more basic and simple checks which give us important and precise information. There are two kinds of ICMP checks:

  • icmp_proc, host (ping) check which allows to come to know if an IP address responds or not.
  • icmp_data or latency check. It basically tells us the time in milliseconds it takes to respond to an ICMP basic query.

1.2.3 TCP Monitoring

TCP check allows to check the state of a port or a TCP service.

The main parameters of these type of modules are target port, target IP, and the TCP send and receive data.

By default, TCP check is simply a test for whether the destination port is open or not. You are also able to send a text string and wait to receive something which will be processed directly as data by Pandora FMS, through TCP Send and TCP Receive fields.

It is possible to send a text string (using the «^M» string to replace the CR) and to wait to receive an answer substring to check whether the communication is working properly or not. This allows simple protocol checks to be implemented. If you want to check whether a server is alive or not, you may send the following string:

 GET / HTTP/1.0^M^M 

Wait to receive the string:

200 OK

This string is coded in 'TCP send' and 'TCP receive' fields.

TCP send

The field to configure the parameters intended to be sent to the TCP port. It accepts the '^M' string as a replacement for the CR sending. To send several strings in a row in a send/response manner, you are required to separate them by the character:

TCP receive

The field to configure the text strings which we expect to receive on the TCP connection. If they are sent/received in several steps, each step should be separated by the '|' (pipe) character.

By means of the Pandora FMS TCP check, you are able to do more than just inspecting whether a port is open or waiting for an answer from a simple request. It is possible to send data, wait to receive something, send something afterwards, wait to receive something and so on. Only if all the processes are carried out in the right way, the results can be validated.

To use the Pandora FMS Dialog and Response Checking System, you may separate the different petitions by the | ('pipe') character.

This is an example of an SMTP conversation:

R: 220 mail.supersmtp.com Blah blah blah
S: HELO myhostname.com
R: 250 myhostname.com
S: MAIL FROM: 
R: 250 OK
S: RCPT TO: 
R: 250 OK
S: DATA
R: 354 Start mail input; end with .
S: .......your mail here........
S: .
R: 250 OK
S: QUIT
R: 221 mail.supersmtp.com Service closing blah blah blah

If you want to check the first protocol points, the necessary fields to emulate this conversation would be:

TCP Send

HELO myhostname.com^M|MAIL FROM: ^M| RCPT TO: ^M

TCP Receive

250|250|250

If the three first steps are OK (code 250), then the SMTP is working properly. It does not need to send a complete mail here (but it could, in any case). This enables protocol-based TCP checks which could be used for any protocol that uses plain text conversations.

1.2.4 Remote execution modules

From version 741 onwards, the following network server Enterprise modules are available:

  • Remote execution data
  • Remote execution data proc
  • Remote execution data string
  • Remote execution data inc

To be able to use those modules successfully, connection data of the agent intended to monitor is necessary. Therefore, register the connection data against the target in the safe credential storage:

Remotexec9.PNG

Once the credentials are registered, use them when defining the module.

Create a new network server module.

Choose one of the menu options in module type.

Remotexec2.png

For remote executions, the following types of data are valid:

  • remote_execution_data: numeric.
  • remote_execution proc: boolean (0 FALSE, different from 0 TRUE).
  • remote_execution_data_string: alphanumeric (string).
  • remote_execution_data_inc: incremental (ratio).

Define these:

  1. The credential set to be used for the connection.
  2. Optionally the target IP (otherwise that of the agent will be used).
  3. Optionally the target OS (otherwise that of the agent will be used).
  4. Optionally the port to connect to (22 in Linux, whatever in Windows).
  5. The command to forward to carry out the monitoring process.

Example:


Remotexec8.png


Remotexec3.png


The system will execute the command against the remote machine, receiving the number of files in the temporary work directory.


Remotexec4.png


You may also choose a type of alphanumeric data to see the command’s literal output:

Module setup:


Remotexec5.png


Target OS parameter can be configured to inherit the operative system of the agent that is beign targeted.

Result:


Remotexec6.png


Remotexec7.png


Template warning.png

The module’s performance is the same when allocating alerts, generating events or viewing reports.

 


Template warning.png

From Pandora FMS version 743 onwards, the following tokens related to remote execution modules parameters will be available in pandora_server.conf: ssh_launcher, rcmd_timeout and rcmd_timeout_bin.

 


1.2.5 SNMP Monitoring

1.2.5.1 Introduction to SNMP Monitoring

When we talk about SNMP monitoring, the most important thing is to separate the testing concepts (polling) and traps. SNMP testing means ordering Pandora FMS to execute a "get" command against an SNMP device such as a router or a switch. This is a synchronous operation (which takes place from time to tima actively).

Receiving an SNMP trap, on the other hand, is an asynchronous operation (based on changes or events that may take place or not). It is commonly used to receive 'alerts' coming from a device, e.g. if a switch knocks down a port or its fan is too hot.

SNMP checks of the polling type are carried out creatinf network modules in Pandora FMS as it is usually done.

Using SNMP Traps is something completely different. It is possible to receive traps from any device without the need of configuring anything except the SNMP console in Pandora FMS, where all traps received will appear on the SNMP console. Alerts can be defined through filtering rules by enay of its fields.

Pandora FMS works with SNMP using individual OIDs, where each OID is a network module. If you want to monitor a 24-port 'Cisco Catalyst' switch and find out the operating system and the entry and exit port, you have to define a total of 72 modules (24 x 3).

To work with SNMP devices, you are required to know the following:

  • What the SNMP Protocol is and how it works. The published RFC3411 from the IETF describes it in detail.
  • The IP and the SNMP community of the remote device.
  • How to activate the device's SNMP management so that you are able to perform SNMP queries from the network server. This network server must be allocated by the agent where network modules are to be defined. Bear in mind that if you wish for other network servers to make queries in case the assigned server fails, these will make those queries with another IP address.
  • The specific OID of the remote device which you want to check (or use one of the multiple Pandora FMS wizards or its SNMP OID browser).
  • How to manage the data returned by the device. SNMP devices usually return data in different formats. Pandora FMS can manage almost all of them. Pandora FMS manages data of the 'counter' kind as 'remote_snmp_inc'. They are of special importance, since they are counters, they cannot be considered numeric data but element rate per second. The majority of SNMP statistical data are of the counter kind and it is necessary to set them as 'remote_snmp_inc' if you want to monitor them properly.

1.2.5.2 Monitoring through Network Modules with SNMP

To monitor any element through SNMP, you should at least know its IP and its SNMP community. It would also be quite important to know the OID that you want to monitor, although you could obtain it by means of an SNMP Walk as long as you know where each OID comes from. However, this is not always an easy task.

To monitor an element through SNMP, create an agent for it. If you already have one, simply add a new network module and follow the previous instructions.

Once the module has been created, select an SNMP data type in the configuration module form just like the ones shown on the image:

Cap5 snmp 1.png

Any of the three SNMP data types are valid. Simply select the one which matches the type of data that you want to monitor.

Once you have selected an SNMP data type, the form will expand, showing additional fields for SNMP like the following:

Cap5 snmp 2.png

Next, define the fields:

SNMP community

The SNMP community is necessary to monitor the element. It acts as a password.

SNMP version

The SNMP protocol version of the device. It could be 1, 2, 2c or 3. Version 3 includes encryption and safe authentication when communicating, which makes configuration more burdensome and makes Pandora FMS network server polling performance worse.

SNMP OID

The OID identifier to monitor. They can consist of numeric values and dots. These strings are translated automatically to more descriptive alphanumeric strings if the corresponding MIBs are installed within the system. MIBs are manufacturer libraries that help translate OIDs into more descriptive strings.

An alphanumeric OID can be similar to this one:

  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3

The numeric equivalent would be something like this:

  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3


Pandora FMS includes some OIDs in its database which could be used directly. When creating the module, select the 'Cisco MIBs' component to show a list of the available MIBs for Cisco devices:

Cap5 snmp 4.png

Once you have selected the proper component, you will be able to pick the available MIB for it:

Cap5 snmp 5.png

By doing this, the fields will be filled out with the necessary information.

There are more MIBs included in Pandora FMS. With Enterprise Version, there are several MIB packages for different devices included. Once you have entered the data, please click on the Create button.

To see the data of the created module, click on the upper flap named View and take a look at the bottom of the page, where the data will be displayed once it starts to receive any. With these data you could see a realtime SNMP graph.

SNMP nueva.png


1.2.5.3 SNMP Monitoring from Agents

Windows software agents have a feature for obtaining SNMP information. In Unix/Linux snmpget agents it is usually available, so it can be called from the module_exec line.

The 'snmpget.exe' feature has been added to the Windows default agent (which is part of the 'net-snmp' project and comes with a BSD license). The basic 'MIBs' and a wrapper / script to wrap the call into the 'snmpget.exe' feature have also been added.

Using this call, SNMP can be monitored from an agent, obtaining information from any remote system to which the agent has access to, so you can work as a 'satellite agent' or 'proxy agent' (according to the documentation).

In Windows, the syntax for this execution is:

module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>

Some examples of SNMP modules executed by Windows agents are:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec getsnmp.bat public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_if3_desc
module_type generic_data_string
module_exec getsnmp.bat public 192.168.55.1 IF-MIB::ifDescr.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec getsnmp.bat public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

The same examples, executed under UNIX agents:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec snmpget -v 1 -c public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec snmpget -v 1 -c public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

It is important to highlight that only the 'basic' OIDs are translatable into their numerical equivalent. It is advisable to always use numerical OIDs, because the tool might be able to translate it or not. In any case, the MIBs can always be obtained from the '/util/mibs' directory in Windows or in '/usr/share/snmp/mibs' in Linux.

1.2.6 Pandora FMS SNMP MIB Browser

The SNMP explorer can be accessed through the Monitoring > SNMP > SNMP Browser menu.

From Pandora FMS version 744 new operations can be added to policies and agents. This development is only available for Pandora FMS Enterprise versions.

The first thing to understand is that Pandora FMS makes a complete path of the device tree, so if it is big (like a switch) this may take several minutes. You may also choose to explore only one sub-system, which will save you a lot of time.

For example, to get Cisco information only, you may explore your Cisco enterprise sub-mib starting with:

 .1.3.6.1.4.1.9

The browser is used to navigate, which means clicking on each branch and obtain values. The system will ask for that information and will show the requested OID information (if available). If there is no information about the device OID, this is only displayed in numeric format. The OID descriptive information is stored through MIBs [1]. If there is no MIB for the device you wish to explore, you may have to look for "pieces of information" throughout the information displayed by Pandora FMS, which is complex and takes time.

Pandora FMS SNMP browser allows to search for a text string both throughout the obtained OID values and the translated OID values (if available). It could be particularly helpful to look for known and specific strings and locate their OID. If it finds several entries, it will allow you to go from one occurrence to another and it will highlight them in yellow.

Snmp browser module creator.png

From version Enterprise 744 you may select several OIDs and add them to an agent by clicking on “Create agent modules”.

Select the agents where you wish to monitor said OIDs and add them to the bot on the right. These modules are created once you click on “Add modules”.

SNMP1.png

SNMP12.png

You may also select several OIDs to add them to a policy using the “Create policy modules” button.

SNMP21.png

Select all policies where you wish to add module configuration of those OIDs. If you want to generate a new policy for those OIDs click on “Create new policy”.

File:SNMP3.png

Fill out the fields assigning a name, a group, a policy description and click on “Create policy”.

Then it will be available in the policy board.

Add them to the box on the right and click on “Add modules” to apply this configuration on policies.

SNMP31.png

SNMP32.png

If what you want is to select a specific OID from Pandora FMS version 744 Enterprise the “Create agent module” button is available from the OID detail. This button will allow to select a specific agent and will redirect to module creation within said agent will all the selected SNMP data.

SNMP41.png


From the SNMP module editor, when you create or edit a network module, you may launch the SNMP browser by clicking on "SNMP Browser", which will open it on a floating window.

Once you choose the OID you were looking for, by clicking on the filter icon, choose that OID and it will appear automatically on the corresponding field of module definition to be used in your agent.

Snmp browser from module creation.jpg

1.2.7 MIB Management

Through Pandora FMS you can upload and manage the MIBS to be able to add new mibs or delete the ones that are not revelant. These MIBs will be only used by Pandora FMS, which will also use the operating system (in /usr/share/snmp/mibs). Pandora FMS will use the {PANDORA_CONSOLE}/attachment/mibs path to store the mibs.

New snmp browser mibmanager.png

It is important to point out that Pandora FMS MIB manager only manages the "polling" MIBs that have nothing to do with SNMP traps MIBs. For this feature, there is another manager, exclusive to the Enterprise version of Pandora FMS.

1.2.8 Pandora FMS SNMP Wizard

In the agent management view, there is a set of tools specifically created to create modules remotely: The Agent Wizard.

Agent wizard.png

1.2.8.1 SNMP Wizard

Agent wizard snmp wizard.png

Set the target IP, the community and other desired parameters (SNMP v3 is supported) to do an SNMP walk to the host.

Snmp wizard form.png

Once the data is correctly retrieved, a form for module creation will appear:

Snmp wizard module creator.png

It is possible to create modules from the following types of SNMP data through the SNMP Wizard:

  • Devices
  • Processes
  • Free Space on Hard Drives
  • Temperature Sensors
  • Other SNMP Data

You may select the kind of module and add the desired elements from the left combo to the right one. Once you have completed this process, click on 'Create modules'.

This wizard will create two kinds of modules:

  • SNMP Modules for data with a static OID (sensors, memory data, CPU data, etc.).
  • Plugin Modules for data with a dynamic OID or calculated data (processes, disk space, used memory in percentage, etc).


Template warning.png

For plugin modules, the remote SNMP plugin will be used. So if the plugin is not installed in the system, these features will remain disabled. The plugin must be named "snmp_remote. pl". The location where it is hosted is not relevant.

 



For the SNMP wizard to be able to obtain data from an SNMP device thanks to the remote components, it is necessary to fulfill 2 requirements:

  - To have the Private Enterprise Number (PEN) of the device manufacturer registered in Pandora FMS.
  - To have the SNMP wizard components for the device manufacturer registered and enabled in Pandora FMS.

If the scanned device fulfills these requirements, all the modules from which data could have been obtained will be shown to give you the opportunity to select which one you want to create and which not.

These modules will be shown organized in blocks, based on the group the wizard component that generated them belongs to.

All the blocks will be shown compressed at first to make visualization easier. That way, they can be extended to modify selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate this.

IMG8 wizard components.png

If you deploy a block, you can choose which modules will be added and which will not, as well as the option of modifying the name, description or thresholds of each module individually.

IMG9 wizard components.png

Once you click on Create modules, a summary list of the chosen modules with their configuration will be displayed. In this list you will see the modules that could not be created, either because they already exist in the agent or because two or more modules with the same name have been configured in the wizard itself.

In spite of all the modifications you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.


IMG10 wizard components.png


Once the module creation has been confirmed, it will be re-evaluated one by one whether they can be created or not, to avoid duplicating modules in case the same modules have been created by another means in the confirmation time frame.

You will be notified if the process was successfully completed or if there were any modules that could not be created.

1.2.8.2 SNMP Interface Wizard

Agent wizard snmp interfaces wizard.png

In the Agent Wizard, there is an SNMP wizard specifically created for browsing interfaces.

This Wizard browses the SNMP branch IF-MIB::interfaces, offering the possibility of creating multiple modules of different interfaces with multiple selections.

Like the SNMP Wizard (after selecting the IP target, community, etc.), the system directs an SNMP query to the host and fills out the module creation form.

Select one or more interfaces from the left combo. After that, their common available elements (e.g. description, speed, inbound/outbound traffic, etc.) will appear on the right. You may select one or more elements from this combo and click on 'Create modules' to create these modules for each selected interface in the combo on the left.

Agent wizard snmp interfaces creation.png

For the SNMP interface wizard to obtain data from an SNMP device, it is necessary to meet one requirement:

  - The SNMP device must return data from the branch IF-MIB.

If this requirement is met, it will be possible to choose for each device network interface the modules that you want to add to the monitoring.

You will see an introductory general configuration block for all the selected interfaces of the device with the possible modules to add. The modules that are selected in this block and their thresholds will be the default configuration that will be added for network interfaces. This block could be disabled in order not to add general monitoring to the interfaces.

IMG11 wizard components.png

There will also be a specific block for each network interface, which you may select to indicate that the interface should be monitored. If, in addition, in the previous block, a general monitoring has been configured, all the checked interfaces will take those configurations.

IMG12 wizard components.png

In each interface block, you may also indicate specific configurations for the interface, that is, add specific modules not included in the general monitoring block, or overwrite those configurations with a different one for a particular case. You may also modify the names and descriptions of the modules for each specific case. It is necessary that the interface block is marked for monitoring, so the specific configurations will take effect.


IMG13 wizard components.png

All the blocks will be shown compressed at first to make their visualization easier. That way, they can be extended to modify selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate it.


Once you click on Create modules, a summary list of the chosen modules with their configuration will be shown. In this list you will see the modules that cannot be created, either because they already exist in the agent or because 2 or more modules with the same name have been configured in the wizard.

In spite of all the modifications you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.

IMG14 wizard components.png

Once the creation of the modules has been confirmed, they will be re-evaluated one by one to check whether they can be created or not, to avoid duplicate modules in case the same modules have been created by another means in the confirmation time frame.

You will be notified if the process was successfully completed or if there were any modules that could not be created.

1.2.9 Common Advanced Features of Network Modules

The following screen shows the advanced features for network module configuration:

Cap5 snmp 8.png

Description

Module description. There is already a default description which can be changed.

Custom ID

Custom identifier which is necessary if you wish for the server to send multicast messages with information about agents. You can also use this field to integrate Pandora FMS data into an external information system like a CMDB.

Interval

The module's execution interval. As shown in the example, it could be different from the agent's interval.

The values shown depend on those configured in the "Settings > Visual Styles" section in the "Interval Values" section.

An administrator user will be given the possibility to define a custom interval at the time of creating or editing a module. Standard users will only be able to define previously configured intervals, displaying the default ones when not being defined in "Visual Styles".

Post Process

The module's post processing. It is useful to multiply or divide the returned value, e.g. when you obtain bytes and you want to show the value in Megabytes.

Min. Value

The module's minimum value. Any value lower than the one defined here will be considered 'invalid' and ruled out.

Max. Value

The module's maximum value. Any value higher than the one defined here will be considered 'invalid' and ruled out.

Export Target

It is useful to export the values returned by the module to an Export Server. It is only available in the Pandora FMS Enterprise Version, and could come in pretty handy if you have configured an export server previously. Check the section on the export server for more details.

CRON

If Cron from is set, the module will be run once the current date and time match the date and time configured in Cron from, ignoring the module's own interval. For example, the following configuration would cause the module to be run every Monday at 6:30:

Cron from ex1.png

If both Cron from and Cron to are set, the module will be run once when the current date and time fall between the date and time configured in Cron from and the date and time configured in Cron to, ignoring the module's own interval. For example, the following configuration would cause the module to be run everyday between 6 and 7:

Cron from ex2.png

For local modules, the corresponding module_crontab line is added to the agent's configuration file. See Programmed Monitoring for more information.

Timeout

Time the agent will wait for the execution of the module in seconds.

Category

This categorization has no effect on the normal user interface, it is intended to be used together with the Metaconsole.

1.3 Windows Remote Monitoring with WMI

WMI is a Microsoft system for obtaining remote information from computers running Windows OS. It is available from Windows XP version to the most current versions. WMI allows you to get all kinds of information from the OS, applications and even hardware. WMI queries can be made locally (in fact, Pandora FMS agent does it internally, calling the API of the operating system and asking the WMI subsystem) or remotely. In some systems, remote access to WMI is not enabled and must be enabled in order to be consulted from the outside.

Pandora FMS allows remote monitoring of Windows equipment through WMI queries. To do this, it is be necessary to enable the wmiserver component in the Pandora FMS server configuration file.

# wmiserver : '1' or '0'. Set to '1' to activate the WMI server in this setup.
# DISABLED BY DEFAULT
  wmiserver 1

Queries are made in WQL, a kind of Microsoft-specific SQL language for internal queries to the operating system, and any query that appears in the WMI system database can be made.

To start monitoring through WMI, first create the corresponding agent, and once ready, click on the top flap of the modules (Modules). Then, select the option to create a new WMI module and press the Create button.:

Feo.jpg

Some fields are WMI specific and require a short explanation:

Namespace

Space for WMI names. This field is different from 'empty string' by default and depends on the information source of the application intended to monitor.

Username

Name of the Administrator or any other user which has been granted the privileges to remotely execute WMI queries.

Password

Password for the Administrator or any other user.

WMI Query

WMI query. It is very similar to a sentence in SQL, e.g.:

SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
SELECT SerialNumber FROM Win32_OperatingSystem
SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory
SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"

Key String

Optional field to compare the returned query with a string. In case it exists, the module will return either '1' or '0' instead of the string itself.

Field Number

The number of the returned field, starting from 0 (WMI queries are able to return more than one field). Most of the time, the value is 0 or 1.

Campos.jpg

If you do not know the exact parameters, you may also select one of the preinstalled ones included in the Pandora FMS Database. Therefore, select the WMI module component:

Galleta.jpg

Once you have done that, select a WMI check from one of the available ones:

Galletita.jpg

The required information is filled out automatically, except for the user and its password. Please remember that only users with administration permissions and their passwords are valid here. Otherwise, the module cannot return any value:

Otro.jpg

The Pandora FMS Enterprise version owns more than 400 WMI Remote Monitoring Modules for Windows. They are available for the following devices and components:

  • Active Directory
  • BIOS
  • System Information
  • Windows Information
  • Printers
  • MSTDC
  • IIS
  • LDAP
  • Microsoft Exchange

1.4 WMI Wizard

Under the Agent Wizard feature shown on the picture below, there is a WMI wizard which is intended to browse and create modules with WMI queries on a specified agent:

Agent wizard wmi wizard.png

You will need to specify the Administrator (or a user with WMI query permissions) user and password on the target server to make the first WMI queries. This information will be used to create modules.

Wmi wizard module creator.png

It is possible to create modules from different kinds of WMI data through the WMI Wizard:

  • Services: It creates boolean monitors in 'normal' status if the service is running and in 'critical' when it is shut down.
  • Processes: The process monitor will only receive any data if the process is active, otherwise it will be on 'unknown' status.
  • Free space on disk The available space on the hard drive.
  • WMI components: It will choose from the WMI components registered on the system (they are found under 'Administration' -> 'Manage modules' -> 'Network components').


In order for the WMI wizard to obtain data from a Windows computer, a requirement must be met:

  - To have the WMI wizard components registered and enabled in Pandora FMS.

If this requirement is met, all modules from which data can be obtained will be displayed to give you the opportunity to create them or not.

These modules will be shown organized in blocks based on the group the wizard component that generated them belongs to.

All blocks will be shown compressed at first to make visualization easier. That way, they can be expanded to modify the selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate this.

IMG15 wizard components.png

If you deploy a block, you may choose which modules will be added and which will not, as well as modify the name, description or thresholds of each module individually.

IMG16 wizard components.png

Once you click on ‘’Create modules’’, a summary list of the chosen modules with their configuration will be displayed. In this list you will see the modules that could not be created, either because they already exist in the agent or because two or more modules with the same name have been configured in the wizard itself.


In spite of all the modifications that you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.

IMG17 wizard components.png

1.5 Monitoring with server remote plugins

This type of monitoring consists on executing plugins remotely from Pandora FMS server against other systems. Installations come with several server plugins by default ready to use, and the user can always add as many as needed.

A remote plugin is a script or executable that supports parameters and returns a value. Through a plugin you can implement any type of operation by yourself, and through a few input parameters, customize as you may want that application you have developed to work. This would allow you, for example, to pass the target IP of the test as a parameter. The result could be a number, a boolean value (0 error, > 0 OK), or a text string. The only limitation of remote plugins is that they can only return a single value.

To register a plugin in Pandora FMS, go to the management section of the console, and once there, click on Manage servers, then click on "Manage plugins":

Verdecito1.jpg

Verdecito2.jpg

From this screen you can see that you already have a few plugins registered. Here you may also register your plugin manually. To explain how it works, see an already registered plugin, click on the one called "UDP Plugin" that allows you to perform a UDP connectivity test to a remote machine.

Plugin create 1.jpg

Plugin Type

There are two types of plugins: standard (standard) and Nagios plugins. Standard plug-ins are scripts that execute actions and support parameters. Nagios add-ons are, as its name indicates, Nagios add-ons that can be used in Pandora FMS. The difference is mainly that nagios plugins return an error level to indicate whether the test was successful or not and an additional descriptive string. This description is not a numerical value that can be used as a module value, so in this case it will be used to update the module description.

In this case (for the example plugin, UDP port check), Standard will be selected since it is not a Nagios plugin.

Max. Timeout

The expiration time of the plugin. If you do not receive a response within the specified time, it is not run anymore. It is a very important factor when implementing monitoring with plugins. If the plugin execution time is longer than the specified value, you would never obtain data with it (it will not even be initiated). This value is recommended to always be higher than the time it usually takes to return a value of the script or executable which is used as a plug in. If there is no preconfigured value, it is recommended to use the same value which can be found under plugin_timeout in the configuration.

Info.png

In the execution of a plugin, there are three timeouts: server, plugin and module. Please note that the server prevails over the others, and secondly, the plugin. That is, if you have a server with a 10-second timeout and a plugin with a 20-second timeout and a module that uses that plugin with a 30-second timeout, the maximum time to wait for the execution of that module will be 10 seconds.

 


For this example, the value selected is '15'.

Description

Description of the add-on. Write a brief description, such as: Check a remote UDP port (by using NMAP). Use IP address and Port options. The description is not trivial, since it will be shown in the user interface of the plugin. Make sure it explains what the plugin is for.

Plugin create 2.jpg

Plug-in Command

Path to the plugin executable. By default, if the installation has been standard, they will be in the /usr/share/pandora_server/util/plugin/ directory. Although it could be any path in the system. In this case, type /usr/share/pandora_server/util/plugin/udp_nmap_plugin. sh in the field. If you use your own plugin, make sure that you know the path where you left the plugin and that you have run permissions (chmod 755).

Plug-in parameters

A string with the plugin parameters, which will go after the command and a blank space. This field accepts macros such as _field1_ _field2_... _fieldN_. This is where the most complex part of a plugin's operation is, we will see it with an example.

Parameter Macros

Unlimited macros can be added for use in the plugin parameter field. These macros will appear as text fields in the module configuration so that the user abstracts the complexity of using a plugin module. It is about the user using a plugin as if it were a "library" module in which he fills in fields, without having to know the process behind it. Macros definition allows the user to fill in the script call parameters without knowing how it works, neither the script nor the way to call it.

Each macro has 3 fields:

  • Description: A short string describing the macro. It is the label next to the field.
  • Default value: The default value assigned to the field.
  • Help: A text with an explanation of the macro, to show some examples of use or better explain what that field is for.

An example of a macro configuration:

Macro configuration.png

An example of this macro in the module editor:

Macro editor2.jpg

1.5.1 Internal Macros

Like the alerts, it is possible to use internal macros in the plugin configuration, too.

The supported macros are:

  • _agent_ o _agentalias_: Alias of the agent to which the module belongs.
  • _agentname_: Name of the agent to which the module belongs.
  • _agentdescription_: Description of the agent to which the module belongs.
  • _agentstatus_: Current status of the agent to which the module belongs.
  • _address_: Address of the agent to which the module belongs.
  • _module_: The module's name.
  • _modulegroup_: The module's group name.
  • _moduledescription_: A description of the module.
  • _modulestatus_: The status of the module.
  • _moduletags_: The module's associated tags.
  • _id_agent_: The ID of the agent. It is quite useful to generate a direct URL to redirect to a Pandora FMS console webpage.
  • _id_module_: The module's ID.
  • _policy_: The name of the policy the module belongs to (if that applies).
  • _interval_: The execution interval of the module.
  • _target_ip_: The target IP address of the module.
  • _target_port_: The target port number of the module.
  • _plugin_parameters_: The plug-in parameters of the module.
  • _email_tag_: The emails associated to module tags.

1.5.2 A remote plugin from the inside

The UP plugin code is extremely simple and helps to explain how the whole process works:

#!/bin/bash
# This is called like -p xxx -t xxxx
HOST=$4
PORT=$2
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l

This Linux plugin takes two parameters, the UDP port to test and the destination address, with the -p and -sU parameters respectively. When registering the plugin you have defined two macros, one for the port and another for the IP so that when the user is going to create a plugin module it only sees that, nothing else.

Once the plugin has been registered, in order to use it in an agent, you must create a plugin server module, click on the top tab of the modules ("Modules"). There, select create a new network module and click on the Create button:

Trescientos1.jpg

In the following form, fill in the empty fields, select the module type Generic module to acquire numeric data, specify the IP address to which the analysis must be performed, and also the port on which to do it:

Example1 edition module.png

Once you have finished, press the Create button.

The following screen will show the modules for the agent, the "UDP Port check" module that you have just created:

Udp port check demo.jpg

1.5.3 Example #1 : Plugin Module for MySQL

This is another more complex example on how to implement a plugin. It is another plugin included by default in Pandora FMS. In this case, it is the MySQL check plugin.

First, create a plugin module ('Administration' -> 'Manage Servers' -> 'Manage plug ins') for MySQL using the following data:

  • Name: MySQL
  • Plugin type: Standard
  • Max. timeout: 10 seconds
  • Description: MySQL check plugin
  • Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
  • Plugin parameters: -s _field1_ -u _field2_ -p _field3_ -q _field4_
  • Macro _field1_:
    • Description: IP Address
    • Default value: X.X.X.X
  • Macro _field1_:
    • Description: User
    • Default value: User
  • Macro _field1_:
    • Description: Password
    • Default value: Password
  • Macro _field1_:
    • Description: Check
    • Default value: Connections
    • Help: Possible values: Connections/Com_select/Com_update/Innodb_rows_read

When it is ready, the plugin should look like this:

Plugin mysql1.png
Plugin mysql2.png
Plugin mysql3.png
Plugin mysql4.png

This plug in provides four checks:

  • -q Connections: Connections
  • -q Com_select: Number of select queries from start
  • -q Com_update: Number of update queries from start
  • -q Innodb_rows_read: Innodb file readings

Create a module in the agent of the computer where Pandora FMS is installed and assign it; its name will be Mysql Connections, using as plugin "MySQL", as IP localhost, as user pandora, as password the password of Pandora FMS database, and as check the word Connections.

After its creation, it should look like this:

Plugin mysql module.png
Mysql module2.png

Once created, it will appear in the list of modules, as a plugin type module (in this case, yet to be initialized)

Fosforo3.jpg

1.5.4 Example 2 SMTP Server Remote Plugin Module

This plugin sends an email using a remote server, you can specify server IP, port, user and password and authentication scheme, as well as destination email. It returns 1 if it works and 0 if it fails, that is, it should be used using generic_proc type.

This is a screenshot of the module definition using this plug in:

Pandora plugin SMTP5.png
Smtp module2.png

1.5.5 Example 3 - DNS Server Remote Plug In

This plug in checks the IP address of a specified domain (e.g., artica.es). This is a fixed IP, using an external DNS as reference. That way it is possible to validate whether the domain is returning the correct IP address to avoid unnecessary balancing, DNS attacks, etc. It returns value '1' if it works properly and '0' if not. The plugin is required to be of the 'generic_proc' type.

This is a screen shot of the module definition using this plugin:

Pandora plugin DNS5.png
Dns module2.png

1.6 Custom field macros for remote monitoring

When configuring remote modules, having to enter agent-specific configuration options multiple times can quickly become tedious (e.g., an SNMP community string). Custom field macros allow you to use agent custom fields as macros for certain module configuration options.

In the following example, an SNMP network component that can be reused across SNMP agents with different community strings will be created:

  • First, go to Resources/Custom fields in your Pandora FMS Console and define a new custom field that will be used to store the SNMP community string. Write down its ID, since it will be part of the macro later, and fill in the appropriate community string in your SNMP agents.
Snmp custom field.png
  • Then create a new SNMP network component and enter _agentcustomfield_n_ as the SNMP community string, where n is the ID of the custom field (in our example, _agentcustomfield_11_).
Custom field network component.png
  • Finally, configure a module using the newly created network component. The module will start working automatically.

Custom field macros work with SNMP, WMI, plug-in and inventory modules. They can be used in standalone modules, network components and policy modules.

For a WMI module, you could analogously define two new custom fields to store the username and the password, and use the corresponding custom field macros in the module definition.

Wmi custom field.png

1.7 Remote wizard and network test execution (Exec Server)

This feature allows some actions to be run on Pandora FMS remote servers from the Pandora FMS Console. Thus, allowing the use of the agent SNMP Wizards, MIBs' browser and 'event responses' from a remote server, as well as accessing it from the server where the console is.

Internally, it works through SSH remote command execution from the Pandora FMS console to the enabled servers, which will be called “Exec Server”. These servers can be Pandora FMS or Satellite Servers, but always in Linux.

1.7.1 Configuration

It is important to keep in mind that, in order to use this feature correctly, it will be necessary for the agent which is being worked on to have been previously created by the server that is going to be employed, and for said server to have the remote configuration enabled in case it is a satellite server.

Template warning.png

If remote cofiguration is not enabled, satellite modules will not be created through wizard.

 


To configure Exec Server correctly, the systems must be configured following a series of steps:

1. In the Pandora FMS server list, access the server edition you want to use as exec server:

Exec-server-111.JPG


2. Edit the IP of the server where you will launch the desired commands and activate “Exec Server” check. Using the option "Port" you can specify the port used to connect via SSH to this server. This option can be configured on the Network Server and / or Satellite Server.

3. The configuration test is not performed yet because the system is not completely configured at this point and it would generate an error message.

Server 222 2.png


4. Enable the server where the Pandora FMS console runs so that the “apache” or equivalent user has a shell execution. Modify the following line in the /etc/passwd file so that the user has a valid shell, for example:

apache:x:48:48:Apache:/var/www:/bin/bash

5. Create the “.ssh” directory in the “/var/www/” route and give permissions for the “apache” user:

mkdir /var/www/.ssh
chown apache /var/www/.ssh

6. Execute as root:

su apache

7. Generate the SSH key for the connection to the remote machine executing the following command:

ssh-keygen 

Accept any questions that it might ask you by clicking “enter”:

Exec-server-3.jpg


8. Before accessing "Exec server” by SSH (which will be a Pandora FMS server or a Linux server satellite), create on that machine a specific user, called “pandora_exec_proxy” and also create the “/home/pandora_exec_proxy/.ssh/” folder:

sudo useradd pandora_exec_proxy -m
mkdir /home/pandora_exec_proxy/.ssh/


NOTE: The user does not have a password, so it cannot be used for remote connection.


9. Copy the contents of the public key, generated in the previous step, from the Pandora FMS console to the “exec server” server. In order to do this, copy the contents of the /var/www/.ssh/id_rsa.pub file (by copying and pasting that content) to the /home/pandora_exec_proxy/.ssh/authorized_keys'' file and change that file's permissions:

chown -R pandora_exec_proxy /home/pandora_exec/.ssh/

10. Once the user is created, from the machine where the console is running, and through the “apache” user, execute the following command manually to verify that you can log in without entering a password (replacing the IP by the hostname/IP from the Exec server which has been configured in previous steps):

 ssh [email protected]_address

11. When all these steps are correct, edit (in the console) the /etc/pass file in order to leave the apache user as it was originally (without local shell):

apache:x:48:48:Apache:/var/www:/sbin/nologin

12. Finally, test the configuration in the editing section of your proxy server, within Pandora FMS console, and if the test indicator turns green, it will be fully operational and functional.

Exec-server-4.png

1.7.2 Using the exec servers feature

From now on, in the MIB browser, in agent SNMP wizard and event responses, you can choose from where you will launch the request, whether from the local console or from the configured Exec server:

Exec-server-555.JPG


And the same goes for the WMI Wizard, the SNMP interfaces one and SNMP agent wizard (not available for satellite servers)

Exec-server-666.JPG

Depending on the selected server, when launching the Wizard, adapted modules for satellite server or server will be created. In the satellite server case, write the modules in the remote configuration file so that they can be executed by the server.

For executing “event response”, firstly configure a new event response that uses the new exec server:

Exec-server-777.JPG


And then, launch it from an event:

Exec-server-8.JPG

1.8 Path monitoring

Pandora FMS offers by default complete route monitoring between two network points, visually indicating the path that is being followed at all times to communicate between these two points.

To use this system you need:

  • A software agent at the point of origin of the route you want to analyze
  • Being able to reach the destination point via ICMP from the point of origin.

The Pandora FMS path analyzer uses an agent plugin to map the route. This agent plugin uses several methods to collect information, reporting structured information to Pandora FMS server.

Note: Optionally, if you want to scan routes over the Internet, it is recommended that you deploy the mtr application on your route source computer. More information at:

https://en.wikipedia.org/wiki/MTR_%28software%29

http://www.bitwizard.nl/mtr/


1.8.1 Configuration

From version 7.0 OUM715 onwards, the plugin is included in the agent. To configure it, activate the execution of the plugin from the Pandora FMS console, once the agent's remote configuration is enabled.


Access the plugin configuration tab in your agent and add the following line (if the agent version is earlier than 7.0 715, or if you have not deployed the plugin in the utility folder, specify the full path to the plugin to run it)

route_parser -t target_address

Where target address can be a v4 IP address or an FQDN domain name.

Route conf2.png

1.8.2 Visualization

Once the system is configured and reporting, a new tab will appear in the agent view with the path communications have followed to reach the target:

Sample route view to a machine on a network other than the source network (LAN connections)

Route view1.png

Sample route to 8.8.8.8.8 example view (Google's DNS) (WAN connections)

Route view2.png

Go back to Pandora FMS documentation index